Role::findOrCreate() - Code Metrics - Inspection of "Merge pull request #46 from mostafamaklad/v1.5" - mostafamaklad/laravel-permission-mongodb - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( d05514...4017c3 )

by Mostafa Abd El-Salam

created 2018-02-06 08:20 UTC

Role::findOrCreate() A

↳ Parent: Project

Complexity

Conditions	2
Paths	2

Size

Total Lines	14
Code Lines	8

Duplication

Lines	14
Ratio	100 %

Code Coverage

Tests	8
CRAP Score	2

Importance

Changes

Metric	Value
dl	14
loc	14
ccs	8
cts	8
cp	1
rs	9.4285
c	0
b	0
f	0
cc	2
eloc	8
nc	2
nop	2
crap	2

<?php
declare(strict_types=1);

namespace Maklad\Permission\Models;

use Jenssegers\Mongodb\Eloquent\Model;
use Jenssegers\Mongodb\Relations\BelongsToMany;
use Maklad\Permission\Contracts\PermissionInterface;
use Maklad\Permission\Contracts\RoleInterface;
use Maklad\Permission\Exceptions\GuardDoesNotMatch;
use Maklad\Permission\Exceptions\RoleAlreadyExists;
use Maklad\Permission\Exceptions\RoleDoesNotExist;
use Maklad\Permission\Helpers;
use Maklad\Permission\Traits\HasPermissions;
use Maklad\Permission\Traits\RefreshesPermissionCache;

/**
 * Class Role
 * @package Maklad\Permission\Models
 */
class Role extends Model implements RoleInterface
{
    use HasPermissions;
    use RefreshesPermissionCache;

    public $guarded = ['id'];
    protected $helpers;

    /**
     * Role constructor.
     *
     * @param array $attributes
     */
    public function __construct(array $attributes = [])

    {
        $attributes['guard_name'] = $attributes['guard_name'] ?? \config('auth.defaults.guard');

        parent::__construct($attributes);

        $this->helpers = new Helpers();

        $this->setTable(\config('permission.collection_names.roles'));
    }

    /**
     * @param array $attributes
     *
     * @return $this|Model
     * @throws RoleAlreadyExists
     * @internal param array $attributes§
     *
     */
    public static function create(array $attributes = [])

    {
        $attributes['guard_name'] = $attributes['guard_name'] ?? \config('auth.defaults.guard');
        $helpers                  = new Helpers();

        if (static::where('name', $attributes['name'])->where('guard_name', $attributes['guard_name'])->first()) {
            $name      = (string) $attributes['name'];
            $guardName = (string) $attributes['guard_name'];
            throw new RoleAlreadyExists($helpers->getRoleAlreadyExistsMessage($name, $guardName));
        }

        if ($helpers->isNotLumen() && app()::VERSION < '5.4') {
            return parent::create($attributes);
        }

        return static::query()->create($attributes);
    }

    /**
     * Find or create role by its name (and optionally guardName).
     *
     * @param string $name
     * @param string|null $guardName
     *
     * @return RoleInterface
     * @throws \Maklad\Permission\Exceptions\RoleAlreadyExists
     */
    public static function findOrCreate(string $name, $guardName = null): RoleInterface

    {
        $guardName = $guardName ?? config('auth.defaults.guard');

        $role = static::where('name', $name)
                      ->where('guard_name', $guardName)
                      ->first();

        if (! $role) {
            $role = static::create(['name' => $name, 'guard_name' => $guardName]);
        }

        return $role;
    }

    /**
     * A role may be given various permissions.
     * @return BelongsToMany
     */
    public function permissions(): BelongsToMany
    {
        return $this->belongsToMany(
            \config('permission.models.permission'),
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            \config('permission.collection_names.role_has_permissions')
        );
    }

    /**
     * A role belongs to some users of the model associated with its guard.
     */
    public function users(): BelongsToMany
    {
        return $this->belongsToMany($this->helpers->getModelForGuard($this->attributes['guard_name']));
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
    }

