This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace yii2mod\rbac\models; |
||
4 | |||
5 | use Yii; |
||
6 | use yii\base\BaseObject; |
||
7 | use yii\base\Controller; |
||
8 | use yii\base\Module; |
||
9 | use yii\caching\TagDependency; |
||
10 | use yii\helpers\VarDumper; |
||
11 | |||
12 | /** |
||
13 | * Class RouteModel |
||
14 | * |
||
15 | * @package yii2mod\rbac\models |
||
16 | */ |
||
17 | class RouteModel extends BaseObject |
||
18 | { |
||
19 | /** |
||
20 | * @var string cache tag |
||
21 | */ |
||
22 | const CACHE_TAG = 'yii2mod.rbac.route'; |
||
23 | |||
24 | /** |
||
25 | * @var \yii\caching\Cache |
||
26 | */ |
||
27 | public $cache; |
||
28 | |||
29 | /** |
||
30 | * @var int cache duration |
||
31 | */ |
||
32 | public $cacheDuration = 3600; |
||
33 | |||
34 | /** |
||
35 | * @var array list of module IDs that will be excluded |
||
36 | */ |
||
37 | public $excludeModules = []; |
||
38 | |||
39 | /** |
||
40 | * @var \yii\rbac\ManagerInterface |
||
41 | */ |
||
42 | protected $manager; |
||
43 | |||
44 | /** |
||
45 | * RouteModel constructor. |
||
46 | * |
||
47 | * @param array $config |
||
48 | */ |
||
49 | public function __construct(array $config = []) |
||
50 | { |
||
51 | $this->cache = Yii::$app->cache; |
||
52 | $this->manager = Yii::$app->authManager; |
||
53 | |||
54 | parent::__construct($config); |
||
55 | } |
||
56 | |||
57 | /** |
||
58 | * Assign items |
||
59 | * |
||
60 | * @param array $routes |
||
61 | * |
||
62 | * @return bool |
||
63 | */ |
||
64 | View Code Duplication | public function addNew(array $routes): bool |
|
0 ignored issues
–
show
|
|||
65 | { |
||
66 | foreach ($routes as $route) { |
||
67 | $this->manager->add($this->manager->createPermission('/' . trim($route, ' /'))); |
||
68 | } |
||
69 | |||
70 | $this->invalidate(); |
||
71 | |||
72 | return true; |
||
73 | } |
||
74 | |||
75 | /** |
||
76 | * Remove items |
||
77 | * |
||
78 | * @param array $routes |
||
79 | * |
||
80 | * @return bool |
||
81 | */ |
||
82 | View Code Duplication | public function remove(array $routes): bool |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
83 | { |
||
84 | foreach ($routes as $route) { |
||
85 | $item = $this->manager->createPermission('/' . trim($route, '/')); |
||
86 | $this->manager->remove($item); |
||
87 | } |
||
88 | $this->invalidate(); |
||
89 | |||
90 | return true; |
||
91 | } |
||
92 | |||
93 | /** |
||
94 | * Get available and assigned routes |
||
95 | * |
||
96 | * @return array |
||
97 | */ |
||
98 | public function getAvailableAndAssignedRoutes(): array |
||
99 | { |
||
100 | $routes = $this->getAppRoutes(); |
||
101 | $exists = []; |
||
102 | |||
103 | foreach (array_keys($this->manager->getPermissions()) as $name) { |
||
104 | if ($name[0] !== '/') { |
||
105 | continue; |
||
106 | } |
||
107 | $exists[] = $name; |
||
108 | unset($routes[$name]); |
||
109 | } |
||
110 | |||
111 | return [ |
||
112 | 'available' => array_keys($routes), |
||
113 | 'assigned' => $exists, |
||
114 | ]; |
||
115 | } |
||
116 | |||
117 | /** |
||
118 | * Get list of application routes |
||
119 | * |
||
120 | * @param null|string $module |
||
121 | * |
||
122 | * @return array |
||
123 | */ |
||
