Controller - Code Metrics - samsoncms/security - Measure and Improve Code Quality continuously with Scrutinizer

Controller B
last analyzed 2017-03-21 12:15 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	265
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	5

Importance

Changes

Metric	Value
wmc	39
lcom	1
cbo	5
dl	0
loc	265
rs	8.2857
c	0
b	0
f	0

7 Methods

Rating	Name	Size	Complexity
A	prepare()	20	3
B	__async_change()	27	4
A	matchApplicationAccessRight()	12	2
A	clearUnmatchedRights()	14	4
B	parseGroupRights()	26	6
B	init()	35	6
C	handle()	58	14

<?php declare(strict_types=1);
/**
 * Created by PhpStorm.
 * User: egorov
 * Date: 17.07.2015
 * Time: 9:20
 */
namespace samsoncms\app\security;

use samson\activerecord\dbQuery;
use samson\activerecord\groupright;
use samsonframework\container\definition\analyzer\annotation\annotation\InjectClass;
use samsonframework\containerannotation\Inject;
use samsonframework\containerannotation\Injectable;
use samsonframework\containerannotation\InjectArgument;
use samsonframework\core\ResourcesInterface;
use samsonframework\core\SystemInterface;
use samsonframework\i18n\i18nInterface;
use samsonframework\orm\QueryInterface;

/**
 * SamsonCMS security controller
 * @package samsoncms\security
 */
class Controller extends \samsoncms\Application
{
    /** Application access right name pattern */
    const RIGHT_APPLICATION_KEY = '/^APPLICATION_(?<application>.*)/ui';

    /** @var array User group rights cache */
    protected $rightsCache = array();

    /** Application name */
    public $name = 'Права';

    /** Application description */
    public $description = 'Права доступа';

    /** Application icon*/
    public $icon = 'unlock';

    /** Identifier */
    public $id = 'security';

    public $dbGroupIdField = 'group_id';

    /** @var string Module identifier */
    protected $entity = '\samson\activerecord\group';

    /** @var string SamsonCMS application form class */
    protected $formClassName = '\samsoncms\app\security\Form';

    /** @var QueryInterface Database query instance */
    protected $query;

    /**
     * @var \samsonframework\i18n\i18nInterface
     * @InjectClass("samsonframework\i18n\I18nInterface")
     */
    protected $i18n;

     //[PHPCOMPRESSOR(remove,start)]
    public function prepare()
    {
        $social = $this->system->module('social');
        //db()->createField($this, $social->dbTable, 'dbGroupIdField', 'INT(11)');

        $adminUser        = '[email protected]';

           // Try to find generic user
        $admin = $this->query
            ->entity($social->dbTable)
            ->where($social->dbEmailField, $adminUser)
            ->first();

        // Add admin group id value
        if (isset($admin)&&($admin[$this->dbGroupIdField] != 1)) {
            $admin[$this->dbGroupIdField] = 1;
            $admin->save();
        }
        return parent::prepare();
    }
    //[PHPCOMPRESSOR(remove,end)]

    /**
     * Asynchronous change group right controller action
     * @param string $groupID Group identifier
     * @param string $rightID Right identifier
     * @return array Asynchronous response array
     */
    public function __async_change($groupID, $rightID)

    {
        $group = null;
        if($this->findEntityByID($groupID, $group)) {

            $right = null;
            if($this->findEntityByID($rightID, $right, 'right')) {

                /** @var \samsonframework\orm\Record  Try to find this right for a specific group */
                $groupRight = null;
                if ($this->query->className('groupright')->cond('GroupID', $groupID)->cond('RightID', $rightID)->first($groupRight)) {
                    // Remove existing
                    $groupRight->delete();

                } else { // Create new
                    $groupRight = new groupright();
                    $groupRight->Active = 1;
                    $groupRight->GroupID = $groupID;
                    $groupRight->RightID = $rightID;
                    $groupRight->save();
                }

                return array('status' => '1');
            }

            return array('status' => '0', 'error' => 'Right #'.$rightID.' was not found');
        }

        return array('status' => '0', 'error' => 'Group #'.$rightID.' was not found');
    }

