AppController::checkAccess() - Code Metrics - Inspection of "Fix php 7.1 object return by ORM Entity" - phpmyadmin/error-reporting-server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 07e3a8...9561cd )

by William

created 2020-05-29 12:11 UTC

AppController::checkAccess() A

↳ Parent: Project

Complexity

Conditions	4
Paths	3

Size

Total Lines	24
Code Lines	14

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	14
CRAP Score	4.0047

Importance

Changes

Metric	Value
cc	4
eloc	14
nc	3
nop	0
dl	0
loc	24
ccs	14
cts	15
cp	0.9333
crap	4.0047
rs	9.7998
c	0
b	0
f	0

<?php

/**
 * Application level Controller.
 *
 * This file is application-wide controller file. You can put all
 * application-wide controller-related methods here.
 *
 * phpMyAdmin Error reporting server
 * Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
 *
 * Licensed under The MIT License
 * For full copyright and license information, please see the LICENSE.txt
 * Redistributions of files must retain the above copyright notice.
 *
 * @copyright Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
 * @license   https://opensource.org/licenses/mit-license.php MIT License
 *
 * @see      https://www.phpmyadmin.net/
 */

namespace App\Controller;

use Cake\Controller\Controller;
use Cake\Event\Event;
use Cake\Http\Response;
use Cake\ORM\TableRegistry;
use Cake\Routing\Router;
use function in_array;

/**
 * Application Controller.
 *
 * Add your application-wide methods in the class below, your controllers
 * will inherit them.
 *
 * @see    http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
 */
class AppController extends Controller
{
    /** @var string[] */
    public $uses = [
        'Developer',
        'Notification',
    ];

    /** @var array */
    public $whitelist = [
        'Developers',
        'Pages',
        'Incidents' => ['create'],
        'Events',
    ];

    /** @var array */
    public $readonly_whitelist = [
        'Developers',
        'Pages',
        'Reports' => [
            'index',
            'view',
            'data_tables',
        ],
        'Incidents' => ['view'],
    ];

    /** @var string[] */
    public $css_files = [
        'jquery.dataTables',
        'jquery.dataTables_themeroller',
        'bootstrap.min',
        'bootstrap-responsive.min',
        'shCore',
        'shThemeDefault',
        'custom',
    ];

    /** @var string[] */
    public $js_files = [
        'jquery',
        'jquery.dataTables.min',
        'bootstrap',
        'shCore',
        'shBrushXml',
        'shBrushJScript',
        'shBrushPhp',
        'raphael-min',
        'g.raphael-min',
        'g.pie-min',
        'g.line-min',
        'g.bar-min',
        'g.dot-min',
        'jquery.jqplot.min',
        'jqplot.barRenderer.min',
        'jqplot.highlighter.min',
        'jqplot.dateAxisRenderer.min',
        'jqplot.categoryAxisRenderer.min',
        'jqplot.pointLabels.min',
        'jqplot.canvasTextRenderer.min',
        'jqplot.canvasAxisTickRenderer.min',
        'jqplot.cursor.min',
        'pie',
        'custom',
    ];

    /**
     * Initialization hook method.
     *
     * Use this method to add common initialization code like loading components.
     *
     * @return void Nothing
     */
    public function initialize(): void
    {
        parent::initialize();
        $this->loadComponent('Flash');
        /*  $this->loadComponent(
                'Auth', [
                    'loginAction' => [
                        'controller' => 'Developer',
                        'action' => 'login'
                    ],
                    'authError' => 'Did you really think you are allowed to see that?',
                    'authenticate' => [
                        'Form' => [
                            'fields' => ['username' => 'email']
                        ]
                    ]
                ]
            );
        */
    }

    public function beforeFilter(Event $event): void
    {
        $controller = $this->request->controller;
        $this->set('current_controller', $controller);
        $notif_count = 0;

        if ($this->request->getSession()->read('Developer.id')) {
            $this->checkReadonlyAccess();

            $current_developer = TableRegistry::getTableLocator()->get('Developers')->
                    findById($this->request->getSession()->read('Developer.id'))->all()->first();

            $notif_count = TableRegistry::getTableLocator()->get('Notifications')->find(
                'all',
                [
                    'conditions' => ['developer_id' => (int) isset($current_developer) ? $current_developer['id'] : null],
                ]
            )->count();
            $this->set('current_developer', $current_developer);
            $this->set('developer_signed_in', true);

