TAuthorizationRule::isRoleMatched() - Code Metrics - Inspection of "php-cs-fixer: spaces around operators" - pradosoft/prado - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Branch — php-cs-fixer (b9836a)

by Fabio

created 2018-02-17 17:18 UTC

TAuthorizationRule::isRoleMatched() A

↳ Parent: TAuthorizationRule

Complexity

Conditions	4
Paths	3

Size

Total Lines	8
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	4
eloc	4
nc	3
nop	1
dl	0
loc	8
rs	9.2
c	0
b	0
f	0

<?php
/**
 * TAuthorizationRule, TAuthorizationRuleCollection class file
 *
 * @author Qiang Xue <[email protected]>
 * @link https://github.com/pradosoft/prado
 * @copyright Copyright &copy; 2005-2016 The PRADO Group
 * @license https://github.com/pradosoft/prado/blob/master/LICENSE
 * @package Prado\Security
 */

namespace Prado\Security;

use Prado\Exceptions\TInvalidDataValueException;

/**
 * TAuthorizationRule class
 *
 * TAuthorizationRule represents a single authorization rule.
 * A rule is specified by an action (required), a list of users (optional),
 * a list of roles (optional), a verb (optional), and a list of IP rules (optional).
 * Action can be either 'allow' or 'deny'.
 * Guest (anonymous, unauthenticated) users are represented by question mark '?'.
 * All users (including guest users) are represented by asterisk '*'.
 * Authenticated users are represented by '@'.
 * Users/roles are case-insensitive.
 * Different users/roles are separated by comma ','.
 * Verb can be either 'get' or 'post'. If it is absent, it means both.
 * IP rules are separated by comma ',' and can contain wild card in the rules (e.g. '192.132.23.33, 192.122.*.*')
 *
 * @author Qiang Xue <[email protected]>
 * @package Prado\Security
 * @since 3.0
 */
class TAuthorizationRule extends \Prado\TComponent
{
	/**
	 * @var string action, either 'allow' or 'deny'
	 */
	private $_action;
	/**
	 * @var array list of user IDs
	 */
	private $_users;
	/**
	 * @var array list of roles
	 */
	private $_roles;
	/**
	 * @var string verb, may be empty, 'get', or 'post'.
	 */
	private $_verb;
	/**
	 * @var string IP patterns
	 */
	private $_ipRules;
	/**
	 * @var boolean if this rule applies to everyone
	 */
	private $_everyone;
	/**
	 * @var boolean if this rule applies to guest user
	 */
	private $_guest;
	/**
	 * @var boolean if this rule applies to authenticated users
	 */
	private $_authenticated;

	/**
	 * Constructor.
	 * @param string action, either 'deny' or 'allow'
	 * @param string a comma separated user list
	 * @param string a comma separated role list
	 * @param string verb, can be empty, 'get', or 'post'
	 * @param string IP rules (separated by comma, can contain wild card *)
filter:
    dependency_paths: ["lib/*"]
	 */
	public function __construct($action, $users, $roles, $verb = '', $ipRules = '')
	{
		$action = strtolower(trim($action));
		if($action === 'allow' || $action === 'deny')
			$this->_action = $action;
		else
			throw new TInvalidDataValueException('authorizationrule_action_invalid', $action);
		$this->_users = [];
		$this->_roles = [];
		$this->_ipRules = [];