    /**
     * Core routing(core.routing) event handler
     * @param \samson\core\Core $core
     * @param boolean $securityResult
     * @return boolean True if security passed
     */
    public function handle(&$core, &$securityResult)
    {
        // Remove URL base from current URL, split by '/'
        $parts = explode(__SAMSON_BASE__, $_SERVER['REQUEST_URI']);
        $parts = array_values(array_filter($parts));
        $cmsUrl = isset($parts[0]) ? $parts[0] : '';

        if ($cmsUrl == $core->module('cms')->baseUrl) {
            // Get module identifier
            $module = isset($parts[1]) ? $parts[1] : '';

            // Get action identifier
            //$action = isset($parts[1]) ? $parts[1] : '';
            // Get parameter values collection
            //$params = sizeof($parts) > 2 ? array_slice($parts, 2) : array();
            $social = & $this->system->module('social');

            // If we have are authorized
            if ($social->authorized()) {
                /**@var \samson\activerecord\user Get authorized user object */
                $authorizedUser = $social->user();

                $dbTable = $social->dbTable;
                $groupIdField = $dbTable::$_attributes[$this->dbGroupIdField];

                // Try to load security group rights from cache
                $userRights = & $this->rightsCache[$authorizedUser->$groupIdField];
                if (!isset($userRights)) {
                    // Parse security group rights and store it to cache
                    $userRights = $this->parseGroupRights($authorizedUser->$groupIdField);
                }

                // Hide all applications except with access rights
                foreach (self::$loaded as $application) {
                    if (in_array($application->id, $userRights['application'])
//                        && !in_array(Right::APPLICATION_ACCESS_ALL, $userRights['application'])
                        && $authorizedUser->$groupIdField != 1
                    ) {
                        $application->hide = true;
                    }
                }

                // If we have full right to access all applications or admin
                if (in_array(Right::APPLICATION_ACCESS_ALL, $userRights['application']) || $authorizedUser->$groupIdField == 1) {
                    return $securityResult = true;
                } else if (in_array($module, $userRights['application'])) { // Try to find right to access current application
                    return $securityResult = true;
                } else if ($module == '' && in_array('template', $userRights['application'])) {// Main page(empty url)
                    return $securityResult = true;
                } else { // We cannot access this application
                    return $securityResult = false;
                }
            }
        } else {
            return $securityResult = true;
        }

    }

    /**
     * Parse application access right
     * @param string $rightName Right name
     * @return string Application name
     */
    private function matchApplicationAccessRight($rightName, &$applicationName)
    {
        // Parse application access rights
        $matches = array();
        if (preg_match(Right::APPLICATION_ACCESS_PATTERN, $rightName, $matches)) {
            // Return application name
            $applicationName = strtolower($matches['application']);
            return true;
        }

        return false;
    }

    /**
     * Clear all database security rights records that do not match current application list
     * @param array $accessibleApplications Collection of loaded applications
     */
    private function clearUnmatchedRights(array $accessibleApplications)

    {
        // Go throw all rights and remove unnecessary
        foreach ($this->query->className('right')->exec() as $right) {
            // Match application access rights
            $applicationID = '';
            if ($this->matchApplicationAccessRight($right->Name, $applicationID)) {
                // If there is no such application that access right exists
                if(!isset($accessibleApplications[$applicationID])) {

                    $right->delete();
                }
            }
        }
    }

    /**
     * Parse database application user group rights
     * @param integer $groupID Security group identifier
     * @return array Parsed user group rights
     */
    public function parseGroupRights($groupID)
    {
        /** @var array $parsedRights Parsed rights */
        $parsedRights = array('application' => array());

        /** @var \samsonframework\orm\Record[] $groupRights Collection of user rights */
        $groupRights = array();
        // Retrieve all user group rights
        if ($this->query->className('groupright')->join('right')->cond('GroupID', $groupID)->exec($groupRights)) {
            // Iterate all group rights
            foreach ($groupRights as $groupRight) {
                // If we have rights for this group
                if (isset($groupRight->onetomany['_right'])) {

                    foreach ($groupRight->onetomany['_right'] as $userRight) {

                        // Parse application access rights
                        $applicationID = '';
                        if ($this->matchApplicationAccessRight($userRight->Name, $applicationID)) {
                            $parsedRights['application'][] = $applicationID;
                        }
                    }
                }
            }
        }

        return $parsedRights;
    }

    /** Application initialization */
    public function init(array $params = array())
    {
        $this->i18n = $this->i18n ?? $this->system->module('i18n');
        
        // Find all applications that needs access rights to it
        $accessibleApplications = array(
            'template' => $this->i18n->translate('Главная страница'),   // Main application
            Right::APPLICATION_ACCESS_ALL => Right::APPLICATION_ACCESS_ALL // All application
        );

