mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-07-01 14:04:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Used PHP_CS_Fixer with symfony preset on codebase.

Browse source
This commit is contained in:
Jan Böhmer 2019-03-20 23:16:07 +01:00
parent 0f3ba9b6a8
commit e2f7aafa2d
43 changed files with 971 additions and 1068 deletions
Download patch file Download diff file Expand all files Collapse all files

35
src/Security/Annotations/ColumnSecurity.php
View file

@ -1,9 +1,8 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
* http://www.cl-projects.de/.
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
@ -26,7 +25,6 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Security\Annotations;
@ -40,22 +38,20 @@ use Doctrine\Common\Annotations\Annotation;
*
* With these annotation you can restrict the access to certain coloumns in entities.
* The entity which should use this class has to use ElementListener as EntityListener.
*
* @package App\Annotations
*/
class ColumnSecurity
{
/**
* @var string The name of the edit permission
*/
public $edit = "edit";
public $edit = 'edit';
/**
* @var string The name of the read permission
*/
public $read = "read";
public $read = 'read';
/**
* @var string A prefix for all permission names (e.g. $prefix.edit, useful for Parts)
* @var string A prefix for all permission names (e.g..edit, useful for Parts)
*/
public $prefix = '';
@ -72,18 +68,19 @@ class ColumnSecurity
*/
public $type = 'string';
public function getReadOperationName() : string
public function getReadOperationName(): string
{
if($this->prefix !== '') {
return $this->prefix . '.' . $this->read;
if ('' !== $this->prefix) {
return $this->prefix.'.'.$this->read;
}
return $this->read;
}
public function getEditOperationName() : string
public function getEditOperationName(): string
{
if($this->prefix !== '') {
return $this->prefix . '.' . $this->edit;
if ('' !== $this->prefix) {
return $this->prefix.'.'.$this->edit;
}
return $this->edit;
@ -91,10 +88,8 @@ class ColumnSecurity
public function getPlaceholder()
{
if($this->placeholder === null)
{
switch($this->type)
{
if (null === $this->placeholder) {
switch ($this->type) {
case 'integer':
return 0;
case 'string':
@ -105,11 +100,11 @@ class ColumnSecurity
return false;
case 'datetime':
$date = new \DateTime();
return $date->setTimestamp(0);
}
}
return $this->placeholder;
}
}
}

36
src/Security/EntityListeners/ElementPermissionListener.php
View file

@ -1,9 +1,8 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
* http://www.cl-projects.de/.
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
@ -26,12 +25,10 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Security\EntityListeners;
use App\Security\Annotations\ColumnSecurity;
use App\Entity\DBElement;
use Doctrine\Common\Annotations\AnnotationReader;
@ -48,7 +45,6 @@ use Symfony\Component\Security\Core\Security;
*
* If a user does not have access to an coloumn, it will be filled, with a placeholder, after doctrine loading is finished.
* The edit process is also catched, so that these placeholders, does not get saved to database.
* @package App\EntityListeners
*/
class ElementPermissionListener
{
@ -59,14 +55,12 @@ class ElementPermissionListener
$this->security = $security;
}
/**
* @PostLoad
*
* This function is called after doctrine filled, the entity properties with db values.
* We use this, to check if the user is allowed to access these properties, and if not, we write a placeholder
* into the element properties, so that a user only gets non sensitve data.
*
*/
public function postLoadHandler(DBElement $element, LifecycleEventArgs $event)
{
@ -75,19 +69,16 @@ class ElementPermissionListener
$properties = $reflectionClass->getProperties();
$reader = new AnnotationReader();
foreach($properties as $property)
{
foreach ($properties as $property) {
/**
* @var ColumnSecurity $annotation
* @var ColumnSecurity
*/
$annotation = $reader->getPropertyAnnotation($property,
ColumnSecurity::class);
if($annotation !== null)
{
if (null !== $annotation) {
//Check if user is allowed to read info, otherwise apply placeholder
if(!$this->security->isGranted($annotation->getReadOperationName(), $element))
{
if (!$this->security->isGranted($annotation->getReadOperationName(), $element)) {
$property->setAccessible(true);
$property->setValue($element, $annotation->getPlaceholder());
}
@ -106,28 +97,23 @@ class ElementPermissionListener
$properties = $reflectionClass->getProperties();
$reader = new AnnotationReader();
foreach($properties as $property)
{
foreach ($properties as $property) {
/**
* @var ColumnSecurity $annotation
* @var ColumnSecurity
*/
$annotation = $reader->getPropertyAnnotation($property,
ColumnSecurity::class);
if($annotation !== null)
{
if (null !== $annotation) {
$field_name = $property->getName();
//Check if user is allowed to edit info, otherwise overwrite the new value
// so that nothing is changed in the DB.
if($event->hasChangedField($field_name) &&
!$this->security->isGranted($annotation->getEditOperationName(), $element))
{
if ($event->hasChangedField($field_name) &&
!$this->security->isGranted($annotation->getEditOperationName(), $element)) {
$event->setNewValue($field_name, $event->getOldValue($field_name));
}
}
}
}
}
}

