CheckAccessTrait - Code Metrics - Inspection of "splitted stock permission to model, part and move" - hiqdev/hipanel-rbac - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 57ab28...c18b60 )

by Andrii

created 2017-12-14 11:23 UTC

CheckAccessTrait A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	176
Duplicated Lines	12.5 %

Coupling/Cohesion

Components	1
Dependencies	0

Importance

Changes	16
Bugs	0	Features	4

Metric	Value
wmc	22
c	16
b	0
f	4
lcom	1
cbo	0
dl	22
loc	176
rs	10

15 Methods

Rating	Name	Duplication	Size	Complexity
A	setAssignments()	0	6	2
A	testPermission()	0	8	3
A	assertAccesses()	0	13	3
A	assertAccess()	0	10	3
A	testNobody()	0	6	1
A	testUnauthorized()	0	6	1
A	testSupport()	11	11	1
A	testAdmin()	0	11	1
A	testClient()	11	11	1
A	testManager()	0	19	1
A	testEmployee()	0	7	1
B	testMighty()	0	24	1
A	testDeny()	0	11	1
A	testBetaTester()	0	8	1
A	testAlphaTester()	0	8	1

How to fix Duplicated Code

<?php
/**
 * RBAC implementation for HiPanel
 *
 * @link      https://github.com/hiqdev/hipanel-rbac
 * @package   hipanel-rbac
 * @license   BSD-3-Clause
 * @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/)
 */

namespace hipanel\rbac\tests\unit;

trait CheckAccessTrait
{
    public function setAssignments()
    {
        foreach ($this->auth->getAllItems() as $item) {
            $this->auth->setAssignment($item->name, $item->name);
class MyClass { }

$x = new MyClass();
$x->foo = true;
        }
    }

    public function testPermission()
    {
        foreach ($this->auth->getPermissions() as $user) {
            foreach ($this->auth->getPermissions() as $perm) {
                $this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
            }
        }
    }

    public function assertAccesses($userId, array $allowedPermissions)
    {
        $allPermissions = array_keys($this->auth->getPermissions());
        foreach ($allPermissions as $key => $permission) {
            if (strncmp('deny:', $permission, 5) === 0) {
                unset($allPermissions[$key]);
            }
        }
        $deniedPermissions = array_diff($allPermissions, $allowedPermissions);

        $this->assertAccess($userId, true, $allowedPermissions);
        $this->assertAccess($userId, false, $deniedPermissions);
    }

    public function assertAccess($userId, $isAllowed, array $permissions)
    {
        foreach ($permissions as $permission) {
            $checked = $this->auth->checkAccess($userId, $permission);
            if ($checked !== $isAllowed) {
                var_dump(compact('userId', 'isAllowed', 'permission'));

            }
            $this->assertSame($isAllowed, $checked);
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
        }
    }

    public function testNobody()
    {
        $this->assertAccesses('role:nobody', [
            'nothing',
        ]);
    }

    public function testUnauthorized()
    {
        $this->assertAccesses('', [
            'restore-password', 'deposit',
        ]);
    }

    public function testClient()

    {
        $this->assertAccesses('role:client', [
            'restore-password', 'deposit',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
            'domain.read', 'domain.update', 'domain.pay', 'domain.push',
            'server.read', 'server.pay',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'bill.read',
        ]);
    }

    public function testSupport()

    {
        $this->assertAccesses('role:support', [
            'access-subclients', 'support',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read',
            'domain.read', 'domain.update',
            'server.read',
            'account.read', 'account.create', 'account.update', 'account.delete',
        ]);
    }

    public function testAdmin()
    {
        $this->assertAccesses('role:admin', [
            'access-subclients', 'support', 'admin',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read',
            'domain.read', 'domain.update',
            'server.read', 'server.create', 'server.update', 'server.delete',
            'account.read', 'account.create', 'account.update', 'account.delete',
        ]);
    }

    public function testManager()
    {
        $this->assertAccesses('role:manager', [
            'access-subclients', 'support', 'manage',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read', 'client.create', 'client.update', 'client.delete',
            'bill.read',
            'domain.read', 'domain.update', 'domain.delete',
            'domain.pay', 'domain.push',
            'server.read', 'server.pay', 'server.sell',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
            'contact.force-verify',
            'mailing.prepare', 'mailing.send',
            'part.read', 'part.create', 'part.update', 'part.delete',
            'move.read', 'move.create', 'move.update', 'move.delete',
            'model.read', 'model.create', 'model.update', 'model.delete',
        ]);
    }

    public function testEmployee()
    {
        $this->assertAccesses('role:employee', [
            'restore-password', 'deposit',
            'bill.read', 'employee.read',
        ]);
    }

    public function testMighty()
    {
        $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty');

