This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | /* |
||
6 | * This file is part of the Sonata Project package. |
||
7 | * |
||
8 | * (c) Thomas Rabaix <[email protected]> |
||
9 | * |
||
10 | * For the full copyright and license information, please view the LICENSE |
||
11 | * file that was distributed with this source code. |
||
12 | */ |
||
13 | |||
14 | namespace Sonata\AdminBundle\Command; |
||
15 | |||
16 | use Doctrine\Persistence\ManagerRegistry; |
||
17 | use Sonata\AdminBundle\Admin\AdminInterface; |
||
18 | use Sonata\AdminBundle\Admin\Pool; |
||
19 | use Sonata\AdminBundle\Util\ObjectAclManipulatorInterface; |
||
20 | use Symfony\Component\Console\Input\InputInterface; |
||
21 | use Symfony\Component\Console\Input\InputOption; |
||
22 | use Symfony\Component\Console\Output\OutputInterface; |
||
23 | use Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException; |
||
24 | use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity; |
||
25 | |||
26 | /** |
||
27 | * @author Thomas Rabaix <[email protected]> |
||
28 | */ |
||
29 | final class GenerateObjectAclCommand extends QuestionableCommand |
||
30 | { |
||
31 | protected static $defaultName = 'sonata:admin:generate-object-acl'; |
||
32 | |||
33 | /** |
||
34 | * @var string |
||
35 | */ |
||
36 | private $userModelClass = ''; |
||
37 | |||
38 | /** |
||
39 | * @var Pool |
||
40 | */ |
||
41 | private $pool; |
||
42 | |||
43 | /** |
||
44 | * An array of object ACL manipulators indexed by their service ids. |
||
45 | * |
||
46 | * @var ObjectAclManipulatorInterface[] |
||
47 | */ |
||
48 | private $aclObjectManipulators = []; |
||
49 | |||
50 | /** |
||
51 | * @var ManagerRegistry|null |
||
52 | */ |
||
53 | private $registry; |
||
54 | |||
55 | public function __construct(Pool $pool, array $aclObjectManipulators, ?ManagerRegistry $registry = null) |
||
56 | { |
||
57 | $this->pool = $pool; |
||
58 | $this->aclObjectManipulators = $aclObjectManipulators; |
||
59 | $this->registry = $registry; |
||
60 | |||
61 | parent::__construct(); |
||
62 | } |
||
63 | |||
64 | public function configure(): void |
||
65 | { |
||
66 | $this |
||
67 | ->setDescription('Install ACL for the objects of the Admin Classes.') |
||
68 | ->addOption('object_owner', null, InputOption::VALUE_OPTIONAL, 'If set, the task will set the object owner for each admin.') |
||
69 | ->addOption('user_model', null, InputOption::VALUE_OPTIONAL, 'Shortcut notation like <comment>AcmeDemoBundle:User</comment>. If not set, it will be asked the first time an object owner is set.') |
||
70 | ->addOption('step', null, InputOption::VALUE_NONE, 'If set, the task will ask for each admin if the ACLs need to be generated and what object owner to set, if any.') |
||
71 | ; |
||
72 | } |
||
73 | |||
74 | public function execute(InputInterface $input, OutputInterface $output): int |
||
75 | { |
||
76 | $output->writeln('Welcome to the AdminBundle object ACL generator'); |
||
77 | $output->writeln([ |
||
78 | '', |
||
79 | 'This command helps you to generate ACL entities for the objects handled by the AdminBundle.', |
||
80 | '', |
||
81 | 'If the step option is used, you will be asked if you want to generate the object ACL entities for each Admin.', |
||
82 | 'You must use the shortcut notation like <comment>AcmeDemoBundle:User</comment> if you want to set an object owner.', |
||
83 | '', |
||
84 | ]); |
||
85 | |||
86 | if (!$this->registry) { |
||
87 | throw new ServiceNotFoundException('doctrine', static::class, null, [], sprintf( |
||
88 | 'The command "%s" has a dependency on a non-existent service "doctrine".', |
||
89 | static::$defaultName |
||
90 | )); |
||
91 | } |
||
92 | |||
93 | if ($input->getOption('user_model')) { |
||
94 | try { |
||
