Passed
Push — devel-3.0 ( f64695...31000f )
by Rubén
06:13
created

AccountHelper::checkActionAccess()   A

Complexity

Conditions 3
Paths 3

Size

Total Lines 9
Code Lines 5

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 3
eloc 5
nc 3
nop 0
dl 0
loc 9
rs 10
c 0
b 0
f 0
1
<?php
2
/**
3
 * sysPass
4
 *
5
 * @author    nuxsmin
6
 * @link      https://syspass.org
7
 * @copyright 2012-2018, Rubén Domínguez nuxsmin@$syspass.org
8
 *
9
 * This file is part of sysPass.
10
 *
11
 * sysPass is free software: you can redistribute it and/or modify
12
 * it under the terms of the GNU General Public License as published by
13
 * the Free Software Foundation, either version 3 of the License, or
14
 * (at your option) any later version.
15
 *
16
 * sysPass is distributed in the hope that it will be useful,
17
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19
 * GNU General Public License for more details.
20
 *
21
 * You should have received a copy of the GNU General Public License
22
 *  along with sysPass.  If not, see <http://www.gnu.org/licenses/>.
23
 */
24
25
namespace SP\Modules\Web\Controllers\Helpers\Account;
26
27
use SP\Core\Acl\AccountPermissionException;
28
use SP\Core\Acl\Acl;
29
use SP\Core\Acl\ActionsInterface;
30
use SP\Core\Acl\UnauthorizedPageException;
31
use SP\Core\Exceptions\SPException;
32
use SP\DataModel\Dto\AccountAclDto;
33
use SP\DataModel\Dto\AccountDetailsResponse;
34
use SP\DataModel\ItemPreset\AccountPermission;
35
use SP\DataModel\ItemPreset\AccountPrivate;
36
use SP\Http\Uri;
37
use SP\Modules\Web\Controllers\Helpers\HelperBase;
38
use SP\Modules\Web\Controllers\Traits\ItemTrait;
39
use SP\Mvc\View\Components\SelectItemAdapter;
40
use SP\Repositories\NoSuchItemException;
41
use SP\Services\Account\AccountAcl;
42
use SP\Services\Account\AccountAclService;
43
use SP\Services\Account\AccountHistoryService;
44
use SP\Services\Account\AccountService;
45
use SP\Services\Category\CategoryService;
46
use SP\Services\Client\ClientService;
47
use SP\Services\Crypt\MasterPassService;
48
use SP\Services\ItemPreset\ItemPresetInterface;
49
use SP\Services\ItemPreset\ItemPresetService;
50
use SP\Services\PublicLink\PublicLinkService;
51
use SP\Services\Tag\TagService;
52
use SP\Services\User\UpdatedMasterPassException;
53
use SP\Services\User\UserService;
54
use SP\Services\UserGroup\UserGroupService;
55
56
/**
57
 * Class AccountHelper
58
 *
59
 * @package SP\Modules\Web\Controllers\Helpers
60
 */
61
final class AccountHelper extends HelperBase
62
{
63
    use ItemTrait;
0 ignored issues
show
introduced by
The trait SP\Modules\Web\Controllers\Traits\ItemTrait requires some properties which are not provided by SP\Modules\Web\Controlle...s\Account\AccountHelper: $data, $key
Loading history...