        $this->assertAccesses('user:mighty', [
            'access-subclients', 'support', 'manage', 'admin',
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
            'client.read', 'client.create', 'client.update', 'client.delete',
            'bill.read', 'bill.create', 'bill.update', 'bill.delete',
            'domain.freeze',
            'domain.read', 'domain.update', 'domain.delete',
            'domain.pay', 'domain.push', 'domain.force-push',
            'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'document.read', 'document.create', 'document.update', 'document.delete',
            'document.generate', 'document.generate-all',
            'contact.force-verify',
            'mailing.prepare', 'mailing.send',
            'part.read', 'part.create', 'part.update', 'part.delete',
            'move.read', 'move.create', 'move.update', 'move.delete',
            'model.read', 'model.create', 'model.update', 'model.delete',
            'employee.read',
        ]);
    }

    public function testDeny()
    {
        $this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read', 'user:limited');

        $this->assertAccesses('user:limited', [
            'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
            'domain.read', 'domain.update', 'domain.pay',
            'account.read', 'account.create', 'account.update', 'account.delete',
            'restore-password', 'bill.read',
        ]);
    }

    public function testBetaTester()
    {
        $this->auth->setAssignments('role:beta-tester', 'user:beta-tester');

        $this->assertAccesses('user:beta-tester', [
            'test.beta',
        ]);
    }

    public function testAlphaTester()
    {
        $this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');

        $this->assertAccesses('user:alpha-tester', [
            'test.alpha', 'test.beta',
        ]);
    }
}


