These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript; |
||
3 | |||
4 | use function array_key_exists; |
||
5 | use function array_merge; |
||
6 | use function in_array; |
||
7 | use function is_array; |
||
8 | use function json_decode; |
||
9 | |||
10 | /** |
||
11 | * parent class to authenticate the user |
||
12 | * |
||
13 | * @since 3.0.0 |
||
14 | * |
||
15 | * @package Redaxscript |
||
16 | * @category Auth |
||
17 | * @author Henry Ruhs |
||
18 | * |
||
19 | * @method bool getPermissionNew(string $type) |
||
20 | * @method bool getPermissionInstall(string $type) |
||
21 | * @method bool getPermissionEdit(string $type) |
||
22 | * @method bool getPermissionDelete(string $type) |
||
23 | * @method bool getPermissionUninstall(string $type) |
||
24 | * @method bool getFilter() |
||
25 | */ |
||
26 | |||
27 | class Auth |
||
28 | { |
||
29 | /** |
||
30 | * instance of the request class |
||
31 | * |
||
32 | * @var Request |
||
33 | */ |
||
34 | |||
35 | protected $_request; |
||
36 | |||
37 | /** |
||
38 | * array of the user |
||
39 | * |
||
40 | * @var array |
||
41 | */ |
||
42 | |||
43 | protected $_userArray = []; |
||
44 | |||
45 | /** |
||
46 | * array of the permission |
||
47 | * |
||
48 | * @var array |
||
49 | */ |
||
50 | |||
51 | protected $_permissionArray = []; |
||
52 | |||
53 | /** |
||
54 | * array of the type |
||
55 | * |
||
56 | * @var array |
||
57 | */ |
||
58 | |||
59 | protected $_typeArray = |
||
60 | [ |
||
61 | 'categories', |
||
62 | 'articles', |
||
63 | 'extras', |
||
64 | 'comments', |
||
65 | 'groups', |
||
66 | 'users', |
||
67 | 'modules', |
||
68 | 'settings', |
||
69 | 'filter' |
||
70 | ]; |
||
71 | |||
72 | /** |
||
73 | * array of the call |
||
74 | * |
||
75 | * @var array |
||
76 | */ |
||
77 | |||
78 | protected $_callArray = |
||
79 | [ |
||
80 | 'categories' => |
||
81 | [ |
||
82 | 'getPermissionNew' => 1, |
||
83 | 'getPermissionEdit' => 2, |
||
84 | 'getPermissionDelete' => 3 |
||
85 | ], |
||
86 | 'articles' => |
||
87 | [ |
||
88 | 'getPermissionNew' => 1, |
||
89 | 'getPermissionEdit' => 2, |
||
90 | 'getPermissionDelete' => 3 |
||
91 | ], |
||
92 | 'extras' => |
||
93 | [ |
||
94 | 'getPermissionNew' => 1, |
||
95 | 'getPermissionEdit' => 2, |
||
96 | 'getPermissionDelete' => 3 |
||
97 | ], |
||
98 | 'comments' => |
||
99 | [ |
||
100 | 'getPermissionNew' => 1, |
||
101 | 'getPermissionEdit' => 2, |
||
102 | 'getPermissionDelete' => 3 |
||
103 | ], |
||
104 | 'groups' => |
||
105 | [ |
||
106 | 'getPermissionNew' => 1, |
||
107 | 'getPermissionEdit' => 2, |
||
108 | 'getPermissionDelete' => 3 |
||
109 | ], |
||
110 | 'users' => |
||
111 | [ |
||
112 | 'getPermissionNew' => 1, |
||
113 | 'getPermissionEdit' => 2, |
||
114 | 'getPermissionDelete' => 3 |
||
115 | ], |
||
116 | 'modules' => |
||
117 | [ |
||
118 | 'getPermissionInstall' => 1, |
||
119 | 'getPermissionEdit' => 2, |
||
120 | 'getPermissionUninstall' => 3 |
||
121 | ], |
||
122 | 'settings' => |
||
123 | [ |
||
124 | 'getPermissionEdit' => 1 |
||
125 | ], |
||
126 | 'filter' => |
||
127 | [ |
||
128 | 'getFilter' => 0 |
||
129 | ] |
||
130 | ]; |
||
131 | |||
132 | /** |
||
133 | * constructor of the class |
||
