This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace yii2mod\rbac\migrations; |
||
4 | |||
5 | use yii\base\Component; |
||
6 | use yii\base\InvalidParamException; |
||
7 | use yii\db\MigrationInterface; |
||
8 | use yii\di\Instance; |
||
9 | use yii\rbac\DbManager; |
||
10 | use yii\rbac\Item; |
||
11 | use yii\rbac\Permission; |
||
12 | use yii\rbac\Role; |
||
13 | use yii\rbac\Rule; |
||
14 | |||
15 | /** |
||
16 | * Class Migration |
||
17 | * |
||
18 | * @package yii2mod\rbac\migrations |
||
19 | */ |
||
20 | class Migration extends Component implements MigrationInterface |
||
21 | { |
||
22 | /** |
||
23 | * @var string|DbManager The auth manager component ID that this migration should work with |
||
24 | */ |
||
25 | public $authManager = 'authManager'; |
||
26 | |||
27 | /** |
||
28 | * Initializes the migration. |
||
29 | * This method will set [[authManager]] to be the 'authManager' application component, if it is `null`. |
||
30 | */ |
||
31 | public function init() |
||
32 | { |
||
33 | $this->authManager = Instance::ensure($this->authManager, DbManager::class); |
||
34 | |||
35 | parent::init(); |
||
36 | } |
||
37 | |||
38 | /** |
||
39 | * @inheritdoc |
||
40 | */ |
||
41 | View Code Duplication | public function up() |
|
42 | { |
||
43 | $transaction = $this->authManager->db->beginTransaction(); |
||
44 | try { |
||
45 | if ($this->safeUp() === false) { |
||
46 | $transaction->rollBack(); |
||
47 | |||
48 | return false; |
||
49 | } |
||
50 | $transaction->commit(); |
||
51 | $this->authManager->invalidateCache(); |
||
52 | |||
53 | return true; |
||
54 | } catch (\Exception $e) { |
||
55 | echo "Rolling transaction back\n"; |
||
56 | echo 'Exception: ' . $e->getMessage() . ' (' . $e->getFile() . ':' . $e->getLine() . ")\n"; |
||
57 | echo $e->getTraceAsString() . "\n"; |
||
58 | $transaction->rollBack(); |
||
59 | |||
60 | return false; |
||
61 | } |
||
62 | } |
||
63 | |||
64 | /** |
||
65 | * @inheritdoc |
||
66 | */ |
||
67 | View Code Duplication | public function down() |
|
68 | { |
||
69 | $transaction = $this->authManager->db->beginTransaction(); |
||
70 | try { |
||
71 | if ($this->safeDown() === false) { |
||
72 | $transaction->rollBack(); |
||
73 | |||
74 | return false; |
||
75 | } |
||
76 | $transaction->commit(); |
||
77 | $this->authManager->invalidateCache(); |
||
78 | |||
79 | return true; |
||
80 | } catch (\Exception $e) { |
||
81 | echo "Rolling transaction back\n"; |
||
82 | echo 'Exception: ' . $e->getMessage() . ' (' . $e->getFile() . ':' . $e->getLine() . ")\n"; |
||
83 | echo $e->getTraceAsString() . "\n"; |
||
84 | $transaction->rollBack(); |
||
85 | |||
86 | return false; |
||
87 | } |
||
88 | } |
||
89 | |||
90 | /** |
||
91 | * This method contains the logic to be executed when applying this migration. |
||
92 | * |
||
93 | * @return bool return a false value to indicate the migration fails |
||
94 | * and should not proceed further. All other return values mean the migration succeeds |
||
95 | */ |
||
96 | public function safeUp() |
||
97 | { |
||
98 | } |
||
99 | |||
100 | /** |
||
101 | * This method contains the logic to be executed when removing this migration. |
||
102 | * |
||
103 | * @return bool return a false value to indicate the migration fails |
||
104 | * and should not proceed further. All other return values mean the migration succeeds |
||
105 | */ |
||
106 | public function safeDown() |
||
107 | { |
||
108 | } |
||
109 | |||
110 | /** |
||
111 | * Creates new permission. |
||
112 | * |
||
113 | * @param string $name The name of the permission |
||
114 | * @param string $description The description of the permission |
||
115 | * @param string|null $ruleName The rule associated with the permission |
