web-base/Core/API/PermissionAPI.class.php

<?php

namespace Core\API {

  use Core\Objects\Context;
  use Core\Objects\DatabaseEntity\Group;

  abstract class PermissionAPI extends Request {

    public function __construct(Context $context, bool $externalCall = false, array $params = array()) {
      parent::__construct($context, $externalCall, $params);
    }

    protected function checkStaticPermission(): bool {
      $user = $this->context->getUser();
      if (!$user || !$user->hasGroup(Group::ADMIN)) {
        return $this->createError("Permission denied.");
      }

      return true;
    }
  }
}

namespace Core\API\Permission {

  use Core\API\Parameter\Parameter;
  use Core\API\Parameter\StringType;
  use Core\API\PermissionAPI;
  use Core\Driver\SQL\Column\Column;
  use Core\Driver\SQL\Condition\Compare;
  use Core\Driver\SQL\Condition\CondIn;
  use Core\Driver\SQL\Condition\CondLike;
  use Core\Driver\SQL\Condition\CondNot;
  use Core\Driver\SQL\Strategy\UpdateStrategy;
  use Core\Objects\Context;
  use Core\Objects\DatabaseEntity\Group;

  class Check extends PermissionAPI {

    public function __construct(Context $context, bool $externalCall = false) {
      parent::__construct($context, $externalCall, array(
        'method' => new StringType('method', 323)
      ));

      $this->isPublic = false;
    }

    public function _execute(): bool {

      $method = $this->getParam("method");
      $sql = $this->context->getSQL();
      $res = $sql->select("groups")
        ->from("ApiPermission")
        ->where(new CondLike($method, new Column("method")))
        ->execute();

      $this->success = ($res !== FALSE);
      $this->lastError = $sql->getLastError();

      if ($this->success) {
        if (empty($res) || !is_array($res)) {
          return true;
        }

        $groups = json_decode($res[0]["groups"]);
        if (empty($groups)) {
          return true;
        }

        $currentUser = $this->context->getUser();
        $userGroups = $currentUser ? $currentUser->getGroups() : [];
        if (empty($userGroups) || empty(array_intersect($groups, array_keys($userGroups)))) {
          http_response_code(401);
          return $this->createError("Permission denied.");
        }
      }

      return $this->success;
    }
  }

  class Fetch extends PermissionAPI {

    private ?array $groups;

    public function __construct(Context $context, bool $externalCall = false) {
      parent::__construct($context, $externalCall, array());
    }

    private function fetchGroups(): bool {
      $sql = $this->context->getSQL();
      $this->groups = Group::findAll($sql);
      $this->success = ($this->groups !== FALSE);
      $this->lastError = $sql->getLastError();
      return $this->success;
    }

    public function _execute(): bool {

      if (!$this->fetchGroups()) {
        return false;
      }

      $sql = $this->context->getSQL();
      $res = $sql->select("method", "groups", "description")
        ->from("ApiPermission")
        ->execute();

      $this->success = ($res !== FALSE);
      $this->lastError = $sql->getLastError();

      if ($this->success) {
        $permissions = array();
        foreach ($res as $row) {
          $method = $row["method"];
          $description = $row["description"];
          $groups = json_decode($row["groups"]);
          $permissions[] = array(
            "method" => $method,
            "groups" => $groups,
            "description" => $description
          );
        }
        $this->result["permissions"] = $permissions;
        $this->result["groups"] = $this->groups;
      }

      return $this->success;
    }
  }

  class Save extends PermissionAPI {

    public function __construct(Context $context, bool $externalCall = false) {
      parent::__construct($context, $externalCall, array(
        'permissions' => new Parameter('permissions', Parameter::TYPE_ARRAY)
      ));
    }

    public function _execute(): bool {

      if (!$this->checkStaticPermission()) {
        return false;
      }

      $permissions = $this->getParam("permissions");
      $sql = $this->context->getSQL();
      $methodParam = new StringType('method', 32);
      $groupsParam = new Parameter('groups', Parameter::TYPE_ARRAY);