		$this->_everyone = false;
		$this->_guest = false;
		$this->_authenticated = false;

		if(trim($users) === '')
			$users = '*';
		foreach(explode(',', $users) as $user)
		{
			if(($user = trim(strtolower($user))) !== '')
			{
				if($user === '*')
				{
					$this->_everyone = true;
					break;
				}
				elseif($user === '?')
					$this->_guest = true;
				elseif($user === '@')
					$this->_authenticated = true;
				else
					$this->_users[] = $user;
			}
		}

		if(trim($roles) === '')
			$roles = '*';
		foreach(explode(',', $roles) as $role)
		{
			if(($role = trim(strtolower($role))) !== '')
				$this->_roles[] = $role;
		}

		if(($verb = trim(strtolower($verb))) === '')
			$verb = '*';
		if($verb === '*' || $verb === 'get' || $verb === 'post')
			$this->_verb = $verb;
		else
			throw new TInvalidDataValueException('authorizationrule_verb_invalid', $verb);

		if(trim($ipRules) === '')
			$ipRules = '*';
		foreach(explode(',', $ipRules) as $ipRule)
		{
			if(($ipRule = trim($ipRule)) !== '')
				$this->_ipRules[] = $ipRule;
		}
	}

	/**
	 * @return string action, either 'allow' or 'deny'
	 */
	public function getAction()
	{
		return $this->_action;
	}

	/**
	 * @return array list of user IDs
	 */
	public function getUsers()
	{
		return $this->_users;
	}

	/**
	 * @return array list of roles
	 */
	public function getRoles()
	{
		return $this->_roles;
	}

	/**
	 * @return string verb, may be empty, 'get', or 'post'.
	 */
	public function getVerb()
	{
		return $this->_verb;
	}

	/**
	 * @return array list of IP rules.
	 * @since 3.1.1
	 */
	public function getIPRules()
	{
		return $this->_ipRules;

	}

	/**
	 * @return boolean if this rule applies to everyone
	 */
	public function getGuestApplied()
	{
		return $this->_guest || $this->_everyone;
	}

	/**
	 * @return boolean if this rule applies to everyone
	 */
	public function getEveryoneApplied()
	{
		return $this->_everyone;
	}

	/**
	 * @return boolean if this rule applies to authenticated users
	 */
	public function getAuthenticatedApplied()
	{
		return $this->_authenticated || $this->_everyone;
	}

	/**
	 * @param IUser the user object
filter:
    dependency_paths: ["lib/*"]
	 * @param string the request verb (GET, PUT)
	 * @param string the request IP address
	 * @return integer 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user
	 */
	public function isUserAllowed(IUser $user, $verb, $ip)
	{
		if($this->isVerbMatched($verb) && $this->isIpMatched($ip) && $this->isUserMatched($user) && $this->isRoleMatched($user))
			return ($this->_action === 'allow')?1:-1;
		else
			return 0;
	}

	private function isIpMatched($ip)
	{
		if(empty($this->_ipRules))
			return 1;
		foreach($this->_ipRules as $rule)

		{
			if($rule === '*' || $rule === $ip || (($pos = strpos($rule, '*')) !== false && strncmp($ip, $rule, $pos) === 0))
				return 1;
		}
		return 0;
	}

	private function isUserMatched($user)
	{
		return ($this->_everyone || ($this->_guest && $user->getIsGuest()) || ($this->_authenticated && !$user->getIsGuest()) || in_array(strtolower($user->getName()), $this->_users));
	}

	private function isRoleMatched($user)
	{
		foreach($this->_roles as $role)
		{
			if($role === '*' || $user->isInRole($role))
				return true;
		}
		return false;
	}

	private function isVerbMatched($verb)
	{
		return ($this->_verb === '*' || strcasecmp($verb, $this->_verb) === 0);
	}
}

