1 | <?php |
||||
2 | |||||
3 | /* |
||||
4 | * @copyright 2014 Mautic Contributors. All rights reserved |
||||
5 | * @author Mautic |
||||
6 | * |
||||
7 | * @link http://mautic.org |
||||
8 | * |
||||
9 | * @license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html |
||||
10 | */ |
||||
11 | |||||
12 | namespace Mautic\UserBundle\Controller\Api; |
||||
13 | |||||
14 | use Mautic\ApiBundle\Controller\CommonApiController; |
||||
15 | use Symfony\Component\HttpFoundation\Response; |
||||
16 | use Symfony\Component\HttpKernel\Event\FilterControllerEvent; |
||||
17 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||||
18 | |||||
19 | /** |
||||
20 | * Class UserApiController. |
||||
21 | */ |
||||
22 | class UserApiController extends CommonApiController |
||||
23 | { |
||||
24 | /** |
||||
25 | * {@inheritdoc} |
||||
26 | */ |
||||
27 | public function initialize(FilterControllerEvent $event) |
||||
28 | { |
||||
29 | $this->model = $this->getModel('user.user'); |
||||
30 | $this->entityClass = 'Mautic\UserBundle\Entity\User'; |
||||
31 | $this->entityNameOne = 'user'; |
||||
32 | $this->entityNameMulti = 'users'; |
||||
33 | $this->serializerGroups = ['userDetails', 'roleList', 'publishDetails']; |
||||
34 | $this->dataInputMasks = ['signature' => 'html']; |
||||
35 | parent::initialize($event); |
||||
36 | } |
||||
37 | |||||
38 | /** |
||||
39 | * Obtains the logged in user's data. |
||||
40 | * |
||||
41 | * @return \Symfony\Component\HttpFoundation\Response |
||||
42 | * |
||||
43 | * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException |
||||
44 | */ |
||||
45 | public function getSelfAction() |
||||
46 | { |
||||
47 | $currentUser = $this->get('security.token_storage')->getToken()->getUser(); |
||||
48 | $view = $this->view($currentUser, Response::HTTP_OK); |
||||
49 | |||||
50 | return $this->handleView($view); |
||||
51 | } |
||||
52 | |||||
53 | /** |
||||
54 | * Creates a new user. |
||||
55 | */ |
||||
56 | public function newEntityAction() |
||||
57 | { |
||||
58 | $entity = $this->model->getEntity(); |
||||
0 ignored issues
–
show
|
|||||
59 | |||||
60 | if (!$this->get('mautic.security')->isGranted('user:users:create')) { |
||||
61 | return $this->accessDenied(); |
||||
62 | } |
||||
63 | |||||
64 | $parameters = $this->request->request->all(); |
||||
65 | |||||
66 | if (isset($parameters['plainPassword']['password'])) { |
||||
67 | $submittedPassword = $parameters['plainPassword']['password']; |
||||
68 | $encoder = $this->get('security.encoder_factory')->getEncoder($entity); |
||||
69 | $entity->setPassword($this->model->checkNewPassword($entity, $encoder, $submittedPassword)); |
||||
0 ignored issues
–
show
The method
checkNewPassword() does not exist on Mautic\CoreBundle\Model\AbstractCommonModel . It seems like you code against a sub-type of Mautic\CoreBundle\Model\AbstractCommonModel such as Mautic\UserBundle\Model\UserModel .
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
70 | } |
||||
71 | |||||
72 | return $this->processForm($entity, $parameters, 'POST'); |
||||
73 | } |
||||
74 | |||||
75 | /** |
||||
76 | * Edits an existing user or creates a new one on PUT if not found. |
||||
77 | * |
||||
78 | * @param int $id User ID |
||||
79 | * |
||||
80 | * @return \Symfony\Component\HttpFoundation\Response |
||||
81 | * |
||||
82 | * @throws NotFoundHttpException |
||||
83 | */ |
||||
84 | public function editEntityAction($id) |
||||
85 | { |
||||
86 | $entity = $this->model->getEntity($id); |
||||
87 | $parameters = $this->request->request->all(); |
||||
88 | $method = $this->request->getMethod(); |
||||
89 | |||||
90 | if (!$this->get('mautic.security')->isGranted('user:users:edit')) { |
||||
91 | return $this->accessDenied(); |
||||
92 | } |
||||
93 | |||||
94 | if (null === $entity) { |
||||
95 | if ('PATCH' === $method || |
||||
96 | ('PUT' === $method && !$this->get('mautic.security')->isGranted('user:users:create')) |
||||
97 | ) { |
||||
98 | //PATCH requires that an entity exists or must have create access for PUT |
||||
99 | return $this->notFound(); |
||||
100 | } else { |
||||
101 | $entity = $this->model->getEntity(); |
||||
0 ignored issues
–
show
Are you sure the assignment to
$entity is correct as $this->model->getEntity() targeting Mautic\CoreBundle\Model\...ommonModel::getEntity() seems to always return null.