      $updateQuery = $sql->insert("ApiPermission", array("method", "groups"))
        ->onDuplicateKeyStrategy(new UpdateStrategy(array("method"), array("groups" => new Column("groups"))));

      $insertedMethods = array();

      foreach ($permissions as $permission) {
        if (!is_array($permission)) {
          return $this->createError("Invalid data type found in parameter: permissions, expected: object");
        } else if (!isset($permission["method"]) || !array_key_exists("groups", $permission)) {
          return $this->createError("Invalid object found in parameter: permissions, expected keys 'method' and 'groups'");
        } else if (!$methodParam->parseParam($permission["method"])) {
          $expectedType = $methodParam->getTypeName();
          return $this->createError("Invalid data type found for attribute 'method', expected: $expectedType");
        } else if (!$groupsParam->parseParam($permission["groups"])) {
          $expectedType = $groupsParam->getTypeName();
          return $this->createError("Invalid data type found for attribute 'groups', expected: $expectedType");
        } else if (empty(trim($methodParam->value))) {
          return $this->createError("Method cannot be empty.");
        } else {
          $method = $methodParam->value;
          $groups = $groupsParam->value;
          $updateQuery->addRow($method, $groups);
          $insertedMethods[] = $method;
        }
      }

      if (!empty($permissions)) {
        $res = $updateQuery->execute();
        $this->success = ($res !== FALSE);
        $this->lastError = $sql->getLastError();
      }

      if ($this->success) {
        $res = $sql->delete("ApiPermission")
          ->whereEq("description", "") // only delete non default permissions
          ->where(new CondNot(new CondIn(new Column("method"), $insertedMethods)))
          ->execute();

        $this->success = ($res !== FALSE);
        $this->lastError = $sql->getLastError();
      }

      return $this->success;
    }
  }
}
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`<?php`

Namespace and ClassPath rewrites 2022-11-18 18:06:46 +01:00			`namespace Core\API {`
Dynamic Permissions 2020-06-27 01:18:10 +02:00
Namespace and ClassPath rewrites 2022-11-18 18:06:46 +01:00			`use Core\Objects\Context;`
Core v2.3, N:M Relations 2022-11-20 17:13:53 +01:00			`use Core\Objects\DatabaseEntity\Group;`
v2.0-alpha 2022-06-20 19:52:31 +02:00
Visitor Statistics 2020-07-01 21:10:25 +02:00			`abstract class PermissionAPI extends Request {`
v2.0-alpha 2022-06-20 19:52:31 +02:00
			`public function __construct(Context $context, bool $externalCall = false, array $params = array()) {`
			`parent::__construct($context, $externalCall, $params);`
			`}`

1.3.0 2021-11-11 14:25:26 +01:00			`protected function checkStaticPermission(): bool {`
v2.0-alpha 2022-06-20 19:52:31 +02:00			`$user = $this->context->getUser();`
Core v2.3, N:M Relations 2022-11-20 17:13:53 +01:00			`if (!$user \|\| !$user->hasGroup(Group::ADMIN)) {`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`return $this->createError("Permission denied.");`
			`}`

			`return true;`
			`}`
			`}`
			`}`

Namespace and ClassPath rewrites 2022-11-18 18:06:46 +01:00			`namespace Core\API\Permission {`

			`use Core\API\Parameter\Parameter;`
			`use Core\API\Parameter\StringType;`
			`use Core\API\PermissionAPI;`
			`use Core\Driver\SQL\Column\Column;`
			`use Core\Driver\SQL\Condition\Compare;`
			`use Core\Driver\SQL\Condition\CondIn;`
			`use Core\Driver\SQL\Condition\CondLike;`
			`use Core\Driver\SQL\Condition\CondNot;`
			`use Core\Driver\SQL\Strategy\UpdateStrategy;`
			`use Core\Objects\Context;`
			`use Core\Objects\DatabaseEntity\Group;`
Dynamic Permissions 2020-06-27 01:18:10 +02:00
			`class Check extends PermissionAPI {`

v2.0-alpha 2022-06-20 19:52:31 +02:00			`public function __construct(Context $context, bool $externalCall = false) {`
			`parent::__construct($context, $externalCall, array(`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`'method' => new StringType('method', 323)`
			`));`