1			<?php
2			/**
3			* TAuthorizationRule, TAuthorizationRuleCollection class file
4			*
5			* @author Qiang Xue <[email protected]>
6			* @link https://github.com/pradosoft/prado
7			* @copyright Copyright © 2005-2016 The PRADO Group
8			* @license https://github.com/pradosoft/prado/blob/master/LICENSE
9			* @package Prado\Security
10			*/
11
12			namespace Prado\Security;
13
14			use Prado\Exceptions\TInvalidDataValueException;
15
16			/**
17			* TAuthorizationRule class
18			*
19			* TAuthorizationRule represents a single authorization rule.
20			* A rule is specified by an action (required), a list of users (optional),
21			* a list of roles (optional), a verb (optional), and a list of IP rules (optional).
22			* Action can be either 'allow' or 'deny'.
23			* Guest (anonymous, unauthenticated) users are represented by question mark '?'.
24			* All users (including guest users) are represented by asterisk '*'.
25			* Authenticated users are represented by '@'.
26			* Users/roles are case-insensitive.
27			* Different users/roles are separated by comma ','.
28			* Verb can be either 'get' or 'post'. If it is absent, it means both.
29			* IP rules are separated by comma ',' and can contain wild card in the rules (e.g. '192.132.23.33, 192.122..')
30			*
31			* @author Qiang Xue <[email protected]>
32			* @package Prado\Security
33			* @since 3.0
34			*/
35			class TAuthorizationRule extends \Prado\TComponent
36			{
37			/**
38			* @var string action, either 'allow' or 'deny'
39			*/
40			private $_action;
41			/**
42			* @var array list of user IDs
43			*/
44			private $_users;
45			/**
46			* @var array list of roles
47			*/
48			private $_roles;
49			/**
50			* @var string verb, may be empty, 'get', or 'post'.
51			*/
52			private $_verb;
53			/**
54			* @var string IP patterns
55			*/
56			private $_ipRules;
57			/**
58			* @var boolean if this rule applies to everyone
59			*/
60			private $_everyone;
61			/**
62			* @var boolean if this rule applies to guest user
63			*/
64			private $_guest;
65			/**
66			* @var boolean if this rule applies to authenticated users
67			*/
68			private $_authenticated;
69
70			/**
71			* Constructor.
72			* @param string action, either 'deny' or 'allow'
73			* @param string a comma separated user list
74			* @param string a comma separated role list
75			* @param string verb, can be empty, 'get', or 'post'
76			* @param string IP rules (separated by comma, can contain wild card *)
			0 ignored issues – show Bug introduced 2018-02-15 21:32 UTC by Report Bug Copy Issue Report The type `Prado\Security\IP` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
77			*/
78			public function __construct($action, $users, $roles, $verb = '', $ipRules = '')
79			{
80			$action = strtolower(trim($action));
81			if($action === 'allow' \|\| $action === 'deny')
82			$this->_action = $action;
83			else
84			throw new TInvalidDataValueException('authorizationrule_action_invalid', $action);
85			$this->_users = [];
86			$this->_roles = [];
87			$this->_ipRules = [];
			0 ignored issues – show Documentation Bug introduced 2018-02-15 21:32 UTC by Report Bug Copy Issue Report It seems like `array()` of type `array` is incompatible with the declared type `string` of property `$_ipRules`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
88			$this->_everyone = false;
89			$this->_guest = false;
90			$this->_authenticated = false;
91
92			if(trim($users) === '')
93			$users = '*';
94			foreach(explode(',', $users) as $user)
95			{
96			if(($user = trim(strtolower($user))) !== '')
97			{
98			if($user === '*')
99			{
100			$this->_everyone = true;
101			break;
102			}
103			elseif($user === '?')
104			$this->_guest = true;
105			elseif($user === '@')
106			$this->_authenticated = true;
107			else
108			$this->_users[] = $user;
109			}
110			}
111
112			if(trim($roles) === '')
113			$roles = '*';
114			foreach(explode(',', $roles) as $role)
115			{
116			if(($role = trim(strtolower($role))) !== '')
117			$this->_roles[] = $role;
118			}
119
