Issues in AuthorizationChecker.php (master) - Issues in master - kitodo/kitodo-publication - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3936)

Classes/Security/AuthorizationChecker.php (3 issues)

Labels

Severity

<?php
namespace EWW\Dpf\Security;

/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */


class AuthorizationChecker
{
    /**
     * objectManager
     *
     * @var \TYPO3\CMS\Extbase\Object\ObjectManagerInterface
     * @TYPO3\CMS\Extbase\Annotation\Inject
     */
    protected $objectManager;

    /**
     * security
     *
     * @var \EWW\Dpf\Security\Security
     * @TYPO3\CMS\Extbase\Annotation\Inject
     */
    protected $security = null;

    public function denyAccessUnlessLoggedIn()
    {
        $security = $this->objectManager->get(\EWW\Dpf\Security\Security::class);


        if (
            $this->security->getUserRole() === Security::ROLE_LIBRARIAN ||
            $this->security->getUserRole() === Security::ROLE_RESEARCHER
        ) {
            return;
        } else {
            header('Temporary-Header: True', true, 403);
            header_remove('Temporary-Header');
            $key = 'LLL:EXT:dpf/Resources/Private/Language/locallang.xlf:error.access_denied';
            $accessDeniedMessage = \TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate($key, 'dpf');
            die($accessDeniedMessage);

        }
    }

    public function denyAccessUnlessGranted($attribute, $subject = NULL)
    {
        if($this->isGranted($attribute, $subject)) {
            return;
        } else {
            header('Temporary-Header: True', true, 403);
            header_remove('Temporary-Header');
            $key = 'LLL:EXT:dpf/Resources/Private/Language/locallang.xlf:error.access_denied';
            $accessDeniedMessage = \TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate($key, 'dpf');
            die($accessDeniedMessage);

        }
    }


    /**
     * @param string $attribute
     * @param object $subject
     * @return bool
     */
    public function isGranted($attribute, $subject = NULL) {
        $voters = Voter::getVoters();

        foreach ($voters as $voter) {
            if ($voter->supports($attribute, $subject)) {
                return $voter->voteOnAttribute($attribute, $subject);
            }
        }

        return FALSE;
    }

}

1			<?php
2			namespace EWW\Dpf\Security;
3
4			/*
5			* This file is part of the TYPO3 CMS project.
6			*
7			* It is free software; you can redistribute it and/or modify it under
8			* the terms of the GNU General Public License, either version 2
9			* of the License, or any later version.
10			*
11			* For the full copyright and license information, please read the
12			* LICENSE.txt file that was distributed with this source code.
13			*
14			* The TYPO3 project - inspiring people to share!
15			*/
16
17
18			class AuthorizationChecker
19			{
20			/**
21			* objectManager
22			*
23			* @var \TYPO3\CMS\Extbase\Object\ObjectManagerInterface
24			* @TYPO3\CMS\Extbase\Annotation\Inject
25			*/
26			protected $objectManager;
27
28			/**
29			* security
30			*
31			* @var \EWW\Dpf\Security\Security
32			* @TYPO3\CMS\Extbase\Annotation\Inject
33			*/
34			protected $security = null;
35
36			public function denyAccessUnlessLoggedIn()
37			{
38			$security = $this->objectManager->get(\EWW\Dpf\Security\Security::class);
			0 ignored issues – show Unused Code introduced 2019-12-09 12:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$security` is dead and can be removed. Loading history...
39
40			if (
41			$this->security->getUserRole() === Security::ROLE_LIBRARIAN \|\|
42			$this->security->getUserRole() === Security::ROLE_RESEARCHER
43			) {
44			return;
45			} else {
46			header('Temporary-Header: True', true, 403);
47			header_remove('Temporary-Header');
48			$key = 'LLL:EXT:dpf/Resources/Private/Language/locallang.xlf:error.access_denied';
49			$accessDeniedMessage = \TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate($key, 'dpf');
50			die($accessDeniedMessage);
			0 ignored issues – show Best Practice introduced 2019-12-09 12:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
51			}
52			}
53
54			public function denyAccessUnlessGranted($attribute, $subject = NULL)
55			{
56			if($this->isGranted($attribute, $subject)) {
57			return;
58			} else {
59			header('Temporary-Header: True', true, 403);
60			header_remove('Temporary-Header');
61			$key = 'LLL:EXT:dpf/Resources/Private/Language/locallang.xlf:error.access_denied';
62			$accessDeniedMessage = \TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate($key, 'dpf');
63			die($accessDeniedMessage);
			0 ignored issues – show Best Practice introduced 2019-12-09 12:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history...
64			}
65			}
66
67
68			/**
69			* @param string $attribute
70			* @param object $subject
71			* @return bool
72			*/
73			public function isGranted($attribute, $subject = NULL) {
74			$voters = Voter::getVoters();
75
76			foreach ($voters as $voter) {
77			if ($voter->supports($attribute, $subject)) {
78			return $voter->voteOnAttribute($attribute, $subject);
79			}
80			}
81
82			return FALSE;
83			}
84
85			}

kitodo / kitodo-publication

Issues (3936)

Classes/Security/AuthorizationChecker.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like