mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-28 04:30:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Applied rector with PHP8.1 migration rules

Browse source
This commit is contained in:
Jan Böhmer 2023-06-11 14:15:46 +02:00
parent dc6a67c2f0
commit 7ee01d9a05
303 changed files with 1228 additions and 3465 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/Security/EnsureSAMLUserForSAMLLoginChecker.php
View file

@ -29,11 +29,8 @@ use Symfony\Contracts\Translation\TranslatorInterface;
class EnsureSAMLUserForSAMLLoginChecker implements EventSubscriberInterface
{
private TranslatorInterface $translator;
public function __construct(TranslatorInterface $translator)
public function __construct(private readonly TranslatorInterface $translator)
{
$this->translator = $translator;
}
public static function getSubscribedEvents(): array
@ -53,10 +50,9 @@ class EnsureSAMLUserForSAMLLoginChecker implements EventSubscriberInterface
if ($user instanceof User && !$user->isSAMLUser()) {
throw new CustomUserMessageAccountStatusException($this->translator->trans('saml.error.cannot_login_local_user_per_saml', [], 'security'));
}
} else { //Ensure that you can not login locally with a SAML user (even if this should not happen, as the password is not set)
if ($user instanceof User && $user->isSamlUser()) {
throw new CustomUserMessageAccountStatusException($this->translator->trans('saml.error.cannot_login_saml_user_locally', [], 'security'));
}
} elseif ($user instanceof User && $user->isSamlUser()) {
//Ensure that you can not login locally with a SAML user (even if this should not happen, as the password is not set)
throw new CustomUserMessageAccountStatusException($this->translator->trans('saml.error.cannot_login_saml_user_locally', [], 'security'));
}
}
}

23
src/Security/SamlUserFactory.php
View file

@ -31,22 +31,14 @@ use Symfony\Component\Security\Core\User\UserInterface;
class SamlUserFactory implements SamlUserFactoryInterface, EventSubscriberInterface
{
private EntityManagerInterface $em;
private array $saml_role_mapping;
private bool $update_group_on_login;
private readonly array $saml_role_mapping;
public function __construct(EntityManagerInterface $entityManager, ?array $saml_role_mapping, bool $update_group_on_login)
public function __construct(private readonly EntityManagerInterface $em, ?array $saml_role_mapping, private readonly bool $update_group_on_login)
{
$this->em = $entityManager;
if ($saml_role_mapping) {
$this->saml_role_mapping = $saml_role_mapping;
} else {
$this->saml_role_mapping = [];
}
$this->update_group_on_login = $update_group_on_login;
$this->saml_role_mapping = $saml_role_mapping ?: [];
}
public const SAML_PASSWORD_PLACEHOLDER = '!!SAML!!';
final public const SAML_PASSWORD_PLACEHOLDER = '!!SAML!!';
public function createUser($username, array $attributes = []): UserInterface
{
@ -70,8 +62,6 @@ class SamlUserFactory implements SamlUserFactoryInterface, EventSubscriberInterf
/**
* This method is called after a successful authentication. It is used to update the group of the user,
* based on the new SAML attributes.
* @param AuthenticationSuccessEvent $event
* @return void
*/
public function onAuthenticationSuccess(AuthenticationSuccessEvent $event): void
{
@ -98,7 +88,6 @@ class SamlUserFactory implements SamlUserFactoryInterface, EventSubscriberInterf
/**
* Maps the given SAML attributes to a local group.
* @param array $attributes The SAML attributes
* @return Group|null
*/
public function mapSAMLAttributesToLocalGroup(array $attributes): ?Group
{
@ -109,7 +98,7 @@ class SamlUserFactory implements SamlUserFactoryInterface, EventSubscriberInterf
//Check if we can find a group with the given ID
if ($group_id !== null) {
$group = $this->em->find(Group::class, $group_id);
if ($group !== null) {
if ($group instanceof \App\Entity\UserSystem\Group) {
return $group;
}
}
@ -127,7 +116,7 @@ class SamlUserFactory implements SamlUserFactoryInterface, EventSubscriberInterf
*/
public function mapSAMLRolesToLocalGroupID(array $roles, array $map = null): ?int
{
$map = $map ?? $this->saml_role_mapping;
$map ??= $this->saml_role_mapping;
//Iterate over the mapping (from first to last) and check if we have a match
foreach ($map as $saml_role => $group_id) {

