...
 
Commits (448)

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

......@@ -29,5 +29,8 @@ exclude_paths:
- "ACP3/Modules/ACP3/System/Resources/Assets/js/jquery.min.js"
- "ACP3/Modules/ACP3/System/Resources/Assets/js/js.cookie.js"
- "ACP3/Modules/ACP3/System/Resources/Assets/js/moment.min.js"
- "ACP3/Modules/ACP3/Wysiwygckeditor/Resources/Assets/js/ckeditor/plugins/**/*"
- "ACP3/Modules/ACP3/Wysiwygckeditor/Resources/Assets/js/ckeditor/**/*"
- "ACP3/Modules/ACP3/Wysiwygckeditor/Resources/Assets/js/ckeditor-plugins/**/*"
- "ACP3/Modules/ACP3/Wysiwygtinymce/Resources/Assets/js/tinymce/**/*"
- "node_modules/**/*"
- "vendor/**/*"
**/*min.js
ACP3/Modules/ACP3/Filemanager/libraries/kcfinder/*
ACP3/Modules/ACP3/Wysiwygckeditor/Resources/Assets/js/ckeditor/*
ACP3/Modules/ACP3/Wysiwygckeditor/Resources/Assets/js/ckeditor-plugins/*
ACP3/Modules/ACP3/Wysiwygtinymce/Resources/Assets/js/tinymce/*
ACP3/Modules/ACP3/System/Resources/Assets/js/bootbox.js
ACP3/Modules/ACP3/System/Resources/Assets/js/dataTables.bootstrap.js
ACP3/Modules/ACP3/System/Resources/Assets/js/js.cookie.js
ACP3/Modules/ACP3/System/Resources/Assets/js/jquery.dataTables.js
build/*
cache/*
vendor/*
uploads/*
......@@ -10,6 +10,9 @@
"bootbox": false,
"Cookies": false
},
"parserOptions": {
"ecmaVersion": 6
},
"rules": {
"indent": [
"error",
......
......@@ -4,7 +4,7 @@
/ACP3/config.yml
/build/logs/
/build/sami/
/cache/*
/var/*
/node_modules
/tests/cache/
/uploads/.htaccess
......
......@@ -9,12 +9,11 @@ cache:
paths:
- ${COMPOSER_HOME}
- vendor
before_script:
- bash ./build/gitlab/before_script.sh > /dev/null
- .php_cs.cache
stages:
- test
- static-analysis
- deploy
- post-deploy
......@@ -33,8 +32,8 @@ test:php72-unit:
image: php:7.2
coverage: ~
test:phpcs:
stage: test
static-analysis:phpcs:
stage: static-analysis
before_script:
- bash ./build/gitlab/before_script.sh > /dev/null
- bash ./build/gitlab/before_script_php.sh > /dev/null
......@@ -42,9 +41,9 @@ test:phpcs:
- php composer.phar install -n -o
- php composer.phar run-script lint
test:eslint:
static-analysis:eslint:
image: node:slim
stage: test
stage: static-analysis
cache:
key: node-$CI_COMMIT_REF_NAME
paths:
......
......@@ -2,6 +2,7 @@
$finder = PhpCsFixer\Finder::create()
->exclude('ACP3/Modules/ACP3/Filemanager/libraries')
->exclude('ACP3/Modules/ACP3/Wysiwygckeditor/Resources/Assets/js/ckeditor/')
->exclude('build')
->exclude('cache')
->exclude('designs')
......@@ -10,10 +11,32 @@ $finder = PhpCsFixer\Finder::create()
->exclude('vendor')
->in(__DIR__);
$header = <<<DOCBLOCK
Copyright (c) by the ACP3 Developers.
See the LICENSE file at the top-level module directory for licensing details.
DOCBLOCK;
return PhpCsFixer\Config::create()
->setRiskyAllowed(true)
->setLineEnding("\n")
->setRules([
'@PSR2' => true,
'@Symfony' => true,
'array_syntax' => ['syntax' => 'short'],
'class_attributes_separation' => ['elements' => ['method']],
'concat_space' => ['spacing' => 'one'],
'declare_equal_normalize' => ['space' => 'single'],
'header_comment' => [
'commentType' => 'PHPDoc',
'header' => $header,
],
'method_chaining_indentation' => true,
'modernize_types_casting' => true,
'native_function_invocation' => true,
'no_null_property_initialization' => true,
'no_useless_else' => true,
'no_useless_return' => true,
'ordered_imports' => ['importsOrder' => null],
'ternary_to_null_coalescing' => true,
'yoda_style' => false,
])
->setFinder($finder)
;
->setFinder($finder);
# Auto detect text files and perform LF normalization
* text=auto
/Test export-ignore
/.gitattributes export-ignore
/.gitignore export-ignore
<?php
namespace ACP3\Core;
use ACP3\Core\ACL\Model\Repository\UserRoleRepositoryInterface;
use ACP3\Modules\ACP3\Permissions;
use ACP3\Modules\ACP3\Users\Model\UserModel;
/**
* Class ACL
* @package ACP3\Core
*/
class ACL
{
/**
* @var \ACP3\Modules\ACP3\Users\Model\UserModel
*/
protected $user;
/**
* @var \ACP3\Core\Modules
*/
protected $modules;
/**
* @var \ACP3\Modules\ACP3\Permissions\Cache
*/
protected $permissionsCache;
/**
* @var \ACP3\Core\ACL\Model\Repository\UserRoleRepositoryInterface
*/
protected $userRoleRepository;
/**
* Array mit den jeweiligen Rollen zugewiesenen Berechtigungen
*
* @var array
*/
protected $privileges = [];
/**
* Array mit den dem Benutzer zugewiesenen Rollen
*
* @var array
*/
protected $userRoles = [];
/**
* Array mit allen registrierten Ressourcen
*
* @var array
*/
protected $resources = [];
/**