9
src/Security/Interfaces/HasPermissionsInterface.php
View file

@ -1,9 +1,8 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
* http://www.cl-projects.de/.
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
@ -26,15 +25,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Security\Interfaces;
use App\Entity\PermissionsEmbed;
interface HasPermissionsInterface
{
public function getPermissions() : PermissionsEmbed;
}
public function getPermissions(): PermissionsEmbed;
}

14
src/Security/Voter/ExtendedVoter.php
View file

@ -1,9 +1,8 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
* http://www.cl-projects.de/.
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
@ -26,12 +25,10 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Security\Voter;
use App\Entity\User;
use App\Services\PermissionResolver;
use Doctrine\ORM\EntityManagerInterface;
@ -40,7 +37,6 @@ use Symfony\Component\Security\Core\Authorization\Voter\Voter;
/**
* The purpose of this class is, to use the anonymous user from DB in the case, that nobody is logged in.
* @package App\Security\Voter
*/
abstract class ExtendedVoter extends Voter
{
@ -63,7 +59,7 @@ abstract class ExtendedVoter extends Voter
// if the user is anonymous, we use the anonymous user.
if (!$user instanceof User) {
$user = $this->entityManager->find(User::class, User::ID_ANONYMOUS);
if($user === null) {
if (null === $user) {
return false;
}
}
@ -74,10 +70,12 @@ abstract class ExtendedVoter extends Voter
/**
* Similar to voteOnAttribute, but checking for the anonymous user is already done.
* The current user (or the anonymous user) is passed by $user.
*
* @param $attribute
* @param $subject
* @param User $user
*
* @return bool
*/
abstract protected function voteOnUser($attribute, $subject, User $user) : bool;
}
abstract protected function voteOnUser($attribute, $subject, User $user): bool;
}

27
src/Security/Voter/PartVoter.php
View file

@ -2,26 +2,18 @@
namespace App\Security\Voter;
use App\Configuration\PermissionsConfiguration;
use App\Entity\Part;
use App\Entity\User;
use App\Services\PermissionResolver;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* A Voter that votes on Part entities.
*
* See parts permissions for valid operations.
*
* @package App\Security\Voter
*/
class PartVoter extends ExtendedVoter
{
const READ = "read";
const READ = 'read';
protected function supports($attribute, $subject)
{
@ -29,31 +21,28 @@ class PartVoter extends ExtendedVoter
// https://symfony.com/doc/current/security/voters.html
//return ($subject instanceof Part || in_array($subject, ['PERM_parts', 'PERM_parts_name']));
if ($subject instanceof Part)
{
if ($subject instanceof Part) {
//Check if a sub permission should be checked -> $attribute has format name.edit
if(strpos($attribute, '.') !== false) {
if (false !== strpos($attribute, '.')) {
[$perm, $op] = explode('.', $attribute);
return in_array($op, $this->resolver->listOperationsForPermission('parts_'.$perm), false);
}
return in_array($attribute, $this->resolver->listOperationsForPermission('parts'), false);
}
return false;
}
protected function voteOnUser($attribute, $subject, User $user): bool
{
if($subject instanceof Part) {
if ($subject instanceof Part) {
//Check for sub permissions
if(strpos($attribute, '.') !== false) {
if (false !== strpos($attribute, '.')) {
[$perm, $op] = explode('.', $attribute);
return $this->resolver->inherit($user, 'parts_'. $perm, $op) ?? false;
return $this->resolver->inherit($user, 'parts_'.$perm, $op) ?? false;
}
//Null concealing operator means, that no

25
src/Security/Voter/UserVoter.php
View file

@ -1,9 +1,8 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
* http://www.cl-projects.de/.
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
@ -26,29 +25,25 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Security\Voter;
use App\Entity\User;
class UserVoter extends ExtendedVoter
{
/**
* Determines if the attribute and subject are supported by this voter.
*
* @param string $attribute An attribute
* @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
* @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
*
* @return bool True if the attribute and subject are supported, false otherwise
*/
protected function supports($attribute, $subject)
{
if($subject instanceof User)
{
if ($subject instanceof User) {
return in_array($attribute, array_merge(
$this->resolver->listOperationsForPermission('users'),
$this->resolver->listOperationsForPermission('self')),
@ -62,23 +57,25 @@ class UserVoter extends ExtendedVoter
/**
* Similar to voteOnAttribute, but checking for the anonymous user is already done.
* The current user (or the anonymous user) is passed by $user.
*
* @param $attribute
* @param $subject
* @param User $user
*
* @return bool
*/
protected function voteOnUser($attribute, $subject, User $user): bool
{
if($subject instanceof User)
{
if ($subject instanceof User) {
//Check if the checked user is the user itself
if($subject->getID() === $user->getID() &&
if ($subject->getID() === $user->getID() &&
$this->resolver->isValidOperation('self', $attribute)) {
//Then we also need to check the self permission
$tmp = $this->resolver->inherit($user, 'self', $attribute) ?? false;
//But if the self value is not allowed then use just the user value:
if($tmp)
if ($tmp) {
return $tmp;
}
}
//Else just check users permission:
return $this->resolver->inherit($user, 'users', $attribute) ?? false;
@ -86,6 +83,4 @@ class UserVoter extends ExtendedVoter
return false;
}
}
}