This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | |||
4 | namespace Tahoe\Bundle\MultiTenancyBundle\Handler; |
||
5 | |||
6 | |||
7 | use Doctrine\ORM\EntityManager; |
||
8 | use Tahoe\Bundle\MultiTenancyBundle\Factory\TenantUserFactory; |
||
9 | use Tahoe\Bundle\MultiTenancyBundle\Model\InvitationInterface; |
||
10 | use Tahoe\Bundle\MultiTenancyBundle\Model\MultiTenantTenantInterface; |
||
11 | use Tahoe\Bundle\MultiTenancyBundle\Model\MultiTenantUserInterface; |
||
12 | use Tahoe\Bundle\MultiTenancyBundle\Repository\TenantUserRepository; |
||
13 | |||
14 | /** |
||
15 | * Class TenantUserHandler |
||
16 | * |
||
17 | * @author Konrad Podgórski <[email protected]> |
||
18 | */ |
||
19 | class TenantUserHandler |
||
20 | { |
||
21 | |||
22 | /** |
||
23 | * @var EntityManager |
||
24 | */ |
||
25 | protected $entityManager; |
||
26 | /** |
||
27 | * @var TenantUserRepository |
||
28 | */ |
||
29 | protected $tenantUserRepository; |
||
30 | /** |
||
31 | * @var TenantUserFactory |
||
32 | */ |
||
33 | protected $tenantUserFactory; |
||
34 | |||
35 | function __construct($entityManager, $tenantUserFactory, $tenantUserRepository) |
||
0 ignored issues
–
show
|
|||
36 | { |
||
37 | $this->entityManager = $entityManager; |
||
38 | $this->tenantUserFactory = $tenantUserFactory; |
||
39 | $this->tenantUserRepository = $tenantUserRepository; |
||
40 | } |
||
41 | |||
42 | /** |
||
43 | * @param MultiTenantUserInterface $user |
||
44 | * @param MultiTenantTenantInterface $tenant |
||
45 | * @param array $roles |
||
46 | * |
||
47 | * @return \Tahoe\Bundle\MultiTenancyBundle\Entity\TenantUser |
||
48 | * @throws \Exception |
||
49 | */ |
||
50 | public function addUserToTenant( |
||
51 | MultiTenantUserInterface $user, |
||
52 | MultiTenantTenantInterface $tenant, |
||
53 | $roles = array() |
||
54 | ) { |
||
55 | $tenantUser = $this->tenantUserRepository->findOneBy( |
||
56 | array( |
||
57 | 'tenant' => $tenant, |
||
58 | 'user' => $user |
||
59 | ) |
||
60 | ); |
||
61 | |||
62 | if ($tenantUser) { |
||
63 | // user is already a member of this tenant |
||
64 | |||
65 | throw new \Exception(sprintf('User is already a member of given tenant')); |
||
66 | } |
||
67 | |||
68 | $tenantUser = $this->tenantUserFactory->createNew(); |
||
69 | $tenantUser->setUser($user); |
||
70 | $tenantUser->setTenant($tenant); |
||
0 ignored issues
–
show
$tenant of type object<Tahoe\Bundle\Mult...iTenantTenantInterface> is not a sub-type of object<Tahoe\Bundle\Mult...cyBundle\Entity\Tenant> . It seems like you assume a concrete implementation of the interface Tahoe\Bundle\MultiTenanc...tiTenantTenantInterface to be always present.
This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. ![]() |
|||
71 | $tenantUser->setRoles($roles); |
||
72 | |||
73 | $this->entityManager->persist($tenantUser); |
||
74 | |||
75 | return $tenantUser; |
||
76 | } |
||
77 | |||
78 | /** |
||
79 | * @param MultiTenantUserInterface $user |
||
80 | * @param MultiTenantTenantInterface $tenant |
||
81 | * |
||
82 | * @return bool |
||
83 | * @throws \Exception |
||
84 | */ |
||
85 | public function removeUserFromTenant( |
||
86 | MultiTenantUserInterface $user, |
||
87 | MultiTenantTenantInterface $tenant |
||
88 | ) { |
||
89 | $tenantUser = $this->tenantUserRepository->findOneBy( |
||
90 | array( |
||
91 | 'tenant' => $tenant, |
||
92 | 'user' => $user |
||
93 | ) |
||
94 | ); |
||
95 | |||
96 | if ($tenantUser) { |
||
97 | $this->entityManager->remove($tenantUser); |
||
98 | $this->entityManager->flush(); |
||
99 | |||
100 | return true; |
||
101 | } |
||
102 | |||
103 | throw new \Exception(sprintf('User is not a member of given tenant')); |
||
104 | } |
||
105 | |||
106 | View Code Duplication | public function addRoleToUserInTenant( |
|
107 | $role, |
||
108 | MultiTenantUserInterface $user, |
||
109 | MultiTenantTenantInterface $tenant) |
||
110 | { |
||
111 | $tenantUser = $this->tenantUserRepository->findOneBy( |
||
112 | array( |
||
113 | 'tenant' => $tenant, |
||
114 | 'user' => $user |
||
115 | ) |
||
116 | ); |
||
117 | |||
118 | if ($tenantUser) { |
||
119 | |||
120 | if (false === $tenantUser->hasRole($role)) { |
||
121 | $tenantUser->addRole($role); |
||
122 | } |
||
123 | |||
124 | $this->entityManager->persist($tenantUser); |
||
125 | $this->entityManager->flush(); |
||
126 | |||
127 | return true; |
||
128 | } |
||
129 | |||
130 | throw new \Exception(sprintf('User with id %d is not a member of tenant with id %d' , $user->getId(), $tenant->getId())); |
||
131 | } |
||
132 | |||
133 | View Code Duplication | public function removeRoleFromUserInTenant( |
|
134 | $role, |
||
135 | MultiTenantUserInterface $user, |
||
136 | MultiTenantTenantInterface $tenant) |
||
137 | { |
||
138 | $tenantUser = $this->tenantUserRepository->findOneBy( |
||
139 | array( |
||
140 | 'tenant' => $tenant, |
||
141 | 'user' => $user |
||
142 | ) |
||
143 | ); |
||
144 | |||
145 | if ($tenantUser) { |
||
146 | |||
147 | if ($tenantUser->hasRole($role)) { |
||
148 | $tenantUser->removeRole($role); |
||
149 | } |
||
150 | |||
151 | $this->entityManager->persist($tenantUser); |
||
152 | $this->entityManager->flush(); |
||
153 | |||
154 | return true; |
||
155 | } |
||
156 | |||
157 | throw new \Exception(sprintf('User with id %d is not a member of tenant with id %d' , $user->getId(), $tenant->getId())); |
||
158 | } |
||
159 | } |
||
160 |
Adding explicit visibility (
private
,protected
, orpublic
) is generally recommend to communicate to other developers how, and from where this method is intended to be used.