5
src/Security/UserChecker.php
View file

@ -31,11 +31,8 @@ use Symfony\Contracts\Translation\TranslatorInterface;
final class UserChecker implements UserCheckerInterface
{
private TranslatorInterface $translator;
public function __construct(TranslatorInterface $translator)
public function __construct(private readonly TranslatorInterface $translator)
{
$this->translator = $translator;
}
/**

30
src/Security/Voter/AttachmentVoter.php
View file

@ -45,12 +45,9 @@ use function in_array;
class AttachmentVoter extends ExtendedVoter
{
protected \Symfony\Bundle\SecurityBundle\Security $security;
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, \Symfony\Bundle\SecurityBundle\Security $security)
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, protected \Symfony\Bundle\SecurityBundle\Security $security)
{
parent::__construct($resolver, $entityManager);
$this->security = $security;
}
/**
@ -76,7 +73,7 @@ class AttachmentVoter extends ExtendedVoter
if (is_object($subject)) {
//If the attachment has no element (which should not happen), we deny access, as we can not determine if the user is allowed to access the associated element
$target_element = $subject->getElement();
if ($target_element) {
if ($target_element instanceof \App\Entity\Attachments\AttachmentContainingDBElement) {
return $this->security->isGranted($this->mapOperation($attribute), $target_element);
}
}
@ -112,7 +109,7 @@ class AttachmentVoter extends ExtendedVoter
$param = 'parts';
}
else {
throw new RuntimeException('Encountered unknown Parameter type: ' . (is_object($subject) ? get_class($subject) : $subject));
throw new RuntimeException('Encountered unknown Parameter type: ' . (is_object($subject) ? $subject::class : $subject));
}
return $this->resolver->inherit($user, $param, $this->mapOperation($attribute)) ?? false;
@ -123,21 +120,12 @@ class AttachmentVoter extends ExtendedVoter
private function mapOperation(string $attribute): string
{
switch ($attribute) {
//We can view the attachment if we can view the element
case 'read':
case 'view':
return 'read';
//We can edit/create/delete the attachment if we can edit the element
case 'edit':
case 'create':
case 'delete':
return 'edit';
case 'show_history':
return 'show_history';
}
throw new \RuntimeException('Encountered unknown attribute "'.$attribute.'" in AttachmentVoter!');
return match ($attribute) {
'read', 'view' => 'read',
'edit', 'create', 'delete' => 'edit',
'show_history' => 'show_history',
default => throw new \RuntimeException('Encountered unknown attribute "'.$attribute.'" in AttachmentVoter!'),
};
}
/**

11
src/Security/Voter/ExtendedVoter.php
View file

@ -34,13 +34,8 @@ use Symfony\Component\Security\Core\Authorization\Voter\Voter;
*/
abstract class ExtendedVoter extends Voter
{
protected EntityManagerInterface $entityManager;
protected PermissionManager $resolver;
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager)
public function __construct(protected PermissionManager $resolver, protected EntityManagerInterface $entityManager)
{
$this->resolver = $resolver;
$this->entityManager = $entityManager;
}
final protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
@ -57,7 +52,7 @@ abstract class ExtendedVoter extends Voter
/** @var UserRepository $repo */
$repo = $this->entityManager->getRepository(User::class);
$user = $repo->getAnonymousUser();
if (null === $user) {
if (!$user instanceof \App\Entity\UserSystem\User) {
return false;
}
}
@ -68,8 +63,6 @@ abstract class ExtendedVoter extends Voter
/**
* Similar to voteOnAttribute, but checking for the anonymous user is already done.
* The current user (or the anonymous user) is passed by $user.
*
* @param string $attribute
*/
abstract protected function voteOnUser(string $attribute, $subject, User $user): bool;
}

