This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Finance module for HiPanel |
||
4 | * |
||
5 | * @link https://github.com/hiqdev/hipanel-module-finance |
||
6 | * @package hipanel-module-finance |
||
7 | * @license BSD-3-Clause |
||
8 | * @copyright Copyright (c) 2015-2019, HiQDev (http://hiqdev.com/) |
||
9 | */ |
||
10 | |||
11 | namespace hipanel\modules\finance\models; |
||
12 | |||
13 | use hipanel\base\Model; |
||
14 | use hipanel\base\ModelTrait; |
||
15 | use hipanel\models\Ref; |
||
16 | use hipanel\modules\finance\models\factories\PriceModelFactory; |
||
17 | use hipanel\modules\finance\models\query\PriceQuery; |
||
18 | use Money\Money; |
||
19 | use Money\MoneyParser; |
||
20 | use Yii; |
||
21 | use yii\helpers\Inflector; |
||
22 | use yii\helpers\StringHelper; |
||
23 | |||
24 | /** |
||
25 | * Class Price. |
||
26 | * |
||
27 | * @property int $id |
||
28 | * @property int $plan_id |
||
29 | * @property string|int $object_id |
||
30 | * @property string|float $price |
||
31 | * @property string $currency |
||
32 | * @property string|int $main_object_id |
||
33 | * @property string $main_object_name |
||
34 | * @property string $unit |
||
35 | * @property string $type |
||
36 | * @property string $quantity |
||
37 | * @property string $formula |
||
38 | * @property int|null parent_id |
||
39 | * |
||
40 | * @property TargetObject $object |
||
41 | * @property Plan $plan |
||
42 | * @property array|null $formula_lines |
||
43 | * |
||
44 | * @author Dmytro Naumenko <[email protected]> |
||
45 | */ |
||
46 | class Price extends Model |
||
47 | { |
||
48 | use ModelTrait; |
||
49 | |||
50 | const SCENARIO_CREATE = 'create'; |
||
51 | const SCENARIO_UPDATE = 'update'; |
||
52 | const SCENARIO_DELETE = 'delete'; |
||
53 | |||
54 | public function rules() |
||
55 | { |
||
56 | return array_merge(parent::rules(), [ |
||
57 | [['id', 'parent_id', 'plan_id', 'object_id', 'type_id', 'unit_id', 'currency_id', 'main_object_id'], 'integer'], |
||
58 | [['type', 'type_label', 'plan_name', 'unit', 'currency', 'note', 'data', 'main_object_name'], 'string'], |
||
59 | [['quantity', 'price'], 'number'], |
||
60 | [['formula_lines'], 'safe'], |
||
61 | [['class'], 'string'], // todo: probably, refactor is needed |
||
62 | |||
63 | [['plan_id', 'type', 'price', 'currency'], 'required', 'on' => ['create', 'update']], |
||
64 | [['id'], 'required', 'on' => ['update', 'set-note', 'delete']], |
||
65 | [['class'], 'default', 'value' => function ($model) { |
||
66 | return (new \ReflectionClass($this))->getShortName(); |
||
67 | }], |
||
68 | [['class'], 'string'], |
||
69 | [['formula'], 'string', 'on' => ['create', 'update']], // TODO syn check |
||
70 | ]); |
||
71 | } |
||
72 | |||
73 | public function attributeLabels() |
||
74 | { |
||
75 | return [ |
||
76 | 'plan_id' => Yii::t('hipanel:finance', 'Tariff plan'), |
||
77 | 'plan' => Yii::t('hipanel:finance', 'Tariff plan'), |
||
78 | 'quantity' => Yii::t('hipanel:finance', 'Prepaid'), |
||
79 | 'unit' => Yii::t('hipanel:finance', 'Unit'), |
||
80 | 'price' => Yii::t('hipanel:finance', 'Price'), |
||
81 | 'formula' => Yii::t('hipanel.finance.price', 'Formula'), |
||
82 | 'note' => Yii::t('hipanel', 'Note'), |
||
83 | 'type' => Yii::t('hipanel', 'Type'), |
||
84 | ]; |
||
85 | } |
||
86 | |||
87 | public function getTypeOptions() |
||
88 | { |
||
89 | return Ref::getList('type,bill', null, [ |
||
90 | 'select' => 'name', |
||
91 | 'pnames' => 'monthly,overuse', |
||
92 | 'with_recursive' => 1, |
||
93 | ]); |
||
94 | } |
||
95 | |||
96 | /** |
||
97 | * Returns array of unit option, that are available for this price |
||
98 | * depending on price type. |
||
99 | * |
||
100 | * @return array |
||
101 | */ |
||
102 | public function getUnitOptions() |
||
103 | { |
||
104 | $unitGroup = [ |
||
105 | 'hour' => ['hour'], |
||
106 | 'items' => ['items'], |
||
107 | 'speed' => ['bps', 'kbps', 'mbps', 'gbps', 'tbps'], |
||
108 | 'size' => ['mb', 'mb10', 'mb100', 'gb', 'tb'], |
||
109 | ]; |
||
110 | |||
111 | $type2group = [ |
||
112 | 'overuse,ip_num' => 'items', |
||
113 | 'overuse,support_time' => 'hour', |
||
114 | 'overuse,backup_du' => 'size', |
||
115 | 'overuse,server_traf_max' => 'size', |
||
116 | 'overuse,server_traf95_max' => 'speed', |
||
117 | 'overuse,cdn_traf_max' => 'size', |
||
118 | 'overuse,cdn_traf95_max' => 'speed', |
||
119 | 'overuse,cdn_cache' => 'size', |
||
120 | 'overuse,storage_du' => 'size', |
