Issues in OrganizationRelationship.php (master) - Issues in master - flipboxfactory/organizations - Measure and Improve Code Quality continuously with Scrutinizer

Issues (55)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/relationships/OrganizationRelationship.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * @copyright  Copyright (c) Flipbox Digital Limited
 * @license    https://flipboxfactory.com/software/organization/license
 * @link       https://www.flipboxfactory.com/software/organization/
 */

namespace flipbox\organizations\relationships;

use craft\elements\db\ElementQueryInterface;
use craft\elements\User;
use craft\helpers\ArrayHelper;
use flipbox\organizations\elements\Organization;
use flipbox\organizations\Organizations;
use flipbox\organizations\queries\OrganizationQuery;
use flipbox\organizations\queries\UserAssociationQuery;
use flipbox\organizations\records\UserAssociation;
use Tightenco\Collect\Support\Collection;
use yii\db\QueryInterface;

/**
 * Manages Organizations associated to Users
 *
 * @author Flipbox Factory <[email protected]>
 * @since 2.0.0
 * *
 * @method UserAssociation findOrCreate($object)
 * @method UserAssociation findOne($object = null)
 * @method UserAssociation findOrFail($object)
 */
class OrganizationRelationship implements ElementRelationshipInterface
{
    use RelationshipTrait;

    /**
     * @var User
     */
    private $user;

    /**
     * @param User $user
     */
    public function __construct(User $user)
    {
        $this->user = $user;
    }


    /************************************************************
     * COLLECTION
     ************************************************************/

    /**
     * @inheritDoc
     * @return Organization[]|Collection
     */
    public function getCollection(): Collection
    {
        if (null === $this->relations) {
            return new Collection(
                $this->getQuery()
                    ->anyStatus()
                    ->limit(null)
                    ->all()
            );
        }

        return $this->createCollectionFromRelations();
    }

    /**
     * @return Collection
     */
    protected function createCollectionFromRelations()
    {
        $ids = $this->getRelationships()->pluck('organizationId')->all();
        if (empty($ids)) {
            return $this->getRelationships()->pluck('organization');
        }

        // 'eager' load where we'll pre-populate all of the elements
        $elements = $this->getQuery()
            ->id($ids)
            ->indexBy('id')
            ->anyStatus()
            ->limit(null)
            ->all();

        return $this->getRelationships()
            ->transform(function (UserAssociation $association) use ($elements) {
                if (!$association->isOrganizationSet() && isset($elements[$association->getOrganizationId()])) {
                    $association->setOrganization($elements[$association->getOrganizationId()]);
                }

                $association->setUser($this->user);

                return $association;
            })
            ->pluck('organization');
    }

    /**
     * @inheritDoc
     * @return Collection
     */
    protected function existingRelationships(): Collection
    {
        $relationships = $this->associationQuery()
            ->with('types')
            ->all();

        return $this->createRelations($relationships);
    }


    /************************************************************
     * QUERY
     ************************************************************/

    /**
     * @inheritDoc
     * @return OrganizationQuery
     */
    public function getQuery(): ElementQueryInterface
    {
        return Organization::find()
            ->userId($this->user->getId() ?: false);

    }

    /**
     * @return UserAssociationQuery
     */
    private function associationQuery(): UserAssociationQuery
    {
        return UserAssociation::find()
            ->setUserId($this->user->getId() ?: false)

            ->orderBy([
                'organizationOrder' => SORT_ASC
            ])
            ->limit(null);
    }


    /************************************************************
     * CREATE
     ************************************************************/

    /**
     * @param $object
     * @return UserAssociation
     */
    protected function create($object): UserAssociation
    {
        if ($object instanceof UserAssociation) {
            return $object;
        }

        return (new UserAssociation())
            ->setOrganization($this->resolveObject($object))
            ->setUser($this->user);
    }


    /*******************************************
     * DELTA
     *******************************************/

    /**
     * @inheritDoc
     */
    protected function delta(): array
    {
        $existingAssociations = $this->associationQuery()
            ->indexBy('organizationId')
            ->all();

        $associations = [];
        $order = 1;

        /** @var UserAssociation $newAssociation */
        foreach ($this->getRelationships() as $newAssociation) {
            $association = ArrayHelper::remove(
                $existingAssociations,
                $newAssociation->getOrganizationId()
            );