134 | * |
||
135 | * @since 3.0.0 |
||
136 | * |
||
137 | * @param Request $request instance of the request class |
||
138 | */ |
||
139 | |||
140 | 27 | public function __construct(Request $request) |
|
141 | { |
||
142 | 27 | $this->_request = $request; |
|
143 | 27 | } |
|
144 | |||
145 | /** |
||
146 | * call method as needed |
||
147 | * |
||
148 | * @since 3.0.0 |
||
149 | * |
||
150 | * @param string $method name of the method |
||
151 | * @param array $argumentArray arguments of the method |
||
152 | * |
||
153 | * @return bool |
||
154 | */ |
||
155 | |||
156 | 24 | public function __call(string $method = null, array $argumentArray = []) : bool |
|
157 | { |
||
158 | 24 | $type = $argumentArray[0]; |
|
159 | 24 | if (is_array($this->_callArray[$type]) && array_key_exists($method, $this->_callArray[$type])) |
|
160 | { |
||
161 | 20 | $permissionArray = $this->getPermission($type); |
|
162 | 20 | return is_array($permissionArray) && in_array($this->_callArray[$type][$method], $permissionArray); |
|
163 | } |
||
164 | 24 | if ($method === 'getFilter') |
|
165 | { |
||
166 | 4 | $permissionArray = $this->getPermission('filter'); |
|
167 | 4 | return !is_array($permissionArray) || !in_array($this->_callArray['filter'][$method], $permissionArray); |
|
168 | } |
||
169 | 20 | return false; |
|
170 | } |
||
171 | |||
172 | /** |
||
173 | * init the class |
||
174 | * |
||
175 | * @since 3.0.0 |
||
176 | */ |
||
177 | |||
178 | 1 | public function init() : void |
|
179 | { |
||
180 | 1 | $authArray = $this->_getAuth(); |
|
181 | 1 | if (is_array($authArray) && array_key_exists('user', $authArray)) |
|
182 | { |
||
183 | 1 | $this->_userArray = $authArray['user']; |
|
184 | } |
||
185 | 1 | if (is_array($authArray) && array_key_exists('permission', $authArray)) |
|
186 | { |
||
187 | 1 | $this->_permissionArray = $authArray['permission']; |
|
188 | } |
||
189 | 1 | } |
|
190 | |||
191 | /** |
||
192 | * login the user |
||
193 | * |
||
194 | * @since 3.0.0 |
||
195 | * |
||
196 | * @param int $userId identifier of the user |
||
197 | * |
||
198 | * @return int |
||
199 | */ |
||
200 | |||
201 | 26 | public function login(int $userId = null) : int |
|
202 | { |
||
203 | 26 | $userModel = new Model\User(); |
|
204 | 26 | $user = $userModel->getById($userId); |
|
205 | |||
206 | /* handle user */ |
||
207 | |||
208 | 26 | if ($user->user && $user->password && $user->status) |
|
209 | { |
||
210 | 26 | $groupArray = (array)json_decode($user->groups); |
|
211 | 26 | if ($groupArray) |
|
0 ignored issues
–
show
|
|||
212 | { |
||
213 | 20 | $groups = Db::forTablePrefix('groups') |
|
214 | 20 | ->whereIdIn($groupArray) |
|
215 | 20 | ->where('status', 1) |
|
216 | 20 | ->select($this->_typeArray) |
|
217 | 20 | ->findArray(); |
|
218 | |||
219 | /* set the filter */ |
||
220 | |||
221 | 20 | $this->setPermission('filter', |
|
222 | [ |
||
223 | 20 | 1 |
|
224 | ]); |
||
225 | |||
226 | /* process groups */ |
||
227 | |||
228 | 20 | foreach ($groups as $value) |
|
229 | { |
||
230 | 14 | foreach ($value as $keySub => $valueSub) |
|
231 | { |
||
232 | 14 | $valueArray = (array)json_decode($valueSub); |
|
233 | 14 | $this->setPermission($keySub, $valueArray); |
