Operation::validateOperation() - Code Metrics - Inspection of "Merge pull request #24 from nextcloud/validate-ope..." - nextcloud/files_accesscontrol - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 420840...93ac28 )

by Morris

created 2016-08-21 20:53 UTC

Operation::validateOperation() A

↳ Parent: Operation

Complexity

Conditions	2
Paths	2

Size

Total Lines	5
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	6

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	5
ccs	0
cts	0
cp	0
rs	9.4285
cc	2
eloc	3
nc	2
nop	3
crap	6

<?php
/**
 * @copyright Copyright (c) 2016 Morris Jobke <[email protected]>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

namespace OCA\FilesAccessControl;


use OCP\Files\ForbiddenException;
use OCP\IL10N;
use OCP\WorkflowEngine\IManager;
use OCP\WorkflowEngine\IOperation;

class Operation implements IOperation{
	/** @var IManager */
	protected $manager;

	/** @var IL10N */
	protected $l;

	/**
	 * @param IManager $manager
	 * @param IL10N $l
	 */
	public function __construct(IManager $manager, IL10N $l) {
		$this->manager = $manager;
		$this->l = $l;
	}

	/**
	 * @param StorageWrapper $storage
	 * @param string $path
	 * @throws ForbiddenException
	 */
	public function checkFileAccess(StorageWrapper $storage, $path) {
		if (!$this->isUserFileOrThumbnail($storage, $path) || $this->isCreatingSkeletonFiles()) {
			// Allow creating skeletons and theming
			// https://github.com/nextcloud/files_accesscontrol/issues/5
			// https://github.com/nextcloud/files_accesscontrol/issues/12
			return;
		}

		$this->manager->setFileInfo($storage, $path);
		$match = $this->manager->getMatchingOperations('OCA\FilesAccessControl\Operation');

		if (!empty($match)) {
			// All Checks of one operation matched: prevent access
			throw new ForbiddenException('Access denied', true);
		}
	}

	/**
	 * @param StorageWrapper $storage
	 * @param string $path
	 * @return bool
	 */
	protected function isUserFileOrThumbnail(StorageWrapper $storage, $path) {
		$fullPath = $storage->mountPoint . $path;

		if (substr_count($fullPath, '/') < 3) {
			return false;
		}

		// '', admin, 'files', 'path/to/file.txt'
		$segment = explode('/', $fullPath, 4);

		return isset($segment[2]) && in_array($segment[2], ['files', 'thumbnails']);
	}

	/**
	 * Check if we are in the LoginController and if so, ignore the firewall
	 * @return bool
	 */
	protected function isCreatingSkeletonFiles() {
		$exception = new \Exception();
		$trace = $exception->getTrace();

		foreach ($trace as $step) {
			if (isset($step['class']) && $step['class'] === 'OC\Core\Controller\LoginController' &&
				isset($step['function']) && $step['function'] === 'tryLogin') {
				return true;
			}
		}

		return false;
	}

	/**
	 * @param string $name
	 * @param array[] $checks
	 * @param string $operation
	 * @throws \UnexpectedValueException
	 */
	public function validateOperation($name, array $checks, $operation) {
		if (empty($checks)) {
			throw new \UnexpectedValueException($this->l->t('No rule given'));
		}
	}
}


1			<?php
2			/**
3			* @copyright Copyright (c) 2016 Morris Jobke <[email protected]>
4			*
5			* @license GNU AGPL version 3 or any later version
6			*
7			* This program is free software: you can redistribute it and/or modify
8			* it under the terms of the GNU Affero General Public License as
9			* published by the Free Software Foundation, either version 3 of the
10			* License, or (at your option) any later version.
11			*
12			* This program is distributed in the hope that it will be useful,
13			* but WITHOUT ANY WARRANTY; without even the implied warranty of
14			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			* GNU Affero General Public License for more details.
16			*
17			* You should have received a copy of the GNU Affero General Public License
18			* along with this program. If not, see <http://www.gnu.org/licenses/>.
19			*
20			*/
21
22			namespace OCA\FilesAccessControl;
23
24
25			use OCP\Files\ForbiddenException;
26			use OCP\IL10N;
27			use OCP\WorkflowEngine\IManager;
28			use OCP\WorkflowEngine\IOperation;
29
30			class Operation implements IOperation{
31			/** @var IManager */
32			protected $manager;
33
34			/** @var IL10N */
35			protected $l;
36
37			/**
38			* @param IManager $manager
39			* @param IL10N $l
40			*/
41			public function __construct(IManager $manager, IL10N $l) {
42			$this->manager = $manager;
43			$this->l = $l;
44			}
45
46			/**
47			* @param StorageWrapper $storage
48			* @param string $path
49			* @throws ForbiddenException
50			*/
51			public function checkFileAccess(StorageWrapper $storage, $path) {
52			if (!$this->isUserFileOrThumbnail($storage, $path) \|\| $this->isCreatingSkeletonFiles()) {
53			// Allow creating skeletons and theming
54			// https://github.com/nextcloud/files_accesscontrol/issues/5
55			// https://github.com/nextcloud/files_accesscontrol/issues/12
56			return;
57			}
58
59			$this->manager->setFileInfo($storage, $path);
60			$match = $this->manager->getMatchingOperations('OCA\FilesAccessControl\Operation');
61
62			if (!empty($match)) {
63			// All Checks of one operation matched: prevent access
64			throw new ForbiddenException('Access denied', true);
65			}
66			}
67
68			/**
69			* @param StorageWrapper $storage
70			* @param string $path
71			* @return bool
72			*/
73			protected function isUserFileOrThumbnail(StorageWrapper $storage, $path) {
74			$fullPath = $storage->mountPoint . $path;
75
76			if (substr_count($fullPath, '/') < 3) {
77			return false;
78			}
79
80			// '', admin, 'files', 'path/to/file.txt'
81			$segment = explode('/', $fullPath, 4);
82
83			return isset($segment[2]) && in_array($segment[2], ['files', 'thumbnails']);
84			}
85
86			/**
87			* Check if we are in the LoginController and if so, ignore the firewall
88			* @return bool
89			*/
90			protected function isCreatingSkeletonFiles() {
91			$exception = new \Exception();
92			$trace = $exception->getTrace();
93
94			foreach ($trace as $step) {
95			if (isset($step['class']) && $step['class'] === 'OC\Core\Controller\LoginController' &&
96			isset($step['function']) && $step['function'] === 'tryLogin') {
97			return true;
98			}
99			}
100
101			return false;
102			}
103
104			/**
105			* @param string $name
106			* @param array[] $checks
107			* @param string $operation
108			* @throws \UnexpectedValueException
109			*/
110			public function validateOperation($name, array $checks, $operation) {
111			if (empty($checks)) {
112			throw new \UnexpectedValueException($this->l->t('No rule given'));
113			}
114			}
115			}
116

nextcloud / files_accesscontrol

Push — master ( 420840...93ac28 )

Operation::validateOperation() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like