120			if(($verb = trim(strtolower($verb))) === '')
121			$verb = '*';
122			if($verb === '*' \|\| $verb === 'get' \|\| $verb === 'post')
123			$this->_verb = $verb;
124			else
125			throw new TInvalidDataValueException('authorizationrule_verb_invalid', $verb);
126
127			if(trim($ipRules) === '')
128			$ipRules = '*';
129			foreach(explode(',', $ipRules) as $ipRule)
130			{
131			if(($ipRule = trim($ipRule)) !== '')
132			$this->_ipRules[] = $ipRule;
133			}
134			}
135
136			/**
137			* @return string action, either 'allow' or 'deny'
138			*/
139			public function getAction()
140			{
141			return $this->_action;
142			}
143
144			/**
145			* @return array list of user IDs
146			*/
147			public function getUsers()
148			{
149			return $this->_users;
150			}
151
152			/**
153			* @return array list of roles
154			*/
155			public function getRoles()
156			{
157			return $this->_roles;
158			}
159
160			/**
161			* @return string verb, may be empty, 'get', or 'post'.
162			*/
163			public function getVerb()
164			{
165			return $this->_verb;
166			}
167
168			/**
169			* @return array list of IP rules.
170			* @since 3.1.1
171			*/
172			public function getIPRules()
173			{
174			return $this->_ipRules;
			0 ignored issues – show Bug Best Practice introduced 2018-02-17 17:08 UTC by Report Bug Copy Issue Report The expression `return $this->_ipRules` returns the type `string` which is incompatible with the documented return type `array`. Loading history...
175			}
176
177			/**
178			* @return boolean if this rule applies to everyone
179			*/
180			public function getGuestApplied()
181			{
182			return $this->_guest \|\| $this->_everyone;
183			}
184
185			/**
186			* @return boolean if this rule applies to everyone
187			*/
188			public function getEveryoneApplied()
189			{
190			return $this->_everyone;
191			}
192
193			/**
194			* @return boolean if this rule applies to authenticated users
195			*/
196			public function getAuthenticatedApplied()
197			{
198			return $this->_authenticated \|\| $this->_everyone;
199			}
200
201			/**
202			* @param IUser the user object
			0 ignored issues – show Bug introduced 2018-02-15 21:32 UTC by Report Bug Copy Issue Report The type `Prado\Security\the` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
203			* @param string the request verb (GET, PUT)
204			* @param string the request IP address
205			* @return integer 1 if the user is allowed, -1 if the user is denied, 0 if the rule does not apply to the user
206			*/
207			public function isUserAllowed(IUser $user, $verb, $ip)
208			{
209			if($this->isVerbMatched($verb) && $this->isIpMatched($ip) && $this->isUserMatched($user) && $this->isRoleMatched($user))
210			return ($this->_action === 'allow')?1:-1;
211			else
212			return 0;
213			}
214
215			private function isIpMatched($ip)
216			{
217			if(empty($this->_ipRules))
218			return 1;
219			foreach($this->_ipRules as $rule)
			0 ignored issues – show Bug introduced 2018-02-15 21:32 UTC by Report Bug Copy Issue Report The expression `$this->_ipRules` of type `string` is not traversable. Loading history...
220			{
221			if($rule === '' \|\| $rule === $ip \|\| (($pos = strpos($rule, '')) !== false && strncmp($ip, $rule, $pos) === 0))
222			return 1;
223			}
224			return 0;
225			}
226
227			private function isUserMatched($user)
228			{
229			return ($this->_everyone \|\| ($this->_guest && $user->getIsGuest()) \|\| ($this->_authenticated && !$user->getIsGuest()) \|\| in_array(strtolower($user->getName()), $this->_users));
230			}
231
232			private function isRoleMatched($user)
233			{
234			foreach($this->_roles as $role)
235			{
236			if($role === '*' \|\| $user->isInRole($role))
237			return true;
238			}
239			return false;
240			}
241
242			private function isVerbMatched($verb)
243			{
244			return ($this->_verb === '*' \|\| strcasecmp($verb, $this->_verb) === 0);
245			}
246			}

pradosoft / prado

Branch — php-cs-fixer (b9836a)

TAuthorizationRule::isRoleMatched() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like