This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * LatteChecker.php |
||
4 | * |
||
5 | * @copyright More in license.md |
||
6 | * @license https://www.ipublikuj.eu |
||
7 | * @author Adam Kadlec <[email protected]> |
||
8 | * @package iPublikuj:Permissions! |
||
9 | * @subpackage Access |
||
10 | * @since 1.0.0 |
||
11 | * |
||
12 | * @date 14.10.14 |
||
13 | */ |
||
14 | |||
15 | declare(strict_types = 1); |
||
16 | |||
17 | namespace IPub\Permissions\Access; |
||
18 | |||
19 | use Nette; |
||
20 | use Nette\Utils; |
||
21 | use Nette\Security as NS; |
||
22 | |||
23 | use IPub\Permissions\Entities; |
||
24 | use IPub\Permissions\Exceptions; |
||
25 | |||
26 | /** |
||
27 | * Latte helper for access checking |
||
28 | * |
||
29 | * @package iPublikuj:Permissions! |
||
30 | * @subpackage Access |
||
31 | * |
||
32 | * @author Adam Kadlec <[email protected]> |
||
33 | */ |
||
34 | 1 | final class LatteChecker implements IChecker |
|
35 | { |
||
36 | /** |
||
37 | * Implement nette smart magic |
||
38 | */ |
||
39 | 1 | use Nette\SmartObject; |
|
40 | |||
41 | /** |
||
42 | * @var NS\User |
||
43 | */ |
||
44 | private $user; |
||
45 | |||
46 | /** |
||
47 | * @param NS\User $user |
||
48 | */ |
||
49 | public function __construct(NS\User $user) |
||
50 | { |
||
51 | 1 | $this->user = $user; |
|
52 | 1 | } |
|
53 | |||
54 | /** |
||
55 | * {@inheritdoc} |
||
56 | */ |
||
57 | View Code Duplication | public function isAllowed($element) : bool |
|
0 ignored issues
–
show
|
|||
58 | { |
||
59 | // Check annotations only if element have to be secured |
||
60 | if (is_array($element)) { |
||
61 | $element = Utils\ArrayHash::from($element); |
||
62 | |||
63 | return $this->checkUser($element) |
||
64 | && $this->checkResources($element) |
||
65 | && $this->checkPrivileges($element) |
||
66 | && $this->checkPermission($element) |
||
67 | && $this->checkRoles($element); |
||
68 | |||
69 | } else { |
||
70 | return TRUE; |
||
71 | } |
||
72 | } |
||
73 | |||
74 | /** |
||
75 | * @param Utils\ArrayHash $element |
||
76 | * |
||
77 | * @return bool |
||
78 | * |
||
79 | * @throws Exceptions\InvalidArgumentException |
||
80 | */ |
||
81 | View Code Duplication | private function checkUser(Utils\ArrayHash $element) : bool |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
82 | { |
||
83 | // Check if element has user parameter |
||
84 | if ($element->offsetExists('user')) { |
||
85 | // Get user parameter |
||
86 | $user = $element->offsetGet('user'); |
||
87 | |||
88 | // Parameter is single string |
||
89 | if (is_string($user) && in_array($user, ['loggedIn', 'guest'], TRUE)) { |
||
90 | // User have to be logged in and is not |
||
91 | if ($user === 'loggedIn' && $this->user->isLoggedIn() === FALSE) { |
||
92 | return FALSE; |
||
93 | |||
94 | // User have to be logged out and is logged in |
||
95 | } elseif ($user === 'guest' && $this->user->isLoggedIn() === TRUE) { |
||
96 | return FALSE; |
||
97 | } |
||
98 | |||
99 | // Parameter have multiple definitions |
||
100 | } else { |
||
101 | throw new Exceptions\InvalidArgumentException('In parameter \'user\' is allowed only one from two strings: \'loggedIn\' & \'guest\''); |
||
102 | } |
||
103 | |||
104 | return TRUE; |
||
105 | } |
||
106 | |||
107 | return TRUE; |
||
108 | } |
||
109 | |||
110 | /** |
||
111 | * @param Utils\ArrayHash $element |
||
112 | * |
||
113 | * @return bool |
||
114 | * |
||
115 | * @throws Exceptions\InvalidStateException |
||
116 | */ |
||
117 | protected function checkResources(Utils\ArrayHash $element) : bool |
||
118 | { |
||
119 | // Check if element has resource parameter & privilege parameter |
||
120 | if ($element->offsetExists('resource')) { |
||
121 | $resources = (array) $element->offsetGet('resource'); |