||
116 | * @param mixed|null $data The additional data associated with the permission |
||
117 | * |
||
118 | * @return Permission |
||
119 | */ |
||
120 | View Code Duplication | protected function createPermission($name, $description = '', $ruleName = null, $data = null) |
|
121 | { |
||
122 | echo " > create permission $name ..."; |
||
123 | $time = microtime(true); |
||
124 | $permission = $this->authManager->createPermission($name); |
||
125 | $permission->description = $description; |
||
126 | $permission->ruleName = $ruleName; |
||
127 | $permission->data = $data; |
||
128 | $this->authManager->add($permission); |
||
129 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
130 | |||
131 | return $permission; |
||
132 | } |
||
133 | |||
134 | /** |
||
135 | * Creates new role. |
||
136 | * |
||
137 | * @param string $name The name of the role |
||
138 | * @param string $description The description of the role |
||
139 | * @param string|null $ruleName The rule associated with the role |
||
140 | * @param mixed|null $data The additional data associated with the role |
||
141 | * |
||
142 | * @return Role |
||
143 | */ |
||
144 | View Code Duplication | protected function createRole($name, $description = '', $ruleName = null, $data = null) |
|
145 | { |
||
146 | echo " > create role $name ..."; |
||
147 | $time = microtime(true); |
||
148 | $role = $this->authManager->createRole($name); |
||
149 | $role->description = $description; |
||
150 | $role->ruleName = $ruleName; |
||
151 | $role->data = $data; |
||
152 | $this->authManager->add($role); |
||
153 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
154 | |||
155 | return $role; |
||
156 | } |
||
157 | |||
158 | /** |
||
159 | * Creates new rule. |
||
160 | * |
||
161 | * @param string $ruleName The name of the rule |
||
162 | * @param string|array $definition The class of the rule |
||
163 | * |
||
164 | * @return Rule |
||
165 | */ |
||
166 | protected function createRule($ruleName, $definition) |
||
167 | { |
||
168 | echo " > create rule $ruleName ..."; |
||
169 | $time = microtime(true); |
||
170 | if (is_array($definition)) { |
||
171 | $definition['name'] = $ruleName; |
||
172 | } else { |
||
173 | $definition = [ |
||
174 | 'class' => $definition, |
||
175 | 'name' => $ruleName, |
||
176 | ]; |
||
177 | } |
||
178 | /** @var Rule $rule */ |
||
179 | $rule = \Yii::createObject($definition); |
||
180 | $this->authManager->add($rule); |
||
181 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
182 | |||
183 | return $rule; |
||
184 | } |
||
185 | |||
186 | /** |
||
187 | * Finds either role or permission or throws an exception if it is not found. |
||
188 | * |
||
189 | * @param string $name |
||
190 | * |
||
191 | * @return Permission|Role|null |
||
192 | */ |
||
193 | protected function findItem($name) |
||
194 | { |
||
195 | $item = $this->authManager->getRole($name); |
||
196 | if ($item instanceof Role) { |
||
197 | return $item; |
||
198 | } |
||
199 | $item = $this->authManager->getPermission($name); |
||
200 | if ($item instanceof Permission) { |
||
201 | return $item; |
||
202 | } |
||
203 | |||
204 | return null; |
||
205 | } |
||
206 | |||
207 | /** |
||
208 | * Finds the role or throws an exception if it is not found. |
||
209 | * |
||
210 | * @param string $name |
||
211 | * |
||
212 | * @return Role|null |
||
213 | */ |
||
214 | protected function findRole($name) |
||
215 | { |
||
216 | $role = $this->authManager->getRole($name); |
||
217 | if ($role instanceof Role) { |
||
218 | return $role; |
||
219 | } |
||
220 | |||
221 | return null; |
||
222 | } |
||
223 | |||
224 | /** |
||
225 | * Finds the permission or throws an exception if it is not found. |