        // Iterate all loaded applications
        foreach (self::$loaded as $application) {
            // Iterate only applications with names
            $accessibleApplications[$application->id] = $application->name;
        }

        // Iterate all applications that needs access rights
        foreach ($accessibleApplications as $accessibleApplicationID => $accessibleApplicationName) {
            // Try to find this right in db
            if (!$this->query->className('right')->cond('Name', Right::APPLICATION_ACCESS_TEMPLATE.$accessibleApplicationID)->first()
                && isset($accessibleApplicationName{0}) // Name not empty
            ) {
                $right = new Right();
                $right->Name = Right::APPLICATION_ACCESS_TEMPLATE.strtoupper($accessibleApplicationID);

                $right->Description = $accessibleApplicationID != Right::APPLICATION_ACCESS_ALL

                    ? $this->i18n->translate('Доступ к приложению').' "'.$accessibleApplicationName.'"'
                    : $this->i18n->translate('Полный доступ ко всем приложениям');
                $right->Active = 1;
$answer = 42;

$correct = false;

$correct = (bool) $answer;
                $right->save();
            }
        }

        // Subscribe to core security event
        \samsonphp\event\Event::subscribe('core.security', array($this, 'handle'));
    }
}


1			<?php declare(strict_types=1);
2			/**
3			* Created by PhpStorm.
4			* User: egorov
5			* Date: 17.07.2015
6			* Time: 9:20
7			*/
8			namespace samsoncms\app\security;
9
10			use samson\activerecord\dbQuery;
11			use samson\activerecord\groupright;
12			use samsonframework\container\definition\analyzer\annotation\annotation\InjectClass;
13			use samsonframework\containerannotation\Inject;
14			use samsonframework\containerannotation\Injectable;
15			use samsonframework\containerannotation\InjectArgument;
16			use samsonframework\core\ResourcesInterface;
17			use samsonframework\core\SystemInterface;
18			use samsonframework\i18n\i18nInterface;
19			use samsonframework\orm\QueryInterface;
20
21			/**
22			* SamsonCMS security controller
23			* @package samsoncms\security
24			*/
25			class Controller extends \samsoncms\Application
26			{
27			/** Application access right name pattern */
28			const RIGHT_APPLICATION_KEY = '/^APPLICATION_(?<application>.*)/ui';
29
30			/** @var array User group rights cache */
31			protected $rightsCache = array();
32
33			/** Application name */
34			public $name = 'Права';
35
36			/** Application description */
37			public $description = 'Права доступа';
38
39			/** Application icon*/
40			public $icon = 'unlock';
41
42			/** Identifier */
43			public $id = 'security';
44
45			public $dbGroupIdField = 'group_id';
46
47			/** @var string Module identifier */
48			protected $entity = '\samson\activerecord\group';
49
50			/** @var string SamsonCMS application form class */
51			protected $formClassName = '\samsoncms\app\security\Form';
52
53			/** @var QueryInterface Database query instance */
54			protected $query;
55
56			/**
57			* @var \samsonframework\i18n\i18nInterface
58			* @InjectClass("samsonframework\i18n\I18nInterface")
59			*/
60			protected $i18n;
61
62			//[PHPCOMPRESSOR(remove,start)]
63			public function prepare()
64			{
65			$social = $this->system->module('social');
66			//db()->createField($this, $social->dbTable, 'dbGroupIdField', 'INT(11)');
67
68			$adminUser = '[email protected]';
69
70			// Try to find generic user
71			$admin = $this->query
72			->entity($social->dbTable)
73			->where($social->dbEmailField, $adminUser)
74			->first();
75
76			// Add admin group id value
77			if (isset($admin)&&($admin[$this->dbGroupIdField] != 1)) {
78			$admin[$this->dbGroupIdField] = 1;
79			$admin->save();
80			}
81			return parent::prepare();
82			}
83			//[PHPCOMPRESSOR(remove,end)]
84
85			/**
86			* Asynchronous change group right controller action
87			* @param string $groupID Group identifier
88			* @param string $rightID Right identifier
89			* @return array Asynchronous response array
90			*/
91			public function __async_change($groupID, $rightID)
			0 ignored issues – show Coding Style introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Method name "Controller::__async_change" is not in camel caps format Loading history...
92			{
93			$group = null;
94			if($this->findEntityByID($groupID, $group)) {
			0 ignored issues – show Coding Style introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Expected 1 space after IF keyword; 0 found Loading history...
95			$right = null;
96			if($this->findEntityByID($rightID, $right, 'right')) {
