Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
54.10% |
33 / 61 |
|
80.00% |
8 / 10 |
CRAP | |
0.00% |
0 / 1 |
Access | |
54.10% |
33 / 61 |
|
80.00% |
8 / 10 |
138.32 | |
0.00% |
0 / 1 |
initAccessRights | |
100.00% |
6 / 6 |
|
100.00% |
1 / 1 |
4 | |||
readWorkstation | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
2 | |||
readDepartment | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
2 | |||
readOrganisation | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
2 | |||
readOwner | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
2 | |||
validateAccessRights | |
100.00% |
3 / 3 |
|
100.00% |
1 / 1 |
1 | |||
validateAccess | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
7 | |||
validateScope | |
66.67% |
2 / 3 |
|
0.00% |
0 / 1 |
4.59 | |||
isPathWithoutScope | |
100.00% |
4 / 4 |
|
100.00% |
1 / 1 |
3 | |||
testLogin | |
0.00% |
0 / 27 |
|
0.00% |
0 / 1 |
42 |
1 | <?php |
2 | |
3 | /** |
4 | * |
5 | * @package zmsstatistic |
6 | * @copyright BerlinOnline Stadtportal GmbH & Co. KG |
7 | * |
8 | */ |
9 | |
10 | namespace BO\Zmsstatistic\Helper; |
11 | |
12 | use BO\Zmsclient\Auth; |
13 | use BO\Zmsentities\Exception\UserAccountAccessRightsFailed; |
14 | use BO\Zmsentities\Exception\WorkstationMissingScope; |
15 | use BO\Zmsentities\Useraccount; |
16 | use BO\Zmsentities\Workstation; |
17 | |
18 | class Access extends \BO\Slim\Controller |
19 | { |
20 | protected $workstation = null; |
21 | |
22 | protected $organisation = null; |
23 | |
24 | protected $department = null; |
25 | |
26 | protected $resolveLevel = 2; |
27 | |
28 | protected $withAccess = true; |
29 | |
30 | protected $owner = null; |
31 | |
32 | protected function initAccessRights($request) |
33 | { |
34 | $this->workstation = $this->readWorkstation(); |
35 | if ($this->workstation && isset($this->workstation->scope['id']) && $this->workstation->scope['id'] > 0) { |
36 | $this->department = $this->readDepartment(); |
37 | $this->organisation = $this->readOrganisation(); |
38 | $this->owner = $this->readOwner(); |
39 | } |
40 | $this->validateAccessRights($request); |
41 | } |
42 | |
43 | protected function readWorkstation() |
44 | { |
45 | $workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => $this->resolveLevel]); |
46 | return ($workstation) ? $workstation->getEntity() : null; |
47 | } |
48 | |
49 | protected function readDepartment() |
50 | { |
51 | if ($this->workstation->getUseraccount()->hasRights(['departmentStats'])) { |
52 | return \App::$http |
53 | ->readGetResult('/scope/' . $this->workstation->scope['id'] . '/department/') |
54 | ->getEntity(); |
55 | } |
56 | } |
57 | |
58 | protected function readOrganisation() |
59 | { |
60 | if ($this->workstation->getUseraccount()->hasRights(['organisation'])) { |
61 | return \App::$http |
62 | ->readGetResult('/department/' . $this->department->getId() . '/organisation/') |
63 | ->getEntity(); |
64 | } |
65 | } |
66 | |
67 | protected function readOwner() |
68 | { |
69 | if ($this->workstation->getUseraccount()->isSuperUser()) { |
70 | return \App::$http |
71 | ->readGetResult('/organisation/' . $this->organisation->getId() . '/owner/') |
72 | ->getEntity(); |
73 | } |
74 | } |
75 | |
76 | protected function validateAccessRights($request) |
77 | { |
78 | $path = $request->getUri()->getPath(); |
79 | $this->validateAccess($path); |
80 | $this->validateScope($path); |
81 | } |
82 | |
83 | protected function validateAccess($path) |
84 | { |
85 | if ( |
86 | (false !== strpos($path, 'owner') && ! $this->owner) || |
87 | (false !== strpos($path, 'organisation') && ! $this->organisation) || |
88 | (false !== strpos($path, 'department') && ! $this->department) |
89 | ) { |
90 | throw new UserAccountAccessRightsFailed(); |
91 | } |
92 | } |
93 | |
94 | protected function validateScope($path) |
95 | { |
96 | if ( |
97 | $this->isPathWithoutScope($path) |
98 | && (! isset($this->workstation['scope']) || ! isset($this->workstation['scope']['id'])) |
99 | ) { |
100 | throw new WorkstationMissingScope(); |
101 | } |
102 | } |
103 | |
104 | protected function isPathWithoutScope($path) |
105 | { |
106 | // TODO: refactor to integrate these access rules in the controller to make them visible |
107 | return (false === strpos($path, 'select') |
108 | && false === strpos($path, 'warehouse') |
109 | && false === strpos($path, 'logout') |
110 | ); |
111 | } |
112 | |
113 | protected function testLogin($input) |
114 | { |
115 | $userAccount = new Useraccount(array( |
116 | 'id' => $input['loginName'], |
117 | 'password' => $input['password'], |
118 | 'departments' => array('id' => 0) // required in schema validation |
119 | )); |
120 | try { |
121 | /** @var Workstation $workstation */ |
122 | $workstation = \App::$http->readPostResult('/workstation/login/', $userAccount)->getEntity(); |
123 | return $workstation; |
124 | } catch (\BO\Zmsclient\Exception $exception) { |
125 | $template = TwigExceptionHandler::getExceptionTemplate($exception); |
126 | if ('BO\Zmsentities\Exception\SchemaValidation' == $exception->template) { |
127 | $exceptionData = [ |
128 | 'template' => 'exception/bo/zmsapi/exception/useraccount/invalidcredentials.twig' |
129 | ]; |
130 | $exceptionData['data']['password']['messages'] = [ |
131 | 'Der Nutzername oder das Passwort wurden falsch eingegeben' |
132 | ]; |
133 | } elseif ('BO\Zmsapi\Exception\Useraccount\UserAlreadyLoggedIn' == $exception->template) { |
134 | Auth::setKey($exception->data['authkey'], time() + \App::SESSION_DURATION); |
135 | throw $exception; |
136 | } elseif ( |
137 | '' != $exception->template |
138 | && \App::$slim->getContainer()->get('view')->getLoader()->exists($template) |
139 | ) { |
140 | $exceptionData = [ |
141 | 'template' => $template, |
142 | 'data' => $exception->data |
143 | ]; |
144 | } else { |
145 | throw $exception; |
146 | } |
147 | } |
148 | return $exceptionData; |
149 | } |
150 | } |