* ACL constructor.
* @param \ACP3\Modules\ACP3\Users\Model\UserModel $user
* @param \ACP3\Core\Modules $modules
* @param \ACP3\Core\ACL\Model\Repository\UserRoleRepositoryInterface $userRoleRepository
* @param \ACP3\Modules\ACP3\Permissions\Cache $permissionsCache
*/
public function __construct(
UserModel $user,
Modules $modules,
UserRoleRepositoryInterface $userRoleRepository,
Permissions\Cache $permissionsCache
) {
$this->user = $user;
$this->modules = $modules;
$this->userRoleRepository = $userRoleRepository;
$this->permissionsCache = $permissionsCache;
}
/**
* Gibt die dem jeweiligen Benutzer zugewiesenen Rollen zurück
*
* @param integer $userId
*
* @return array
*/
public function getUserRoleIds($userId)
{
if (isset($this->userRoles[$userId]) === false) {
// Special case for guest user
if ($userId == 0) {
$this->userRoles[$userId][] = 1; // @TODO: Add config option for this
} else {
foreach ($this->userRoleRepository->getRolesByUserId($userId) as $userRole) {
$this->userRoles[$userId][] = $userRole['id'];
}
}
}
return $this->userRoles[$userId];
}
/**
* Gibt die dem jeweiligen Benutzer zugewiesenen Rollen zurück
*
* @param integer $userId
*
* @return array
*/
public function getUserRoleNames($userId)
{
$roles = [];
foreach ($this->userRoleRepository->getRolesByUserId($userId) as $userRole) {
$roles[] = $userRole['name'];
}
return $roles;
}
/**
* @return array
*/
public function getAllRoles()
{
return $this->permissionsCache->getRolesCache();
}
/**
* @param integer $roleId
*
* @return boolean
*/
public function userHasRole($roleId)
{
return in_array($roleId, $this->getUserRoleIds($this->user->getUserId()));
}
/**
* Initializes the available user privileges
*/
protected function getPrivileges()
{
if ($this->privileges === []) {
$this->privileges = $this->getRules($this->getUserRoleIds($this->user->getUserId()));
}
return $this->privileges;
}
/**
* Returns the role permissions
*
* @param array $roleIds
*
* @return array
*/
protected function getRules(array $roleIds)
{
return $this->permissionsCache->getRulesCache($roleIds);
}
/**
* Überpüft, ob eine Modulaktion existiert und der Benutzer darauf Zugriff hat
*
* @param string $resource
*
* @return boolean
*/
public function hasPermission($resource)
{
if (!empty($resource) && $this->modules->controllerActionExists($resource) === true) {
$resourceParts = explode('/', $resource);
if ($this->modules->isActive($resourceParts[1]) === true) {
return $this->canAccessResource($resource);
}
}
return false;
}
/**
* @param string $resource
*
* @return boolean
*/
protected function canAccessResource($resource)
{
$resourceParts = $this->convertResourcePathToArray($resource);
$area = $resourceParts[0];
$resource = $resourceParts[1] . '/' . $resourceParts[2] . '/' . $resourceParts[3] . '/';
// At least allow users to access the login page
if (isset($this->getResources()[$area][$resource])) {
$module = $resourceParts[1];
$privilegeKey = $this->getResources()[$area][$resource]['key'];
return $this->userHasPrivilege($module, $privilegeKey) === true || $this->user->isSuperUser() === true;
}
return false;
}
/**
* @param string $resource
*
* @return array
*/
protected function convertResourcePathToArray($resource)
{
$resourceArray = explode('/', $resource);
if (empty($resourceArray[2]) === true) {
$resourceArray[2] = 'index';
}
if (empty($resourceArray[3]) === true) {
$resourceArray[3] = 'index';
}
return $resourceArray;
}
/**
* Gibt alle in der Datenbank vorhandenen Ressourcen zurück
*
* @return array
*/
protected function getResources()
{
if ($this->resources === []) {
$this->resources = $this->permissionsCache->getResourcesCache();
}
return $this->resources;
}
/**
* Returns, whether the current user has the given privilege
*
* @param string $module
* @param string $privilegeKey
*
* @return boolean
*/
protected function userHasPrivilege($module, $privilegeKey)
{
$privilegeKey = strtolower($privilegeKey);
if (isset($this->getPrivileges()[$module][$privilegeKey])) {
return $this->getPrivileges()[$module][$privilegeKey]['access'];
}
return false;
}
}
<?php
/**
* Copyright (c) by the ACP3 Developers.
* See the LICENSE file at the top-level module directory for licensing details.
*/
namespace ACP3\Core\ACL;
interface ACLInterface
{
/**
* @param int $roleId
*
* @return bool
*/
public function userHasRole(int $roleId): bool;
/**
* Gibt die dem jeweiligen Benutzer zugewiesenen Rollen zurück.
*
* @param int $userId
*