			0 ignored issues – show Coding Style introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Expected 1 space after IF keyword; 0 found Loading history...
97			/** @var \samsonframework\orm\Record Try to find this right for a specific group */
98			$groupRight = null;
99			if ($this->query->className('groupright')->cond('GroupID', $groupID)->cond('RightID', $rightID)->first($groupRight)) {
100			// Remove existing
101			$groupRight->delete();
			0 ignored issues – show Bug introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report The method `delete` cannot be called on `$groupRight` (of type `null`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
102			} else { // Create new
103			$groupRight = new groupright();
104			$groupRight->Active = 1;
105			$groupRight->GroupID = $groupID;
106			$groupRight->RightID = $rightID;
107			$groupRight->save();
108			}
109
110			return array('status' => '1');
111			}
112
113			return array('status' => '0', 'error' => 'Right #'.$rightID.' was not found');
114			}
115
116			return array('status' => '0', 'error' => 'Group #'.$rightID.' was not found');
117			}
118
119			/**
120			* Core routing(core.routing) event handler
121			* @param \samson\core\Core $core
122			* @param boolean $securityResult
123			* @return boolean True if security passed
124			*/
125			public function handle(&$core, &$securityResult)
126			{
127			// Remove URL base from current URL, split by '/'
128			$parts = explode(__SAMSON_BASE__, $_SERVER['REQUEST_URI']);
129			$parts = array_values(array_filter($parts));
130			$cmsUrl = isset($parts[0]) ? $parts[0] : '';
131
132			if ($cmsUrl == $core->module('cms')->baseUrl) {
133			// Get module identifier
134			$module = isset($parts[1]) ? $parts[1] : '';
135
136			// Get action identifier
137			//$action = isset($parts[1]) ? $parts[1] : '';
138			// Get parameter values collection
139			//$params = sizeof($parts) > 2 ? array_slice($parts, 2) : array();
140			$social = & $this->system->module('social');
141
142			// If we have are authorized
143			if ($social->authorized()) {
144			/*@var \samson\activerecord\user Get authorized user object /
145			$authorizedUser = $social->user();
146
147			$dbTable = $social->dbTable;
148			$groupIdField = $dbTable::$_attributes[$this->dbGroupIdField];
149
150			// Try to load security group rights from cache
151			$userRights = & $this->rightsCache[$authorizedUser->$groupIdField];
152			if (!isset($userRights)) {
153			// Parse security group rights and store it to cache
154			$userRights = $this->parseGroupRights($authorizedUser->$groupIdField);
155			}
156
157			// Hide all applications except with access rights
158			foreach (self::$loaded as $application) {
159			if (in_array($application->id, $userRights['application'])
160			// && !in_array(Right::APPLICATION_ACCESS_ALL, $userRights['application'])
161			&& $authorizedUser->$groupIdField != 1
162			) {
163			$application->hide = true;
164			}
165			}
166
167			// If we have full right to access all applications or admin
168			if (in_array(Right::APPLICATION_ACCESS_ALL, $userRights['application']) \|\| $authorizedUser->$groupIdField == 1) {
169			return $securityResult = true;
170			} else if (in_array($module, $userRights['application'])) { // Try to find right to access current application
171			return $securityResult = true;
172			} else if ($module == '' && in_array('template', $userRights['application'])) {// Main page(empty url)
173			return $securityResult = true;
174			} else { // We cannot access this application
175			return $securityResult = false;
176			}
177			}
178			} else {
179			return $securityResult = true;
180			}
181
182			}
183
184			/**
185			* Parse application access right
186			* @param string $rightName Right name
187			* @return string Application name
188			*/
189			private function matchApplicationAccessRight($rightName, &$applicationName)
190			{
191			// Parse application access rights
192			$matches = array();
193			if (preg_match(Right::APPLICATION_ACCESS_PATTERN, $rightName, $matches)) {
194			// Return application name
195			$applicationName = strtolower($matches['application']);
196			return true;
197			}
198
199			return false;
200			}
201
202			/**
203			* Clear all database security rights records that do not match current application list
204			* @param array $accessibleApplications Collection of loaded applications
205			*/
206			private function clearUnmatchedRights(array $accessibleApplications)
			0 ignored issues – show Unused Code introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report This method is not used, and could be removed. Loading history...
207			{
208			// Go throw all rights and remove unnecessary
