AppController::_checkAccess() - Code Metrics - Inspection of "Add tests for GithubShell" - phpmyadmin/error-reporting-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 9ded53...cc9938 )

by Deven

created 2017-07-05 08:24 UTC

AppController::_checkAccess() B

↳ Parent: Project

Complexity

Conditions	4
Paths	3

Size

Total Lines	23
Code Lines	14

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	13
CRAP Score	4.0058

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	23
ccs	13
cts	14
cp	0.9286
rs	8.7972
cc	4
eloc	14
nc	3
nop	0
crap	4.0058

<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */

/**
 * Application level Controller.
 *
 * This file is application-wide controller file. You can put all
 * application-wide controller-related methods here.
 *
 * phpMyAdmin Error reporting server
 * Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
 *
 * Licensed under The MIT License
 * For full copyright and license information, please see the LICENSE.txt
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
 * @license   https://opensource.org/licenses/mit-license.php MIT License
 *
 * @see      https://www.phpmyadmin.net/
 */

namespace App\Controller;

use Cake\Controller\Controller;
use Cake\Event\Event;
use Cake\ORM\TableRegistry;
use Cake\Routing\Router;

/**
 * Application Controller.
 *
 * Add your application-wide methods in the class below, your controllers
 * will inherit them.
 *
 * @see    http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
 */
class AppController extends Controller
{
    public $uses = array('Developer', 'Notification');

    public $whitelist = array(
        'Developers',
        'Pages',
        'Incidents' => array(
            'create',
        ),
        'Events'
    );

    public $readonly_whitelist = array(
        'Developers',
        'Pages',
        'Reports' => array(
            'index',
            'view',
            'data_tables'
        ),
        'Incidents' => array(
            'view'
        )
    );

    public $css_files = array(
        'jquery.dataTables',
        'jquery.dataTables_themeroller',
        'bootstrap.min',
        'bootstrap-responsive.min',
        'shCore',
        'shThemeDefault',
        'custom'
    );

    public $js_files = array(
        'jquery',
        'jquery.dataTables.min',
        'bootstrap',
        'shCore',
        'shBrushXml',
        'shBrushJScript',
        'shBrushPhp',
        'raphael-min',
        'g.raphael-min',
        'g.pie-min',
        'g.line-min',
        'g.bar-min',
        'g.dot-min',
        'jquery.jqplot.min',
        'jqplot.barRenderer.min',
        'jqplot.highlighter.min',
        'jqplot.dateAxisRenderer.min',
        'jqplot.categoryAxisRenderer.min',
        'jqplot.pointLabels.min',
        'jqplot.canvasTextRenderer.min',
        'jqplot.canvasAxisTickRenderer.min',
        'jqplot.cursor.min',
        'pie',
        'custom'
    );

    /**
     * Initialization hook method.
     *
     * Use this method to add common initialization code like loading components.
     */
    public function initialize()
    {
        parent::initialize();
        $this->loadComponent('Flash');
        /*  $this->loadComponent(
                'Auth', [
                    'loginAction' => [
                        'controller' => 'Developer',
                        'action' => 'login'
                    ],
                    'authError' => 'Did you really think you are allowed to see that?',
                    'authenticate' => [
                        'Form' => [
                            'fields' => ['username' => 'email']
                        ]
                    ]
                ]
            );
        */
    }

    public function beforeFilter(Event $event)
    {
        $controller = $this->request->controller;

        $this->set('current_controller', $controller);
        $notif_count = 0;

        if ($this->request->session()->read('Developer.id')) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $this->_checkReadonlyAccess();

            $current_developer = TableRegistry::get('Developers')->
                    findById($this->request->session()->read('Developer.id'))->all()->first();

            $notif_count = TableRegistry::get('Notifications')->find(
                'all',
                array(
                    'conditions' => array('developer_id' => intval($current_developer['id'])),
                )
            )->count();
            $this->set('current_developer', $current_developer);
            $this->set('developer_signed_in', true);

            $read_only = false;
            if ($this->request->session()->read('read_only')) {
                $read_only = true;
            }
            $this->set('read_only', $read_only);
        } else {
            $this->set('developer_signed_in', false);
            $this->set('read_only', true);
            $this->_checkAccess();
        }
        $this->set('notif_count', $notif_count);
        $this->set('js_files', $this->js_files);
        $this->set('css_files', $this->css_files);
        $this->set('baseURL', Router::url('/', true));
    }

    protected function _checkAccess()
    {
        $controller = $this->request->controller;

