|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* This file is part of the Tinyissue package. |
|
5
|
|
|
* |
|
6
|
|
|
* (c) Mohamed Alsharaf <[email protected]> |
|
7
|
|
|
* |
|
8
|
|
|
* For the full copyright and license information, please view the LICENSE |
|
9
|
|
|
* file that was distributed with this source code. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace Tinyissue\Http\Middleware; |
|
13
|
|
|
|
|
14
|
|
|
use Closure; |
|
15
|
|
|
use Illuminate\Contracts\Auth\Guard; |
|
16
|
|
|
use Illuminate\Http\Request; |
|
17
|
|
|
use Tinyissue\Model\Project as ProjectModel; |
|
18
|
|
|
|
|
19
|
|
|
/** |
|
20
|
|
|
* Permission is a Middleware class to for checking if current user has the permission to access the request. |
|
21
|
|
|
* |
|
22
|
|
|
* @author Mohamed Alsharaf <[email protected]> |
|
23
|
|
|
*/ |
|
24
|
|
|
class Permission |
|
25
|
|
|
{ |
|
26
|
|
|
/** |
|
27
|
|
|
* The Guard implementation. |
|
28
|
|
|
* |
|
29
|
|
|
* @var Guard |
|
30
|
|
|
*/ |
|
31
|
|
|
protected $auth; |
|
32
|
|
|
|
|
33
|
|
|
/** |
|
34
|
|
|
* List of permissions that can be accessed by public users. |
|
35
|
|
|
* |
|
36
|
|
|
* @var array |
|
37
|
|
|
*/ |
|
38
|
|
|
protected $publicAccess = [ |
|
39
|
|
|
'issue-view', |
|
40
|
|
|
]; |
|
41
|
|
|
|
|
42
|
|
|
/** |
|
43
|
|
|
* Create a new filter instance. |
|
44
|
|
|
* |
|
45
|
|
|
* @param Guard $auth |
|
46
|
|
|
*/ |
|
47
|
43 |
|
public function __construct(Guard $auth) |
|
48
|
|
|
{ |
|
49
|
43 |
|
$this->auth = $auth; |
|
50
|
43 |
|
} |
|
51
|
|
|
|
|
52
|
|
|
/** |
|
53
|
|
|
* Handle an incoming request. |
|
54
|
|
|
* |
|
55
|
|
|
* @param Request $request |
|
56
|
|
|
* @param \Closure $next |
|
57
|
|
|
* |
|
58
|
|
|
* @return mixed |
|
59
|
|
|
*/ |
|
60
|
42 |
|
public function handle(Request $request, Closure $next) |
|
61
|
|
|
{ |
|
62
|
42 |
|
$permission = $this->getPermission($request); |
|
63
|
42 |
|
$user = $this->auth->user(); |
|
64
|
|
|
/** @var ProjectModel|null $project */ |
|
65
|
42 |
|
$project = $request->route()->getParameter('project'); |
|
66
|
42 |
|
$issue = $request->route()->getParameter('issue'); |
|
67
|
|
|
|
|
68
|
|
|
// Check if user has the permission |
|
69
|
|
|
// & if the user can access the current context (e.g. is one of the project users) |
|
70
|
42 |
|
if (app('tinyissue.settings')->isPublicProjectsEnabled() |
|
|
|
|
|
|
71
|
42 |
|
&& in_array($permission, $this->publicAccess) |
|
72
|
42 |
|
&& $project instanceof ProjectModel && !$project->isPrivate()) { |
|
73
|
|
|
// Ignore we are ok to view issues in public project |
|
74
|
42 |
|
} elseif (!$this->auth->guest() |
|
75
|
42 |
|
&& (!$user->permission($permission) |
|
76
|
42 |
|
|| !$user->permissionInContext($request->route())) |
|
77
|
42 |
|
|| ($project instanceof ProjectModel && $project->isPrivateInternal() && $issue && !$issue->isCreatedBy($user)) |
|
78
|
|
|
) { |
|
79
|
8 |
|
abort(401); |
|
80
|
|
|
} |
|
81
|
|
|
|
|
82
|
38 |
|
return $next($request); |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
/** |
|
86
|
|
|
* Returns the permission defined in route action. |
|
87
|
|
|
* |
|
88
|
|
|
* @param Request $request |
|
89
|
|
|
* |
|
90
|
|
|
* @return mixed |
|
91
|
|
|
*/ |
|
92
|
42 |
|
protected function getPermission(Request $request) |
|
93
|
|
|
{ |
|
94
|
42 |
|
$actions = $request->route()->getAction(); |
|
95
|
|
|
|
|
96
|
42 |
|
return $actions['permission']; |
|
97
|
|
|
} |
|
98
|
|
|
} |
|
99
|
|
|
|
satrun77 /
tinyissue
This check looks for the bodies of
ifstatements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete.These
ifbodies can be removed. If you have an empty if but statements in theelsebranch, consider inverting the condition.could be turned into
This is much more concise to read.