    /**
     * Find a role by its name and guard name.
     *
     * @param string $name
     * @param string|null $guardName
     *
     * @return RoleInterface
     * @throws RoleDoesNotExist
     */
    public static function findByName(string $name, $guardName = null): RoleInterface

    {
        $guardName = $guardName ?? \config('auth.defaults.guard');

        $role = static::where('name', $name)
                      ->where('guard_name', $guardName)
                      ->first();

        if (! $role) {
            $helpers = new Helpers();
            throw new RoleDoesNotExist($helpers->getRoleDoesNotExistMessage($name, $guardName));
        }

        return $role;
    }

    /**
     * Determine if the user may perform the given permission.
     *
     * @param string|Permission $permission
     *
     * @return bool
     *
     * @throws GuardDoesNotMatch
     */
    public function hasPermissionTo($permission): bool
    {
        if (\is_string($permission)) {
            $permission = \app(Permission::class)->findByName($permission, $this->getDefaultGuardName());
        }

        if (! $this->getGuardNames()->contains($permission->guard_name)) {

            $expected = $this->getGuardNames();
            $given    = $permission->guard_name;

            throw new GuardDoesNotMatch($this->helpers->getGuardDoesNotMatchMessage($expected, $given));
        }

        return $this->permissions->contains('id', $permission->id);
    }
}


1			<?php
2			declare(strict_types=1);
3
4			namespace Maklad\Permission\Models;
5
6			use Jenssegers\Mongodb\Eloquent\Model;
7			use Jenssegers\Mongodb\Relations\BelongsToMany;
8			use Maklad\Permission\Contracts\PermissionInterface;
9			use Maklad\Permission\Contracts\RoleInterface;
10			use Maklad\Permission\Exceptions\GuardDoesNotMatch;
11			use Maklad\Permission\Exceptions\RoleAlreadyExists;
12			use Maklad\Permission\Exceptions\RoleDoesNotExist;
13			use Maklad\Permission\Helpers;
14			use Maklad\Permission\Traits\HasPermissions;
15			use Maklad\Permission\Traits\RefreshesPermissionCache;
16
17			/**
18			* Class Role
19			* @package Maklad\Permission\Models
20			*/
21			class Role extends Model implements RoleInterface
22			{
23			use HasPermissions;
24			use RefreshesPermissionCache;
25
26			public $guarded = ['id'];
27			protected $helpers;
28
29			/**
30			* Role constructor.
31			*
32			* @param array $attributes
33			*/
34	119	View Code Duplication	public function __construct(array $attributes = [])
			0 ignored issues – show Duplication introduced 2017-09-01 16:34 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
35			{
36	119		$attributes['guard_name'] = $attributes['guard_name'] ?? \config('auth.defaults.guard');
37
38	119		parent::__construct($attributes);
39
40	119		$this->helpers = new Helpers();
41
42	119		$this->setTable(\config('permission.collection_names.roles'));
43	119		}
44
45			/**
46			* @param array $attributes
47			*
48			* @return $this\|Model
49			* @throws RoleAlreadyExists
50			* @internal param array $attributes§
51			*
52			*/
53	119	View Code Duplication	public static function create(array $attributes = [])
			0 ignored issues – show Duplication introduced 2017-09-01 16:34 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
54			{
55	119		$attributes['guard_name'] = $attributes['guard_name'] ?? \config('auth.defaults.guard');
56	119		$helpers = new Helpers();
57
58	119		if (static::where('name', $attributes['name'])->where('guard_name', $attributes['guard_name'])->first()) {
59	1		$name = (string) $attributes['name'];
60	1		$guardName = (string) $attributes['guard_name'];
61	1		throw new RoleAlreadyExists($helpers->getRoleAlreadyExistsMessage($name, $guardName));
62			}
63
64	119		if ($helpers->isNotLumen() && app()::VERSION < '5.4') {
65			return parent::create($attributes);
66			}
67
68	119		return static::query()->create($attributes);
69			}
70
71			/**
72			* Find or create role by its name (and optionally guardName).
73			*
74			* @param string $name
75			* @param string\|null $guardName
76			*
77			* @return RoleInterface
78			* @throws \Maklad\Permission\Exceptions\RoleAlreadyExists
79			*/
80	1	View Code Duplication	public static function findOrCreate(string $name, $guardName = null): RoleInterface
			0 ignored issues – show Duplication introduced 2018-02-05 15:26 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
81			{
82	1		$guardName = $guardName ?? config('auth.defaults.guard');
83
84	1		$role = static::where('name', $name)
85	1		->where('guard_name', $guardName)
86	1		->first();
87
88	1		if (! $role) {
89	1		$role = static::create(['name' => $name, 'guard_name' => $guardName]);
90			}
91
92	1		return $role;
93			}
94
95			/**
96			* A role may be given various permissions.
97			* @return BelongsToMany
98			*/
99	29		public function permissions(): BelongsToMany
100			{
101	29		return $this->belongsToMany(
102	29		\config('permission.models.permission'),