|
234 | } |
||
235 | } |
||
236 | } |
||
237 | |||
238 | /* set the user */ |
||
239 | |||
240 | 26 | $this->setUser('id', $user->id); |
|
241 | 26 | $this->setUser('name', $user->name); |
|
242 | 26 | $this->setUser('user', $user->user); |
|
243 | 26 | $this->setUser('email', $user->email); |
|
244 | 26 | $this->setUser('language', $user->language); |
|
245 | 26 | $this->setUser('groups', $user->groups); |
|
246 | |||
247 | /* save user and permission */ |
||
248 | |||
249 | 26 | $this->save(); |
|
250 | } |
||
251 | 26 | return $this->getStatus(); |
|
252 | } |
||
253 | |||
254 | /** |
||
255 | * logout the user |
||
256 | * |
||
257 | * @since 3.0.0 |
||
258 | * |
||
259 | * @return bool |
||
260 | */ |
||
261 | |||
262 | 1 | public function logout() : bool |
|
263 | { |
||
264 | 1 | if ($this->getStatus()) |
|
265 | { |
||
266 | 1 | $this->_setAuth(); |
|
267 | 1 | $this->_request->setSession('language', null); |
|
268 | 1 | return !$this->getStatus(); |
|
269 | } |
||
270 | 1 | return false; |
|
271 | } |
||
272 | |||
273 | /** |
||
274 | * get the user |
||
275 | * |
||
276 | * @since 3.0.0 |
||
277 | * |
||
278 | * @param string $key key of the user |
||
279 | * |
||
280 | * @return string|array|null |
||
281 | */ |
||
282 | |||
283 | 27 | public function getUser(string $key = null) |
|
284 | { |
||
285 | 27 | if (is_array($this->_userArray) && array_key_exists($key, $this->_userArray)) |
|
286 | { |
||
287 | 1 | return $this->_userArray[$key]; |
|
288 | } |
||
289 | 26 | if (!$key) |
|
0 ignored issues
–
show
The expression
$key of type null|string is loosely compared to false ; this is ambiguous if the string can be empty. You might want to explicitly use === null instead.
In PHP, under loose comparison (like For '' == false // true
'' == null // true
'ab' == false // false
'ab' == null // false
// It is often better to use strict comparison
'' === false // false
'' === null // false
Loading history...
|
|||
290 | { |
||
291 | 26 | return $this->_userArray; |
|
292 | } |
||
293 | 1 | return null; |
|
294 | } |
||
295 | |||
296 | /** |
||
297 | * set the user |
||
298 | * |
||
299 | * @since 3.0.0 |
||
300 | * |
||
301 | * @param string $key key of the user |
||
302 | * @param string|array|null $value value of the user |
||
303 | */ |
||
304 | |||
305 | 26 | public function setUser(string $key = null, $value = null) : void |
|
306 | { |
||
307 | 26 | $this->_userArray[$key] = $value; |
|
308 | 26 | } |
|
309 | |||
310 | /** |
||
311 | * get the permission |
||
312 | * |
||
313 | * @since 3.0.0 |
||
314 | * |
||
315 | * @param string $key key of the permission |
||
316 | * |
||
317 | * @return string|array|null |
||
318 | */ |
||
319 | |||
320 | 27 | public function getPermission(string $key = null) |
|
321 | { |
||
322 | 27 | if (is_array($this->_permissionArray) && array_key_exists($key, $this->_permissionArray)) |
|
323 | { |
||
324 | 14 | return $this->_permissionArray[$key]; |
|
325 | } |
||
326 | 26 | if (!$key) |
|
0 ignored issues
–
show
The expression
$key of type null|string is loosely compared to false ; this is ambiguous if the string can be empty. You might want to explicitly use === null instead.
