mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-07-01 14:04:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Applied code style rules to src/

Browse source
This commit is contained in:
Jan Böhmer 2020-01-05 15:46:58 +01:00
parent 700c049d26
commit f861de791f
186 changed files with 1462 additions and 1059 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/Security/Annotations/ColumnSecurity.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*

197
src/Security/EntityListeners/ElementPermissionListener.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
@ -63,6 +66,100 @@ class ElementPermissionListener
$this->perm_cache = [];
}
/**
* @PostLoad
* @ORM\PostUpdate()
* This function is called after doctrine filled, the entity properties with db values.
* We use this, to check if the user is allowed to access these properties, and if not, we write a placeholder
* into the element properties, so that a user only gets non sensitve data.
*
* This function is also called after an entity was updated, so we dont show the original data to user,
* after an update.
*/
public function postLoadHandler(DBElement $element, LifecycleEventArgs $event): void
{
//Do nothing if security is disabled
if ($this->disabled) {
return;
}
//Read Annotations and properties.
$reflectionClass = new ReflectionClass($element);
$properties = $reflectionClass->getProperties();
foreach ($properties as $property) {
/** @var ColumnSecurity */
$annotation = $this->reader->getPropertyAnnotation(
$property,
ColumnSecurity::class
);
//Check if user is allowed to read info, otherwise apply placeholder
if ((null !== $annotation) && ! $this->isGranted('read', $annotation, $element)) {
$property->setAccessible(true);
$value = $annotation->getPlaceholder();
//Detach placeholder entities, so we dont get cascade errors
if ($value instanceof DBElement) {
$this->em->detach($value);
}
$property->setValue($element, $value);
}
}
}
/**
* @ORM\PreFlush()
* This function is called before flushing. We use it, to remove all placeholders.
* We do it here and not in preupdate, because this is called before calculating the changeset,
* and so we dont get problems with orphan removal.
*/
public function preFlushHandler(DBElement $element, PreFlushEventArgs $eventArgs): void
{
//Do nothing if security is disabled
if ($this->disabled) {
return;
}
$em = $eventArgs->getEntityManager();
$unitOfWork = $eventArgs->getEntityManager()->getUnitOfWork();
$reflectionClass = new ReflectionClass($element);
$properties = $reflectionClass->getProperties();
$old_data = $unitOfWork->getOriginalEntityData($element);
foreach ($properties as $property) {
$annotation = $this->reader->getPropertyAnnotation(
$property,
ColumnSecurity::class
);
$changed = false;
//Only set the field if it has an annotation
if (null !== $annotation) {
$property->setAccessible(true);
//If the user is not allowed to edit or read this property, reset all values.
if ((! $this->isGranted('read', $annotation, $element)
|| ! $this->isGranted('edit', $annotation, $element))) {
//Set value to old value, so that there a no change to this property
if (isset($old_data[$property->getName()])) {
$property->setValue($element, $old_data[$property->getName()]);
$changed = true;
}
}
if ($changed) {
//Schedule for update, so the post update method will be called
$unitOfWork->scheduleForUpdate($element);
}
}
}
}
/**
* This function checks if the current script is run from web or from a terminal.
*
@ -70,7 +167,7 @@ class ElementPermissionListener
*/
protected function isRunningFromCLI()
{
if (empty($_SERVER['REMOTE_ADDR']) && !isset($_SERVER['HTTP_USER_AGENT']) && \count($_SERVER['argv']) > 0) {
if (empty($_SERVER['REMOTE_ADDR']) && ! isset($_SERVER['HTTP_USER_AGENT']) && \count($_SERVER['argv']) > 0) {
return true;
}
@ -103,106 +200,10 @@ class ElementPermissionListener
}
//Check if we have already have saved the permission, otherwise save it to cache
if (!isset($this->perm_cache[$mode][\get_class($element)][$operation])) {
if (! isset($this->perm_cache[$mode][\get_class($element)][$operation])) {
$this->perm_cache[$mode][\get_class($element)][$operation] = $this->security->isGranted($operation, $element);
}
return $this->perm_cache[$mode][\get_class($element)][$operation];
}
/**
* @PostLoad
* @ORM\PostUpdate()
* This function is called after doctrine filled, the entity properties with db values.
* We use this, to check if the user is allowed to access these properties, and if not, we write a placeholder
* into the element properties, so that a user only gets non sensitve data.
*
* This function is also called after an entity was updated, so we dont show the original data to user,
* after an update.
*/
public function postLoadHandler(DBElement $element, LifecycleEventArgs $event)
{
//Do nothing if security is disabled
if ($this->disabled) {
return;
}
//Read Annotations and properties.
$reflectionClass = new ReflectionClass($element);
$properties = $reflectionClass->getProperties();
foreach ($properties as $property) {
/**
* @var ColumnSecurity
*/
$annotation = $this->reader->getPropertyAnnotation(
$property,
ColumnSecurity::class
);
//Check if user is allowed to read info, otherwise apply placeholder
if ((null !== $annotation) && !$this->isGranted('read', $annotation, $element)) {
$property->setAccessible(true);
$value = $annotation->getPlaceholder();
//Detach placeholder entities, so we dont get cascade errors
if ($value instanceof DBElement) {
$this->em->detach($value);
}
$property->setValue($element, $value);
}
}
}
/**
* @ORM\PreFlush()
* This function is called before flushing. We use it, to remove all placeholders.
* We do it here and not in preupdate, because this is called before calculating the changeset,
* and so we dont get problems with orphan removal.
*/
public function preFlushHandler(DBElement $element, PreFlushEventArgs $eventArgs)
{
//Do nothing if security is disabled
if ($this->disabled) {
return;
}
$em = $eventArgs->getEntityManager();
$unitOfWork = $eventArgs->getEntityManager()->getUnitOfWork();
$reflectionClass = new ReflectionClass($element);
$properties = $reflectionClass->getProperties();
$old_data = $unitOfWork->getOriginalEntityData($element);
foreach ($properties as $property) {
$annotation = $this->reader->getPropertyAnnotation(
$property,
ColumnSecurity::class
);
$changed = false;
//Only set the field if it has an annotation
if (null !== $annotation) {
$property->setAccessible(true);
//If the user is not allowed to edit or read this property, reset all values.
if ((!$this->isGranted('read', $annotation, $element)
|| !$this->isGranted('edit', $annotation, $element))) {
//Set value to old value, so that there a no change to this property
if (isset($old_data[$property->getName()])) {
$property->setValue($element, $old_data[$property->getName()]);
$changed = true;
}
}
if ($changed) {
//Schedule for update, so the post update method will be called
$unitOfWork->scheduleForUpdate($element);
}
}
}
}
}

