Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
54.10% covered (warning)
54.10%
33 / 61
80.00% covered (warning)
80.00%
8 / 10
CRAP
0.00% covered (danger)
0.00%
0 / 1
Access
54.10% covered (warning)
54.10%
33 / 61
80.00% covered (warning)
80.00%
8 / 10
138.32
0.00% covered (danger)
0.00%
0 / 1
 initAccessRights
100.00% covered (success)
100.00%
6 / 6
100.00% covered (success)
100.00%
1 / 1
4
 readWorkstation
100.00% covered (success)
100.00%
2 / 2
100.00% covered (success)
100.00%
1 / 1
2
 readDepartment
100.00% covered (success)
100.00%
4 / 4
100.00% covered (success)
100.00%
1 / 1
2
 readOrganisation
100.00% covered (success)
100.00%
4 / 4
100.00% covered (success)
100.00%
1 / 1
2
 readOwner
100.00% covered (success)
100.00%
4 / 4
100.00% covered (success)
100.00%
1 / 1
2
 validateAccessRights
100.00% covered (success)
100.00%
3 / 3
100.00% covered (success)
100.00%
1 / 1
1
 validateAccess
100.00% covered (success)
100.00%
4 / 4
100.00% covered (success)
100.00%
1 / 1
7
 validateScope
66.67% covered (warning)
66.67%
2 / 3
0.00% covered (danger)
0.00%
0 / 1
4.59
 isPathWithoutScope
100.00% covered (success)
100.00%
4 / 4
100.00% covered (success)
100.00%
1 / 1
3
 testLogin
0.00% covered (danger)
0.00%
0 / 27
0.00% covered (danger)
0.00%
0 / 1
42
1<?php
2
3/**
4 *
5 * @package zmsstatistic
6 * @copyright BerlinOnline Stadtportal GmbH & Co. KG
7 *
8 */
9
10namespace BO\Zmsstatistic\Helper;
11
12use BO\Zmsclient\Auth;
13use BO\Zmsentities\Exception\UserAccountAccessRightsFailed;
14use BO\Zmsentities\Exception\WorkstationMissingScope;
15use BO\Zmsentities\Useraccount;
16use BO\Zmsentities\Workstation;
17
18class Access extends \BO\Slim\Controller
19{
20    protected $workstation = null;
21
22    protected $organisation = null;
23
24    protected $department = null;
25
26    protected $resolveLevel = 2;
27
28    protected $withAccess = true;
29
30    protected $owner = null;
31
32    protected function initAccessRights($request)
33    {
34        $this->workstation = $this->readWorkstation();
35        if ($this->workstation && isset($this->workstation->scope['id']) && $this->workstation->scope['id'] > 0) {
36            $this->department = $this->readDepartment();
37            $this->organisation = $this->readOrganisation();
38            $this->owner = $this->readOwner();
39        }
40        $this->validateAccessRights($request);
41    }
42
43    protected function readWorkstation()
44    {
45        $workstation = \App::$http->readGetResult('/workstation/', ['resolveReferences' => $this->resolveLevel]);
46        return ($workstation) ? $workstation->getEntity() : null;
47    }
48
49    protected function readDepartment()
50    {
51        if ($this->workstation->getUseraccount()->hasRights(['departmentStats'])) {
52            return \App::$http
53                ->readGetResult('/scope/' . $this->workstation->scope['id'] . '/department/')
54                ->getEntity();
55        }
56    }
57
58    protected function readOrganisation()
59    {
60        if ($this->workstation->getUseraccount()->hasRights(['organisation'])) {
61            return \App::$http
62                ->readGetResult('/department/' . $this->department->getId() . '/organisation/')
63                ->getEntity();
64        }
65    }
66
67    protected function readOwner()
68    {
69        if ($this->workstation->getUseraccount()->isSuperUser()) {
70            return \App::$http
71                ->readGetResult('/organisation/' . $this->organisation->getId() . '/owner/')
72                ->getEntity();
73        }
74    }
75
76    protected function validateAccessRights($request)
77    {
78        $path = $request->getUri()->getPath();
79        $this->validateAccess($path);
80        $this->validateScope($path);
81    }
82
83    protected function validateAccess($path)
84    {
85        if (
86            (false !== strpos($path, 'owner') && ! $this->owner) ||
87            (false !== strpos($path, 'organisation') && ! $this->organisation) ||
88            (false !== strpos($path, 'department') && ! $this->department)
89        ) {
90            throw new UserAccountAccessRightsFailed();
91        }
92    }
93
94    protected function validateScope($path)
95    {
96        if (
97            $this->isPathWithoutScope($path)
98            && (! isset($this->workstation['scope']) || ! isset($this->workstation['scope']['id']))
99        ) {
100            throw new WorkstationMissingScope();
101        }
102    }
103
104    protected function isPathWithoutScope($path)
105    {
106        // TODO: refactor to integrate these access rules in the controller to make them visible
107        return (false === strpos($path, 'select')
108            && false === strpos($path, 'warehouse')
109            && false === strpos($path, 'logout')
110        );
111    }
112
113    protected function testLogin($input)
114    {
115        $userAccount = new Useraccount(array(
116            'id' => $input['loginName'],
117            'password' => $input['password'],
118            'departments' => array('id' => 0) // required in schema validation
119        ));
120        try {
121            /** @var Workstation $workstation */
122            $workstation = \App::$http->readPostResult('/workstation/login/', $userAccount)->getEntity();
123            return $workstation;
124        } catch (\BO\Zmsclient\Exception $exception) {
125            $template = TwigExceptionHandler::getExceptionTemplate($exception);
126            if ('BO\Zmsentities\Exception\SchemaValidation' == $exception->template) {
127                $exceptionData = [
128                  'template' => 'exception/bo/zmsapi/exception/useraccount/invalidcredentials.twig'
129                ];
130                $exceptionData['data']['password']['messages'] = [
131                    'Der Nutzername oder das Passwort wurden falsch eingegeben'
132                ];
133            } elseif ('BO\Zmsapi\Exception\Useraccount\UserAlreadyLoggedIn' == $exception->template) {
134                Auth::setKey($exception->data['authkey'], time() + \App::SESSION_DURATION);
135                throw $exception;
136            } elseif (
137                '' != $exception->template
138                && \App::$slim->getContainer()->get('view')->getLoader()->exists($template)
139            ) {
140                $exceptionData = [
141                  'template' => $template,
142                  'data' => $exception->data
143                ];
144            } else {
145                throw $exception;
146            }
147        }
148        return $exceptionData;
149    }
150}