            $newAssociation->organizationOrder = $order++;

            /** @var UserAssociation $association */
            $association = $association ?: $newAssociation;

            // Has anything changed?
            if (!$association->getIsNewRecord() && !$this->hasChanged($newAssociation, $association)) {
                continue;
            }

            $associations[] = $this->sync($association, $newAssociation);
        }

        return [$associations, $existingAssociations];
    }

    /**
     * @param UserAssociation $new
     * @param UserAssociation $existing
     * @return bool
     */
    private function hasChanged(UserAssociation $new, UserAssociation $existing): bool
    {
        return (Organizations::getInstance()->getSettings()->getEnforceUserSortOrder() &&
                $new->organizationOrder != $existing->organizationOrder) ||
            $new->state != $existing->state ||
            $new->getTypes()->isMutated();
    }

    /**
     * @param UserAssociation $from
     * @param UserAssociation $to
     *
     * @return UserAssociation
     */
    private function sync(UserAssociation $to, UserAssociation $from): UserAssociation
    {
        $to->organizationOrder = $from->organizationOrder;
        $to->state = $from->state;

        if ($from->getTypes()->isMutated()) {
            $to->getTypes()->clear()->add(
                $from->getTypes()->getCollection()
            );
        }

        $to->ignoreSortOrder();

        return $to;
    }

    /*******************************************
     * COLLECTION UTILS
     *******************************************/

    /**
     * Position the relationship based on the sort order
     *
     * @inheritDoc
     */
    protected function insertCollection(Collection $collection, UserAssociation $association)
    {
        if (Organizations::getInstance()->getSettings()->getEnforceUserSortOrder() &&
            $association->organizationOrder > 0
        ) {
            $collection->splice($association->organizationOrder - 1, 0, [$association]);
            return;
        }

        $collection->push($association);
    }

    /**
     * @inheritDoc
     */
    protected function updateCollection(Collection $collection, UserAssociation $association)
    {
        if (!Organizations::getInstance()->getSettings()->getEnforceUserSortOrder()) {
            return;
        }

        if (null !== ($key = $this->findKey($association))) {
            $collection->offsetUnset($key);
        }

        $this->insertCollection($collection, $association);
    }


    /*******************************************
     * UTILS
     *******************************************/

    /**
     * @param UserAssociation|Organization|int|array|null $object
     * @return int|null
     */
    protected function findKey($object = null)
    {
        if ($object instanceof UserAssociation) {
            return $this->findRelationshipKey($object->getOrganizationId());
        }

        if (null === ($element = $this->resolveObject($object))) {
            return null;
        }

        return $this->findRelationshipKey($element->getId());
    }

    /**
     * @param $identifier
     * @return int|string|null
     */
    private function findRelationshipKey($identifier)
    {
        if (null === $identifier) {
            return null;
        }

        /** @var UserAssociation $association */
        foreach ($this->getRelationships()->all() as $key => $association) {
            if ($association->getOrganizationId() == $identifier) {
                return $key;
            }
        }

        return null;
    }

    /**
     * @param UserAssociation|Organization|int|array $organization
     * @return Organization|null
     */
    protected function resolveObjectInternal($organization)
    {
        if ($organization instanceof UserAssociation) {
            return $organization->getOrganization();
        }

        if ($organization instanceof Organization) {
            return $organization;
        }