3
src/Security/Interfaces/HasPermissionsInterface.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*

9
src/Security/UserChecker.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
@ -38,7 +41,7 @@ class UserChecker implements UserCheckerInterface
*
* @throws AccountStatusException
*/
public function checkPreAuth(UserInterface $user)
public function checkPreAuth(UserInterface $user): void
{
// TODO: Implement checkPreAuth() method.
}
@ -48,9 +51,9 @@ class UserChecker implements UserCheckerInterface
*
* @throws AccountStatusException
*/
public function checkPostAuth(UserInterface $user)
public function checkPostAuth(UserInterface $user): void
{
if (!$user instanceof User) {
if (! $user instanceof User) {
return;
}

3
src/Security/Voter/AttachmentVoter.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*

5
src/Security/Voter/ExtendedVoter.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
@ -55,7 +58,7 @@ abstract class ExtendedVoter extends Voter
}
// if the user is anonymous, we use the anonymous user.
if (!$user instanceof User) {
if (! $user instanceof User) {
$repo = $this->entityManager->getRepository(User::class);
$user = $repo->getAnonymousUser();
if (null === $user) {

3
src/Security/Voter/GroupVoter.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*

3
src/Security/Voter/PartVoter.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*

3
src/Security/Voter/PermissionVoter.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*

5
src/Security/Voter/StructureVoter.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*
@ -54,7 +57,7 @@ class StructureVoter extends ExtendedVoter
/**
* Maps a instance type to the permission name.
*
* @param $subject mixed The subject for which the permission name should be generated
* @param mixed $subject The subject for which the permission name should be generated
*
* @return string|null the name of the permission for the subject's type or null, if the subject is not supported
*/

3
src/Security/Voter/UserVoter.php
View file

@ -1,4 +1,7 @@
<?php
declare(strict_types=1);
/**
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
*