This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace yii2mod\rbac\models; |
||
4 | |||
5 | use Yii; |
||
6 | use yii\base\Model; |
||
7 | use yii\helpers\Json; |
||
8 | use yii\rbac\Item; |
||
9 | use yii\rbac\Rule; |
||
10 | |||
11 | /** |
||
12 | * Class AuthItemModel |
||
13 | * |
||
14 | * @property string $name |
||
15 | * @property int $type |
||
16 | * @property string $description |
||
17 | * @property string $ruleName |
||
18 | * @property string $data |
||
19 | * @property Item $item |
||
20 | */ |
||
21 | class AuthItemModel extends Model |
||
22 | { |
||
23 | /** |
||
24 | * @var string auth item name |
||
25 | */ |
||
26 | public $name; |
||
27 | |||
28 | /** |
||
29 | * @var int auth item type |
||
30 | */ |
||
31 | public $type; |
||
32 | |||
33 | /** |
||
34 | * @var string auth item description |
||
35 | */ |
||
36 | public $description; |
||
37 | |||
38 | /** |
||
39 | * @var string biz rule name |
||
40 | */ |
||
41 | public $ruleName; |
||
42 | |||
43 | /** |
||
44 | * @var null|string additional data |
||
45 | */ |
||
46 | public $data; |
||
47 | |||
48 | /** |
||
49 | * @var \yii\rbac\ManagerInterface |
||
50 | */ |
||
51 | protected $manager; |
||
52 | |||
53 | /** |
||
54 | * @var Item |
||
55 | */ |
||
56 | private $_item; |
||
57 | |||
58 | /** |
||
59 | * AuthItemModel constructor. |
||
60 | * |
||
61 | * @param Item|null $item |
||
62 | * @param array $config |
||
63 | */ |
||
64 | public function __construct($item = null, $config = []) |
||
65 | { |
||
66 | $this->_item = $item; |
||
67 | $this->manager = Yii::$app->authManager; |
||
68 | |||
69 | if ($item !== null) { |
||
70 | $this->name = $item->name; |
||
71 | $this->type = $item->type; |
||
72 | $this->description = $item->description; |
||
73 | $this->ruleName = $item->ruleName; |
||
74 | $this->data = $item->data === null ? null : Json::encode($item->data); |
||
75 | } |
||
76 | |||
77 | parent::__construct($config); |
||
78 | } |
||
79 | |||
80 | /** |
||
81 | * @inheritdoc |
||
82 | */ |
||
83 | public function rules(): array |
||
84 | { |
||
85 | return [ |
||
86 | [['name', 'description', 'data', 'ruleName'], 'trim'], |
||
87 | [['name', 'type'], 'required'], |
||
88 | ['ruleName', 'checkRule'], |
||
89 | ['name', 'validateName', 'when' => function () { |
||
90 | return $this->getIsNewRecord() || ($this->_item->name != $this->name); |
||
91 | }], |
||
92 | ['type', 'integer'], |
||
93 | [['description', 'data', 'ruleName'], 'default'], |
||
94 | ['name', 'string', 'max' => 64], |
||
95 | ]; |
||
96 | } |
||
97 | |||
98 | /** |
||
99 | * Validate item name |
||
100 | */ |
||
101 | public function validateName() |
||
102 | { |
||
103 | $value = $this->name; |
||
104 | if ($this->manager->getRole($value) !== null || $this->manager->getPermission($value) !== null) { |
||
105 | $message = Yii::t('yii', '{attribute} "{value}" has already been taken.'); |
||
106 | $params = [ |
||
107 | 'attribute' => $this->getAttributeLabel('name'), |
||
108 | 'value' => $value, |
||
109 | ]; |
||
110 | $this->addError('name', Yii::$app->getI18n()->format($message, $params, Yii::$app->language)); |
||
111 | } |
||
112 | } |
||
113 | |||
114 | /** |
||
115 | * Check for rule |
||
116 | */ |
||
117 | public function checkRule() |
||
118 | { |
||
119 | $name = $this->ruleName; |
||
120 | |||
121 | if (!$this->manager->getRule($name)) { |
||
122 | try { |
||
123 | $rule = Yii::createObject($name); |
||
124 | if ($rule instanceof Rule) { |
||
125 | $rule->name = $name; |
||
126 | $this->manager->add($rule); |
||
127 | } else { |
||
128 | $this->addError('ruleName', Yii::t('yii2mod.rbac', 'Invalid rule "{value}"', ['value' => $name])); |
||
129 | } |
||
130 | } catch (\Exception $exc) { |
||
131 | $this->addError('ruleName', Yii::t('yii2mod.rbac', 'Rule "{value}" does not exists', ['value' => $name])); |
||
132 | } |
||
133 | } |
||
134 | } |
||
135 | |||
136 | /** |
||
137 | * @inheritdoc |
||
138 | */ |
||
139 | View Code Duplication | public function attributeLabels(): array |
|
140 | { |
||
141 | return [ |
||
142 | 'name' => Yii::t('yii2mod.rbac', 'Name'), |
||
143 | 'type' => Yii::t('yii2mod.rbac', 'Type'), |
||
144 | 'description' => Yii::t('yii2mod.rbac', 'Description'), |
||
145 | 'ruleName' => Yii::t('yii2mod.rbac', 'Rule Name'), |
||
146 | 'data' => Yii::t('yii2mod.rbac', 'Data'), |
||
147 | ]; |
||
148 | } |
||
149 | |||
150 | /** |
||
151 | * Check if is new record. |
||
152 | * |
||
153 | * @return bool |
||
154 | */ |
||
155 | public function getIsNewRecord(): bool |
||
156 | { |
||
157 | return $this->_item === null; |
||
158 | } |
||
159 | |||
160 | /** |
||
161 | * Find role |
||
162 | * |
||
163 | * @param string $id |
||
164 | * |
||
165 | * @return null|\self |
||
166 | */ |
||
167 | public static function find(string $id) |