209			foreach ($this->query->className('right')->exec() as $right) {
210			// Match application access rights
211			$applicationID = '';
212			if ($this->matchApplicationAccessRight($right->Name, $applicationID)) {
213			// If there is no such application that access right exists
214			if(!isset($accessibleApplications[$applicationID])) {
			0 ignored issues – show Coding Style introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Expected 1 space after IF keyword; 0 found Loading history...
215			$right->delete();
216			}
217			}
218			}
219			}
220
221			/**
222			* Parse database application user group rights
223			* @param integer $groupID Security group identifier
224			* @return array Parsed user group rights
225			*/
226			public function parseGroupRights($groupID)
227			{
228			/** @var array $parsedRights Parsed rights */
229			$parsedRights = array('application' => array());
230
231			/** @var \samsonframework\orm\Record[] $groupRights Collection of user rights */
232			$groupRights = array();
233			// Retrieve all user group rights
234			if ($this->query->className('groupright')->join('right')->cond('GroupID', $groupID)->exec($groupRights)) {
235			// Iterate all group rights
236			foreach ($groupRights as $groupRight) {
237			// If we have rights for this group
238			if (isset($groupRight->onetomany['_right'])) {
			0 ignored issues – show Bug introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report The property `onetomany` does not seem to exist. Did you mean `oneToMany`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
239			foreach ($groupRight->onetomany['_right'] as $userRight) {
			0 ignored issues – show Bug introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report The property `onetomany` does not seem to exist. Did you mean `oneToMany`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
240			// Parse application access rights
241			$applicationID = '';
242			if ($this->matchApplicationAccessRight($userRight->Name, $applicationID)) {
243			$parsedRights['application'][] = $applicationID;
244			}
245			}
246			}
247			}
248			}
249
250			return $parsedRights;
251			}
252
253			/** Application initialization */
254			public function init(array $params = array())
255			{
256			$this->i18n = $this->i18n ?? $this->system->module('i18n');
257
258			// Find all applications that needs access rights to it
259			$accessibleApplications = array(
260			'template' => $this->i18n->translate('Главная страница'), // Main application
261			Right::APPLICATION_ACCESS_ALL => Right::APPLICATION_ACCESS_ALL // All application
262			);
263
264			// Iterate all loaded applications
265			foreach (self::$loaded as $application) {
266			// Iterate only applications with names
267			$accessibleApplications[$application->id] = $application->name;
268			}
269
270			// Iterate all applications that needs access rights
271			foreach ($accessibleApplications as $accessibleApplicationID => $accessibleApplicationName) {
272			// Try to find this right in db
273			if (!$this->query->className('right')->cond('Name', Right::APPLICATION_ACCESS_TEMPLATE.$accessibleApplicationID)->first()
274			&& isset($accessibleApplicationName{0}) // Name not empty
275			) {
276			$right = new Right();
277			$right->Name = Right::APPLICATION_ACCESS_TEMPLATE.strtoupper($accessibleApplicationID);
			0 ignored issues – show Bug introduced 2016-10-04 08:49 UTC by Report Bug Copy Issue Report The property `Name` does not seem to exist in `samsoncms\app\security\Right`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
278			$right->Description = $accessibleApplicationID != Right::APPLICATION_ACCESS_ALL
			0 ignored issues – show Bug introduced 2016-10-04 08:49 UTC by Report Bug Copy Issue Report The property `Description` does not seem to exist. Did you mean `description`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
279			? $this->i18n->translate('Доступ к приложению').' "'.$accessibleApplicationName.'"'
280			: $this->i18n->translate('Полный доступ ко всем приложениям');
281			$right->Active = 1;
			0 ignored issues – show Documentation Bug introduced 2016-10-04 08:49 UTC by Report Bug Copy Issue Report The property `$Active` was declared of type `boolean`, but `1` is of type `integer`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
282			$right->save();
283			}
284			}
285
286			// Subscribe to core security event
287			\samsonphp\event\Event::subscribe('core.security', array($this, 'handle'));
288			}
289			}
290

samsoncms / security

Controller B last analyzed 2017-03-21 12:15 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

7 Methods

Duplication Side-by-Side

Filter issues like

Controller B
last analyzed 2017-03-21 12:15 UTC