        $action = $this->request->action;


        if (in_array($controller, $this->whitelist)) {
            return;
        }
        if (isset($this->whitelist[$controller])
            && in_array($action, $this->whitelist[$controller])
        ) {
            return;
        }
        $flash_class = 'alert';
        $this->Flash->default('You need to be signed in to do this',
            array('params' => array('class' => $flash_class)));

        // save the return url
        $ret_url = Router::url($this->here, true);
        $this->request->session()->write('last_page', $ret_url);

        return $this->redirect('/');
    }

    protected function _checkReadonlyAccess()
    {
        $controller = $this->request->controller;

        $action = $this->request->action;

        $read_only = $this->request->session()->read('read_only');

        // If developer has commit access on phpmyadmin/phpmyadmin
        if (!$read_only) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            return;
        }

        if (in_array($controller, $this->readonly_whitelist)) {
            return;
        }
        if (isset($this->readonly_whitelist[$controller])
            && in_array($action, $this->readonly_whitelist[$controller])
        ) {
            return;
        }

        $this->request->session()->destroy();
        $this->request->session()->write('last_page', '');

        $flash_class = 'alert';
        $this->Flash->default(
            'You need to have commit access on phpmyadmin/phpmyadmin '
            . 'repository on Github.com to do this',
            array(
                'params' => array(
                    'class' => $flash_class
                )
            )
        );