||
168 | { |
||
169 | $item = Yii::$app->authManager->getRole($id); |
||
170 | |||
171 | if ($item !== null) { |
||
172 | return new self($item); |
||
173 | } |
||
174 | |||
175 | return null; |
||
176 | } |
||
177 | |||
178 | /** |
||
179 | * Save role to [[\yii\rbac\authManager]] |
||
180 | * |
||
181 | * @return bool |
||
182 | */ |
||
183 | public function save(): bool |
||
184 | { |
||
185 | if ($this->validate()) { |
||
186 | if ($this->_item === null) { |
||
187 | if ($this->type == Item::TYPE_ROLE) { |
||
188 | $this->_item = $this->manager->createRole($this->name); |
||
189 | } else { |
||
190 | $this->_item = $this->manager->createPermission($this->name); |
||
191 | } |
||
192 | $isNew = true; |
||
193 | $oldName = false; |
||
194 | } else { |
||
195 | $isNew = false; |
||
196 | $oldName = $this->_item->name; |
||
197 | } |
||
198 | |||
199 | $this->_item->name = $this->name; |
||
200 | $this->_item->description = $this->description; |
||
201 | $this->_item->ruleName = $this->ruleName; |
||
202 | $this->_item->data = Json::decode($this->data); |
||
203 | |||
204 | if ($isNew) { |
||
205 | $this->manager->add($this->_item); |
||
206 | } else { |
||
207 | $this->manager->update($oldName, $this->_item); |
||
0 ignored issues
–
show
|
|||
208 | } |
||
209 | |||
210 | return true; |
||
211 | } |
||
212 | |||
213 | return false; |
||
214 | } |
||
215 | |||
216 | /** |
||
217 | * Add child to Item |
||
218 | * |
||
219 | * @param array $items |
||
220 | * |
||
221 | * @return bool |
||
222 | */ |
||
223 | View Code Duplication | public function addChildren(array $items): bool |
|
224 | { |
||
225 | if ($this->_item) { |
||
226 | foreach ($items as $name) { |
||
227 | $child = $this->manager->getPermission($name); |
||
228 | if (empty($child) && $this->type == Item::TYPE_ROLE) { |
||
229 | $child = $this->manager->getRole($name); |
||
230 | } |
||
231 | $this->manager->addChild($this->_item, $child); |
||
232 | } |
||
233 | } |
||
234 | |||
235 | return true; |
||
236 | } |
||
237 | |||
238 | /** |
||
239 | * Remove child from an item |
||
240 | * |
||
241 | * @param array $items |
||
242 | * |
||
243 | * @return bool |
||
244 | */ |
||
245 | View Code Duplication | public function removeChildren(array $items): bool |
|
246 | { |
||
247 | if ($this->_item !== null) { |
||
248 | foreach ($items as $name) { |
||
249 | $child = $this->manager->getPermission($name); |
||
250 | if (empty($child) && $this->type == Item::TYPE_ROLE) { |
||
251 | $child = $this->manager->getRole($name); |
||
252 | } |
||
253 | $this->manager->removeChild($this->_item, $child); |
||
254 | } |
||
255 | } |
||
256 | |||
257 | return true; |
||
258 | } |
||
259 | |||
260 | /** |
||
261 | * Get all available and assigned roles, permission and routes |
||
262 | * |
||
263 | * @return array |
||
264 | */ |
||
265 | public function getItems(): array |
||
266 | { |
||
267 | $available = []; |
||
268 | $assigned = []; |
||
269 | |||
270 | if ($this->type == Item::TYPE_ROLE) { |
||
271 | foreach (array_keys($this->manager->getRoles()) as $name) { |
||
272 | $available[$name] = 'role'; |
||
273 | } |
||
274 | } |
||
275 | View Code Duplication | foreach (array_keys($this->manager->getPermissions()) as $name) { |
|
276 | $available[$name] = $name[0] == '/' ? 'route' : 'permission'; |
||
277 | } |
||
278 | |||
279 | foreach ($this->manager->getChildren($this->_item->name) as $item) { |
||
280 | $assigned[$item->name] = $item->type == 1 ? 'role' : ($item->name[0] == '/' ? 'route' : 'permission'); |
||
281 | unset($available[$item->name]); |
||
282 | } |
||
283 | |||
284 | unset($available[$this->name]); |
||
285 | |||
286 | return [ |
||
287 | 'available' => $available, |
||
288 | 'assigned' => $assigned, |
||
289 | ]; |
||
290 | } |
||
291 | |||
292 | /** |
||
293 | * @return null|Item |
||
294 | */ |
||
295 | public function getItem() |
||
296 | { |
||
297 | return $this->_item; |
||
298 | } |
||
299 | |||
300 | /** |
||
301 | * Get type name |
||
302 | * |
||
303 | * @param mixed $type |
||
304 | * |
||
305 | * @return string|array |
||
306 | */ |
||
307 | public static function getTypeName($type = null) |
||
308 | { |
||
309 | $result = [ |
||
310 | Item::TYPE_PERMISSION => 'Permission', |
||
311 | Item::TYPE_ROLE => 'Role', |
||
312 | ]; |
||
313 | |||
314 | if ($type === null) { |
||
315 | return $result; |
||
316 | } |
||
317 | |||
318 | return $result[$type]; |
||
319 | } |
||
320 | } |
||
321 |
This check looks for type mismatches where the missing type is
false
. This is usually indicative of an error condtion.Consider the follow example
This function either returns a new
DateTime
object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returnedfalse
before passing on the value to another function or method that may not be able to handle afalse
.