Completed
Push — master ( 0ea243...da58d4 )
by Henry
10:25 queued 33s
created

includes/Admin/Controller/User.php (8 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
namespace Redaxscript\Admin\Controller;
3
4
use Redaxscript\Admin;
5
use Redaxscript\Auth;
6
use Redaxscript\Filter;
7
use Redaxscript\Hash;
8
use Redaxscript\Validator;
9
use function json_encode;
10
11
/**
12
 * children class to process the admin user request
13
 *
14
 * @since 4.0.0
15
 *
16
 * @package Redaxscript
17
 * @category Controller
18
 * @author Henry Ruhs
19
 */
20
21
class User extends ControllerAbstract
22
{
23
	/**
24
	 * process the class
25
	 *
26
	 * @since 4.0.0
27
	 *
28
	 * @param string $action action to process
29
	 *
30
	 * @return string
31
	 */
32
33
	public function process(string $action = null) : string
34
	{
35
		$postArray = $this->_normalizePost($this->_sanitizePost());
36
		$validateArray = $this->_validatePost($postArray);
0 ignored issues
show
It seems like $postArray defined by $this->_normalizePost($this->_sanitizePost()) on line 35 can also be of type null; however, Redaxscript\Admin\Controller\User::_validatePost() does only seem to accept array, maybe add an additional type check?

If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:

/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.

Loading history...
37
		$passwordHash = new Hash();
38
		$myId = (int)$this->_registry->get('myId');
39
40
		/* validate post */
41
42
		if ($validateArray)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $validateArray of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.

Consider making the comparison explicit by using empty(..) or ! empty(...) instead.

Loading history...
43
		{
44
			return $this->_error(
45
			[
46
				'route' => $this->_getErrorRoute($postArray),
0 ignored issues
show
It seems like $postArray defined by $this->_normalizePost($this->_sanitizePost()) on line 35 can also be of type null; however, Redaxscript\Admin\Contro...\User::_getErrorRoute() does only seem to accept array, maybe add an additional type check?

If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:

/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.

Loading history...
47
				'message' => $validateArray
48
			]);
49
		}
50
51
		/* handle create */
52
53
		if ($action === 'create')
54
		{
55
			$passwordHash->init($postArray['password']);
56
			$createArray =
57
			[
58
				'name' => $postArray['name'],
59
				'user' => $postArray['user'],
60
				'description' => $postArray['description'],
61
				'password' => $passwordHash->getHash(),
62
				'email' => $postArray['email'],
63
				'language' => $postArray['language'],
64
				'status' => $postArray['status'],
65
				'groups' => $postArray['groups']
66
			];
67
			if ($this->_create($createArray))
68
			{
69
				return $this->_success(
70
				[
71
					'route' => $this->_getSuccessRoute($postArray),
72
					'timeout' => 2
73
				]);
74
			}
75
		}
76
77
		/* handle update */
78
79
		if ($action === 'update')
80
		{
81
			$updateFullArray =
82
			[
83
				'name' => $postArray['name'],
84
				'description' => $postArray['description'],
85
				'email' => $postArray['email'],
86
				'language' => $postArray['language'],
87
				'status' => $postArray['status'],
88
				'groups' => $postArray['groups']
89
			];
90
			$updateLiteArray =
91
			[
92
				'name' => $postArray['name'],
93
				'description' => $postArray['description'],
94
				'email' => $postArray['email'],
95
				'language' => $postArray['language']
96
			];
97
			if ($postArray['password'])
98
			{
99
				$passwordHash->init($postArray['password']);
100
				$updateFullArray['password'] = $updateLiteArray['password'] = $passwordHash->getHash();
101
			}
102
			if ($this->_update($postArray['id'], $postArray['id'] > 1 ? $updateFullArray : $updateLiteArray))
103
			{
104
				if ($postArray['id'] === $myId)
105
				{
106
					$this->_refresh($postArray);
107
				}
108
				return $this->_success(
109
				[
110
					'route' => $this->_getSuccessRoute($postArray),
111
					'timeout' => 2
112
				]);
113
			}
114
		}
115
116
		/* handle error */
117
118
		return $this->_error(
119
		[
120
			'route' => $this->_getErrorRoute($postArray)
0 ignored issues
show
It seems like $postArray defined by $this->_normalizePost($this->_sanitizePost()) on line 35 can also be of type null; however, Redaxscript\Admin\Contro...\User::_getErrorRoute() does only seem to accept array, maybe add an additional type check?

