Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 42 |
|
0.00% |
0 / 4 |
CRAP | |
0.00% |
0 / 1 |
| UrlParameterSigning | |
0.00% |
0 / 42 |
|
0.00% |
0 / 4 |
650 | |
0.00% |
0 / 1 |
| readResponse | |
0.00% |
0 / 20 |
|
0.00% |
0 / 1 |
72 | |||
| testData | |
0.00% |
0 / 2 |
|
0.00% |
0 / 1 |
12 | |||
| testScopeList | |
0.00% |
0 / 10 |
|
0.00% |
0 / 1 |
56 | |||
| testClusterList | |
0.00% |
0 / 10 |
|
0.00% |
0 / 1 |
56 | |||
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * @copyright BerlinOnline Stadtportal GmbH & Co. KG |
| 5 | **/ |
| 6 | |
| 7 | declare(strict_types=1); |
| 8 | |
| 9 | namespace BO\Zmsadmin; |
| 10 | |
| 11 | use BO\Mellon\Validator; |
| 12 | use BO\Slim\Helper; |
| 13 | use BO\Slim\Render; |
| 14 | use BO\Zmsadmin\Exception\BadRequest; |
| 15 | use BO\Zmsadmin\Exception\NotAllowed; |
| 16 | use BO\Zmsentities\Department; |
| 17 | use BO\Zmsentities\Exception\UserAccountAccessRightsFailed; |
| 18 | use BO\Zmsentities\Helper\Property; |
| 19 | use Psr\Http\Message\RequestInterface; |
| 20 | use Psr\Http\Message\ResponseInterface; |
| 21 | |
| 22 | /** |
| 23 | * returning Signatures for signing requests |
| 24 | */ |
| 25 | class UrlParameterSigning extends BaseController |
| 26 | { |
| 27 | /** |
| 28 | * @SuppressWarnings(UnusedFormalParameter) |
| 29 | * @param \Psr\Http\Message\ServerRequestInterface $request |
| 30 | * @return \Psr\Http\Message\ResponseInterface |
| 31 | */ |
| 32 | #[\Override] |
| 33 | public function readResponse( |
| 34 | RequestInterface $request, |
| 35 | ResponseInterface $response, |
| 36 | array $args |
| 37 | ): \Psr\Http\Message\ResponseInterface { |
| 38 | $validator = $request->getAttribute('validator'); |
| 39 | $data = $validator->getInput()->isJson()->assertValid()->getValue(); |
| 40 | $this->testData($data); |
| 41 | |
| 42 | $workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => 0])->getEntity(); |
| 43 | $collections = isset($data['parameters']['collections']) ? $data['parameters']['collections'] : []; |
| 44 | |
| 45 | $hasScopeList = (isset($collections['scopelist']) && strlen($collections['scopelist']) > 0); |
| 46 | $hasClusterList = (isset($collections['clusterlist']) && strlen($collections['clusterlist']) > 0); |
| 47 | $hasValidScopeId = ( |
| 48 | isset($workstation['scope']['id']) && |
| 49 | !Validator::value($workstation['scope']['id'])->isNumber()->hasFailed() |
| 50 | ); |
| 51 | |
| 52 | if (($hasScopeList || $hasClusterList) && $hasValidScopeId) { |
| 53 | $organisation = \App::$http->readGetResult( |
| 54 | '/scope/' . $workstation['scope']['id'] . '/organisation/', |
| 55 | ['resolveReferences' => 3] |
| 56 | )->getEntity(); |
| 57 | |
| 58 | $this->testScopeList($organisation, $collections); |
| 59 | $this->testClusterList($organisation, $collections); |
| 60 | } |
| 61 | |
| 62 | $data['hmac'] = Helper::hashQueryParameters($data['section'], $data['parameters'], ['collections', 'queue']); |
| 63 | return Render::withJson($response, $data); |
| 64 | } |
| 65 | |
| 66 | private function testData($data) |
| 67 | { |
| 68 | if (!isset($data['section']) || !isset($data['parameters'])) { |
| 69 | throw new BadRequest(); |
| 70 | } |
| 71 | } |
| 72 | |
| 73 | private function testScopeList($organisation, $collections) |
| 74 | { |
| 75 | $scopeIds = []; |
| 76 | foreach ($organisation->departments as $departmentData) { |
| 77 | $department = (new Department($departmentData))->withCompleteScopeList(); |
| 78 | if (Property::__keyExists('scopes', $department)) { |
| 79 | foreach ($department['scopes'] as $scope) { |
| 80 | $scopeIds[$scope['id']] = $scope['id']; |
| 81 | } |
| 82 | } |
| 83 | } |
| 84 | if (isset($collections['scopelist']) && strlen($collections['scopelist']) > 0) { |
| 85 | $requestedIds = explode(',', $collections['scopelist']); |
| 86 | if (count(array_diff($requestedIds, $scopeIds)) > 0) { |
| 87 | throw new UserAccountAccessRightsFailed(); |
| 88 | } |
| 89 | } |
| 90 | } |
| 91 | |
| 92 | private function testClusterList($organisation, $collections) |
| 93 | { |
| 94 | $clusterIds = []; |
| 95 | foreach ($organisation->departments as $departmentData) { |
| 96 | $department = (new Department($departmentData))->withCompleteScopeList(); |
| 97 | if (Property::__keyExists('clusters', $department)) { |
| 98 | foreach ($department['clusters'] as $cluster) { |
| 99 | $clusterIds[$cluster['id']] = $cluster['id']; |
| 100 | } |
| 101 | } |
| 102 | } |
| 103 | if (isset($collections['clusterlist']) && strlen($collections['clusterlist']) > 0) { |
| 104 | $requestedIds = explode(',', $collections['clusterlist']); |
| 105 | if (count(array_diff($requestedIds, $clusterIds)) > 0) { |
| 106 | throw new UserAccountAccessRightsFailed(); |
| 107 | } |
| 108 | } |
| 109 | } |
| 110 | } |