			`$this->isPublic = false;`
			`}`

API refactor + CLI docker 2022-02-21 13:01:03 +01:00			`public function _execute(): bool {`
Dynamic Permissions 2020-06-27 01:18:10 +02:00
			`$method = $this->getParam("method");`
v2.0-alpha 2022-06-20 19:52:31 +02:00			`$sql = $this->context->getSQL();`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`$res = $sql->select("groups")`
			`->from("ApiPermission")`
1.3.0 2021-11-11 14:25:26 +01:00			`->where(new CondLike($method, new Column("method")))`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`->execute();`

			`$this->success = ($res !== FALSE);`
			`$this->lastError = $sql->getLastError();`

			`if ($this->success) {`
1.3.0 2021-11-11 14:25:26 +01:00			`if (empty($res) \|\| !is_array($res)) {`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`return true;`
			`}`

			`$groups = json_decode($res[0]["groups"]);`
			`if (empty($groups)) {`
			`return true;`
			`}`

v2.0-alpha 2022-06-20 19:52:31 +02:00			`$currentUser = $this->context->getUser();`
			`$userGroups = $currentUser ? $currentUser->getGroups() : [];`
			`if (empty($userGroups) \|\| empty(array_intersect($groups, array_keys($userGroups)))) {`
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`http_response_code(401);`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`return $this->createError("Permission denied.");`
			`}`
			`}`

			`return $this->success;`
			`}`
			`}`

			`class Fetch extends PermissionAPI {`

v2.0-alpha 2022-06-20 19:52:31 +02:00			`private ?array $groups;`
Dynamic Permissions 2020-06-27 01:18:10 +02:00
v2.0-alpha 2022-06-20 19:52:31 +02:00			`public function __construct(Context $context, bool $externalCall = false) {`
			`parent::__construct($context, $externalCall, array());`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`}`

v2.0-alpha 2022-06-20 19:52:31 +02:00			`private function fetchGroups(): bool {`
			`$sql = $this->context->getSQL();`
			`$this->groups = Group::findAll($sql);`
			`$this->success = ($this->groups !== FALSE);`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`$this->lastError = $sql->getLastError();`
			`return $this->success;`
			`}`

API refactor + CLI docker 2022-02-21 13:01:03 +01:00			`public function _execute(): bool {`
Dynamic Permissions 2020-06-27 01:18:10 +02:00
			`if (!$this->fetchGroups()) {`
			`return false;`
			`}`

v2.0-alpha 2022-06-20 19:52:31 +02:00			`$sql = $this->context->getSQL();`
Permission stuff 2020-06-27 22:47:12 +02:00			`$res = $sql->select("method", "groups", "description")`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`->from("ApiPermission")`
			`->execute();`

			`$this->success = ($res !== FALSE);`
			`$this->lastError = $sql->getLastError();`

			`if ($this->success) {`
			`$permissions = array();`
			`foreach ($res as $row) {`
			`$method = $row["method"];`
Permission stuff 2020-06-27 22:47:12 +02:00			`$description = $row["description"];`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`$groups = json_decode($row["groups"]);`
Permission stuff 2020-06-27 22:47:12 +02:00			`$permissions[] = array(`
			`"method" => $method,`
			`"groups" => $groups,`
			`"description" => $description`
			`);`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`}`
			`$this->result["permissions"] = $permissions;`
			`$this->result["groups"] = $this->groups;`
			`}`