			0 ignored issues – show Security Code Execution introduced 2017-09-07 15:34 UTC by Report Bug Copy Issue Report `\config('permission.models.permission')` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_SERVER,` and `$server` is assigned in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Data is passed through array_replace() in vendor/Request.php on line 357 Data is passed through call_user_func() in vendor/Request.php on line 2047 `\Illuminate\Http\Request::create($uri, 'GET', array(), array(), array(), $server)` is passed to Container::instance() in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 31 Container::$instances is assigned in vendor/src/Illuminate/Container/Container.php on line 379 Tainted property Container::$instances is read in vendor/src/Illuminate/Container/Container.php on line 620 Container::resolve() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 586 Container::make() returns tainted data in vendor/src/Illuminate/Foundation/helpers.php on line 110 app() returns tainted data in vendor/src/Illuminate/Foundation/helpers.php on line 265 config() returns tainted data in src/Models/Role.php on line 102 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
103	29		\config('permission.collection_names.role_has_permissions')
104			);
105			}
106
107			/**
108			* A role belongs to some users of the model associated with its guard.
109			*/
110	2		public function users(): BelongsToMany
111			{
112	2		return $this->belongsToMany($this->helpers->getModelForGuard($this->attributes['guard_name']));
			0 ignored issues – show Security Code Execution introduced 2018-01-01 08:08 UTC by Report Bug Copy Issue Report `$this->helpers->getModel...tributes['guard_name'])` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 9 paths for user data to reach this point 1. Path: `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in ServerBag.php on line 62 `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in vendor/ServerBag.php on line 62 ParameterBag::$parameters is assigned in vendor/ServerBag.php on line 77 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Role.php on line 112 2. Path: Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in Request.php on line 314 Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$request` is passed to Request::__construct() in vendor/Request.php on line 2056 `$request` is passed to Request::initialize() in vendor/Request.php on line 255 `$request` is passed to ParameterBag::__construct() in vendor/Request.php on line 273 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Role.php on line 112 3. Path: Read from `$_SERVER,` and `$server` is assigned in Request.php on line 304 Read from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 304 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Role.php on line 112 4. Path: Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in Request.php on line 307 Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 307 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Role.php on line 112 5. Path: Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in Request.php on line 310 Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 310 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 314 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Role.php on line 112 6. Path: `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in Request.php on line 380 `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in vendor/Request.php on line 380 `$server` is assigned in vendor/Request.php on line 428 `$server` is assigned in vendor/Request.php on line 429 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 431 `$server` is passed to Request::__construct() in vendor/Request.php on line 2056 `$server` is passed to Request::initialize() in vendor/Request.php on line 255 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 278 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 31 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Role.php on line 112 7. Path: `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 43 `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 43 `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `$values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 142 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 145 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1819 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1850 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Role.php on line 112 8. Path: `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 44 `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 279 `$values` is assigned in vendor/HeaderBag.php on line 29 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 30 `$values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 142 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 145 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 65 