||
121 | 'overuse,server_du' => 'size', |
||
122 | 'overuse,server_ssd' => 'size', |
||
123 | 'overuse,server_sata' => 'size', |
||
124 | 'overuse,backup_traf' => 'size', |
||
125 | 'overuse,domain_traf' => 'size', |
||
126 | 'overuse,domain_num' => 'items', |
||
127 | 'overuse,ip_traf_max' => 'size', |
||
128 | 'overuse,account_traf' => 'size', |
||
129 | 'overuse,account_du' => 'size', |
||
130 | 'overuse,mail_num' => 'items', |
||
131 | 'overuse,mail_du' => 'size', |
||
132 | 'overuse,db_num' => 'items', |
||
133 | 'overuse,storage_du95' => 'size', |
||
134 | 'overuse,volume_du' => 'size', |
||
135 | 'overuse,snapshot_du' => 'size', |
||
136 | 'overuse,private_cloud_backup_du' => 'size', |
||
137 | ]; |
||
138 | |||
139 | foreach ($type2group as $type => $group) { |
||
140 | $availableUnitsByPriceType[$type] = $unitGroup[$group]; |
||
141 | } |
||
142 | |||
143 | $units = Ref::getList('type,unit', 'hipanel.finance.units', [ |
||
144 | 'with_recursive' => 1, |
||
145 | 'select' => 'oname_label', |
||
146 | 'mapOptions' => ['from' => 'oname'], |
||
147 | ]); |
||
148 | |||
149 | $possibleTypes = $availableUnitsByPriceType[$this->type] ?? []; |
||
150 | |||
151 | return array_intersect_key($units, array_combine($possibleTypes, $possibleTypes)); |
||
152 | } |
||
153 | |||
154 | /** |
||
155 | * Method checks, whether current price quantity is predefined and is not a result |
||
156 | * of sophisticated calculation on server side. |
||
157 | * @return bool |
||
158 | */ |
||
159 | public function isQuantityPredefined(): bool |
||
160 | { |
||
161 | if (!$this->isOveruse() |
||
162 | && ($this->isShared() || $this->getSubtype() === 'rack_unit') |
||
163 | ) { |
||
164 | return false; |
||
165 | } |
||
166 | |||
167 | return true; |
||
168 | } |
||
169 | |||
170 | /** |
||
171 | * @return bool Whether this price is shared |
||
172 | */ |
||
173 | public function isShared(): bool |
||
174 | { |
||
175 | return $this->object_id === null; |
||
176 | } |
||
177 | |||
178 | public function getUnitLabel() |
||
179 | { |
||
180 | return $this->getUnitOptions()[$this->unit] ?? null; |
||
181 | } |
||
182 | |||
183 | public function getCurrencyOptions() |
||
184 | { |
||
185 | return Ref::getList('type,currency'); |
||
186 | } |
||
187 | |||
188 | public function getObject() |
||
189 | { |
||
190 | return $this->hasOne(TargetObject::class, ['id' => 'id']); |
||
191 | } |
||
192 | |||
193 | public function getPlan() |
||
194 | { |
||
195 | return $this->hasOne(Plan::class, ['id' => 'plan_id']); |
||
196 | } |
||
197 | |||
198 | public static function tableName() |
||
199 | { |
||
200 | return Inflector::camel2id(StringHelper::basename(__CLASS__), '-'); |
||
201 | } |
||
202 | |||
203 | public function isOveruse() |
||
204 | { |
||
205 | return strpos($this->type, 'overuse,') === 0; |
||
206 | } |
||
207 | |||
208 | public function isServer95Traf() |
||
209 | { |
||
210 | return false; |
||
211 | } |
||
212 | |||
213 | public function getSubtype() |
||
214 | { |
||
215 | [, $subtype] = explode(',', $this->type); |
||
0 ignored issues
–
show
|
|||
216 | |||
217 | return $subtype; |
||
218 | } |
||
219 | |||
220 | /** |
||
221 | * {@inheritdoc} |
||
222 | */ |
||
223 | public static function instantiate($row) |
||
224 | { |
||
225 | /** @var PriceModelFactory $factory */ |
||
226 | $factory = Yii::$container->get(PriceModelFactory::class); |
||
227 | |||
228 | return $factory->build($row['class'] ?? 'SinglePrice', $row['type']); |
||
229 | } |
||
230 | |||
231 | public function formulaLines(): array |
||
232 | { |
||
233 | if (strlen($this->formula) === 0) { |
||
234 | return []; |
||
235 | } |
||
236 | |||
237 | return explode("\n", $this->formula); |
||
238 | } |
||
239 | |||
240 | public function getMoney(): Money |
||
241 | { |
||
242 | // TODO: decide how to get MoneyParser correctly |
||
243 | return Yii::$container->get(MoneyParser::class) |
||
244 | ->parse((string)$this->price, strtoupper($this->currency)); |
||
245 | } |
||
246 | |||
247 | public function getFormulaLines(): array |
||
248 | { |
||
249 | return $this->formula_lines ?? []; |
||
250 | } |
||
251 | |||
252 | public static function find(array $options = []): PriceQuery |
||
253 | { |
||
254 | return new PriceQuery(get_called_class(), [ |
||
255 | 'options' => $options, |
||
256 | ]); |
||
257 | } |
||
258 | } |
||
259 |
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.