7
src/Security/Voter/LogEntryVoter.php
View file

@ -30,14 +30,11 @@ use Symfony\Component\Security\Core\Security;
class LogEntryVoter extends ExtendedVoter
{
public const ALLOWED_OPS = ['read', 'show_details', 'delete'];
final public const ALLOWED_OPS = ['read', 'show_details', 'delete'];
private \Symfony\Bundle\SecurityBundle\Security $security;
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, \Symfony\Bundle\SecurityBundle\Security $security)
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, private readonly \Symfony\Bundle\SecurityBundle\Security $security)
{
parent::__construct($resolver, $entityManager);
$this->security = $security;
}
protected function voteOnUser(string $attribute, $subject, User $user): bool

32
src/Security/Voter/OrderdetailVoter.php
View file

@ -49,12 +49,9 @@ use Symfony\Component\Security\Core\Security;
class OrderdetailVoter extends ExtendedVoter
{
protected \Symfony\Bundle\SecurityBundle\Security $security;
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, \Symfony\Bundle\SecurityBundle\Security $security)
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, protected \Symfony\Bundle\SecurityBundle\Security $security)
{
parent::__construct($resolver, $entityManager);
$this->security = $security;
}
protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element'];
@ -65,27 +62,16 @@ class OrderdetailVoter extends ExtendedVoter
throw new \RuntimeException('This voter can only handle Orderdetail objects!');
}
switch ($attribute) {
case 'read':
$operation = 'read';
break;
case 'edit': //As long as we can edit, we can also edit orderdetails
case 'create':
case 'delete':
$operation = 'edit';
break;
case 'show_history':
$operation = 'show_history';
break;
case 'revert_element':
$operation = 'revert_element';
break;
default:
throw new \RuntimeException('Encountered unknown operation "'.$attribute.'"!');
}
$operation = match ($attribute) {
'read' => 'read',
'edit', 'create', 'delete' => 'edit',
'show_history' => 'show_history',
'revert_element' => 'revert_element',
default => throw new \RuntimeException('Encountered unknown operation "'.$attribute.'"!'),
};
//If we have no part associated use the generic part permission
if (is_string($subject) || $subject->getPart() === null) {
if (is_string($subject) || !$subject->getPart() instanceof \App\Entity\Parts\Part) {
return $this->resolver->inherit($user, 'parts', $operation) ?? false;
}

40
src/Security/Voter/ParameterVoter.php
View file

@ -41,11 +41,8 @@ use Symfony\Component\Security\Core\Security;
class ParameterVoter extends ExtendedVoter
{
protected \Symfony\Bundle\SecurityBundle\Security $security;
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, \Symfony\Bundle\SecurityBundle\Security $security)
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, protected \Symfony\Bundle\SecurityBundle\Security $security)
{
$this->security = $security;
parent::__construct($resolver, $entityManager);
}
@ -60,31 +57,14 @@ class ParameterVoter extends ExtendedVoter
if (is_object($subject)) {
//If the attachment has no element (which should not happen), we deny access, as we can not determine if the user is allowed to access the associated element
$target_element = $subject->getElement();
if ($target_element !== null) {
//Depending on the operation delegate either to the attachments element or to the attachment permission
switch ($attribute) {
//We can view the attachment if we can view the element
case 'read':
case 'view':
$operation = 'read';
break;
//We can edit/create/delete the attachment if we can edit the element
case 'edit':
case 'create':
case 'delete':
$operation = 'edit';
break;
case 'show_history':
$operation = 'show_history';
break;
case 'revert_element':
$operation = 'revert_element';
break;
default:
throw new RuntimeException('Unknown operation: '.$attribute);
}
if ($target_element instanceof \App\Entity\Base\AbstractDBElement) {
$operation = match ($attribute) {
'read', 'view' => 'read',
'edit', 'create', 'delete' => 'edit',
'show_history' => 'show_history',
'revert_element' => 'revert_element',
default => throw new RuntimeException('Unknown operation: '.$attribute),
};
return $this->security->isGranted($operation, $target_element);
}
@ -118,7 +98,7 @@ class ParameterVoter extends ExtendedVoter
$param = 'parts';
}
else {
throw new RuntimeException('Encountered unknown Parameter type: ' . (is_object($subject) ? get_class($subject) : $subject));
throw new RuntimeException('Encountered unknown Parameter type: ' . (is_object($subject) ? $subject::class : $subject));
}
return $this->resolver->inherit($user, $param, $attribute) ?? false;

