lib/Ajde/Acl/Proxy/Model.php from nabble/ajde

lib/Ajde/Acl/Proxy/Model.php
Summary

Maintainability

0 mins
Test Coverage

Issues
<?php

abstract class Ajde_Acl_Proxy_Model extends Ajde_Model
{
    public $ignoreAccessControl = false;
    public $autoRedirect = true;

    public function getAclParam()
    {
        return '';
    }

    /**
     * @param string $action
     * @param bool   $autoRedirect
     * @param bool   $determineWildcard
     *
     * @return bool
     */
    public function validateAccess($action, $autoRedirect = true, $determineWildcard = false)
    {
        if ($this->ignoreAccessControl === true) {
            return true;
        }

        $module = (string) $this->getTable();
        $extra = $this->getAclParam();

        $aclTimer = Ajde::app()->addTimer('<i>ACL validation for '.$this->displayField().': '.implode('/',
                ['model', $module, $action, $extra]).'</i>');
        $access = Ajde_Acl::doValidation('model', $module, $action, $extra, [$this, 'validateOwner'],
            [$this, 'validateParent'], $determineWildcard);
        Ajde::app()->endTimer($aclTimer);

        if ($access == false && $this->autoRedirect == true && $autoRedirect == true) {
            $this->validationErrorRedirect();
        }

        return $access;
    }

    private function validationErrorRedirect()
    {
        Ajde_Log::_('ACL firewall hit', Ajde_Log::CHANNEL_SECURITY, Ajde_Log::LEVEL_INFORMATIONAL,
            implode(PHP_EOL, Ajde_Acl::$log));
        Ajde::app()->getRequest()->set('message', trans('You may not have the required permission to view this resource'));
        Ajde::app()->getResponse()->dieOnCode(Ajde_Http_Response::RESPONSE_TYPE_UNAUTHORIZED);
    }

    protected function _load($sql, $values, $populate = true)
    {
        $return = parent::_load($sql, $values, $populate);
        if ($return) {
            $this->validateAccess('read');
        }

        return $return;
    }

    public function insert($pkValue = null, $skipBeforeInsert = false)
    {
        if (method_exists($this, 'beforeInsert')) {
            $this->beforeInsert();
        }
        $this->validateAccess('insert');

        return parent::insert($pkValue, true);
    }

    public function delete()
    {
        $this->validateAccess('delete');

        return parent::delete();
    }

    public function save()
    {
        $this->validateAccess('update');

        return parent::save();
    }

    public function saveMetaValue($metaId, $value)
    {
        if (($this->validateAccess('update', false) || $this->validateAccess('insert', false)) == false) {
            $this->validationErrorRedirect();
        }
        parent::saveMetaValue($metaId, $value);
    }

    public function deleteMetaValue($metaId)
    {
        if (($this->validateAccess('update', false) || $this->validateAccess('insert', false)) == false) {
            $this->validationErrorRedirect();
        }
        parent::deleteMetaValue($metaId);
    }
}