View GitHub Repository ebloodbank

Schedule Inspection
Subscribe

Issues (294)

src/EBloodBank/Controllers/DeleteUser.php (5 issues)

← previous file next file →
Code
1 
<?php
2 
/**
3 
 * Delete user page controller class file
4 
 *
5 
 * @package    EBloodBank
6 
 * @subpackage Controllers
7 
 * @since      1.0
8 
 */
9 
namespace EBloodBank\Controllers;
10 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                
use EBloodBank as EBB;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    12
                

                                    
                                                    
                
                
                
use Psr\Container\ContainerInterface;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    14
                

                                    
                                                    
                
                
                
/**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    15
                

                                    
                                                    
                
                
                
 * Delete user page controller class

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                
 *

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    17
                

                                    
                                                    
                
                
                
 * @since 1.0

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    18
                

                                    
                                                    
                
                
                
 */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    19
                

                                    
                                                    
                
                
                
class DeleteUser extends Controller

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    20
                

                                    
                                                    
                
                
                
{

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    22
                

                                    
                                                    
                
                
                
     * @var   int

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    23
                

                                    
                                                    
                
                
                
     * @since 1.6

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    24
                

                                    
                                                    
                
                
                
     */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    25
                

                                    
                                                    
                
                
                
    protected $userId = 0;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    26
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    28
                

                                    
                                                    
                
                
                
     * @var \EBloodBank\Models\User|null

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    29
                

                                    
                                                    
                
                
                
     * @since 1.0

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    30
                

                                    
                                                    
                
                
                
     */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    31
                

                                    
                                                    
                
                
                
    protected $user;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    33
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    34
                

                                    
                                                    
                
                
                
     * @since 1.0

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    35
                

                                    
                                                    
                
                
                
     */

            


            
                                                                        
                            
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                
    public function __construct(ContainerInterface $container, $userId)

            


            
                                                                        
                            
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                
    {

            


            
                                                                        
                            
            
                                    
            
            

                
                    38
                

                                    
                                                    
                
                
                
        parent::__construct($container);

            


            
                                                                        
                            
            
                                    
            
            

                
                    39
                

                                    
                                                    
                
                
                
        if (EBB\isValidID($userId)) {

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
The function isValidID was not found. Maybe you did not declare it correctly or list all dependencies?
                                                                                                                                       (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-call   annotation

                                    

                                        

                                            39
                                            
                                                
        if (/** @scrutinizer ignore-call */ EBB\isValidID($userId)) {

                                        

                                                                            

                                

                                                                        

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                                        
                            
            
                                    
            
            

                
                    40
                

                                    
                                                    
                
                
                
            $this->userId = $userId;

            


            
                                                                        
                            
            
                                    
            
            

                
                    41
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    42
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    43
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    44
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    45
                

                                    
                                                    
                
                
                
     * @return void

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    46
                

                                    
                                                    
                
                
                
     * @since 1.0

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    47
                

                                    
                                                    
                
                
                
     */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    48
                

                                    
                                                    
                
                
                
    public function __invoke()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    49
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    50
                

                                    
                                                    
                
                
                
        if (! $this->hasAuthenticatedUser() || ! $this->getAcl()->isUserAllowed($this->getAuthenticatedUser(), 'User', 'delete')) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    51
                

                                    
                                                    
                
                
                
            $this->viewFactory->displayView('error-403');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    52
                

                                    
                                                    
                
                
                
            return;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    53
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    54
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    55
                

                                    
                                                    
                
                
                
        if ($this->userId) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    56
                

                                    
                                                    
                
                
                
            $this->user = $this->getUserRepository()->find($this->userId);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    57
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    58
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    59
                

                                    
                                                    
                
                
                
        if (! $this->user) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    60
                

                                    
                                                    
                
                
                
            $this->viewFactory->displayView('error-404');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    61
                

                                    
                                                    
                
                
                
            return;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    62
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    63
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    64
                

                                    
                                                    
                
                
                
        $user = $this->user;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    65
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    66
                

                                    
                                                    
                
                
                
        if (! $this->getAcl()->canDeleteEntity($this->getAuthenticatedUser(), $user)) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    67
                

                                    
                                                    
                
                
                
            $this->viewFactory->displayView('error-403');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    68
                

                                    
                                                    
                
                
                
            return;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    69
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    70
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    71
                

                                    
                                                    
                
                
                
        $this->doActions();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    72
                

                                    
                                                    
                
                
                
        $this->viewFactory->displayView(

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    73
                

                                    
                                                    
                
                
                
            'delete-user',

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    74
                

                                    
                                                    
                
                
                
            [

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    75
                

                                    
                                                    
                
                
                
                'user' => $user,

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    76
                

                                    
                                                    
                
                
                
            ]

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    77
                

                                    
                                                    
                
                
                
        );

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    78
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    79
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    80
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    81
                

                                    
                                                    
                
                
                
     * @return void

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    82
                

                                    
                                                    
                
                
                
     * @since 1.0

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    83
                

                                    
                                                    
                
                
                
     */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    84
                

                                    
                                                    
                
                
                
    protected function doActions()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    85
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    86
                

                                    
                                                    
                
                
                
        switch (filter_input(INPUT_POST, 'action')) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    87
                

                                    
                                                    