        return Organization::findOne($organization);
    }
}


1			<?php
2
3			/**
4			* @copyright Copyright (c) Flipbox Digital Limited
5			* @license https://flipboxfactory.com/software/organization/license
6			* @link https://www.flipboxfactory.com/software/organization/
7			*/
8
9			namespace flipbox\organizations\relationships;
10
11			use craft\elements\db\ElementQueryInterface;
12			use craft\elements\User;
13			use craft\helpers\ArrayHelper;
14			use flipbox\organizations\elements\Organization;
15			use flipbox\organizations\Organizations;
16			use flipbox\organizations\queries\OrganizationQuery;
17			use flipbox\organizations\queries\UserAssociationQuery;
18			use flipbox\organizations\records\UserAssociation;
19			use Tightenco\Collect\Support\Collection;
20			use yii\db\QueryInterface;
21
22			/**
23			* Manages Organizations associated to Users
24			*
25			* @author Flipbox Factory <[email protected]>
26			* @since 2.0.0
27			* *
28			* @method UserAssociation findOrCreate($object)
29			* @method UserAssociation findOne($object = null)
30			* @method UserAssociation findOrFail($object)
31			*/
32			class OrganizationRelationship implements ElementRelationshipInterface
33			{
34			use RelationshipTrait;
35
36			/**
37			* @var User
38			*/
39			private $user;
40
41			/**
42			* @param User $user
43			*/
44			public function __construct(User $user)
45			{
46			$this->user = $user;
47			}
48
49
50			/************************************************************
51			* COLLECTION
52			************************************************************/
53
54			/**
55			* @inheritDoc
56			* @return Organization[]\|Collection
57			*/
58			public function getCollection(): Collection
59			{
60			if (null === $this->relations) {
61			return new Collection(
62			$this->getQuery()
63			->anyStatus()
64			->limit(null)
65			->all()
66			);
67			}
68
69			return $this->createCollectionFromRelations();
70			}
71
72			/**
73			* @return Collection
74			*/
75			protected function createCollectionFromRelations()
76			{
77			$ids = $this->getRelationships()->pluck('organizationId')->all();
78			if (empty($ids)) {
79			return $this->getRelationships()->pluck('organization');
80			}
81
82			// 'eager' load where we'll pre-populate all of the elements
83			$elements = $this->getQuery()
84			->id($ids)
85			->indexBy('id')
86			->anyStatus()
87			->limit(null)
88			->all();
89
90			return $this->getRelationships()
91			->transform(function (UserAssociation $association) use ($elements) {
92			if (!$association->isOrganizationSet() && isset($elements[$association->getOrganizationId()])) {
93			$association->setOrganization($elements[$association->getOrganizationId()]);
94			}
95
96			$association->setUser($this->user);
97
98			return $association;
99			})
100			->pluck('organization');
101			}
102
103			/**
104			* @inheritDoc
105			* @return Collection
106			*/
107			protected function existingRelationships(): Collection
108			{
109			$relationships = $this->associationQuery()
110			->with('types')
111			->all();
112
113			return $this->createRelations($relationships);
114			}
115
116
117			/************************************************************
118			* QUERY
119			************************************************************/
120
121			/**
122			* @inheritDoc
123			* @return OrganizationQuery
124			*/
125			public function getQuery(): ElementQueryInterface
126			{
127			return Organization::find()
128			->userId($this->user->getId() ?: false);
			0 ignored issues – show Security Bug introduced 2019-06-18 17:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->user->getId() ?: false` can also be of type `false`; however, `flipbox\craft\ember\quer...ttributeTrait::userId()` does only seem to accept `string\|array<integer,str...ft\elements\User>>\|null`, did you maybe forget to handle an error condition? Loading history...
129			}
130
131			/**
132			* @return UserAssociationQuery
133			*/
134			private function associationQuery(): UserAssociationQuery
135			{
136			return UserAssociation::find()
137			->setUserId($this->user->getId() ?: false)
			0 ignored issues – show Security Bug introduced 2019-06-04 06:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->user->getId() ?: false` can also be of type `false`; however, `flipbox\craft\ember\quer...ibuteTrait::setUserId()` does only seem to accept `string\|array<integer,str...ft\elements\User>>\|null`, did you maybe forget to handle an error condition? Loading history...
138			->orderBy([
139			'organizationOrder' => SORT_ASC
140			])
141			->limit(null);
142			}
143
144
145			/************************************************************
146			* CREATE
147			************************************************************/
148
149			/**
150			* @param $object
151			* @return UserAssociation
152			*/
153			protected function create($object): UserAssociation
154			{
155			if ($object instanceof UserAssociation) {
156			return $object;
157			}
158