32
src/Security/Voter/PartLotVoter.php
View file

@ -49,12 +49,9 @@ use Symfony\Component\Security\Core\Security;
class PartLotVoter extends ExtendedVoter
{
protected \Symfony\Bundle\SecurityBundle\Security $security;
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, \Symfony\Bundle\SecurityBundle\Security $security)
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, protected \Symfony\Bundle\SecurityBundle\Security $security)
{
parent::__construct($resolver, $entityManager);
$this->security = $security;
}
protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element', 'withdraw', 'add', 'move'];
@ -78,27 +75,16 @@ class PartLotVoter extends ExtendedVoter
return $base_permission && $lot_permission;
}
switch ($attribute) {
case 'read':
$operation = 'read';
break;
case 'edit': //As long as we can edit, we can also edit orderdetails
case 'create':
case 'delete':
$operation = 'edit';
break;
case 'show_history':
$operation = 'show_history';
break;
case 'revert_element':
$operation = 'revert_element';
break;
default:
throw new \RuntimeException('Encountered unknown operation "'.$attribute.'"!');
}
$operation = match ($attribute) {
'read' => 'read',
'edit', 'create', 'delete' => 'edit',
'show_history' => 'show_history',
'revert_element' => 'revert_element',
default => throw new \RuntimeException('Encountered unknown operation "'.$attribute.'"!'),
};
//If we have no part associated use the generic part permission
if (is_string($subject) || $subject->getPart() === null) {
if (is_string($subject) || !$subject->getPart() instanceof \App\Entity\Parts\Part) {
return $this->resolver->inherit($user, 'parts', $operation) ?? false;
}

2
src/Security/Voter/PartVoter.php
View file

@ -32,7 +32,7 @@ use App\Entity\UserSystem\User;
*/
class PartVoter extends ExtendedVoter
{
public const READ = 'read';
final public const READ = 'read';
protected function supports($attribute, $subject): bool
{

32
src/Security/Voter/PricedetailVoter.php
View file

@ -49,12 +49,9 @@ use Symfony\Component\Security\Core\Security;
class PricedetailVoter extends ExtendedVoter
{
protected \Symfony\Bundle\SecurityBundle\Security $security;
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, \Symfony\Bundle\SecurityBundle\Security $security)
public function __construct(PermissionManager $resolver, EntityManagerInterface $entityManager, protected \Symfony\Bundle\SecurityBundle\Security $security)
{
parent::__construct($resolver, $entityManager);
$this->security = $security;
}
protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element'];
@ -65,27 +62,16 @@ class PricedetailVoter extends ExtendedVoter
throw new \RuntimeException('This voter can only handle Pricedetails objects!');
}
switch ($attribute) {
case 'read':
$operation = 'read';
break;
case 'edit': //As long as we can edit, we can also edit orderdetails
case 'create':
case 'delete':
$operation = 'edit';
break;
case 'show_history':
$operation = 'show_history';
break;
case 'revert_element':
$operation = 'revert_element';
break;
default:
throw new \RuntimeException('Encountered unknown operation "'.$attribute.'"!');
}
$operation = match ($attribute) {
'read' => 'read',
'edit', 'create', 'delete' => 'edit',
'show_history' => 'show_history',
'revert_element' => 'revert_element',
default => throw new \RuntimeException('Encountered unknown operation "'.$attribute.'"!'),
};
//If we have no part associated use the generic part permission
if (is_string($subject) || $subject->getOrderdetail() === null || $subject->getOrderdetail()->getPart() === null) {
if (is_string($subject) || !$subject->getOrderdetail() instanceof \App\Entity\PriceInformations\Orderdetail || !$subject->getOrderdetail()->getPart() instanceof \App\Entity\Parts\Part) {
return $this->resolver->inherit($user, 'parts', $operation) ?? false;
}

6
src/Security/Voter/StructureVoter.php
View file

@ -77,11 +77,7 @@ class StructureVoter extends ExtendedVoter
*/
protected function instanceToPermissionName($subject): ?string
{
if (!is_string($subject)) {
$class_name = get_class($subject);
} else {
$class_name = $subject;
}
$class_name = is_string($subject) ? $subject : $subject::class;
//If it is existing in index, we can skip the loop
if (isset(static::OBJ_PERM_MAP[$class_name])) {