If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:

/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}

If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.

Loading history...
121
		]);
122
	}
123
124
	/**
125
	 * sanitize the post
126
	 *
127
	 * @since 4.0.0
128
	 *
129
	 * @return array
130
	 */
131
132
	protected function _sanitizePost() : array
133
	{
134
		$numberFilter = new Filter\Number();
135
		$specialFilter = new Filter\Special();
136
		$emailFilter = new Filter\Email();
137
138
		/* sanitize post */
139
140
		return
141
		[
142
			'id' => $numberFilter->sanitize($this->_request->getPost('id')),
0 ignored issues
show
It seems like $this->_request->getPost('id') targeting Redaxscript\Request::getPost() can also be of type array; however, Redaxscript\Filter\Number::sanitize() does only seem to accept null|string, maybe add an additional type check?

This check looks at variables that are passed out again to other methods.

If the outgoing method call has stricter type requirements than the method itself, an issue is raised.

An additional type check may prevent trouble.

Loading history...
143
			'name' => $this->_request->getPost('name'),
144
			'user' => $this->_request->getPost('user'),
145
			'description' => $this->_request->getPost('description'),
146
			'password' => $this->_request->getPost('password'),
147
			'password_confirm' => $this->_request->getPost('password_confirm'),
148
			'email' => $emailFilter->sanitize($this->_request->getPost('email')),
0 ignored issues
show
It seems like $this->_request->getPost('email') targeting Redaxscript\Request::getPost() can also be of type array; however, Redaxscript\Filter\Email::sanitize() does only seem to accept null|string, maybe add an additional type check?

This check looks at variables that are passed out again to other methods.

If the outgoing method call has stricter type requirements than the method itself, an issue is raised.

An additional type check may prevent trouble.

Loading history...
149
			'language' => $specialFilter->sanitize($this->_request->getPost('language')),
0 ignored issues
show
It seems like $this->_request->getPost('language') targeting Redaxscript\Request::getPost() can also be of type array; however, Redaxscript\Filter\Special::sanitize() does only seem to accept null|string, maybe add an additional type check?

This check looks at variables that are passed out again to other methods.

If the outgoing method call has stricter type requirements than the method itself, an issue is raised.

An additional type check may prevent trouble.

Loading history...
150
			'status' => $numberFilter->sanitize($this->_request->getPost('status')),
0 ignored issues
show
It seems like $this->_request->getPost('status') targeting Redaxscript\Request::getPost() can also be of type array; however, Redaxscript\Filter\Number::sanitize() does only seem to accept null|string, maybe add an additional type check?

This check looks at variables that are passed out again to other methods.

If the outgoing method call has stricter type requirements than the method itself, an issue is raised.

An additional type check may prevent trouble.