			`return $this->success;`
			`}`
			`}`

			`class Save extends PermissionAPI {`

v2.0-alpha 2022-06-20 19:52:31 +02:00			`public function __construct(Context $context, bool $externalCall = false) {`
			`parent::__construct($context, $externalCall, array(`
Dynamic Permissions 2020-06-27 01:18:10 +02:00			`'permissions' => new Parameter('permissions', Parameter::TYPE_ARRAY)`
			`));`
			`}`

API refactor + CLI docker 2022-02-21 13:01:03 +01:00			`public function _execute(): bool {`
Dynamic Permissions 2020-06-27 01:18:10 +02:00
			`if (!$this->checkStaticPermission()) {`
			`return false;`
			`}`

Permission stuff 2020-06-27 22:47:12 +02:00			`$permissions = $this->getParam("permissions");`
v2.0-alpha 2022-06-20 19:52:31 +02:00			`$sql = $this->context->getSQL();`
Permission stuff 2020-06-27 22:47:12 +02:00			`$methodParam = new StringType('method', 32);`
			`$groupsParam = new Parameter('groups', Parameter::TYPE_ARRAY);`

			`$updateQuery = $sql->insert("ApiPermission", array("method", "groups"))`
v2.0-alpha 2022-06-20 19:52:31 +02:00			`->onDuplicateKeyStrategy(new UpdateStrategy(array("method"), array("groups" => new Column("groups"))));`
Permission stuff 2020-06-27 22:47:12 +02:00
			`$insertedMethods = array();`

v2.0-alpha 2022-06-20 19:52:31 +02:00			`foreach ($permissions as $permission) {`
Permission stuff 2020-06-27 22:47:12 +02:00			`if (!is_array($permission)) {`
			`return $this->createError("Invalid data type found in parameter: permissions, expected: object");`
v2.0-alpha 2022-06-20 19:52:31 +02:00			`} else if (!isset($permission["method"]) \|\| !array_key_exists("groups", $permission)) {`
Permission stuff 2020-06-27 22:47:12 +02:00			`return $this->createError("Invalid object found in parameter: permissions, expected keys 'method' and 'groups'");`
			`} else if (!$methodParam->parseParam($permission["method"])) {`
			`$expectedType = $methodParam->getTypeName();`
			`return $this->createError("Invalid data type found for attribute 'method', expected: $expectedType");`
v2.0-alpha 2022-06-20 19:52:31 +02:00			`} else if (!$groupsParam->parseParam($permission["groups"])) {`
Permission stuff 2020-06-27 22:47:12 +02:00			`$expectedType = $groupsParam->getTypeName();`
			`return $this->createError("Invalid data type found for attribute 'groups', expected: $expectedType");`
v2.0-alpha 2022-06-20 19:52:31 +02:00			`} else if (empty(trim($methodParam->value))) {`
Permission stuff 2020-06-27 22:47:12 +02:00			`return $this->createError("Method cannot be empty.");`
			`} else {`
			`$method = $methodParam->value;`
			`$groups = $groupsParam->value;`
			`$updateQuery->addRow($method, $groups);`
			`$insertedMethods[] = $method;`
			`}`
			`}`

			`if (!empty($permissions)) {`
			`$res = $updateQuery->execute();`
			`$this->success = ($res !== FALSE);`
			`$this->lastError = $sql->getLastError();`
			`}`

			`if ($this->success) {`
			`$res = $sql->delete("ApiPermission")`
composer update + SQL Compare refactored 2022-11-26 23:57:28 +01:00			`->whereEq("description", "") // only delete non default permissions`
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`->where(new CondNot(new CondIn(new Column("method"), $insertedMethods)))`
Permission stuff 2020-06-27 22:47:12 +02:00			`->execute();`
Dynamic Permissions 2020-06-27 01:18:10 +02:00
Permission stuff 2020-06-27 22:47:12 +02:00			`$this->success = ($res !== FALSE);`
			`$this->lastError = $sql->getLastError();`
			`}`
Dynamic Permissions 2020-06-27 01:18:10 +02:00
			`return $this->success;`
			`}`
			`}`
			`}`