                
                
                
            case 'delete_user':

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    88
                

                                    
                                                    
                
                
                
                $this->doDeleteAction();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    89
                

                                    
                                                    
                
                
                
                break;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    90
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    91
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    92
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    93
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    94
                

                                    
                                                    
                
                
                
     * @return void

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    95
                

                                    
                                                    
                
                
                
     * @since 1.0

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    96
                

                                    
                                                    
                
                
                
     */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    97
                

                                    
                                                    
                
                
                
    protected function doDeleteAction()

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    98
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    99
                

                                    
                                                    
                
                
                
        $actionToken = filter_input(INPUT_POST, 'token');

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    100
                

                                    
                                                    
                
                
                
        $sessionToken = $this->getSession()->getCsrfToken();

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    101
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    102
                

                                    
                                                    
                
                
                
        if (! $actionToken || ! $sessionToken->isValid($actionToken)) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    103
                

                                    
                                                    
                
                
                
            return;

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    104
                

                                    
                                                    
                
                
                
        }

            


            
                                                        
            
                                    
            
            

                
                    105
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    106
                

                                    
                                                    
                
                
                
        $user = $this->user;

            


            
                                                        
            
                                    
            
            

                
                    107
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    108
                

                                    
                                                    
                
                
                
        if (! $this->hasAuthenticatedUser() || ! $this->getAcl()->canDeleteEntity($this->getAuthenticatedUser(), $user)) {

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
It seems like $user can also be of type null; however, parameter $resource of EBloodBank\AclInterface::canDeleteEntity() does only seem to accept EBloodBank\Models\Entity, maybe add an additional type check?
                                                                                                                                                                                           (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-type   annotation

                                    

                                        

                                            108
                                            
                                                
        if (! $this->hasAuthenticatedUser() || ! $this->getAcl()->canDeleteEntity($this->getAuthenticatedUser(), /** @scrutinizer ignore-type */ $user)) {

                                        

                                                                            

                                

                                                                                                                                                                                                                                                                                        

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                        
            
                                    
            
            

                
                    109
                

                                    
                                                    
                
                
                
            return;

            


            
                                                        
            
                                    
            
            

                
                    110
                

                                    
                                                    
                
                
                
        }

            


            
                                                        
            
                                    
            
            

                
                    111
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    112
                

                                    
                                                    
                
                
                
        $this->getEntityManager()->remove($user);

            


            
                                                        
            
                                    
            
            

                
                    113
                

                                    
                                                    
                
                
                
        $this->getEntityManager()->flush();

            


            
                                                        
            
                                    
            
            

                
                    114
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    115
                

                                    
                                                    
                
                
                
        EBB\redirect(

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
The function redirect was not found. Maybe you did not declare it correctly or list all dependencies?
                                                                                                                                       (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-call   annotation

                                    

                                        

                                            115
                                            
                                                
        /** @scrutinizer ignore-call */ 

                                        

                                                                                

                                            116
                                            
                                                
        EBB\redirect(

                                        

                                                                            

                                

                                                                        

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                        
            
                                    
            
            

                
                    116
                

                                    
                                                    
                
                
                
            EBB\addQueryArgs(

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
The function addQueryArgs was not found. Maybe you did not declare it correctly or list all dependencies?
                                                                                                                                       (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-call   annotation

                                    

                                        

                                            116
                                            
                                                
            /** @scrutinizer ignore-call */ 

                                        

                                                                                

                                            117
                                            
                                                
            EBB\addQueryArgs(

                                        

                                                                            

                                

                                                                        

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                        
            
                                    
            
            

                
                    117
                

                                    
                                                    
                
                
                
                EBB\getEditUsersURL(),

            


                            

                    
                        
                    
                    
                    
                    
                                                                                                    
                        

                            
                            
0 ignored issues
show
                        


                        

                                                                                        




    

        
            Bug
    
    
    
        introduced 
                            by 
            

        

        

            
        

        

            

                

                    
                
                
            


        

    

    

        
                        

                            
                        

                                        
The function getEditUsersURL was not found. Maybe you did not declare it correctly or list all dependencies?
                                                                                                                                       (
                                     Ignorable by Annotation
                                )
                                

                                    
 If this is a false-positive, you can also ignore this issue in your code via the ignore-call   annotation

                                    

                                        

                                            117
                                            
                                                
                /** @scrutinizer ignore-call */ 

                                        

                                                                                

                                            118
                                            
                                                
                EBB\getEditUsersURL(),

                                        

                                                                            

                                

                                                                        

                    
                                                    

                     Loading history...
                

                    


    




                                                                                    


                    		
                

            
                                                        
            
                                    
            
            

                
                    118
                

                                    
                                                    
                
                
                
                ['flag-deleted' => 1]

            


            
                                                        
            
                                    
            
            

                
                    119
                

                                    
                                                    
                
                
                
            )

            


            
                                                        
            
                                    
            
            

                
                    120
                

                                    
                                                    
                
                
                
        );

            


            
                                                        
            
                                    
            
            

                
                    121
                

                                    
                                                    
                
                
                
    }

            


            
                                                        
            
                                    
            
            

                
                    122
                

                                    
                                                    
                
                
                
}

            


            
                                                        
            
                                    
            
            

                
                    123