64
65
    /**
66
     * @var  Acl
67
     */
68
    private $acl;
69
    /**
70
     * @var AccountService
71
     */
72
    private $accountService;
73
    /**
74
     * @var AccountHistoryService
75
     */
76
    private $accountHistoryService;
77
    /**
78
     * @var PublicLinkService
79
     */
80
    private $publicLinkService;
81
    /**
82
     * @var ItemPresetService
83
     */
84
    private $itemPresetService;
85
    /**
86
     * @var string
87
     */
88
    private $actionId;
89
    /**
90
     * @var AccountAcl
91
     */
92
    private $accountAcl;
93
    /**
94
     * @var int con el Id de la cuenta
95
     */
96
    private $accountId;
97
    /**
98
     * @var bool
99
     */
100
    private $isView = false;
101
102
    /**
103
     * Sets account's view variables
104
     *
105
     * @param AccountDetailsResponse $accountDetailsResponse
106
     * @param int                    $actionId
107
     *
108
     * @throws AccountPermissionException
109
     * @throws SPException
110
     * @throws UnauthorizedPageException
111
     * @throws UpdatedMasterPassException
112
     * @throws \Psr\Container\ContainerExceptionInterface
113
     * @throws \Psr\Container\NotFoundExceptionInterface
114
     */
115
    public function setViewForAccount(AccountDetailsResponse $accountDetailsResponse, $actionId)
116
    {
117
        $this->accountId = $accountDetailsResponse->getAccountVData()->getId();
118
        $this->actionId = $actionId;
119
120
        $this->checkActionAccess();
121
        $this->accountAcl = $this->checkAccess($accountDetailsResponse);
122
123
        $accountData = $accountDetailsResponse->getAccountVData();
124
125
        $accountActionsDto = new AccountActionsDto($this->accountId, null, $accountData->getParentId());
126
127
        $selectUsers = SelectItemAdapter::factory(UserService::getItemsBasic());
128
        $selectUserGroups = SelectItemAdapter::factory(UserGroupService::getItemsBasic());
129
        $selectTags = SelectItemAdapter::factory(TagService::getItemsBasic());
130
131
        $usersView = SelectItemAdapter::getIdFromArrayOfObjects(
132
            array_filter($accountDetailsResponse->getUsers(), function ($value) {
133
                return (int)$value->isEdit === 0;
134
            }));
135
136
        $usersEdit = SelectItemAdapter::getIdFromArrayOfObjects(
137
            array_filter($accountDetailsResponse->getUsers(), function ($value) {
138
                return (int)$value->isEdit === 1;
139
            }));
140
141
        $userGroupsView = SelectItemAdapter::getIdFromArrayOfObjects(
142
            array_filter($accountDetailsResponse->getUserGroups(), function ($value) {
143
                return (int)$value->isEdit === 0;
144
            }));
145
146
        $userGroupsEdit = SelectItemAdapter::getIdFromArrayOfObjects(
147
            array_filter($accountDetailsResponse->getUserGroups(), function ($value) {
148
                return (int)$value->isEdit === 1;
149
            }));
150
151
        $this->view->assign('otherUsersView', $selectUsers->getItemsFromModelSelected($usersView, $accountData->getUserId()));
152
        $this->view->assign('otherUsersEdit', $selectUsers->getItemsFromModelSelected($usersEdit, $accountData->getUserId()));
153
        $this->view->assign('otherUserGroupsView', $selectUserGroups->getItemsFromModelSelected($userGroupsView, $accountData->getUserGroupId()));
154
        $this->view->assign('otherUserGroupsEdit', $selectUserGroups->getItemsFromModelSelected($userGroupsEdit, $accountData->getUserGroupId()));
155
156
        $this->view->assign('users', $selectUsers->getItemsFromModelSelected([$accountData->getUserId()]));
157
        $this->view->assign('userGroups', $selectUserGroups->getItemsFromModelSelected([$accountData->getUserGroupId()]));
158
159
        $this->view->assign('tags', $selectTags->getItemsFromModelSelected(SelectItemAdapter::getIdFromArrayOfObjects($accountDetailsResponse->getTags())));
160
161
        $this->view->assign('historyData', $this->accountHistoryService->getHistoryForAccount($this->accountId));
162
163
        $this->view->assign('isModified', strtotime($accountData->getDateEdit()) !== false);
164
        $this->view->assign('maxFileSize', round($this->configData->getFilesAllowedSize() / 1024, 1));
165
        $this->view->assign('filesAllowedExts', implode(',', $this->configData->getFilesAllowedExts()));
166
167
        if ($this->configData->isPublinksEnabled() && $this->accountAcl->isShowLink()) {
168
            try {
169
                $publicLinkData = $this->publicLinkService->getHashForItem($this->accountId);
170
                $accountActionsDto->setPublicLinkId($publicLinkData->getId());
0 ignored issues
show
Bug introduced by
$publicLinkData->getId() of type integer is incompatible with the type boolean expected by parameter $publicLinkId of SP\Modules\Web\Controlle...sDto::setPublicLinkId(). ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

170
                $accountActionsDto->setPublicLinkId(/** @scrutinizer ignore-type */ $publicLinkData->getId());
Loading history...