            $read_only = false;
            if ($this->request->getSession()->read('read_only')) {
                $read_only = true;
            }
            $this->set('read_only', $read_only);
        } else {
            $this->set('developer_signed_in', false);
            $this->set('read_only', true);
            $this->checkAccess();
        }
        $this->set('notif_count', $notif_count);
        $this->set('js_files', $this->js_files);
        $this->set('css_files', $this->css_files);
        $this->set('baseURL', Router::url('/', true));
    }

    protected function checkAccess(): ?Response
    {
        $controller = $this->request->controller;
        $action = $this->request->getParam('action');

        if (in_array($controller, $this->whitelist)) {
            return null;
        }
        if (isset($this->whitelist[$controller])
            && in_array($action, $this->whitelist[$controller])
        ) {
            return null;
        }
        $flash_class = 'alert';
        $this->Flash->default(
            'You need to be signed in to do this',
            ['params' => ['class' => $flash_class]]
        );

        // save the return url
        $ret_url = Router::url($this->request->getRequestTarget(), true);
        $this->request->getSession()->write('last_page', $ret_url);

        return $this->redirect('/');
    }

    protected function checkReadonlyAccess(): void
    {
        $controller = $this->request->controller;
        $action = $this->request->getParam('action');
        $read_only = $this->request->getSession()->read('read_only');

        // If developer has commit access on phpmyadmin/phpmyadmin
        if (! $read_only) {
            return;
        }

        if (in_array($controller, $this->readonly_whitelist)) {
            return;
        }
        if (isset($this->readonly_whitelist[$controller])
            && in_array($action, $this->readonly_whitelist[$controller])
        ) {
            return;
        }

        $this->request->getSession()->destroy();
        $this->request->getSession()->write('last_page', '');

        $flash_class = 'alert';
        $this->Flash->default(
            'You need to have commit access on phpmyadmin/phpmyadmin '
            . 'repository on Github.com to do this',
            [
                'params' => ['class' => $flash_class],
            ]
        );