In PHP, under loose comparison (like For '' == false // true
'' == null // true
'ab' == false // false
'ab' == null // false
// It is often better to use strict comparison
'' === false // false
'' === null // false
Loading history...
|
|||
327 | { |
||
328 | 26 | return $this->_permissionArray; |
|
329 | } |
||
330 | 11 | return null; |
|
331 | } |
||
332 | |||
333 | /** |
||
334 | * set the permission |
||
335 | * |
||
336 | * @since 3.0.0 |
||
337 | * |
||
338 | * @param string $key key of the permission |
||
339 | * @param array $permissionArray array of the permission |
||
340 | */ |
||
341 | |||
342 | 20 | public function setPermission(string $key = null, array $permissionArray = []) : void |
|
343 | { |
||
344 | 20 | if (is_array($this->_permissionArray[$key])) |
|
345 | { |
||
346 | 14 | $permissionArray = array_merge($this->_permissionArray[$key], $permissionArray); |
|
347 | } |
||
348 | 20 | $this->_permissionArray[$key] = $permissionArray; |
|
349 | 20 | } |
|
350 | |||
351 | /** |
||
352 | * get the auth status |
||
353 | * |
||
354 | * @since 3.0.0 |
||
355 | * |
||
356 | * @return int |
||
357 | */ |
||
358 | |||
359 | 26 | public function getStatus() : int |
|
360 | { |
||
361 | 26 | $authArray = $this->_getAuth(); |
|
362 | 26 | return is_array($authArray) && array_key_exists('user', $authArray) && array_key_exists('permission', $authArray) ? 1 : 0; |
|
363 | } |
||
364 | |||
365 | /** |
||
366 | * save user and permission |
||
367 | * |
||
368 | * @since 3.0.0 |
||
369 | */ |
||
370 | |||
371 | 26 | public function save() : void |
|
372 | { |
||
373 | 26 | $userArray = $this->getUser(); |
|
374 | 26 | $permissionArray = $this->getPermission(); |
|
375 | |||
376 | /* set the session */ |
||
377 | |||
378 | 26 | if ($userArray && $permissionArray) |
|
379 | { |
||
380 | 20 | $this->_setAuth( |
|
381 | [ |
||
382 | 20 | 'user' => $userArray, |
|
383 | 20 | 'permission' => $permissionArray |
|
384 | ]); |
||
385 | 20 | $this->_request->setSession('language', $userArray['language']); |
|
386 | } |
||
387 | 26 | } |
|
388 | |||
389 | /** |
||
390 | * get the auth from session |
||
391 | * |
||
392 | * @since 3.0.0 |
||
393 | * |
||
394 | * @return array|null |
||
395 | */ |
||
396 | |||
397 | 27 | protected function _getAuth() : ?array |
|
398 | { |
||
399 | 27 | $root = new Server\Root($this->_request); |
|
400 | 27 | return $this->_request->getSession($root->getOutput() . '/auth'); |
|
401 | } |
||
402 | |||
403 | /** |
||
404 | * set the auth to session |
||
405 | * |
||
406 | * @since 3.0.0 |
||
407 | * |
||
408 | * @param array $authArray |
||
409 | */ |
||
410 | |||
411 | 20 | protected function _setAuth(array $authArray = []) : void |
|
412 | { |
||
413 | 20 | $root = new Server\Root($this->_request); |
|
414 | 20 | $this->_request->setSession($root->getOutput() . '/auth', $authArray); |
|
415 | 20 | } |
|
416 | } |
||
417 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.