AppController::_checkAccess() - Code Metrics - Inspection of "Add tests for shells" - phpmyadmin/error-reporting-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#168)

by Deven

created 2017-07-02 04:15 UTC

AppController::_checkAccess() B

↳ Parent: Project

Complexity

Conditions	4
Paths	3

Size

Total Lines	23
Code Lines	14

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	20

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	23
ccs	0
cts	14
cp	0
rs	8.7972
cc	4
eloc	14
nc	3
nop	0
crap	20

<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */

/**
 * Application level Controller.
 *
 * This file is application-wide controller file. You can put all
 * application-wide controller-related methods here.
 *
 * phpMyAdmin Error reporting server
 * Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
 *
 * Licensed under The MIT License
 * For full copyright and license information, please see the LICENSE.txt
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
 * @license   https://opensource.org/licenses/mit-license.php MIT License
 *
 * @see      https://www.phpmyadmin.net/
 */

namespace App\Controller;

use Cake\Controller\Controller;
use Cake\Event\Event;
use Cake\ORM\TableRegistry;
use Cake\Routing\Router;

/**
 * Application Controller.
 *
 * Add your application-wide methods in the class below, your controllers
 * will inherit them.
 *
 * @see    http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
 */
class AppController extends Controller
{
    public $uses = array('Developer', 'Notification');

    public $whitelist = array(
        'Developers',
        'Pages',
        'Incidents' => array(
            'create',
        ),
        'Events'
    );

    public $readonly_whitelist = array(
        'Developers',
        'Pages',
        'Reports' => array(
            'index',
            'view',
            'data_tables'
        ),
        'Incidents' => array(
            'view'
        )
    );

    public $css_files = array(
        'jquery.dataTables',
        'jquery.dataTables_themeroller',
        'bootstrap.min',
        'bootstrap-responsive.min',
        'shCore',
        'shThemeDefault',
        'custom'
    );

    public $js_files = array(
        'jquery',
        'jquery.dataTables.min',
        'bootstrap',
        'shCore',
        'shBrushXml',
        'shBrushJScript',
        'shBrushPhp',
        'raphael-min',
        'g.raphael-min',
        'g.pie-min',
        'g.line-min',
        'g.bar-min',
        'g.dot-min',
        'jquery.jqplot.min',
        'jqplot.barRenderer.min',
        'jqplot.highlighter.min',
        'jqplot.dateAxisRenderer.min',
        'jqplot.categoryAxisRenderer.min',
        'jqplot.pointLabels.min',
        'jqplot.canvasTextRenderer.min',
        'jqplot.canvasAxisTickRenderer.min',
        'jqplot.cursor.min',
        'pie',
        'custom'
    );

    /**
     * Initialization hook method.
     *
     * Use this method to add common initialization code like loading components.
     */
    public function initialize()
    {
        parent::initialize();
        $this->loadComponent('Flash');
        /*  $this->loadComponent(
                'Auth', [
                    'loginAction' => [
                        'controller' => 'Developer',
                        'action' => 'login'
                    ],
                    'authError' => 'Did you really think you are allowed to see that?',
                    'authenticate' => [
                        'Form' => [
                            'fields' => ['username' => 'email']
                        ]
                    ]
                ]
            );
        */
    }

    public function beforeFilter(Event $event)
    {
        $controller = $this->request->controller;

        $this->set('current_controller', $controller);
        $notif_count = 0;

        if ($this->request->session()->read('Developer.id')) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $this->_checkReadonlyAccess();

            $current_developer = TableRegistry::get('Developers')->
                    findById($this->request->session()->read('Developer.id'))->all()->first();

            $notif_count = TableRegistry::get('Notifications')->find(
                'all',
                array(
                    'conditions' => array('developer_id' => intval($current_developer['id'])),
                )
            )->count();
            $this->set('current_developer', $current_developer);
            $this->set('developer_signed_in', true);

            $read_only = false;
            if ($this->request->session()->read('read_only')) {
                $read_only = true;
            }
            $this->set('read_only', $read_only);
        } else {
            $this->set('developer_signed_in', false);
            $this->set('read_only', true);
            $this->_checkAccess();
        }
        $this->set('notif_count', $notif_count);
        $this->set('js_files', $this->js_files);
        $this->set('css_files', $this->css_files);
        $this->set('baseURL', Router::url('/', true));
    }

    protected function _checkAccess()
    {
        $controller = $this->request->controller;

