Request::isAllowedAction() - Code Metrics - Inspection of "Add possibility to modify user rights from externa..." - mikopbx/Core - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — develop ( 5ea0eb...95a6ec )

by Nikolay

created 2023-05-10 10:26 UTC

Request::isAllowedAction() A

↳ Parent: Request

Complexity

Conditions	3
Paths	3

Size

Total Lines	15
Code Lines	11

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
eloc	11
dl	0
loc	15
rs	9.9
c	0
b	0
f	0
cc	3
nc	3
nop	1

<?php
/*
 * MikoPBX - free phone system for small business
 * Copyright (C) 2017-2020 Alexey Portnov and Nikolay Beketov
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with this program.
 * If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace MikoPBX\PBXCoreREST\Http;

use MikoPBX\AdminCabinet\Controllers\SessionController;
use MikoPBX\Common\Providers\AclProvider;
use MikoPBX\Common\Providers\ConfigProvider;
use MikoPBX\Common\Providers\PBXConfModulesProvider;
use MikoPBX\Common\Providers\SessionProvider;
use MikoPBX\Modules\Config\RestAPIConfigInterface;
use Phalcon\Acl\Enum as AclEnum;
use Phalcon\Http\Request as PhRequest;
use Phalcon\Mvc\Micro;

class Request extends PhRequest
{
    /**
     * @return bool
     */
    public function isLocalHostRequest(): bool
    {
        return ($_SERVER['REMOTE_ADDR'] === '127.0.0.1');
    }

    public function isDebugModeEnabled(): bool
    {
        return ($this->getDI()->getShared(ConfigProvider::SERVICE_NAME)->path('adminApplication.debugMode'));
    }

    public function isAuthorizedSessionRequest(): bool
    {
        return $this->getDI()->getShared(SessionProvider::SERVICE_NAME)->has(SessionController::SESSION_ID);
    }

    /**
     * Checks current request by ACL lists
     *
     * For example, we request /pbxcore/api/sip/getPeersStatuses
     * We explode the paths on 5-th parts and combine two variables
     *  controller = /pbxcore/api/sip
     *  action = getPeersStatuses
     *
     * The next we request the ACL table and check if it allows or not
     *
     * @param $api
     * @return bool
     */
    public function isAllowedAction($api): bool
    {
        $pattern = $api->router->getMatches()[0]??'';
        $action = $api->router->getMatches()[1]??'';
        $partsOfPattern = explode('/', $pattern);
        if (count($partsOfPattern)===5){
            $role = $api->getSharedService(SessionProvider::SERVICE_NAME)->get(SessionController::SESSION_ID)['role'] ?? 'guest';
            $acl =  $api->getSharedService(AclProvider::SERVICE_NAME);
            $controller = "/$partsOfPattern[1]/$partsOfPattern[2]/$partsOfPattern[3]";
            $allowed = $acl->isAllowed($role, $controller, $action);
            if ($allowed != AclEnum::ALLOW) {
                return false;
            }
        }
        return true;
    }

    /**
     * Checks additional modules routes access rules
     * @param Micro $api
     *
     * @return bool
     */
    public function thisIsModuleNoAuthRequest(Micro $api): bool
    {
        $pattern  = $api->request->getURI(true);
        $additionalRoutes = PBXConfModulesProvider::hookModulesMethodWithArrayResult(RestAPIConfigInterface::GET_PBXCORE_REST_ADDITIONAL_ROUTES);
        foreach ($additionalRoutes as $additionalRoutesFromModule){
            foreach ($additionalRoutesFromModule as $additionalRoute) {
                $noAuth = $additionalRoute[5] ?? false;
                if ($noAuth === true
                    && stripos($pattern, $additionalRoute[2]) === 0) {
                    return true; // Allow request without authentication
                }
            }
        }
        return false;
    }
}