||
226 | * |
||
227 | * @param string $name |
||
228 | * |
||
229 | * @return Permission|null |
||
230 | */ |
||
231 | protected function findPermission($name) |
||
232 | { |
||
233 | $permission = $this->authManager->getPermission($name); |
||
234 | if ($permission instanceof Permission) { |
||
235 | return $permission; |
||
236 | } |
||
237 | |||
238 | return null; |
||
239 | } |
||
240 | |||
241 | /** |
||
242 | * Adds child. |
||
243 | * |
||
244 | * @param Item|string $parent Either name or Item instance which is parent |
||
245 | * @param Item|string $child Either name or Item instance which is child |
||
246 | */ |
||
247 | View Code Duplication | protected function addChild($parent, $child) |
|
248 | { |
||
249 | if (is_string($parent)) { |
||
250 | $parent = $this->findItem($parent); |
||
251 | } |
||
252 | if (is_string($child)) { |
||
253 | $child = $this->findItem($child); |
||
254 | } |
||
255 | echo " > adding $child->name as child to $parent->name ..."; |
||
256 | $time = microtime(true); |
||
257 | $this->authManager->addChild($parent, $child); |
||
258 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
259 | } |
||
260 | |||
261 | /** |
||
262 | * Removes child. |
||
263 | * |
||
264 | * @param Item|string $parent Either name or Item instance which is parent |
||
265 | * @param Item|string $child Either name or Item instance which is child |
||
266 | */ |
||
267 | View Code Duplication | protected function removeChild($parent, $child) |
|
268 | { |
||
269 | if (is_string($parent)) { |
||
270 | $parent = $this->findItem($parent); |
||
271 | } |
||
272 | if (is_string($child)) { |
||
273 | $child = $this->findItem($child); |
||
274 | } |
||
275 | echo " > removing $child->name from $parent->name ..."; |
||
276 | $time = microtime(true); |
||
277 | $this->authManager->removeChild($parent, $child); |
||
278 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
279 | } |
||
280 | |||
281 | /** |
||
282 | * Assigns a role to a user. |
||
283 | * |
||
284 | * @param string|Role $role |
||
285 | * @param string|int $userId |
||
286 | */ |
||
287 | View Code Duplication | protected function assign($role, $userId) |
|
288 | { |
||
289 | if (is_string($role)) { |
||
290 | $role = $this->findRole($role); |
||
291 | } |
||
292 | echo " > assigning $role->name to user $userId ..."; |
||
293 | $time = microtime(true); |
||
294 | $this->authManager->assign($role, $userId); |
||
295 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
296 | } |
||
297 | |||
298 | /** |
||
299 | * Updates role. |
||
300 | * |
||
301 | * @param string|Role $role |
||
302 | * @param string $description |
||
303 | * @param string $ruleName |
||
304 | * @param mixed $data |
||
305 | * |
||
306 | * @return Role |
||
307 | */ |
||
308 | View Code Duplication | protected function updateRole($role, $description = '', $ruleName = null, $data = null) |
|
309 | { |
||
310 | if (is_string($role)) { |
||
311 | $role = $this->findRole($role); |
||
312 | } |
||
313 | echo " > update role $role->name ..."; |
||
314 | $time = microtime(true); |
||
315 | $role->description = $description; |
||
316 | $role->ruleName = $ruleName; |
||
317 | $role->data = $data; |
||
318 | $this->authManager->update($role->name, $role); |
||
319 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
320 | |||
321 | return $role; |
||
322 | } |
||
323 | |||
324 | /** |
||
325 | * Remove role. |
||
326 | * |
||
327 | * @param string $name |
||
328 | */ |
||
329 | View Code Duplication | protected function removeRole($name) |
|
330 | { |
||
331 | $role = $this->authManager->getRole($name); |
||
332 | if (empty($role)) { |
||
333 | throw new InvalidParamException("Role '{$role}' does not exists"); |