Loading history...
151
			'groups' => json_encode($this->_request->getPost('groups'))
152
		];
153
	}
154
155
	/**
156
	 * validate the post
157
	 *
158
	 * @since 4.0.0
159
	 *
160
	 * @param array $postArray array of the post
161
	 *
162
	 * @return array
163
	 */
164
165
	protected function _validatePost(array $postArray = []) : array
166
	{
167
		$loginValidator = new Validator\Login();
168
		$emailValidator = new Validator\Email();
169
		$userModel = new Admin\Model\User();
170
		$validateArray = [];
171
172
		/* validate post */
173
174
		if (!$postArray['name'])
175
		{
176
			$validateArray[] = $this->_language->get('name_empty');
177
		}
178
		if (!$postArray['id'])
179
		{
180
			if (!$postArray['user'])
181
			{
182
				$validateArray[] = $this->_language->get('user_empty');
183
			}
184
			else if (!$loginValidator->validate($postArray['user']))
185
			{
186
				$validateArray[] = $this->_language->get('user_incorrect');
187
			}
188
			else if ($userModel->getByUser($postArray['user']))
189
			{
190
				$validateArray[] = $this->_language->get('user_exists');
191
			}
192
			if (!$postArray['password'])
193
			{
194
				$validateArray[] = $this->_language->get('password_empty');
195
			}
196
			else if (!$loginValidator->validate($postArray['password']))
197
			{
198
				$validateArray[] = $this->_language->get('password_incorrect');
199
			}
200
			else if ($postArray['password'] !== $postArray['password_confirm'])
201
			{
202
				$validateArray[] = $this->_language->get('password_mismatch');
203
			}
204
		}
205
		else if ($postArray['password'])
206
		{
207
			if (!$loginValidator->validate($postArray['password']))
208
			{
209
				$validateArray[] = $this->_language->get('password_incorrect');
210
			}
211
			else if ($postArray['password'] !== $postArray['password_confirm'])
212
			{
213
				$validateArray[] = $this->_language->get('password_mismatch');
214
			}
215
		}
216
		if (!$emailValidator->validate($postArray['email']))
217
		{
218
			$validateArray[] = $this->_language->get('email_incorrect');
219
		}
220
		return $validateArray;
221
	}
222
223
	/**
224
	 * create the user
225
	 *
226
	 * @since 4.0.0
227
	 *
228
	 * @param array $createArray array of the create
229
	 *
230
	 * @return bool
231
	 */
232
233
	protected function _create(array $createArray = []) : bool
234
	{
235
		$userModel = new Admin\Model\User();
236
		return $userModel->createByArray($createArray);
237
	}
238
239
	/**
240
	 * update the user
241
	 *
242
	 * @since 4.0.0
243
	 *
244
	 * @param int $userId identifier of the user
245
	 * @param array $updateArray array of the update
246
	 *
247
	 * @return bool
248
	 */
249
250
	protected function _update(int $userId = null, array $updateArray = []) : bool
251
	{
252
		$userModel = new Admin\Model\User();
253
		return $userModel->updateByIdAndArray($userId, $updateArray);
254
	}
255
256
	/**
257
	 * refresh the auth
258
	 *
259
	 * @since 4.0.0
260
	 *
261
	 * @param array $refreshArray array of the update
262
	 */
263
264
	protected function _refresh(array $refreshArray = []) : void
265
	{
266
		$auth = new Auth($this->_request);
267
		$auth->init();
268
		$auth->setUser('name', $refreshArray['name']);
269
		$auth->setUser('email', $refreshArray['email']);
270
		$auth->setUser('language', $refreshArray['language']);
271
		$auth->save();
272
	}
273
274
	/**
275
	 * get success route
276
	 *
277
	 * @since 4.0.0
278
	 *
279
	 * @param array $postArray array of the post
280
	 *
281
	 * @return string
282
	 */
283
284
	protected function _getSuccessRoute(array $postArray = []) : string
285
	{
286
		if ($this->_registry->get('usersEdit') && $postArray['id'])
287
		{
288
			return 'admin/view/users#row-' . $postArray['id'];
289
		}
290
		if ($this->_registry->get('usersEdit') && $postArray['user'])
291
		{
292
			$userModel = new Admin\Model\User();
293
			return 'admin/view/users#row-' . $userModel->getByUser($postArray['user'])->id;
294
		}
295
		return 'admin';
296
	}
297
298
	/**
299
	 * get error route
300
	 *
301
	 * @since 4.0.0
302
	 *
303
	 * @param array $postArray array of the post
304
	 *
305
	 * @return string
306
	 */
307
308
	protected function _getErrorRoute(array $postArray = []) : string
309
	{
310
		if ($this->_registry->get('usersEdit') && $postArray['id'])
311
		{
312
			return 'admin/edit/users/' . $postArray['id'];
313
		}
314
		if ($this->_registry->get('usersNew'))
315
		{
316
			return 'admin/new/users';
317
		}
318
		return 'admin';
319
	}
320
}
321