171
172
                $this->view->assign('publicLinkUrl', PublicLinkService::getLinkForHash($publicLinkData->getHash()));
173
                $this->view->assign('publicLinkId', $publicLinkData->getId());
174
            } catch (NoSuchItemException $e) {
175
                $this->view->assign('publicLinkId', 0);
176
                $this->view->assign('publicLinkUrl', null);
177
            }
178
179
            $this->view->assign('publicLinkShow', true);
180
        } else {
181
            $this->view->assign('publicLinkShow', false);
182
        }
183
184
        $userData = $this->context->getUserData();
185
        $userProfileData = $this->context->getUserProfile();
186
187
        $this->view->assign('allowPrivate', ($userProfileData->isAccPrivate() && $accountData->getUserId() === $userData->getId()) || $userData->getIsAdminApp());
188
        $this->view->assign('allowPrivateGroup', ($userProfileData->isAccPrivateGroup() && $accountData->getUserGroupId() === $userData->getUserGroupId()) || $userData->getIsAdminApp());
189
190
        $this->view->assign('accountPassDate', date('Y-m-d H:i:s', $accountData->getPassDate()));
191
        $this->view->assign('accountPassDateChange', $accountData->getPassDateChange() > 0 && date('Y-m-d', $accountData->getPassDateChange() ?: 0));
192
        $this->view->assign('linkedAccounts', $this->accountService->getLinked($this->accountId));
193
194
        $this->view->assign('accountId', $accountData->getId());
195
        $this->view->assign('accountData', $accountData);
196
        $this->view->assign('gotData', true);
197
198
        $accountActionsHelper = $this->dic->get(AccountActionsHelper::class);
199
200
        $this->view->assign('accountActions', $accountActionsHelper->getActionsForAccount($this->accountAcl, $accountActionsDto));
201
        $this->view->assign('accountActionsMenu', $accountActionsHelper->getActionsGrouppedForAccount($this->accountAcl, $accountActionsDto));
202
203
        $this->setViewCommon();
204
    }
205
206
    /**
207
     * @throws NoSuchItemException
208
     * @throws UnauthorizedPageException
209
     * @throws UpdatedMasterPassException
210
     * @throws \DI\DependencyException
211
     * @throws \DI\NotFoundException
212
     * @throws \SP\Services\ServiceException
213
     */
214
    public function checkActionAccess()
215
    {
216
        if (!$this->acl->checkUserAccess($this->actionId)) {
0 ignored issues
show
Bug introduced by
$this->actionId of type string is incompatible with the type integer expected by parameter $action of SP\Core\Acl\Acl::checkUserAccess(). ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

216
        if (!$this->acl->checkUserAccess(/** @scrutinizer ignore-type */ $this->actionId)) {
Loading history...
217
            throw new UnauthorizedPageException(UnauthorizedPageException::INFO);
218
        }
219
220
        if (!$this->dic->get(MasterPassService::class)
221
            ->checkUserUpdateMPass($this->context->getUserData()->getLastUpdateMPass())) {
222
            throw new UpdatedMasterPassException(UpdatedMasterPassException::INFO);
223
        }
224
    }
225
226
    /**
227
     * Comprobar si el usuario dispone de acceso al módulo
228
     *
229
     * @param AccountDetailsResponse $accountDetailsResponse
230
     *
231
     * @return AccountAcl
232
     * @throws AccountPermissionException
233
     * @throws \DI\DependencyException
234
     * @throws \DI\NotFoundException
235
     * @throws \SP\Core\Exceptions\ConstraintException
236
     * @throws \SP\Core\Exceptions\QueryException
237
     */
238
    protected function checkAccess(AccountDetailsResponse $accountDetailsResponse)
239
    {
240
        $accountAcl = $this->dic->get(AccountAclService::class)->getAcl($this->actionId, AccountAclDto::makeFromAccount($accountDetailsResponse));
241
242
        if ($accountAcl === null || $accountAcl->checkAccountAccess($this->actionId) === false) {
243
            throw new AccountPermissionException(AccountPermissionException::INFO);
244
        }
245
246
        return $accountAcl;
247
    }
248
249
    /**
250
     * Sets account's view common data
251
     *
252
     * @throws \DI\DependencyException
253