||
0 ignored issues
–
show
|
|||
334 | } |
||
335 | echo " > removing role $role->name ..."; |
||
336 | $time = microtime(true); |
||
337 | $this->authManager->remove($role); |
||
338 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
339 | } |
||
340 | |||
341 | /** |
||
342 | * Updates permission. |
||
343 | * |
||
344 | * @param string|Permission $permission |
||
345 | * @param string $description |
||
346 | * @param string $ruleName |
||
347 | * @param mixed $data |
||
348 | * |
||
349 | * @return Permission |
||
350 | */ |
||
351 | View Code Duplication | protected function updatePermission($permission, $description = '', $ruleName = null, $data = null) |
|
352 | { |
||
353 | if (is_string($permission)) { |
||
354 | $permission = $this->findPermission($permission); |
||
355 | } |
||
356 | echo " > update permission $permission->name ..."; |
||
357 | $time = microtime(true); |
||
358 | $permission->description = $description; |
||
359 | $permission->ruleName = $ruleName; |
||
360 | $permission->data = $data; |
||
361 | $this->authManager->update($permission->name, $permission); |
||
362 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
363 | |||
364 | return $permission; |
||
365 | } |
||
366 | |||
367 | /** |
||
368 | * Remove permission. |
||
369 | * |
||
370 | * @param string $name |
||
371 | */ |
||
372 | View Code Duplication | protected function removePermission($name) |
|
373 | { |
||
374 | $permission = $this->authManager->getPermission($name); |
||
375 | if (empty($permission)) { |
||
376 | throw new InvalidParamException("Permission '{$permission}' does not exists"); |
||
0 ignored issues
–
show
The class
yii\base\InvalidParamException has been deprecated with message: since 2.0.14. Use [[InvalidArgumentException]] instead.
This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.
Loading history...
|
|||
377 | } |
||
378 | echo " > removing permission $permission->name ..."; |
||
379 | $time = microtime(true); |
||
380 | $this->authManager->remove($permission); |
||
381 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
382 | } |
||
383 | |||
384 | /** |
||
385 | * Updates rule. |
||
386 | * |
||
387 | * @param string $ruleName |
||
388 | * @param string $className |
||
389 | * |
||
390 | * @return Rule |
||
391 | */ |
||
392 | protected function updateRule($ruleName, $className) |
||
393 | { |
||
394 | echo " > update rule $ruleName ..."; |
||
395 | $time = microtime(true); |
||
396 | /** @var Rule $rule */ |
||
397 | $rule = \Yii::createObject([ |
||
398 | 'class' => $className, |
||
399 | 'name' => $ruleName, |
||
400 | ]); |
||
401 | $this->authManager->update($ruleName, $rule); |
||
402 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
403 | |||
404 | return $rule; |
||
405 | } |
||
406 | |||
407 | /** |
||
408 | * Remove rule. |
||
409 | * |
||
410 | * @param string $ruleName |
||
411 | */ |
||
412 | View Code Duplication | protected function removeRule($ruleName) |
|
413 | { |
||
414 | $rule = $this->authManager->getRule($ruleName); |
||
415 | if (empty($rule)) { |
||
416 | throw new InvalidParamException("Rule '{$ruleName}' does not exists"); |
||
0 ignored issues
–
show
The class
yii\base\InvalidParamException has been deprecated with message: since 2.0.14. Use [[InvalidArgumentException]] instead.
This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.
Loading history...
|
|||
417 | } |
||
418 | echo " > removing rule $rule->name ..."; |
||
419 | $time = microtime(true); |
||
420 | $this->authManager->remove($rule); |
||
421 | echo ' done (time: ' . sprintf('%.3f', microtime(true) - $time) . "s)\n"; |
||
422 | } |
||
423 | } |
||
424 |
This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.