Issues in SecurityManager.php - New Issues - Inspection of "refactor logging retrieval/display code out of Log..." - stwalkerster/waca - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Branch — newinternal (104de7)

by Simon

created 2016-03-26 04:01 UTC

includes/Security/SecurityManager.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Waca\Security;

use Waca\DataObjects\User;
use Waca\Exceptions\AccessDeniedException;
use Waca\IdentificationVerifier;

final class SecurityManager
{
	/** @var IdentificationVerifier */
	private $identificationVerifier;
	/** @var SecurityConfigurationFactory */
	private $securityConfigurationFactory;

	/**
	 * SecurityManager constructor.
	 *
	 * @param IdentificationVerifier $identificationVerifier
	 * @param bool                   $forceIdentification
	 */
	public function __construct(IdentificationVerifier $identificationVerifier, $forceIdentification)
	{
		$this->identificationVerifier = $identificationVerifier;

		$this->securityConfigurationFactory = new SecurityConfigurationFactory($forceIdentification);
	}

	public function configure(){
		return $this->securityConfigurationFactory;
	}

	/**
	 * @param $value
	 * @param $filter
	 *
	 * @return bool
	 * @throws AccessDeniedException
	 * @category Security-Critical
	 */
	private function test($value, $filter)
	{
		if (!$filter) {
			return false;
		}

		if ($value == SecurityConfiguration::DENY) {
			// FILE_NOT_FOUND...?
			throw new AccessDeniedException();
		}

		return $value === SecurityConfiguration::ALLOW;
	}

	/**
	 * Tests if a user is allowed to perform an action.
	 *
	 * This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
	 * that a user should have access to something.
	 *
	 * @param SecurityConfiguration $config
	 * @param User                  $user
	 *
	 * @return bool
	 *
	 * @category Security-Critical
	 */
	public function allows(SecurityConfiguration $config, User $user)
	{
		if ($config->requiresIdentifiedUser() && !$user->isCommunityUser() && !$user->isIdentified($this->identificationVerifier)) {

			return false;
		}

		try {
			$allowed = $this->test($config->getAdmin(), $user->isAdmin())
				|| $this->test($config->getUser(), $user->isUser())
				|| $this->test($config->getCommunity(), $user->isCommunityUser())
				|| $this->test($config->getSuspended(), $user->isSuspended())
				|| $this->test($config->getDeclined(), $user->isDeclined())
				|| $this->test($config->getNew(), $user->isNewUser())
				|| $this->test($config->getCheckuser(), $user->isCheckuser());

			return $allowed;
		}
		catch (AccessDeniedException $ex) {
			// something is set to deny.
			return false;
		}
	}
}

1			<?php
2
3			namespace Waca\Security;
4
5			use Waca\DataObjects\User;
6			use Waca\Exceptions\AccessDeniedException;
7			use Waca\IdentificationVerifier;
8
9			final class SecurityManager
10			{
11			/** @var IdentificationVerifier */
12			private $identificationVerifier;
13			/** @var SecurityConfigurationFactory */
14			private $securityConfigurationFactory;
15
16			/**
17			* SecurityManager constructor.
18			*
19			* @param IdentificationVerifier $identificationVerifier
20			* @param bool $forceIdentification
21			*/
22			public function __construct(IdentificationVerifier $identificationVerifier, $forceIdentification)
23			{
24			$this->identificationVerifier = $identificationVerifier;
25
26			$this->securityConfigurationFactory = new SecurityConfigurationFactory($forceIdentification);
27			}
28
29			public function configure(){
30			return $this->securityConfigurationFactory;
31			}
32
33			/**
34			* @param $value
35			* @param $filter
36			*
37			* @return bool
38			* @throws AccessDeniedException
39			* @category Security-Critical
40			*/
41			private function test($value, $filter)
42			{
43			if (!$filter) {
44			return false;
45			}
46
47			if ($value == SecurityConfiguration::DENY) {
48			// FILE_NOT_FOUND...?
49			throw new AccessDeniedException();
50			}
51
52			return $value === SecurityConfiguration::ALLOW;
53			}
54
55			/**
56			* Tests if a user is allowed to perform an action.
57			*
58			* This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
59			* that a user should have access to something.
60			*
61			* @param SecurityConfiguration $config
62			* @param User $user
63			*
64			* @return bool
65			*
66			* @category Security-Critical
67			*/
68			public function allows(SecurityConfiguration $config, User $user)
69			{
70			if ($config->requiresIdentifiedUser() && !$user->isCommunityUser() && !$user->isIdentified($this->identificationVerifier)) {
			0 ignored issues – show Coding Style introduced 2016-03-26 04:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this This line exceeds maximum limit of 120 characters; contains 126 characters Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line. Loading history...
71			return false;
72			}
73
74			try {
75			$allowed = $this->test($config->getAdmin(), $user->isAdmin())
76			\|\| $this->test($config->getUser(), $user->isUser())
77			\|\| $this->test($config->getCommunity(), $user->isCommunityUser())
78			\|\| $this->test($config->getSuspended(), $user->isSuspended())
79			\|\| $this->test($config->getDeclined(), $user->isDeclined())
80			\|\| $this->test($config->getNew(), $user->isNewUser())
81			\|\| $this->test($config->getCheckuser(), $user->isCheckuser());
82
83			return $allowed;
84			}
85			catch (AccessDeniedException $ex) {
86			// something is set to deny.
87			return false;
88			}
89			}
90			}

stwalkerster / waca

Branch — newinternal (104de7)

includes/Security/SecurityManager.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like