        $this->redirect('/');
    }
}


1		<?php
2		/* vim: set expandtab sw=4 ts=4 sts=4: */
3
4		/**
5		* Application level Controller.
6		*
7		* This file is application-wide controller file. You can put all
8		* application-wide controller-related methods here.
9		*
10		* phpMyAdmin Error reporting server
11		* Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
12		*
13		* Licensed under The MIT License
14		* For full copyright and license information, please see the LICENSE.txt
15		* Redistributions of files must retain the above copyright notice.
16		*
17		* @copyright Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
18		* @license https://opensource.org/licenses/mit-license.php MIT License
19		*
20		* @see https://www.phpmyadmin.net/
21		*/
22
23		namespace App\Controller;
24
25		use Cake\Controller\Controller;
26		use Cake\Event\Event;
27		use Cake\ORM\TableRegistry;
28		use Cake\Routing\Router;
29
30		/**
31		* Application Controller.
32		*
33		* Add your application-wide methods in the class below, your controllers
34		* will inherit them.
35		*
36		* @see http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
37		*/
38		class AppController extends Controller
39		{
40		public $uses = array('Developer', 'Notification');
41
42		public $whitelist = array(
43		'Developers',
44		'Pages',
45		'Incidents' => array(
46		'create',
47		),
48		'Events'
49		);
50
51		public $readonly_whitelist = array(
52		'Developers',
53		'Pages',
54		'Reports' => array(
55		'index',
56		'view',
57		'data_tables'
58		),
59		'Incidents' => array(
60		'view'
61		)
62		);
63
64		public $css_files = array(
65		'jquery.dataTables',
66		'jquery.dataTables_themeroller',
67		'bootstrap.min',
68		'bootstrap-responsive.min',
69		'shCore',
70		'shThemeDefault',
71		'custom'
72		);
73
74		public $js_files = array(
75		'jquery',
76		'jquery.dataTables.min',
77		'bootstrap',
78		'shCore',
79		'shBrushXml',
80		'shBrushJScript',
81		'shBrushPhp',
82		'raphael-min',
83		'g.raphael-min',
84		'g.pie-min',
85		'g.line-min',
86		'g.bar-min',
87		'g.dot-min',
88		'jquery.jqplot.min',
89		'jqplot.barRenderer.min',
90		'jqplot.highlighter.min',
91		'jqplot.dateAxisRenderer.min',
92		'jqplot.categoryAxisRenderer.min',
93		'jqplot.pointLabels.min',
94		'jqplot.canvasTextRenderer.min',
95		'jqplot.canvasAxisTickRenderer.min',
96		'jqplot.cursor.min',
97		'pie',
98		'custom'
99		);
100
101		/**
102		* Initialization hook method.
103		*
104		* Use this method to add common initialization code like loading components.
105		*/
106	21	public function initialize()
107		{
108	21	parent::initialize();
109	21	$this->loadComponent('Flash');
110		/* $this->loadComponent(
111		'Auth', [
112		'loginAction' => [
113		'controller' => 'Developer',
114		'action' => 'login'
115		],
116		'authError' => 'Did you really think you are allowed to see that?',
117		'authenticate' => [
118		'Form' => [
119		'fields' => ['username' => 'email']
120		]
121		]
122		]
123		);
124		*/
125	21	}
126
127	20	public function beforeFilter(Event $event)
128		{
129	20	$controller = $this->request->controller;
		0 ignored issues – show Bug introduced 2017-02-22 10:31 UTC by Report Bug Copy Issue Report The property `controller` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
130	20	$this->set('current_controller', $controller);
131	20	$notif_count = 0;
132
133	20	if ($this->request->session()->read('Developer.id')) {
		0 ignored issues – show Bug Best Practice introduced 2016-01-27 11:48 UTC by Report Bug Copy Issue Report The expression `$this->request->session()->read('Developer.id')` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
134	17	$this->_checkReadonlyAccess();
135
136	17	$current_developer = TableRegistry::get('Developers')->
137	17	findById($this->request->session()->read('Developer.id'))->all()->first();
138
139	17	$notif_count = TableRegistry::get('Notifications')->find(
140	17	'all',
141		array(
142	17	'conditions' => array('developer_id' => intval($current_developer['id'])),
143		)
144	17	)->count();
145	17	$this->set('current_developer', $current_developer);
146	17	$this->set('developer_signed_in', true);
147
148	17	$read_only = false;
149	17	if ($this->request->session()->read('read_only')) {
150		$read_only = true;
151		}
152	17	$this->set('read_only', $read_only);
153		} else {
154	3	$this->set('developer_signed_in', false);
155	3	$this->set('read_only', true);
156	3	$this->_checkAccess();
157		}
158	20	$this->set('notif_count', $notif_count);
159	20	$this->set('js_files', $this->js_files);
160	20	$this->set('css_files', $this->css_files);
161	20	$this->set('baseURL', Router::url('/', true));
162	20	}
163
164	3	protected function _checkAccess()
165		{
166	3	$controller = $this->request->controller;
		0 ignored issues – show Bug introduced 2017-02-22 10:31 UTC by Report Bug Copy Issue Report The property `controller` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
167	3	$action = $this->request->action;
		0 ignored issues – show Bug introduced 2017-02-22 10:31 UTC by Report Bug Copy Issue Report The property `action` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
168
169	3	if (in_array($controller, $this->whitelist)) {
170	2	return;
171		}
172	1	if (isset($this->whitelist[$controller])
173	1	&& in_array($action, $this->whitelist[$controller])
174		) {
175		return;
176		}
177	1	$flash_class = 'alert';
178	1	$this->Flash->default('You need to be signed in to do this',
179	1	array('params' => array('class' => $flash_class)));
180
181		// save the return url
182	1	$ret_url = Router::url($this->here, true);
183	1	$this->request->session()->write('last_page', $ret_url);
184
185	1	return $this->redirect('/');
186		}
187
188	17	protected function _checkReadonlyAccess()
189		{
190	17	$controller = $this->request->controller;
		0 ignored issues – show Bug introduced 2017-06-30 07:39 UTC by Report Bug Copy Issue Report The property `controller` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
191	17	$action = $this->request->action;
		0 ignored issues – show Bug introduced 2017-06-30 07:39 UTC by Report Bug Copy Issue Report The property `action` does not seem to exist in `Cake\Http\ServerRequest`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
192	17	$read_only = $this->request->session()->read('read_only');
193
194		// If developer has commit access on phpmyadmin/phpmyadmin
195	17	if (!$read_only) {
		0 ignored issues – show Bug Best Practice introduced 2017-06-30 07:39 UTC by Report Bug Copy Issue Report The expression `$read_only` of type `string\|null` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
196	16	return;
197		}
198
199	1	if (in_array($controller, $this->readonly_whitelist)) {
200		return;
201		}
202	1	if (isset($this->readonly_whitelist[$controller])
203	1	&& in_array($action, $this->readonly_whitelist[$controller])
204		) {
205		return;
206		}
207
208	1	$this->request->session()->destroy();
209	1	$this->request->session()->write('last_page', '');
210
211	1	$flash_class = 'alert';
212	1	$this->Flash->default(
213		'You need to have commit access on phpmyadmin/phpmyadmin '
214	1	. 'repository on Github.com to do this',
215		array(
216		'params' => array(
217	1	'class' => $flash_class
218		)
219		)
220		);
221
222	1	$this->redirect('/');
223	1	}
224		}
225

phpmyadmin / error-reporting-server

Push — master ( 9ded53...cc9938 )

AppController::_checkAccess() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like