     * @throws \DI\NotFoundException
254
     * @throws \SP\Core\Exceptions\ConstraintException
255
     * @throws \SP\Core\Exceptions\QueryException
256
     * @throws \SP\Services\ServiceException
257
     */
258
    protected function setViewCommon()
259
    {
260
        $this->view->assign('actionId', $this->actionId);
261
        $this->view->assign('isView', $this->isView);
262
263
        $this->view->assign('accountIsHistory', false);
264
265
        $this->view->assign('customFields', $this->getCustomFieldsForItem(ActionsInterface::ACCOUNT, $this->accountId));
266
        $this->view->assign('categories', SelectItemAdapter::factory($this->dic->get(CategoryService::class)->getAllBasic())->getItemsFromModel());
267
        $this->view->assign('clients', SelectItemAdapter::factory($this->dic->get(ClientService::class)->getAllForUser())->getItemsFromModel());
268
269
        $this->view->assign('mailRequestEnabled', $this->configData->isMailRequestsEnabled());
270
        $this->view->assign('passToImageEnabled', $this->configData->isAccountPassToImage());
271
272
        $this->view->assign('otherAccounts', $this->accountService->getForUser($this->accountId));
273
274
        $this->view->assign('addClientEnabled', !$this->isView && $this->acl->checkUserAccess(ActionsInterface::CLIENT));
275
        $this->view->assign('addClientRoute', Acl::getActionRoute(ActionsInterface::CLIENT_CREATE));
276
277
        $this->view->assign('addCategoryEnabled', !$this->isView && $this->acl->checkUserAccess(ActionsInterface::CATEGORY));
278
        $this->view->assign('addCategoryRoute', Acl::getActionRoute(ActionsInterface::CATEGORY_CREATE));
279
280
        $this->view->assign('addTagEnabled', !$this->isView && $this->acl->checkUserAccess(ActionsInterface::TAG));
281
        $this->view->assign('addTagRoute', Acl::getActionRoute(ActionsInterface::TAG_CREATE));
282
283
        $this->view->assign('fileListRoute', Acl::getActionRoute(ActionsInterface::ACCOUNT_FILE_LIST));
284
        $this->view->assign('fileUploadRoute', Acl::getActionRoute(ActionsInterface::ACCOUNT_FILE_UPLOAD));
285
286
        $this->view->assign('disabled', $this->isView ? 'disabled' : '');
287
        $this->view->assign('readonly', $this->isView ? 'readonly' : '');
288
289
        $this->view->assign('showViewCustomPass', $this->accountAcl->isShowViewPass());
290
        $this->view->assign('accountAcl', $this->accountAcl);
291
292
        $this->view->assign('deepLink', $this->getDeepLink());
293
    }
294
295
    /**
296
     * @return string
297
     */
298
    private function getDeepLink()
299
    {
300
        $route = Acl::getActionRoute($this->actionId) . ($this->accountId ? '/' . $this->accountId : '');
301
302
        $uri = new Uri('index.php');
303
        $uri->addParam('r', $route);
304
305
        return $uri->getUriSigned($this->configData->getPasswordSalt());
306
    }
307
308
    /**
309
     * Sets account's view for a blank form
310
     *
311
     * @param $actionId
312
     *
313
     * @return void
314
     * @throws NoSuchItemException
315
     * @throws UnauthorizedPageException
316
     * @throws UpdatedMasterPassException
317
     * @throws \SP\Core\Exceptions\ConstraintException
318
     * @throws \SP\Core\Exceptions\QueryException
319
     * @throws \SP\Services\ServiceException
320
     * @throws \SP\Core\Exceptions\NoSuchPropertyException
321
     */
322
    public function setViewForBlank($actionId)
323
    {
324
        $this->actionId = $actionId;
325
        $this->accountAcl = new AccountAcl($actionId);
326
327
        $this->checkActionAccess();
328
329
        $userProfileData = $this->context->getUserProfile();
330
        $userData = $this->context->getUserData();
331
332
        $this->accountAcl->setShowPermission($userData->getIsAdminApp() || $userData->getIsAdminAcc() || $userProfileData->isAccPermission());
333
334
        $accountPrivate = new AccountPrivate();
335
336
        if ($itemPresetPrivate = $this->itemPresetService->getForCurrentUser(ItemPresetInterface::ITEM_TYPE_ACCOUNT_PRIVATE)) {
337
            $accountPrivate = $itemPresetPrivate->hydrate(AccountPrivate::class) ?: $accountPrivate;
338
        }
339
340
        $accountPermission = new AccountPermission();