||
122 | $privileges = $element->offsetExists('privilege') ? (array) $element->offsetGet('privilege') : []; |
||
123 | |||
124 | if (count($resources) != 1) { |
||
125 | throw new Exceptions\InvalidStateException('Invalid resources count in \'resource\' parameter!'); |
||
126 | } |
||
127 | |||
128 | View Code Duplication | foreach ($resources as $resource) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
129 | if (count($privileges)) { |
||
130 | foreach ($privileges as $privilege) { |
||
131 | if ($this->user->isAllowed($resource, $privilege)) { |
||
132 | return TRUE; |
||
133 | } |
||
134 | } |
||
135 | |||
136 | } else { |
||
137 | if ($this->user->isAllowed($resource)) { |
||
138 | return TRUE; |
||
139 | } |
||
140 | } |
||
141 | } |
||
142 | |||
143 | return FALSE; |
||
144 | } |
||
145 | |||
146 | return TRUE; |
||
147 | } |
||
148 | |||
149 | /** |
||
150 | * @param Utils\ArrayHash $element |
||
151 | * |
||
152 | * @return bool |
||
153 | * |
||
154 | * @throws Exceptions\InvalidStateException |
||
155 | */ |
||
156 | View Code Duplication | protected function checkPrivileges(Utils\ArrayHash $element) : bool |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
157 | { |
||
158 | // Check if element has privilege parameter & hasn't resource parameter |
||
159 | if (!$element->offsetExists('resource') && $element->offsetExists('privilege')) { |
||
160 | $privileges = (array) $element->offsetGet('privilege'); |
||
161 | |||
162 | if (count($privileges) != 1) { |
||
163 | throw new Exceptions\InvalidStateException('Invalid privileges count in \'privilege\' parameter!'); |
||
164 | } |
||
165 | |||
166 | foreach ($privileges as $privilege) { |
||
167 | if ($this->user->isAllowed(NS\IAuthorizator::ALL, $privilege)) { |
||
168 | return TRUE; |
||
169 | } |
||
170 | } |
||
171 | |||
172 | return FALSE; |
||
173 | } |
||
174 | |||
175 | return TRUE; |
||
176 | } |
||
177 | |||
178 | /** |
||
179 | * @param Utils\ArrayHash $element |
||
180 | * |
||
181 | * @return bool |
||
182 | */ |
||
183 | View Code Duplication | protected function checkPermission(Utils\ArrayHash $element) : bool |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
184 | { |
||
185 | // Check if element has permission parameter |
||
186 | if ($element->offsetExists('permission')) { |
||
187 | $permissions = (array) $element->offsetGet('permission'); |
||
188 | |||
189 | foreach ($permissions as $permission) { |
||
190 | // Parse resource & privilege from permission |
||
191 | list($resource, $privilege) = explode(Entities\IPermission::DELIMITER, $permission); |
||
192 | |||
193 | // Remove white spaces |
||
194 | $resource = Utils\Strings::trim($resource); |
||
195 | $privilege = Utils\Strings::trim($privilege); |
||
196 | |||
197 | if ($this->user->isAllowed($resource, $privilege)) { |
||
198 | return TRUE; |
||
199 | } |
||
200 | } |
||
201 | |||
202 | return FALSE; |
||
203 | } |
||
204 | |||
205 | return TRUE; |
||
206 | } |
||
207 | |||
208 | /** |
||
209 | * @param Utils\ArrayHash $element |
||
210 | * |
||
211 | * @return bool |
||
212 | */ |
||
213 | protected function checkRoles(Utils\ArrayHash $element) : bool |
||
214 | { |
||
215 | // Check if element has role parameter |
||
216 | View Code Duplication | if ($element->offsetExists('role')) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
217 | $roles = (array) $element->offsetGet('role'); |
||
218 | |||
219 | foreach ($roles as $role) { |
||
220 | if ($this->user->isInRole($role)) { |
||
221 | return TRUE; |
||
222 | } |
||
223 | } |
||
224 | |||
225 | return FALSE; |
||
226 | } |
||
227 | |||
228 | return TRUE; |
||
229 | } |
||
230 | } |
||
231 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.