        $this->redirect('/');
    }
}


1		<?php
2
3		/**
4		* Application level Controller.
5		*
6		* This file is application-wide controller file. You can put all
7		* application-wide controller-related methods here.
8		*
9		* phpMyAdmin Error reporting server
10		* Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
11		*
12		* Licensed under The MIT License
13		* For full copyright and license information, please see the LICENSE.txt
14		* Redistributions of files must retain the above copyright notice.
15		*
16		* @copyright Copyright (c) phpMyAdmin project (https://www.phpmyadmin.net/)
17		* @license https://opensource.org/licenses/mit-license.php MIT License
18		*
19		* @see https://www.phpmyadmin.net/
20		*/
21
22		namespace App\Controller;
23
24		use Cake\Controller\Controller;
25		use Cake\Event\Event;
26		use Cake\Http\Response;
27		use Cake\ORM\TableRegistry;
28		use Cake\Routing\Router;
29		use function in_array;
30
31		/**
32		* Application Controller.
33		*
34		* Add your application-wide methods in the class below, your controllers
35		* will inherit them.
36		*
37		* @see http://book.cakephp.org/2.0/en/controllers.html#the-app-controller
38		*/
39		class AppController extends Controller
40		{
41		/** @var string[] */
42		public $uses = [
43		'Developer',
44		'Notification',
45		];
46
47		/** @var array */
48		public $whitelist = [
49		'Developers',
50		'Pages',
51		'Incidents' => ['create'],
52		'Events',
53		];
54
55		/** @var array */
56		public $readonly_whitelist = [
57		'Developers',
58		'Pages',
59		'Reports' => [
60		'index',
61		'view',
62		'data_tables',
63		],
64		'Incidents' => ['view'],
65		];
66
67		/** @var string[] */
68		public $css_files = [
69		'jquery.dataTables',
70		'jquery.dataTables_themeroller',
71		'bootstrap.min',
72		'bootstrap-responsive.min',
73		'shCore',
74		'shThemeDefault',
75		'custom',
76		];
77
78		/** @var string[] */
79		public $js_files = [
80		'jquery',
81		'jquery.dataTables.min',
82		'bootstrap',
83		'shCore',
84		'shBrushXml',
85		'shBrushJScript',
86		'shBrushPhp',
87		'raphael-min',
88		'g.raphael-min',
89		'g.pie-min',
90		'g.line-min',
91		'g.bar-min',
92		'g.dot-min',
93		'jquery.jqplot.min',
94		'jqplot.barRenderer.min',
95		'jqplot.highlighter.min',
96		'jqplot.dateAxisRenderer.min',
97		'jqplot.categoryAxisRenderer.min',
98		'jqplot.pointLabels.min',
99		'jqplot.canvasTextRenderer.min',
100		'jqplot.canvasAxisTickRenderer.min',
101		'jqplot.cursor.min',
102		'pie',
103		'custom',
104		];
105
106		/**
107		* Initialization hook method.
108		*
109		* Use this method to add common initialization code like loading components.
110		*
111		* @return void Nothing
112		*/
113	88	public function initialize(): void
114		{
115	88	parent::initialize();
116	88	$this->loadComponent('Flash');
117		/* $this->loadComponent(
118		'Auth', [
119		'loginAction' => [
120		'controller' => 'Developer',
121		'action' => 'login'
122		],
123		'authError' => 'Did you really think you are allowed to see that?',
124		'authenticate' => [
125		'Form' => [
126		'fields' => ['username' => 'email']
127		]
128		]
129		]
130		);
131		*/
132	88	}
133
134	84	public function beforeFilter(Event $event): void
135		{
136	84	$controller = $this->request->controller;
137	84	$this->set('current_controller', $controller);
138	84	$notif_count = 0;
139
140	84	if ($this->request->getSession()->read('Developer.id')) {
141	72	$this->checkReadonlyAccess();
142
143	72	$current_developer = TableRegistry::getTableLocator()->get('Developers')->
144	72	findById($this->request->getSession()->read('Developer.id'))->all()->first();
145
146	72	$notif_count = TableRegistry::getTableLocator()->get('Notifications')->find(
147	72	'all',
148		[
149	72	'conditions' => ['developer_id' => (int) isset($current_developer) ? $current_developer['id'] : null],
150		]
151	72	)->count();
152	72	$this->set('current_developer', $current_developer);
153	72	$this->set('developer_signed_in', true);
154
155	72	$read_only = false;
156	72	if ($this->request->getSession()->read('read_only')) {
157		$read_only = true;
158		}
159	72	$this->set('read_only', $read_only);
160		} else {
161	12	$this->set('developer_signed_in', false);
162	12	$this->set('read_only', true);
163	12	$this->checkAccess();
164		}
165	84	$this->set('notif_count', $notif_count);
166	84	$this->set('js_files', $this->js_files);
167	84	$this->set('css_files', $this->css_files);
168	84	$this->set('baseURL', Router::url('/', true));
169	84	}
170
171	12	protected function checkAccess(): ?Response
172		{
173	12	$controller = $this->request->controller;
174	12	$action = $this->request->getParam('action');
175
176	12	if (in_array($controller, $this->whitelist)) {
177	8	return null;
178		}
179	4	if (isset($this->whitelist[$controller])
180	4	&& in_array($action, $this->whitelist[$controller])
181		) {
182		return null;
183		}
184	4	$flash_class = 'alert';
185	4	$this->Flash->default(
186	4	'You need to be signed in to do this',
187	4	['params' => ['class' => $flash_class]]
188		);
189
190		// save the return url
191	4	$ret_url = Router::url($this->request->getRequestTarget(), true);
192	4	$this->request->getSession()->write('last_page', $ret_url);
193
194	4	return $this->redirect('/');
195		}
196
197	72	protected function checkReadonlyAccess(): void
198		{
199	72	$controller = $this->request->controller;
200	72	$action = $this->request->getParam('action');
201	72	$read_only = $this->request->getSession()->read('read_only');
202
203		// If developer has commit access on phpmyadmin/phpmyadmin
204	72	if (! $read_only) {
205	68	return;
206		}
207
208	4	if (in_array($controller, $this->readonly_whitelist)) {
209		return;
210		}
211	4	if (isset($this->readonly_whitelist[$controller])
212	4	&& in_array($action, $this->readonly_whitelist[$controller])
213		) {
214		return;
215		}
216
217	4	$this->request->getSession()->destroy();
218	4	$this->request->getSession()->write('last_page', '');
219
220	4	$flash_class = 'alert';
221	4	$this->Flash->default(
222		'You need to have commit access on phpmyadmin/phpmyadmin '
223	4	. 'repository on Github.com to do this',
224		[
225	4	'params' => ['class' => $flash_class],
226		]
227		);
228
229	4	$this->redirect('/');
230	4	}
231		}
232

phpmyadmin / error-reporting-server

Push — master ( 07e3a8...9561cd )

AppController::checkAccess() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like