sunnysideup / silverstripe-health-check-provider

src/Model/HealthCheckProviderSecurity.php

<?php

namespace Sunnysideup\HealthCheckProvider\Model;

use SilverStripe\Forms\CheckboxField;
use SilverStripe\Forms\ReadonlyField;
use SilverStripe\ORM\DataObject;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;

class HealthCheckProviderSecurity extends DataObject
{
    #######################
    ### Names Section
    #######################

    private static $singular_name = 'Security Check';

The private property $singular_name is not used, and could be removed.

    private static $plural_name = 'Security Checks';

The private property $plural_name is not used, and could be removed.

    private static $table_name = 'HealthCheckProviderSecurity';

The private property $table_name is not used, and could be removed.

    #######################
    ### Model Section
    #######################

    private static $db = [

The private property $db is not used, and could be removed.

        'Secret' => 'Varchar(255)',
        'IpAddress' => 'Varchar(64)',
        'Allowed' => 'Boolean',
        'AllowAllData' => 'Boolean',
        'DefinitelyNotOk' => 'Boolean',
        'AccessCount' => 'Int',
    ];

    private static $has_one = [

The private property $has_one is not used, and could be removed.

        'Editor' => Member::class,
    ];

    #######################
    ### Further DB Field Details
    #######################

    private static $default_sort = [

The private property $default_sort is not used, and could be removed.

        'Allowed' => 'DESC',
        'Created' => 'DESC',
    ];

    #######################
    ### Field Names and Presentation Section
    #######################

    private static $field_labels = [

The private property $field_labels is not used, and could be removed.

        'Secret' => 'Api Key Provided by Retriever',
        'IpAddress' => 'IP Address of Retriever',
        'Allowed' => 'Allow this key from this IP address?',
        'Editor' => 'Report Editor',
        'EditorID' => 'Report Editor',
    ];

    private static $summary_fields = [

The private property $summary_fields is not used, and could be removed.

        'Created' => 'First Access',
        'Allowed.Nice' => 'Allow',
        'Editor.Title' => 'Editor',
        'Secret' => 'Api Key Provided',
        'IpAddress' => 'IP',
        'AccessCount' => 'Access Count',
    ];

    #######################
    ### Casting Section
    #######################

    private static $casting = [

The private property $casting is not used, and could be removed.

        'Title' => 'Varchar',
    ];

    public static function check(string $key, string $ip): bool
    {
        $obj = self::get_object_from_filter($key, $ip);

        return (bool) $obj->Allowed;
    }

    public static function get_editor_id(string $key, string $ip): int
    {
        $obj = self::get_object_from_filter($key, $ip);

        return (int) $obj->EditorID;
    }

    /**
     * casted variable
     */
    public function getTitle(): string
    {
        return 'Retrieval attempt from "' . $this->IpAddress . '" using "' . $this->Secret . '" as key';
    }

    #######################
    ### can Section
    #######################

    public function canCreate($member = null, $context = [])
    {
        return false;
    }

    public function canDelete($member = null)
    {
        return false;
    }

    public function canEdit($member = null)
    {
        return $this->DefinitelyNotOk ? false : parent::canEdit($member);

The property DefinitelyNotOk does not exist on Sunnysideup\HealthCheckProvider\Model\HealthCheckProviderSecurity. Since you implemented __get, consider adding a @property annotation.

    }

    #######################
    ### write Section
    #######################

    protected function onBeforeWrite()
    {
        parent::onBeforeWrite();
        if (! $this->EditorID) {
            $user = Security::getCurrentUser();
            if ($user) {

$user is of type SilverStripe\Security\Member, thus it always evaluated to true.

                $this->EditorID = Security::getCurrentUser()->ID;

The property EditorID does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

            }
        }
        if (! $this->Secret) {
            $this->Secret = 'Careful: no key set - ' . mt_rand(0, 9999999999999999);

The property Secret does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

        }
        if (! $this->IpAddress) {
            $this->IpAddress = 'Careful: no IP Set';

The property IpAddress does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

        }
        if ($this->DefinitelyNotOk) {

The property DefinitelyNotOk does not exist on Sunnysideup\HealthCheckProvider\Model\HealthCheckProviderSecurity. Since you implemented __get, consider adding a @property annotation.

            $this->Allowed = false;

The property Allowed does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

        }
    }

    protected function onAfterWrite()
    {
        parent::onAfterWrite();
        if ($this->AllowAllData) {

The property AllowAllData does not exist on Sunnysideup\HealthCheckProvider\Model\HealthCheckProviderSecurity. Since you implemented __get, consider adding a @property annotation.

            $items = HealthCheckItemProvider::get()->filter(['Include' => false]);
            foreach ($items as $item) {
                $item->Include = true;
                $item->write();
            }
        }
    }

    #######################
    ### CMS Edit Section
    #######################

    public function getCMSFields()
    {
        $fields = parent::getCMSFields();
        $fields->addFieldsToTab(
            'Root.Main',
            [
                ReadonlyField::create('Secret', 'Secret Key'),
                ReadonlyField::create('IpAddress', 'IP'),
                ReadonlyField::create('AccessCount', 'Access Count'),
                CheckboxField::create('Allowed', 'Allow this IP with this Key?  If unsure, please double-check!')
                    ->setDescription('Make sure that you are OK with both the key and the IP address to ensure security.'),
                CheckboxField::create('DefinitelyNotOk', 'Check if you think this is a bad request')
                    ->setDescription('Careful, checking this will stop any future retrievals with this key and IP.'),
                CheckboxField::create('AllowAllData', 'Check this box to allow access to all for any IPs granted access')
                    ->setDescription('Carefully consider if you are ok with this'),
            ]
        );

        return $fields;
    }

    protected static function get_object_from_filter(string $key, string $ip): HealthCheckProviderSecurity
    {
        $filter = [
            'Secret' => $key,
            'IpAddress' => $ip,
        ];

        //we make sure we get the last one! Just in case there is more one.
        /** @var HealthCheckProviderSecurity|null $obj */
        $obj = HealthCheckProviderSecurity::get()->filter($filter)->last();
        if (! $obj) {

$obj is of type Sunnysideup\HealthCheckProvider\Model\HealthCheckProviderSecurity, thus it always evaluated to true.

            $obj = HealthCheckProviderSecurity::create($filter);
        }
        ++$obj->AccessCount;

The property AccessCount does not exist on Sunnysideup\HealthCheckProvider\Model\HealthCheckProviderSecurity. Since you implemented __get, consider adding a @property annotation.

        $obj->write();

        return $obj;
    }
}