        $action = $this->request->action;


        if (in_array($controller, $this->whitelist)) {
            return;
        }
        if (isset($this->whitelist[$controller])
            && in_array($action, $this->whitelist[$controller])
        ) {
            return;
        }
        $flash_class = 'alert';
        $this->Flash->default('You need to be signed in to do this',
            array('params' => array('class' => $flash_class)));

        // save the return url
        $ret_url = Router::url($this->here, true);
        $this->request->session()->write('last_page', $ret_url);

        return $this->redirect('/');
    }

    protected function _checkReadonlyAccess()
    {
        $controller = $this->request->controller;

        $action = $this->request->action;

        $read_only = $this->request->session()->read('read_only');

        // If developer has commit access on phpmyadmin/phpmyadmin
        if (!$read_only) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            return;
        }

        if (in_array($controller, $this->readonly_whitelist)) {
            return;
        }
        if (isset($this->readonly_whitelist[$controller])
            && in_array($action, $this->readonly_whitelist[$controller])
        ) {
            return;
        }

        $this->request->session()->destroy();
        $this->request->session()->write('last_page', '');

        $flash_class = 'alert';
        $this->Flash->default(
            'You need to have commit access on phpmyadmin/phpmyadmin '
            . 'repository on Github.com to do this',
            array(
                'params' => array(
                    'class' => $flash_class
                )
            )
        );