1		<?php
2		/**
3		* RBAC implementation for HiPanel
4		*
5		* @link https://github.com/hiqdev/hipanel-rbac
6		* @package hipanel-rbac
7		* @license BSD-3-Clause
8		* @copyright Copyright (c) 2016-2017, HiQDev (http://hiqdev.com/)
9		*/
10
11		namespace hipanel\rbac\tests\unit;
12
13		trait CheckAccessTrait
14		{
15		public function setAssignments()
16		{
17		foreach ($this->auth->getAllItems() as $item) {
18		$this->auth->setAssignment($item->name, $item->name);
		0 ignored issues – show Bug introduced 2016-11-04 10:47 UTC by Report Bug Copy Issue Report The property `auth` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
19		}
20		}
21
22		public function testPermission()
23		{
24		foreach ($this->auth->getPermissions() as $user) {
25		foreach ($this->auth->getPermissions() as $perm) {
26		$this->assertSame($user->name === $perm->name, $this->auth->checkAccess($user->name, $perm->name));
		0 ignored issues – show Bug introduced 2016-11-04 10:47 UTC by Report Bug Copy Issue Report It seems like `assertSame()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
27		}
28		}
29		}
30
31		public function assertAccesses($userId, array $allowedPermissions)
32		{
33		$allPermissions = array_keys($this->auth->getPermissions());
34		foreach ($allPermissions as $key => $permission) {
35		if (strncmp('deny:', $permission, 5) === 0) {
36		unset($allPermissions[$key]);
37		}
38		}
39		$deniedPermissions = array_diff($allPermissions, $allowedPermissions);
40
41		$this->assertAccess($userId, true, $allowedPermissions);
42		$this->assertAccess($userId, false, $deniedPermissions);
43		}
44
45		public function assertAccess($userId, $isAllowed, array $permissions)
46		{
47		foreach ($permissions as $permission) {
48		$checked = $this->auth->checkAccess($userId, $permission);
49		if ($checked !== $isAllowed) {
50		var_dump(compact('userId', 'isAllowed', 'permission'));
		0 ignored issues – show Security Debugging Code introduced 2017-08-04 17:20 UTC by Report Bug Copy Issue Report `var_dump(compact('userId...lowed', 'permission'));` looks like debug code. Are you sure you do not want to remove it? This might expose sensitive data. Loading history...
51		}
52		$this->assertSame($isAllowed, $checked);
		0 ignored issues – show Bug introduced 2017-08-04 17:20 UTC by Report Bug Copy Issue Report It seems like `assertSame()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
53		}
54		}
55
56		public function testNobody()
57		{
58		$this->assertAccesses('role:nobody', [
59		'nothing',
60		]);
61		}
62
63		public function testUnauthorized()
64		{
65		$this->assertAccesses('', [
66		'restore-password', 'deposit',
67		]);
68		}
69
70	View Code Duplication	public function testClient()
		0 ignored issues – show Duplication introduced 2017-12-11 17:09 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
71		{
72		$this->assertAccesses('role:client', [
73		'restore-password', 'deposit',
74		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
75		'domain.read', 'domain.update', 'domain.pay', 'domain.push',
76		'server.read', 'server.pay',
77		'account.read', 'account.create', 'account.update', 'account.delete',
78		'bill.read',
79		]);
80		}
81
82	View Code Duplication	public function testSupport()
		0 ignored issues – show Duplication introduced 2017-12-13 16:35 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
83		{
84		$this->assertAccesses('role:support', [
85		'access-subclients', 'support',
86		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
87		'client.read',
88		'domain.read', 'domain.update',
89		'server.read',
90		'account.read', 'account.create', 'account.update', 'account.delete',
91		]);
92		}
93
94		public function testAdmin()
95		{
96		$this->assertAccesses('role:admin', [
97		'access-subclients', 'support', 'admin',
98		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
99		'client.read',
100		'domain.read', 'domain.update',
101		'server.read', 'server.create', 'server.update', 'server.delete',
102		'account.read', 'account.create', 'account.update', 'account.delete',
103		]);
104		}
105
106		public function testManager()
107		{
108		$this->assertAccesses('role:manager', [
109		'access-subclients', 'support', 'manage',
110		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
111		'client.read', 'client.create', 'client.update', 'client.delete',
112		'bill.read',
113		'domain.read', 'domain.update', 'domain.delete',
114		'domain.pay', 'domain.push',
115		'server.read', 'server.pay', 'server.sell',
116		'account.read', 'account.create', 'account.update', 'account.delete',
117		'document.read', 'document.create', 'document.update', 'document.delete', 'document.generate',
118		'contact.force-verify',
119		'mailing.prepare', 'mailing.send',
120		'part.read', 'part.create', 'part.update', 'part.delete',
121		'move.read', 'move.create', 'move.update', 'move.delete',
122		'model.read', 'model.create', 'model.update', 'model.delete',
123		]);
124		}
125
126		public function testEmployee()
127		{
128		$this->assertAccesses('role:employee', [
129		'restore-password', 'deposit',
130		'bill.read', 'employee.read',
131		]);
132		}
133
134		public function testMighty()
135		{
136		$this->auth->setAssignments('role:admin,role:manager,role:document.master,role:bill.manager,domain.freeze,domain.force-push,domain.delete,employee.read', 'user:mighty');
137
138		$this->assertAccesses('user:mighty', [
139		'access-subclients', 'support', 'manage', 'admin',
140		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete',
141		'client.read', 'client.create', 'client.update', 'client.delete',
142		'bill.read', 'bill.create', 'bill.update', 'bill.delete',
143		'domain.freeze',
144		'domain.read', 'domain.update', 'domain.delete',
145		'domain.pay', 'domain.push', 'domain.force-push',
146		'server.read', 'server.create', 'server.update', 'server.delete', 'server.pay', 'server.sell',
147		'account.read', 'account.create', 'account.update', 'account.delete',
148		'document.read', 'document.create', 'document.update', 'document.delete',
149		'document.generate', 'document.generate-all',
150		'contact.force-verify',
151		'mailing.prepare', 'mailing.send',
152		'part.read', 'part.create', 'part.update', 'part.delete',
153		'move.read', 'move.create', 'move.update', 'move.delete',
154		'model.read', 'model.create', 'model.update', 'model.delete',
155		'employee.read',
156		]);
157		}
158
159		public function testDeny()
160		{
161		$this->auth->setAssignments('role:client,deny:deposit,deny:domain.push,deny:server.pay,deny:server.read', 'user:limited');
162
163		$this->assertAccesses('user:limited', [
164		'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close',
165		'domain.read', 'domain.update', 'domain.pay',
166		'account.read', 'account.create', 'account.update', 'account.delete',
167		'restore-password', 'bill.read',
168		]);
169		}
170
171		public function testBetaTester()
172		{
173		$this->auth->setAssignments('role:beta-tester', 'user:beta-tester');
174
175		$this->assertAccesses('user:beta-tester', [
176		'test.beta',
177		]);
178		}
179
180		public function testAlphaTester()
181		{
182		$this->auth->setAssignments('role:alpha-tester', 'user:alpha-tester');
183
184		$this->assertAccesses('user:alpha-tester', [
185		'test.alpha', 'test.beta',
186		]);
187		}
188		}
189

hiqdev / hipanel-rbac

Push — master ( 57ab28...c18b60 )

CheckAccessTrait A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

15 Methods

How to fix Duplicated Code

Duplicated Code

Duplication Side-by-Side

Filter issues like