124 | public function getAppRoutes(string $module = null): array |
||
125 | { |
||
126 | if ($module === null) { |
||
127 | $module = Yii::$app; |
||
128 | } else { |
||
129 | $module = Yii::$app->getModule($module); |
||
130 | } |
||
131 | |||
132 | $key = [__METHOD__, $module->getUniqueId()]; |
||
133 | $result = (($this->cache !== null) ? $this->cache->get($key) : false); |
||
134 | |||
135 | if ($result === false) { |
||
136 | $result = []; |
||
137 | $this->getRouteRecursive($module, $result); |
||
138 | if ($this->cache !== null) { |
||
139 | $this->cache->set($key, $result, $this->cacheDuration, new TagDependency([ |
||
140 | 'tags' => self::CACHE_TAG, |
||
141 | ])); |
||
142 | } |
||
143 | } |
||
144 | |||
145 | return $result; |
||
146 | } |
||
147 | |||
148 | /** |
||
149 | * Invalidate the cache |
||
150 | */ |
||
151 | public function invalidate() |
||
152 | { |
||
153 | if ($this->cache !== null) { |
||
154 | TagDependency::invalidate($this->cache, self::CACHE_TAG); |
||
155 | } |
||
156 | } |
||
157 | |||
158 | /** |
||
159 | * Get route(s) recursive |
||
160 | * |
||
161 | * @param Module $module |
||
162 | * @param array $result |
||
163 | */ |
||
164 | protected function getRouteRecursive(Module $module, &$result) |
||
165 | { |
||
166 | if (!in_array($module->id, $this->excludeModules)) { |
||
167 | $token = "Get Route of '" . get_class($module) . "' with id '" . $module->uniqueId . "'"; |
||
168 | Yii::beginProfile($token, __METHOD__); |
||
169 | |||
170 | try { |
||
171 | foreach ($module->getModules() as $id => $child) { |
||
172 | if (($child = $module->getModule($id)) !== null) { |
||
173 | $this->getRouteRecursive($child, $result); |
||
174 | } |
||
175 | } |
||
176 | |||
177 | foreach ($module->controllerMap as $id => $type) { |
||
178 | $this->getControllerActions($type, $id, $module, $result); |
||
179 | } |
||
180 | |||
181 | $namespace = trim($module->controllerNamespace, '\\') . '\\'; |
||
182 | $this->getControllerFiles($module, $namespace, '', $result); |
||
183 | $all = '/' . ltrim($module->uniqueId . '/*', '/'); |
||
184 | $result[$all] = $all; |
||
185 | } catch (\Exception $exc) { |
||
186 | Yii::error($exc->getMessage(), __METHOD__); |
||
187 | } |
||
188 | |||
189 | Yii::endProfile($token, __METHOD__); |
||
190 | } |
||
191 | } |
||
192 | |||
193 | /** |
||
194 | * Get list controllers under module |
||
195 | * |
||
196 | * @param Module $module |
||
197 | * @param string $namespace |
||
198 | * @param string $prefix |
||
199 | * @param mixed $result |
||
200 | */ |
||
201 | protected function getControllerFiles(Module $module, string $namespace, string $prefix, &$result) |
||
202 | { |
||
203 | $path = Yii::getAlias('@' . str_replace('\\', '/', $namespace), false); |
||
204 | $token = "Get controllers from '$path'"; |
||
205 | Yii::beginProfile($token, __METHOD__); |
||
206 | |||
207 | try { |
||
208 | if (!is_dir($path)) { |
||
209 | return; |
||
210 | } |
||
211 | |||
212 | foreach (scandir($path) as $file) { |
||
213 | if ($file == '.' || $file == '..') { |
||
214 | continue; |
||
215 | } |
||
216 | if (is_dir($path . '/' . $file) && preg_match('%^[a-z0-9_/]+$%i', $file . '/')) { |
||
217 | $this->getControllerFiles($module, $namespace . $file . '\\', $prefix . $file . '/', $result); |