1			<?php
2			/*
3			* MikoPBX - free phone system for small business
4			* Copyright (C) 2017-2020 Alexey Portnov and Nikolay Beketov
5			*
6			* This program is free software: you can redistribute it and/or modify
7			* it under the terms of the GNU General Public License as published by
8			* the Free Software Foundation; either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* This program is distributed in the hope that it will be useful,
12			* but WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU General Public License for more details.
15			*
16			* You should have received a copy of the GNU General Public License along with this program.
17			* If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			declare(strict_types=1);
21
22			namespace MikoPBX\PBXCoreREST\Http;
23
24			use MikoPBX\AdminCabinet\Controllers\SessionController;
25			use MikoPBX\Common\Providers\AclProvider;
26			use MikoPBX\Common\Providers\ConfigProvider;
27			use MikoPBX\Common\Providers\PBXConfModulesProvider;
28			use MikoPBX\Common\Providers\SessionProvider;
29			use MikoPBX\Modules\Config\RestAPIConfigInterface;
30			use Phalcon\Acl\Enum as AclEnum;
31			use Phalcon\Http\Request as PhRequest;
32			use Phalcon\Mvc\Micro;
33
34			class Request extends PhRequest
35			{
36			/**
37			* @return bool
38			*/
39			public function isLocalHostRequest(): bool
40			{
41			return ($_SERVER['REMOTE_ADDR'] === '127.0.0.1');
42			}
43
44			public function isDebugModeEnabled(): bool
45			{
46			return ($this->getDI()->getShared(ConfigProvider::SERVICE_NAME)->path('adminApplication.debugMode'));
47			}
48
49			public function isAuthorizedSessionRequest(): bool
50			{
51			return $this->getDI()->getShared(SessionProvider::SERVICE_NAME)->has(SessionController::SESSION_ID);
52			}
53
54			/**
55			* Checks current request by ACL lists
56			*
57			* For example, we request /pbxcore/api/sip/getPeersStatuses
58			* We explode the paths on 5-th parts and combine two variables
59			* controller = /pbxcore/api/sip
60			* action = getPeersStatuses
61			*
62			* The next we request the ACL table and check if it allows or not
63			*
64			* @param $api
65			* @return bool
66			*/
67			public function isAllowedAction($api): bool
68			{
69			$pattern = $api->router->getMatches()[0]??'';
70			$action = $api->router->getMatches()[1]??'';
71			$partsOfPattern = explode('/', $pattern);
72			if (count($partsOfPattern)===5){
73			$role = $api->getSharedService(SessionProvider::SERVICE_NAME)->get(SessionController::SESSION_ID)['role'] ?? 'guest';
74			$acl = $api->getSharedService(AclProvider::SERVICE_NAME);
75			$controller = "/$partsOfPattern[1]/$partsOfPattern[2]/$partsOfPattern[3]";
76			$allowed = $acl->isAllowed($role, $controller, $action);
77			if ($allowed != AclEnum::ALLOW) {
78			return false;
79			}
80			}
81			return true;
82			}
83
84			/**
85			* Checks additional modules routes access rules
86			* @param Micro $api
87			*
88			* @return bool
89			*/
90			public function thisIsModuleNoAuthRequest(Micro $api): bool
91			{
92			$pattern = $api->request->getURI(true);
93			$additionalRoutes = PBXConfModulesProvider::hookModulesMethodWithArrayResult(RestAPIConfigInterface::GET_PBXCORE_REST_ADDITIONAL_ROUTES);
94			foreach ($additionalRoutes as $additionalRoutesFromModule){
95			foreach ($additionalRoutesFromModule as $additionalRoute) {
96			$noAuth = $additionalRoute[5] ?? false;
97			if ($noAuth === true
98			&& stripos($pattern, $additionalRoute[2]) === 0) {
99			return true; // Allow request without authentication
100			}
101			}
102			}
103			return false;
104			}
105			}

mikopbx / Core

Push — develop ( 5ea0eb...95a6ec )

Request::isAllowedAction() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like