ModuleAction::handle() - Code Metrics - Inspection of "Missing escape" - fisharebest/webtrees - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 2.1 ( 4d644f...09afb0 )

by Greg

created 2025-02-11 23:31 UTC

ModuleAction::handle() B

↳ Parent: ModuleAction

Complexity

Conditions	7
Paths	6

Size

Total Lines	37
Code Lines	17

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	7
eloc	17
nc	6
nop	1
dl	0
loc	37
rs	8.8333
c	0
b	0
f	0

<?php

/**
 * webtrees: online genealogy
 * Copyright (C) 2025 webtrees development team
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace Fisharebest\Webtrees\Http\RequestHandlers;

use Fisharebest\Webtrees\Auth;
use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException;
use Fisharebest\Webtrees\Services\ModuleService;
use Fisharebest\Webtrees\Validator;
use InvalidArgumentException;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;

use function is_string;
use function method_exists;
use function str_contains;
use function strtolower;

/**
 * Controller for module actions.
 */
class ModuleAction implements RequestHandlerInterface
{
    private ModuleService $module_service;

    /**
     * @param ModuleService $module_service
     */
    public function __construct(ModuleService $module_service)
    {
        $this->module_service = $module_service;
    }

    /**
     * Perform an HTTP action for one of the modules.
     */
    public function handle(ServerRequestInterface $request): ResponseInterface
    {
        $module_name = $request->getAttribute('module');
        $action      = $request->getAttribute('action');
        $user        = Validator::attributes($request)->user();

        if (!is_string($module_name)) {
            throw new InvalidArgumentException('Invalid module_name');
        }

        if (!is_string($action)) {
            throw new InvalidArgumentException('Invalid action');
        }

        // Check that the module is enabled.
        // The module itself will need to check any tree-level access,
        // which may be different for each component (tab, menu, etc.) of the module.
        $module = $this->module_service->findByName($module_name);

        if ($module === null) {
            throw new HttpNotFoundException('Module ' . e($module_name) . ' does not exist');
        }

        // We'll call a function such as Module::getFooBarAction()
        $verb   = strtolower($request->getMethod());
        $method = $verb . $action . 'Action';

        // Actions with "Admin" in the name are for administrators only.
        if (str_contains($action, 'Admin') && !Auth::isAdmin($user)) {
            throw new HttpAccessDeniedException('Admin only action');
        }

        if (!method_exists($module, $method)) {
            throw new HttpNotFoundException('Method ' . e($method) . '() not found in ' . e($module_name));
        }

        return $module->$method($request);
    }
}


1			<?php
2
3			/**
4			* webtrees: online genealogy
5			* Copyright (C) 2025 webtrees development team
6			* This program is free software: you can redistribute it and/or modify
7			* it under the terms of the GNU General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			* You should have received a copy of the GNU General Public License
15			* along with this program. If not, see <https://www.gnu.org/licenses/>.
16			*/
17
18			declare(strict_types=1);
19
20			namespace Fisharebest\Webtrees\Http\RequestHandlers;
21
22			use Fisharebest\Webtrees\Auth;
23			use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
24			use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException;
25			use Fisharebest\Webtrees\Services\ModuleService;
26			use Fisharebest\Webtrees\Validator;
27			use InvalidArgumentException;
28			use Psr\Http\Message\ResponseInterface;
29			use Psr\Http\Message\ServerRequestInterface;
30			use Psr\Http\Server\RequestHandlerInterface;
31
32			use function is_string;
33			use function method_exists;
34			use function str_contains;
35			use function strtolower;
36
37			/**
38			* Controller for module actions.
39			*/
40			class ModuleAction implements RequestHandlerInterface
41			{
42			private ModuleService $module_service;
43
44			/**
45			* @param ModuleService $module_service
46			*/
47			public function __construct(ModuleService $module_service)
48			{
49			$this->module_service = $module_service;
50			}
51
52			/**
53			* Perform an HTTP action for one of the modules.
54			*/
55			public function handle(ServerRequestInterface $request): ResponseInterface
56			{
57			$module_name = $request->getAttribute('module');
58			$action = $request->getAttribute('action');
59			$user = Validator::attributes($request)->user();
60
61			if (!is_string($module_name)) {
62			throw new InvalidArgumentException('Invalid module_name');
63			}
64
65			if (!is_string($action)) {
66			throw new InvalidArgumentException('Invalid action');
67			}
68
69			// Check that the module is enabled.
70			// The module itself will need to check any tree-level access,
71			// which may be different for each component (tab, menu, etc.) of the module.
72			$module = $this->module_service->findByName($module_name);
73
74			if ($module === null) {
75			throw new HttpNotFoundException('Module ' . e($module_name) . ' does not exist');
76			}
77
78			// We'll call a function such as Module::getFooBarAction()
79			$verb = strtolower($request->getMethod());
80			$method = $verb . $action . 'Action';
81
82			// Actions with "Admin" in the name are for administrators only.
83			if (str_contains($action, 'Admin') && !Auth::isAdmin($user)) {
84			throw new HttpAccessDeniedException('Admin only action');
85			}
86
87			if (!method_exists($module, $method)) {
88			throw new HttpNotFoundException('Method ' . e($method) . '() not found in ' . e($module_name));
89			}
90
91			return $module->$method($request);
92			}
93			}
94

fisharebest / webtrees

Push — 2.1 ( 4d644f...09afb0 )

ModuleAction::handle() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like