||
218 | } elseif (strcmp(substr($file, -14), 'Controller.php') === 0) { |
||
219 | $baseName = substr(basename($file), 0, -14); |
||
220 | $name = strtolower(preg_replace('/(?<![A-Z])[A-Z]/', ' \0', $baseName)); |
||
221 | $id = ltrim(str_replace(' ', '-', $name), '-'); |
||
222 | $className = $namespace . $baseName . 'Controller'; |
||
223 | if (strpos($className, '-') === false && class_exists($className) && is_subclass_of($className, 'yii\base\Controller')) { |
||
224 | $this->getControllerActions($className, $prefix . $id, $module, $result); |
||
225 | } |
||
226 | } |
||
227 | } |
||
228 | } catch (\Exception $exc) { |
||
229 | Yii::error($exc->getMessage(), __METHOD__); |
||
230 | } |
||
231 | |||
232 | Yii::endProfile($token, __METHOD__); |
||
233 | } |
||
234 | |||
235 | /** |
||
236 | * Get list actions of controller |
||
237 | * |
||
238 | * @param mixed $type |
||
239 | * @param string $id |
||
240 | * @param Module $module |
||
241 | * @param mixed $result |
||
242 | */ |
||
243 | protected function getControllerActions($type, $id, Module $module, &$result) |
||
244 | { |
||
245 | $token = 'Create controller with config=' . VarDumper::dumpAsString($type) . " and id='$id'"; |
||
246 | Yii::beginProfile($token, __METHOD__); |
||
247 | |||
248 | try { |
||
249 | /* @var $controller Controller */ |
||
250 | $controller = Yii::createObject($type, [$id, $module]); |
||
0 ignored issues
–
show
$type is of type * , but the function expects a callable .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
251 | $this->getActionRoutes($controller, $result); |
||
252 | $all = "/{$controller->uniqueId}/*"; |
||
253 | $result[$all] = $all; |
||
254 | } catch (\Exception $exc) { |
||
255 | Yii::error($exc->getMessage(), __METHOD__); |
||
256 | } |
||
257 | |||
258 | Yii::endProfile($token, __METHOD__); |
||
259 | } |
||
260 | |||
261 | /** |
||
262 | * Get route of action |
||
263 | * |
||
264 | * @param Controller $controller |
||
265 | * @param array $result all controller action |
||
266 | */ |
||
267 | protected function getActionRoutes(Controller $controller, &$result) |
||
268 | { |
||
269 | $token = "Get actions of controller '" . $controller->uniqueId . "'"; |
||
270 | Yii::beginProfile($token, __METHOD__); |
||
271 | |||
272 | try { |
||
273 | $prefix = '/' . $controller->uniqueId . '/'; |
||
274 | foreach ($controller->actions() as $id => $value) { |
||
275 | $result[$prefix . $id] = $prefix . $id; |
||
276 | } |
||
277 | $class = new \ReflectionClass($controller); |
||
278 | |||
279 | foreach ($class->getMethods() as $method) { |
||
280 | $name = $method->getName(); |
||
281 | if ($method->isPublic() && !$method->isStatic() && strpos($name, 'action') === 0 && $name !== 'actions') { |
||
282 | $name = strtolower(preg_replace('/(?<![A-Z])[A-Z]/', ' \0', substr($name, 6))); |
||
283 | $id = $prefix . ltrim(str_replace(' ', '-', $name), '-'); |
||
284 | $result[$id] = $id; |
||
285 | } |
||
286 | } |
||
287 | } catch (\Exception $exc) { |
||
288 | Yii::error($exc->getMessage(), __METHOD__); |
||
289 | } |
||
290 | |||
291 | Yii::endProfile($token, __METHOD__); |
||
292 | } |
||
293 | } |
||
294 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.