Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
43.33% |
26 / 60 |
|
70.00% |
7 / 10 |
CRAP | |
0.00% |
0 / 1 |
| Access | |
43.33% |
26 / 60 |
|
70.00% |
7 / 10 |
218.33 | |
0.00% |
0 / 1 |
| initAccessRights | |
100.00% |
6 / 6 |
|
100.00% |
1 / 1 |
3 | |||
| readWorkstation | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
2 | |||
| readDepartment | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
2 | |||
| readOrganisation | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
2 | |||
| readOwner | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
2 | |||
| testAccessRights | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
1 | |||
| testAccess | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
7 | |||
| testScope | |
0.00% |
0 / 3 |
|
0.00% |
0 / 1 |
20 | |||
| isPathWithoutScope | |
0.00% |
0 / 4 |
|
0.00% |
0 / 1 |
12 | |||
| testLogin | |
0.00% |
0 / 27 |
|
0.00% |
0 / 1 |
42 | |||
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * |
| 5 | * @package zmsstatistic |
| 6 | * @copyright BerlinOnline Stadtportal GmbH & Co. KG |
| 7 | * |
| 8 | */ |
| 9 | |
| 10 | namespace BO\Zmsstatistic\Helper; |
| 11 | |
| 12 | use BO\Zmsclient\Auth; |
| 13 | use BO\Zmsentities\Exception\UserAccountAccessRightsFailed; |
| 14 | use BO\Zmsentities\Exception\WorkstationMissingScope; |
| 15 | use BO\Zmsentities\Useraccount; |
| 16 | use BO\Zmsentities\Workstation; |
| 17 | use BO\Zmsentities\Application; |
| 18 | |
| 19 | class Access extends \BO\Slim\Controller |
| 20 | { |
| 21 | protected $workstation = null; |
| 22 | |
| 23 | protected $organisation = null; |
| 24 | |
| 25 | protected $department = null; |
| 26 | |
| 27 | protected $resolveLevel = 2; |
| 28 | |
| 29 | protected $withAccess = true; |
| 30 | |
| 31 | protected $owner = null; |
| 32 | |
| 33 | protected function initAccessRights($request) |
| 34 | { |
| 35 | $this->workstation = $this->readWorkstation(); |
| 36 | if ($this->workstation && isset($this->workstation->scope['id'])) { |
| 37 | $this->department = $this->readDepartment(); |
| 38 | $this->organisation = $this->readOrganisation(); |
| 39 | $this->owner = $this->readOwner(); |
| 40 | } |
| 41 | $this->testAccessRights($request); |
| 42 | } |
| 43 | |
| 44 | protected function readWorkstation() |
| 45 | { |
| 46 | $workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => $this->resolveLevel]); |
| 47 | return ($workstation) ? $workstation->getEntity() : null; |
| 48 | } |
| 49 | |
| 50 | protected function readDepartment() |
| 51 | { |
| 52 | if ($this->workstation->getUseraccount()->hasRights(['department'])) { |
| 53 | return \App::$http |
| 54 | ->readGetResult('/scope/' . $this->workstation->scope['id'] . '/department/') |
| 55 | ->getEntity(); |
| 56 | } |
| 57 | } |
| 58 | |
| 59 | protected function readOrganisation() |
| 60 | { |
| 61 | if ($this->workstation->getUseraccount()->hasRights(['organisation'])) { |
| 62 | return \App::$http |
| 63 | ->readGetResult('/department/' . $this->department->getId() . '/organisation/') |
| 64 | ->getEntity(); |
| 65 | } |
| 66 | } |
| 67 | |
| 68 | protected function readOwner() |
| 69 | { |
| 70 | if ($this->workstation->getUseraccount()->isSuperUser()) { |
| 71 | return \App::$http |
| 72 | ->readGetResult('/organisation/' . $this->organisation->getId() . '/owner/') |
| 73 | ->getEntity(); |
| 74 | } |
| 75 | } |
| 76 | |
| 77 | protected function testAccessRights($request) |
| 78 | { |
| 79 | $path = $request->getUri()->getPath(); |
| 80 | $this->testAccess($path); |
| 81 | //$this->testScope($path); |
| 82 | } |
| 83 | |
| 84 | protected function testAccess($path) |
| 85 | { |
| 86 | if ( |
| 87 | (false !== strpos($path, 'owner') && ! $this->owner) || |
| 88 | (false !== strpos($path, 'organisation') && ! $this->organisation) || |
| 89 | (false !== strpos($path, 'department') && ! $this->department) |
| 90 | ) { |
| 91 | throw new UserAccountAccessRightsFailed(); |
| 92 | } |
| 93 | } |
| 94 | |
| 95 | protected function testScope($path) |
| 96 | { |
| 97 | if ( |
| 98 | $this->isPathWithoutScope($path) |
| 99 | && (! isset($this->workstation['scope']) || ! isset($this->workstation['scope']['id'])) |
| 100 | ) { |
| 101 | throw new WorkstationMissingScope(); |
| 102 | } |
| 103 | } |
| 104 | |
| 105 | protected function isPathWithoutScope($path) |
| 106 | { |
| 107 | // TODO: refactor to integrate these access rules in the controller to make them visible |
| 108 | return (false === strpos($path, 'select') |
| 109 | && false === strpos($path, 'warehouse') |
| 110 | && false === strpos($path, 'logout') |
| 111 | ); |
| 112 | } |
| 113 | |
| 114 | protected function testLogin($input) |
| 115 | { |
| 116 | $userAccount = new Useraccount(array( |
| 117 | 'id' => $input['loginName'], |
| 118 | 'password' => $input['password'], |
| 119 | 'departments' => array('id' => 0) // required in schema validation |
| 120 | )); |
| 121 | try { |
| 122 | /** @var Workstation $workstation */ |
| 123 | $workstation = \App::$http->readPostResult('/workstation/login/', $userAccount)->getEntity(); |
| 124 | return $workstation; |
| 125 | } catch (\BO\Zmsclient\Exception $exception) { |
| 126 | $template = TwigExceptionHandler::getExceptionTemplate($exception); |
| 127 | if ('BO\Zmsentities\Exception\SchemaValidation' == $exception->template) { |
| 128 | $exceptionData = [ |
| 129 | 'template' => 'exception/bo/zmsapi/exception/useraccount/invalidcredentials.twig' |
| 130 | ]; |
| 131 | $exceptionData['data']['password']['messages'] = [ |
| 132 | 'Der Nutzername oder das Passwort wurden falsch eingegeben' |
| 133 | ]; |
| 134 | } elseif ('BO\Zmsapi\Exception\Useraccount\UserAlreadyLoggedIn' == $exception->template) { |
| 135 | Auth::setKey($exception->data['authkey'], time() + \App::SESSION_DURATION); |
| 136 | throw $exception; |
| 137 | } elseif ( |
| 138 | '' != $exception->template |
| 139 | && \App::$slim->getContainer()->get('view')->getLoader()->exists($template) |
| 140 | ) { |
| 141 | $exceptionData = [ |
| 142 | 'template' => $template, |
| 143 | 'data' => $exception->data |
| 144 | ]; |
| 145 | } else { |
| 146 | throw $exception; |
| 147 | } |
| 148 | } |
| 149 | return $exceptionData; |
| 150 | } |
| 151 | } |