159			return (new UserAssociation())
160			->setOrganization($this->resolveObject($object))
161			->setUser($this->user);
162			}
163
164
165			/*******************************************
166			* DELTA
167			*******************************************/
168
169			/**
170			* @inheritDoc
171			*/
172			protected function delta(): array
173			{
174			$existingAssociations = $this->associationQuery()
175			->indexBy('organizationId')
176			->all();
177
178			$associations = [];
179			$order = 1;
180
181			/** @var UserAssociation $newAssociation */
182			foreach ($this->getRelationships() as $newAssociation) {
183			$association = ArrayHelper::remove(
184			$existingAssociations,
185			$newAssociation->getOrganizationId()
186			);
187
188			$newAssociation->organizationOrder = $order++;
189
190			/** @var UserAssociation $association */
191			$association = $association ?: $newAssociation;
192
193			// Has anything changed?
194			if (!$association->getIsNewRecord() && !$this->hasChanged($newAssociation, $association)) {
195			continue;
196			}
197
198			$associations[] = $this->sync($association, $newAssociation);
199			}
200
201			return [$associations, $existingAssociations];
202			}
203
204			/**
205			* @param UserAssociation $new
206			* @param UserAssociation $existing
207			* @return bool
208			*/
209			private function hasChanged(UserAssociation $new, UserAssociation $existing): bool
210			{
211			return (Organizations::getInstance()->getSettings()->getEnforceUserSortOrder() &&
212			$new->organizationOrder != $existing->organizationOrder) \|\|
213			$new->state != $existing->state \|\|
214			$new->getTypes()->isMutated();
215			}
216
217			/**
218			* @param UserAssociation $from
219			* @param UserAssociation $to
220			*
221			* @return UserAssociation
222			*/
223			private function sync(UserAssociation $to, UserAssociation $from): UserAssociation
224			{
225			$to->organizationOrder = $from->organizationOrder;
226			$to->state = $from->state;
227
228			if ($from->getTypes()->isMutated()) {
229			$to->getTypes()->clear()->add(
230			$from->getTypes()->getCollection()
231			);
232			}
233
234			$to->ignoreSortOrder();
235
236			return $to;
237			}
238
239			/*******************************************
240			* COLLECTION UTILS
241			*******************************************/
242
243			/**
244			* Position the relationship based on the sort order
245			*
246			* @inheritDoc
247			*/
248			protected function insertCollection(Collection $collection, UserAssociation $association)
249			{
250			if (Organizations::getInstance()->getSettings()->getEnforceUserSortOrder() &&
251			$association->organizationOrder > 0
252			) {
253			$collection->splice($association->organizationOrder - 1, 0, [$association]);
254			return;
255			}
256
257			$collection->push($association);
258			}
259
260			/**
261			* @inheritDoc
262			*/
263			protected function updateCollection(Collection $collection, UserAssociation $association)
264			{
265			if (!Organizations::getInstance()->getSettings()->getEnforceUserSortOrder()) {
266			return;
267			}
268
269			if (null !== ($key = $this->findKey($association))) {
270			$collection->offsetUnset($key);
271			}
272
273			$this->insertCollection($collection, $association);
274			}
275
276
277			/*******************************************
278			* UTILS
279			*******************************************/
280
281			/**
282			* @param UserAssociation\|Organization\|int\|array\|null $object
283			* @return int\|null
284			*/
285			protected function findKey($object = null)
286			{
287			if ($object instanceof UserAssociation) {
288			return $this->findRelationshipKey($object->getOrganizationId());
289			}
290
291			if (null === ($element = $this->resolveObject($object))) {
292			return null;
293			}
294
295			return $this->findRelationshipKey($element->getId());
296			}
297
298			/**
299			* @param $identifier
300			* @return int\|string\|null
301			*/
302			private function findRelationshipKey($identifier)
303			{
304			if (null === $identifier) {
305			return null;
306			}
307
308			/** @var UserAssociation $association */
309			foreach ($this->getRelationships()->all() as $key => $association) {
310			if ($association->getOrganizationId() == $identifier) {
311			return $key;
312			}
313			}
314
315			return null;
316			}
317
318			/**
319			* @param UserAssociation\|Organization\|int\|array $organization
320			* @return Organization\|null
321			*/
322			protected function resolveObjectInternal($organization)
323			{
324			if ($organization instanceof UserAssociation) {
325			return $organization->getOrganization();
326			}
327
328			if ($organization instanceof Organization) {
329			return $organization;
330			}
331
332			return Organization::findOne($organization);
333			}
334			}
335

flipboxfactory / organizations

Issues (55)

Security Analysis not enabled

src/relationships/OrganizationRelationship.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like