95 | $this->getUserModelClass($input, $output); |
||
96 | } catch (\Exception $e) { |
||
97 | $output->writeln(sprintf('<error>%s</error>', $e->getMessage())); |
||
98 | |||
99 | return 1; |
||
100 | } |
||
101 | } |
||
102 | |||
103 | if (!$this->aclObjectManipulators) { |
||
0 ignored issues
–
show
|
|||
104 | $output->writeln('No manipulators are implemented : <info>ignoring</info>'); |
||
105 | |||
106 | return 1; |
||
107 | } |
||
108 | |||
109 | foreach ($this->pool->getAdminServiceIds() as $id) { |
||
110 | try { |
||
111 | $admin = $this->pool->getInstance($id); |
||
112 | } catch (\Exception $e) { |
||
113 | $output->writeln('<error>Warning : The admin class cannot be initiated from the command line</error>'); |
||
114 | $output->writeln(sprintf('<error>%s</error>', $e->getMessage())); |
||
115 | |||
116 | continue; |
||
117 | } |
||
118 | |||
119 | if ($input->getOption('step') && !$this->askConfirmation($input, $output, sprintf("<question>Generate ACLs for the object instances handled by \"%s\"?</question>\n", $id), 'no')) { |
||
120 | continue; |
||
121 | } |
||
122 | |||
123 | $securityIdentity = null; |
||
124 | if ($input->getOption('step') && $this->askConfirmation($input, $output, "<question>Set an object owner?</question>\n", 'no')) { |
||
125 | $username = $this->askAndValidate($input, $output, 'Please enter the username: ', '', 'Sonata\AdminBundle\Command\Validators::validateUsername'); |
||
126 | |||
127 | $securityIdentity = new UserSecurityIdentity($username, $this->getUserModelClass($input, $output)); |
||
128 | } |
||
129 | if (!$input->getOption('step') && $input->getOption('object_owner')) { |
||
130 | $securityIdentity = new UserSecurityIdentity($input->getOption('object_owner'), $this->getUserModelClass($input, $output)); |
||
131 | } |
||
132 | |||
133 | $manipulatorId = sprintf('sonata.admin.manipulator.acl.object.%s', $admin->getManagerType()); |
||
134 | if (!$manipulator = $this->aclObjectManipulators[$manipulatorId] ?? null) { |
||
135 | $output->writeln('Admin class is using a manager type that has no manipulator implemented : <info>ignoring</info>'); |
||
136 | |||
137 | continue; |
||
138 | } |
||
139 | if (!$manipulator instanceof ObjectAclManipulatorInterface) { |
||
140 | $output->writeln(sprintf('The interface "ObjectAclManipulatorInterface" is not implemented for %s: <info>ignoring</info>', \get_class($manipulator))); |
||
141 | |||
142 | continue; |
||
143 | } |
||
144 | |||
145 | \assert($admin instanceof AdminInterface); |
||
146 | $manipulator->batchConfigureAcls($output, $admin, $securityIdentity); |
||
147 | } |
||
148 | |||
149 | return 0; |
||
150 | } |
||
151 | |||
152 | protected function initialize(InputInterface $input, OutputInterface $output) |
||
153 | { |
||
154 | parent::initialize($input, $output); |
||
155 | } |
||
156 | |||
157 | private function getUserModelClass(InputInterface $input, OutputInterface $output): string |
||
158 | { |
||
159 | if ('' === $this->userModelClass) { |
||
160 | if ($input->getOption('user_model')) { |
||
161 | [$userBundle, $userModel] = Validators::validateEntityName($input->getOption('user_model')); |
||
162 | } else { |
||
163 | [$userBundle, $userModel] = $this->askAndValidate( |
||
164 | $input, |
||
165 | $output, |
||
166 | 'Please enter the User Entity shortcut name: ', |
||
167 | '', |
||
168 | 'Sonata\AdminBundle\Command\Validators::validateEntityName' |
||
169 | ); |
||
170 | } |
||
171 | |||
172 | $namespace = $this->registry->getAliasNamespace($userBundle); |
||
173 | |||
174 | $this->userModelClass = sprintf('%s\%s', $namespace, $userModel); |
||
175 | } |
||
176 | |||
177 | return $this->userModelClass; |
||
178 | } |
||
179 | } |
||
180 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.