        $this->redirect('/');
    }
}


1		<?php
2		/* vim: set expandtab sw=4 ts=4 sts=4: */
3
4		/**
5		* Application level Controller.
6		*
7		* This file is application-wide controller file. You can put all
8		* application-wide controller-related methods here.
9		*
10		* phpMyAdmin Error reporting server
11		* Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
12		*
13		* Licensed under The MIT License
14		* For full copyright and license information, please see the LICENSE.txt
15		* Redistributions of files must retain the above copyright notice.
16		*
17		* @copyright Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
18		* @license https://opensource.org/licenses/mit-license.php MIT License
19		*
20		* @see https://www.phpmyadmin.net/
21		*/
22
23		namespace App\Controller;
24
25		use Cake\Controller\Controller;
26		use Cake\Event\Event;
27		use Cake\ORM\TableRegistry;
28		use Cake\Routing\Router;
29
30		/**
31		* Application Controller.
32		*
33		* Add your application-wide methods in the class below, your controllers
34		* will inherit them.
35		*
36		* @see http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
37		*/
38		class AppController extends Controller
39		{
40		public $uses = array('Developer', 'Notification');
41
42		public $whitelist = array(
43		'Developers',
44		'Pages',
45		'Incidents' => array(
46		'create',
47		),
48		'Events'
49		);
50
51		public $readonly_whitelist = array(
52		'Developers',
53		'Pages',
54		'Reports' => array(
55		'index',
56		'view',
57		'data_tables'
58		),
59		'Incidents' => array(
60		'view'
61		)
62		);
63
64		public $css_files = array(
65		'jquery.dataTables',
66		'jquery.dataTables_themeroller',
67		'bootstrap.min',
68		'bootstrap-responsive.min',
69		'shCore',
70		'shThemeDefault',
71		'custom'
72		);
73
74		public $js_files = array(
75		'jquery',
76		'jquery.dataTables.min',
77		'bootstrap',
78		'shCore',
79		'shBrushXml',
80		'shBrushJScript',
81		'shBrushPhp',
82		'raphael-min',
83		'g.raphael-min',
84		'g.pie-min',
85		'g.line-min',
86		'g.bar-min',
87		'g.dot-min',
88		'jquery.jqplot.min',
89		'jqplot.barRenderer.min',
90		'jqplot.highlighter.min',
91		'jqplot.dateAxisRenderer.min',
92		'jqplot.categoryAxisRenderer.min',
93		'jqplot.pointLabels.min',
94		'jqplot.canvasTextRenderer.min',
95		'jqplot.canvasAxisTickRenderer.min',
96		'jqplot.cursor.min',
97		'pie',
98		'custom'
99		);
100
101		/**
102		* Initialization hook method.
103		*
104		* Use this method to add common initialization code like loading components.
105		*/
106	9	public function initialize()
107		{
108	9	parent::initialize();
109	9	$this->loadComponent('Flash');
110		/* $this->loadComponent(
111		'Auth', [
112		'loginAction' => [
113		'controller' => 'Developer',
114		'action' => 'login'
115		],
116		'authError' => 'Did you really think you are allowed to see that?',
117		'authenticate' => [
118		'Form' => [
119		'fields' => ['username' => 'email']
120		]
121		]
122		]
123		);
124		*/
125	9	}
126
127	8	public function beforeFilter(Event $event)
128		{
129	8	$controller = $this->request->controller;
		0 ignored issues – show Bug introduced 2017-02-22 10:31 UTC by Report Bug Copy Issue Report The property `controller` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
130	8	$this->set('current_controller', $controller);
131	8	$notif_count = 0;
132
133	8	if ($this->request->session()->read('Developer.id')) {
		0 ignored issues – show Bug Best Practice introduced 2016-01-27 11:48 UTC by Report Bug Copy Issue Report The expression `$this->request->session()->read('Developer.id')` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
134	8	$this->_checkReadonlyAccess();
135
136	8	$current_developer = TableRegistry::get('Developers')->
137	8	findById($this->request->session()->read('Developer.id'))->all()->first();
138
139	8	$notif_count = TableRegistry::get('Notifications')->find(
140	8	'all',
141		array(
142	8	'conditions' => array('developer_id' => intval($current_developer['id'])),
143		)
144	8	)->count();
145	8	$this->set('current_developer', $current_developer);
146	8	$this->set('developer_signed_in', true);
147
148	8	$read_only = false;
149	8	if ($this->request->session()->read('read_only')) {
150		$read_only = true;
151		}
152	8	$this->set('read_only', $read_only);
153		} else {
154		$this->set('developer_signed_in', false);
155		$this->set('read_only', true);
156		$this->_checkAccess();
157		}
158	8	$this->set('notif_count', $notif_count);
159	8	$this->set('js_files', $this->js_files);
160	8	$this->set('css_files', $this->css_files);
161	8	$this->set('baseURL', Router::url('/', true));
162	8	}
163
164		protected function _checkAccess()
165		{
166		$controller = $this->request->controller;
		0 ignored issues – show Bug introduced 2017-02-22 10:31 UTC by Report Bug Copy Issue Report The property `controller` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
167		$action = $this->request->action;
		0 ignored issues – show Bug introduced 2017-02-22 10:31 UTC by Report Bug Copy Issue Report The property `action` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
168
169		if (in_array($controller, $this->whitelist)) {
170		return;
171		}
172		if (isset($this->whitelist[$controller])
173		&& in_array($action, $this->whitelist[$controller])
174		) {
175		return;
176		}
177		$flash_class = 'alert';
178		$this->Flash->default('You need to be signed in to do this',
179		array('params' => array('class' => $flash_class)));
180
181		// save the return url
182		$ret_url = Router::url($this->here, true);
183		$this->request->session()->write('last_page', $ret_url);
184
185		return $this->redirect('/');
186		}
187
188	8	protected function _checkReadonlyAccess()
189		{
190	8	$controller = $this->request->controller;
		0 ignored issues – show Bug introduced 2017-06-30 07:39 UTC by Report Bug Copy Issue Report The property `controller` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
191	8	$action = $this->request->action;
		0 ignored issues – show Bug introduced 2017-06-30 07:39 UTC by Report Bug Copy Issue Report The property `action` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
192	8	$read_only = $this->request->session()->read('read_only');
193
194		// If developer has commit access on phpmyadmin/phpmyadmin
195	8	if (!$read_only) {
		0 ignored issues – show Bug Best Practice introduced 2017-06-30 07:39 UTC by Report Bug Copy Issue Report The expression `$read_only` of type `string\|null` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
196	8	return;
197		}
198
199		if (in_array($controller, $this->readonly_whitelist)) {
200		return;
201		}
202		if (isset($this->readonly_whitelist[$controller])
203		&& in_array($action, $this->readonly_whitelist[$controller])
204		) {
205		return;
206		}
207
208		$this->request->session()->destroy();
209		$this->request->session()->write('last_page', '');
210
211		$flash_class = 'alert';
212		$this->Flash->default(
213		'You need to have commit access on phpmyadmin/phpmyadmin '
214		. 'repository on Github.com to do this',
215		array(
216		'params' => array(
217		'class' => $flash_class
218		)
219		)
220		);
221
222		$this->redirect('/');
223		}
224		}
225

phpmyadmin / error-reporting-server

Pull Request — master (#168)

AppController::_checkAccess() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like