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 113 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1819 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1850 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 95 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 41 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Role.php on line 112 9. Path: Read from `$_SERVER,` and `$server` is assigned in src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Read from `$_SERVER,` and `$server` is assigned in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Data is passed through array_replace() in vendor/Request.php on line 357 Data is passed through call_user_func() in vendor/Request.php on line 2047 `\Illuminate\Http\Request::create($uri, 'GET', array(), array(), array(), $server)` is passed to Container::instance() in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 31 Container::$instances is assigned in vendor/src/Illuminate/Container/Container.php on line 379 Tainted property Container::$instances is read in vendor/src/Illuminate/Container/Container.php on line 620 Container::resolve() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 586 Container::make() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 1195 Container::offsetGet() returns tainted data, and `$table` is assigned in vendor/src/Illuminate/Session/SessionManager.php on line 73 `$table` is passed to DatabaseSessionHandler::__construct() in vendor/src/Illuminate/Session/SessionManager.php on line 78 DatabaseSessionHandler::$table is assigned in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 64 Tainted property DatabaseSessionHandler::$table is read, and `$this->table` is passed to Connection::table() in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 279 `$table` is passed to Builder::from() in vendor/src/Illuminate/Database/Connection.php on line 265 Builder::$from is assigned in vendor/src/Illuminate/Database/Query/Builder.php on line 327 Tainted property Builder::$from is read, and `$query->from` is passed to Grammar::wrapTable() in vendor/src/Illuminate/Database/Query/Grammars/Grammar.php on line 783 `$this->tablePrefix . $table` is passed to Grammar::wrap() in vendor/src/Illuminate/Database/Grammar.php on line 36 `$value` is passed through explode(), and `explode('.', $value)` is passed to Grammar::wrapSegments() in vendor/src/Illuminate/Database/Grammar.php on line 62 `$segments` is passed to collect() in vendor/src/Illuminate/Database/Grammar.php on line 96 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 48 Tainted property Collection::$items is read in vendor/src/Illuminate/Support/Collection.php on line 648 Collection::get() returns tainted data in src/Helpers.php on line 21 Helpers::getModelForGuard() returns tainted data in src/Models/Role.php on line 112 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
113			}
114
115			/**
116			* Find a role by its name and guard name.
117			*
118			* @param string $name
119			* @param string\|null $guardName
120			*
121			* @return RoleInterface
122			* @throws RoleDoesNotExist
123			*/
124	47	View Code Duplication	public static function findByName(string $name, $guardName = null): RoleInterface
			0 ignored issues – show Duplication introduced 2018-02-05 15:26 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
125			{
126	47		$guardName = $guardName ?? \config('auth.defaults.guard');
127
128	47		$role = static::where('name', $name)
129	47		->where('guard_name', $guardName)
130	47		->first();
131
132	47		if (! $role) {
133	2		$helpers = new Helpers();
134	2		throw new RoleDoesNotExist($helpers->getRoleDoesNotExistMessage($name, $guardName));
135			}
136
137	45		return $role;
138			}
139
140			/**
141			* Determine if the user may perform the given permission.
142			*
143			* @param string\|Permission $permission
144			*
145			* @return bool
146			*
147			* @throws GuardDoesNotMatch
148			*/
149	12		public function hasPermissionTo($permission): bool
150			{
151	12		if (\is_string($permission)) {
152	9		$permission = \app(Permission::class)->findByName($permission, $this->getDefaultGuardName());
153			}
154
155	11	View Code Duplication	if (! $this->getGuardNames()->contains($permission->guard_name)) {
			0 ignored issues – show Duplication introduced 2017-09-06 20:24 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
156	1		$expected = $this->getGuardNames();
157	1		$given = $permission->guard_name;
158
159	1		throw new GuardDoesNotMatch($this->helpers->getGuardDoesNotMatchMessage($expected, $given));
160			}
161
162	10		return $this->permissions->contains('id', $permission->id);
163			}
164			}
165

mostafamaklad / laravel-permission-mongodb

Push — master ( d05514...4017c3 )

Role::findOrCreate() A

Complexity

Size

Duplication

Code Coverage

Importance

1 path for user data to reach this point

General Strategies to prevent injection

9 paths for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like