This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A
{
function getObject()
{
return null;
}
}
$a = new A();
$object = $a->getObject();
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
102 | if (isset($parameters['plainPassword']['password'])) { |
||||
103 | $submittedPassword = $parameters['plainPassword']['password']; |
||||
104 | $encoder = $this->get('security.encoder_factory')->getEncoder($entity); |
||||
105 | $entity->setPassword($this->model->checkNewPassword($entity, $encoder, $submittedPassword)); |
||||
106 | } |
||||
107 | } |
||||
108 | } else { |
||||
109 | //Changing passwords via API is forbidden |
||||
110 | if (!empty($parameters['plainPassword'])) { |
||||
111 | unset($parameters['plainPassword']); |
||||
112 | } |
||||
113 | if ('PATCH' == $method) { |
||||
114 | //PATCH will accept a diff so just remove the entities |
||||
115 | |||||
116 | //Changing username via API is forbidden |
||||
117 | if (!empty($parameters['username'])) { |
||||
118 | unset($parameters['username']); |
||||
119 | } |
||||
120 | |||||
121 | //Changing the role via the API is forbidden |
||||
122 | if (!empty($parameters['role'])) { |
||||
123 | unset($parameters['role']); |
||||
124 | } |
||||
125 | } else { |
||||
126 | //PUT requires the entire entity so overwrite the username with the original |
||||
127 | $parameters['username'] = $entity->getUsername(); |
||||
128 | $parameters['role'] = $entity->getRole()->getId(); |
||||
129 | } |
||||
130 | } |
||||
131 | |||||
132 | return $this->processForm($entity, $parameters, $method); |
||||
133 | } |
||||
134 | |||||
135 | protected function preSaveEntity(&$entity, $form, $parameters, $action = 'edit') |
||||
136 | { |
||||
137 | switch ($action) { |
||||
138 | case 'new': |
||||
139 | $submittedPassword = null; |
||||
140 | if (isset($parameters['plainPassword'])) { |
||||
141 | if (is_array($parameters['plainPassword']) && isset($parameters['plainPassword']['password'])) { |
||||
142 | $submittedPassword = $parameters['plainPassword']['password']; |
||||
143 | } else { |
||||
144 | $submittedPassword = $parameters['plainPassword']; |
||||
145 | } |
||||
146 | } |
||||
147 | |||||
148 | $encoder = $this->get('security.encoder_factory')->getEncoder($entity); |
||||
149 | $entity->setPassword($this->model->checkNewPassword($entity, $encoder, $submittedPassword, true)); |
||||
150 | break; |
||||
151 | } |
||||
152 | } |
||||
153 | |||||
154 | /** |
||||
155 | * Verifies if a user has permission(s) to a action. |
||||
156 | * |
||||
157 | * @param int $id User ID |
||||
158 | * |
||||
159 | * @return \Symfony\Component\HttpFoundation\Response |
||||
160 | * |
||||
161 | * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException |
||||
162 | * @throws \Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||||
163 | */ |
||||
164 | public function isGrantedAction($id) |
||||
165 | { |
||||
166 | $entity = $this->model->getEntity($id); |
||||
167 | if (!$entity instanceof $this->entityClass) { |
||||
168 | return $this->notFound(); |
||||
169 | } |
||||
170 | |||||
171 | $permissions = $this->request->request->get('permissions'); |
||||
172 | |||||
173 | if (empty($permissions)) { |
||||
174 | return $this->badRequest('mautic.api.call.permissionempty'); |
||||
175 | } elseif (!is_array($permissions)) { |
||||
176 | $permissions = [$permissions]; |
||||
177 | } |
||||
178 | |||||
179 | $return = $this->get('mautic.security')->isGranted($permissions, 'RETURN_ARRAY', $entity); |
||||
180 | $view = $this->view($return, Response::HTTP_OK); |
||||
181 | |||||
182 | return $this->handleView($view); |
||||
183 | } |
||||
184 | |||||
185 | /** |
||||
186 | * Obtains a list of roles for user edits. |
||||
187 | * |
||||
188 | * @return \Symfony\Component\HttpFoundation\Response |
||||
189 | */ |
||||
190 | public function getRolesAction() |
||||
191 | { |
||||
192 | if (!$this->get('mautic.security')->isGranted( |
||||
193 | ['user:users:create', 'user:users:edit'], |
||||
194 | 'MATCH_ONE' |
||||
195 | ) |
||||
196 | ) { |
||||
197 | return $this->accessDenied(); |
||||
198 | } |
||||
199 | |||||
200 | $filter = $this->request->query->get('filter', null); |
||||
201 | $limit = $this->request->query->get('limit', null); |
||||
202 | $roles = $this->getModel('user')->getLookupResults('role', $filter, $limit); |
||||
203 | |||||
204 | $view = $this->view($roles, Response::HTTP_OK); |
||||
205 | $context = $view->getContext()->setGroups(['roleList']); |
||||
206 | $view->setContext($context); |
||||
207 | |||||
208 | return $this->handleView($view); |
||||
209 | } |
||||
210 | } |
||||
211 |
This check looks for function or method calls that always return null and whose return value is assigned to a variable.
The method
getObject()
can return nothing but null, so it makes no sense to assign that value to a variable.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.