341
342
        if ($itemPresetPermission = $this->itemPresetService->getForCurrentUser(ItemPresetInterface::ITEM_TYPE_ACCOUNT_PERMISSION)) {
343
            $accountPermission = $itemPresetPermission->hydrate(AccountPermission::class) ?: $accountPermission;
344
        }
345
346
        $selectUsers = SelectItemAdapter::factory(UserService::getItemsBasic());
347
        $selectUserGroups = SelectItemAdapter::factory(UserGroupService::getItemsBasic());
348
        $selectTags = SelectItemAdapter::factory(TagService::getItemsBasic());
349
350
        $this->view->assign('accountPassDateChange', date('Y-m-d', time() + 7776000));
351
        $this->view->assign('otherUsersView', $selectUsers->getItemsFromModelSelected($accountPermission->getUsersView()));
352
        $this->view->assign('otherUsersEdit', $selectUsers->getItemsFromModelSelected($accountPermission->getUsersEdit()));
353
        $this->view->assign('otherUserGroupsView', $selectUserGroups->getItemsFromModelSelected($accountPermission->getUserGroupsView()));
354
        $this->view->assign('otherUserGroupsEdit', $selectUserGroups->getItemsFromModelSelected($accountPermission->getUserGroupsEdit()));
355
356
        $this->view->assign('userGroups', $selectUserGroups->getItemsFromModel());
357
        $this->view->assign('tags', $selectTags->getItemsFromModel());
358
359
        $this->view->assign('allowPrivate', $userProfileData->isAccPrivate() || $userData->getIsAdminApp());
360
        $this->view->assign('allowPrivateGroup', $userProfileData->isAccPrivateGroup() || $userData->getIsAdminApp());
361
        $this->view->assign('accountPrivate', $accountPrivate);
362
363
        $this->view->assign('accountId', 0);
364
        $this->view->assign('gotData', false);
365
366
        $this->view->assign('accountActions', $this->dic->get(AccountActionsHelper::class)->getActionsForAccount($this->accountAcl, new AccountActionsDto($this->accountId)));
367
368
        $this->setViewCommon();
369
    }
370
371
    /**
372
     * Sets account's view variables
373
     *
374
     * @param AccountDetailsResponse $accountDetailsResponse
375
     * @param int                    $actionId
376
     *
377
     * @return bool
378
     * @throws NoSuchItemException
379
     * @throws UnauthorizedPageException
380
     * @throws UpdatedMasterPassException
381
     * @throws \SP\Services\ServiceException
382
     */
383
    public function setViewForRequest(AccountDetailsResponse $accountDetailsResponse, $actionId)
384
    {
385
        $this->accountId = $accountDetailsResponse->getAccountVData()->getId();
386
        $this->actionId = $actionId;
387
        $this->accountAcl = new AccountAcl($actionId);
388
389
        $this->checkActionAccess();
390
391
        $accountData = $accountDetailsResponse->getAccountVData();
392
393
        $this->view->assign('accountId', $accountData->getId());
394
        $this->view->assign('accountData', $accountDetailsResponse->getAccountVData());
395
396
        $this->view->assign('accountActions', $this->dic->get(AccountActionsHelper::class)->getActionsForAccount($this->accountAcl, new AccountActionsDto($this->accountId, null, $accountData->getParentId())));
397
398
        return true;
399
    }
400
401
    /**
402
     * @param bool $isView
403
     */
404
    public function setIsView($isView)
405
    {
406
        $this->isView = (bool)$isView;
407
    }
408
409
    /**
410
     * @throws \Psr\Container\ContainerExceptionInterface
411
     * @throws \Psr\Container\NotFoundExceptionInterface
412
     */
413
    protected function initialize()
414
    {
415
        $this->acl = $this->dic->get(Acl::class);
416
        $this->accountService = $this->dic->get(AccountService::class);
417
        $this->accountHistoryService = $this->dic->get(AccountHistoryService::class);
418
        $this->publicLinkService = $this->dic->get(PublicLinkService::class);
419
        $this->itemPresetService = $this->dic->get(ItemPresetService::class);
420
421
        $this->view->assign('changesHash');
422
        $this->view->assign('chkUserEdit');
423
        $this->view->assign('chkGroupEdit');
424
        $this->view->assign('sk', $this->context->generateSecurityKey());
425
    }
426
}