Code Coverage for /__w/eappointment/eappointment/zmsstatistic/src/Zmsstatistic/Helper/Access.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	54.10% covered (warning)	54.10%	33 / 61	80.00% covered (warning)	80.00%	8 / 10	CRAP	0.00% covered (danger)	0.00%	0 / 1
Access	54.10% covered (warning)	54.10%	33 / 61	80.00% covered (warning)	80.00%	8 / 10	138.32	0.00% covered (danger)	0.00%	0 / 1
initAccessRights	100.00% covered (success)	100.00%	6 / 6	100.00% covered (success)	100.00%	1 / 1	4
readWorkstation	100.00% covered (success)	100.00%	2 / 2	100.00% covered (success)	100.00%	1 / 1	2
readDepartment	100.00% covered (success)	100.00%	4 / 4	100.00% covered (success)	100.00%	1 / 1	2
readOrganisation	100.00% covered (success)	100.00%	4 / 4	100.00% covered (success)	100.00%	1 / 1	2
readOwner	100.00% covered (success)	100.00%	4 / 4	100.00% covered (success)	100.00%	1 / 1	2
validateAccessRights	100.00% covered (success)	100.00%	3 / 3	100.00% covered (success)	100.00%	1 / 1	1
validateAccess	100.00% covered (success)	100.00%	4 / 4	100.00% covered (success)	100.00%	1 / 1	7
validateScope	66.67% covered (warning)	66.67%	2 / 3	0.00% covered (danger)	0.00%	0 / 1	4.59
isPathWithoutScope	100.00% covered (success)	100.00%	4 / 4	100.00% covered (success)	100.00%	1 / 1	3
testLogin	0.00% covered (danger)	0.00%	0 / 27	0.00% covered (danger)	0.00%	0 / 1	42

1	<?php
2
3	/**
4	*
5	* @package zmsstatistic
6	* @copyright BerlinOnline Stadtportal GmbH & Co. KG
7	*
8	*/
9
10	namespace BO\Zmsstatistic\Helper;
11
12	use BO\Zmsclient\Auth;
13	use BO\Zmsentities\Exception\UserAccountAccessRightsFailed;
14	use BO\Zmsentities\Exception\WorkstationMissingScope;
15	use BO\Zmsentities\Useraccount;
16	use BO\Zmsentities\Workstation;
17
18	class Access extends \BO\Slim\Controller
19	{
20	protected $workstation = null;
21
22	protected $organisation = null;
23
24	protected $department = null;
25
26	protected $resolveLevel = 2;
27
28	protected $withAccess = true;
29
30	protected $owner = null;
31
32	protected function initAccessRights($request)
33	{
34	$this->workstation = $this->readWorkstation();
35	if ($this->workstation && isset($this->workstation->scope['id']) && $this->workstation->scope['id'] > 0) {
36	$this->department = $this->readDepartment();
37	$this->organisation = $this->readOrganisation();
38	$this->owner = $this->readOwner();
39	}
40	$this->validateAccessRights($request);
41	}
42
43	protected function readWorkstation()
44	{
45	$workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => $this->resolveLevel]);
46	return ($workstation) ? $workstation->getEntity() : null;
47	}
48
49	protected function readDepartment()
50	{
51	if ($this->workstation->getUseraccount()->hasRights(['departmentStats'])) {
52	return \App::$http
53	->readGetResult('/scope/' . $this->workstation->scope['id'] . '/department/')
54	->getEntity();
55	}
56	}
57
58	protected function readOrganisation()
59	{
60	if ($this->workstation->getUseraccount()->hasRights(['organisation'])) {
61	return \App::$http
62	->readGetResult('/department/' . $this->department->getId() . '/organisation/')
63	->getEntity();
64	}
65	}
66
67	protected function readOwner()
68	{
69	if ($this->workstation->getUseraccount()->isSuperUser()) {
70	return \App::$http
71	->readGetResult('/organisation/' . $this->organisation->getId() . '/owner/')
72	->getEntity();
73	}
74	}
75
76	protected function validateAccessRights($request)
77	{
78	$path = $request->getUri()->getPath();
79	$this->validateAccess($path);
80	$this->validateScope($path);
81	}
82
83	protected function validateAccess($path)
84	{
85	if (
86	(false !== strpos($path, 'owner') && ! $this->owner) \|\|
87	(false !== strpos($path, 'organisation') && ! $this->organisation) \|\|
88	(false !== strpos($path, 'department') && ! $this->department)
89	) {
90	throw new UserAccountAccessRightsFailed();
91	}
92	}
93
94	protected function validateScope($path)
95	{
96	if (
97	$this->isPathWithoutScope($path)
98	&& (! isset($this->workstation['scope']) \|\| ! isset($this->workstation['scope']['id']))
99	) {
100	throw new WorkstationMissingScope();
101	}
102	}
103
104	protected function isPathWithoutScope($path)
105	{
106	// TODO: refactor to integrate these access rules in the controller to make them visible
107	return (false === strpos($path, 'select')
108	&& false === strpos($path, 'warehouse')
109	&& false === strpos($path, 'logout')
110	);
111	}
112
113	protected function testLogin($input)
114	{
115	$userAccount = new Useraccount(array(
116	'id' => $input['loginName'],
117	'password' => $input['password'],
118	'departments' => array('id' => 0) // required in schema validation
119	));
120	try {
121	/** @var Workstation $workstation */
122	$workstation = \App::$http->readPostResult('/workstation/login/', $userAccount)->getEntity();
123	return $workstation;
124	} catch (\BO\Zmsclient\Exception $exception) {
125	$template = TwigExceptionHandler::getExceptionTemplate($exception);
126	if ('BO\Zmsentities\Exception\SchemaValidation' == $exception->template) {
127	$exceptionData = [
128	'template' => 'exception/bo/zmsapi/exception/useraccount/invalidcredentials.twig'
129	];
130	$exceptionData['data']['password']['messages'] = [
131	'Der Nutzername oder das Passwort wurden falsch eingegeben'
132	];
133	} elseif ('BO\Zmsapi\Exception\Useraccount\UserAlreadyLoggedIn' == $exception->template) {
134	Auth::setKey($exception->data['authkey'], time() + \App::SESSION_DURATION);
135	throw $exception;
136	} elseif (
137	'' != $exception->template
138	&& \App::$slim->getContainer()->get('view')->getLoader()->exists($template)
139	) {
140	$exceptionData = [
141	'template' => $template,
142	'data' => $exception->data
143	];
144	} else {
145	throw $exception;
146	}
147	}
148	return $exceptionData;
149	}
150	}