Code Coverage for /home/runner/work/tao-community/tao-community/funcAcl/controller/Admin.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	37.97% covered (danger)	37.97%	60 / 158	50.00% covered (danger)	50.00%	7 / 14	CRAP	0.00% covered (danger)	0.00%	0 / 1
Admin	37.97% covered (danger)	37.97%	60 / 158	50.00% covered (danger)	50.00%	7 / 14	345.25	0.00% covered (danger)	0.00%	0 / 1
index	0.00% covered (danger)	0.00%	0 / 10	0.00% covered (danger)	0.00%	0 / 1	6
getModules	0.00% covered (danger)	0.00%	0 / 18	0.00% covered (danger)	0.00%	0 / 1	20
buildExtensionData	0.00% covered (danger)	0.00%	0 / 22	0.00% covered (danger)	0.00%	0 / 1	42
buildControllerData	0.00% covered (danger)	0.00%	0 / 18	0.00% covered (danger)	0.00%	0 / 1	42
beforeAction	66.67% covered (warning)	66.67%	2 / 3	0.00% covered (danger)	0.00%	0 / 1	2.15
isLocked	100.00% covered (success)	100.00%	3 / 3	100.00% covered (success)	100.00%	1 / 1	2
prodLocker	50.00% covered (danger)	50.00%	1 / 2	0.00% covered (danger)	0.00%	0 / 1	2.50
getActions	0.00% covered (danger)	0.00%	0 / 28	0.00% covered (danger)	0.00%	0 / 1	42
removeExtensionAccess	100.00% covered (success)	100.00%	9 / 9	100.00% covered (success)	100.00%	1 / 1	1
addExtensionAccess	100.00% covered (success)	100.00%	9 / 9	100.00% covered (success)	100.00%	1 / 1	1
removeModuleAccess	100.00% covered (success)	100.00%	9 / 9	100.00% covered (success)	100.00%	1 / 1	1
addModuleAccess	100.00% covered (success)	100.00%	9 / 9	100.00% covered (success)	100.00%	1 / 1	1
removeActionAccess	100.00% covered (success)	100.00%	9 / 9	100.00% covered (success)	100.00%	1 / 1	1
addActionAccess	100.00% covered (success)	100.00%	9 / 9	100.00% covered (success)	100.00%	1 / 1	1

1	<?php
2
3	/**
4	* This program is free software; you can redistribute it and/or
5	* modify it under the terms of the GNU General Public License
6	* as published by the Free Software Foundation; under version 2
7	* of the License (non-upgradable).
8	*
9	* This program is distributed in the hope that it will be useful,
10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	* GNU General Public License for more details.
13	*
14	* You should have received a copy of the GNU General Public License
15	* along with this program; if not, write to the Free Software
16	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17	*
18	* Copyright (c) 2002-2008 (original work) Public Research Centre Henri Tudor & University of Luxembourg
19	* (under the project TAO & TAO2);
20	* 2008-2010 (update and modification) Deutsche Institut für Internationale Pädagogische Forschung
21	* (under the project TAO-TRANSFER);
22	* 2009-2012 (update and modification) Public Research Centre Henri Tudor
23	* (under the project TAO-SUSTAIN & TAO-DEV);
24	* 2012-2018 (update and modification) Open Assessment Technologies SA;
25	*/
26
27	namespace oat\funcAcl\controller;
28
29	use common_exception_BadRequest;
30	use common_exception_Error;
31	use common_exception_NotFound;
32	use common_ext_Extension;
33	use common_ext_ExtensionException;
34	use common_ext_ExtensionsManager;
35	use core_kernel_classes_Class;
36	use core_kernel_classes_Resource;
37	use oat\funcAcl\helpers\CacheHelper;
38	use oat\funcAcl\helpers\MapHelper;
39	use oat\funcAcl\models\AccessService;
40	use oat\funcAcl\models\ActionAccessService;
41	use oat\funcAcl\models\ExtensionAccessService;
42	use oat\funcAcl\models\FuncAcl;
43	use oat\funcAcl\models\ModuleAccessService;
44	use oat\generis\model\GenerisRdf;
45	use oat\tao\helpers\ControllerHelper;
46	use oat\tao\model\accessControl\func\AclProxy;
47	use oat\tao\model\service\ApplicationService;
48	use tao_actions_CommonModule;
49	use tao_helpers_Request;
50	use tao_models_classes_RoleService;
51
52	/**
53	* This controller provide the actions to manage the ACLs
54	*
55	* @author CRP Henri Tudor - TAO Team - {@link http://www.tao.lu}
56	* @license GPLv2 http://www.opensource.org/licenses/gpl-2.0.php
57	*
58	* @package tao
59	*/
60	class Admin extends tao_actions_CommonModule
61	{
62	/**
63	* Access to this functionality is inherited from
64	* an included role
65	*
66	* @var string
67	*/
68	public const ACCESS_INHERITED = 'inherited';
69
70	/**
71	* Full access to this functionalities and children
72	*
73	* @var string
74	*/
75	public const ACCESS_FULL = 'full';
76
77	/**
78	* Partial access to thie functionality means
79	* some children are at least partial accessible
80	*
81	* @var string
82	*/
83	public const ACCESS_PARTIAL = 'partial';
84
85	/**
86	* No access to this functionality or any of its children
87	*
88	* @var string
89	*/
90	public const ACCESS_NONE = 'none';
91
92	/**
93	* Show the list of roles
94	*
95	* @return void
96	*/
97	public function index()
98	{
99	$this->defaultData();
100	$rolesc = new core_kernel_classes_Class(GenerisRdf::CLASS_ROLE);
101	$roles = [];
102
103	foreach ($rolesc->getInstances(true) as $id => $r) {
104	$roles[] = ['id' => $id, 'label' => $r->getLabel()];
105	}
106	usort($roles, function ($a, $b) {
107	return strcmp($a['label'], $b['label']);
108	});
109
110	$this->setData('roles', $roles);
111	$this->setView('list.tpl');
112	}
113
114	/**
115	* @throws common_exception_Error
116	* @throws common_ext_ExtensionException
117	* @throws common_exception_BadRequest
118	*/
119	public function getModules()
120	{
121	$this->beforeAction();
122	$role = new core_kernel_classes_Class($this->getRequestParameter('role'));
123
124	$included = [];
125
126	foreach (tao_models_classes_RoleService::singleton()->getIncludedRoles($role) as $includedRole) {
127	$included[$includedRole->getUri()] = $includedRole->getLabel();
128	}
129
130	$extManager = common_ext_ExtensionsManager::singleton();
131
132	$extData = [];
133
134	foreach ($extManager->getInstalledExtensions() as $extension) {
135	if ($extension->getId() != 'generis') {
136	$extData[] = $this->buildExtensionData($extension, $role->getUri(), array_keys($included));
137	}
138	}
139
140	usort($extData, function ($a, $b) {
141	return strcmp($a['label'], $b['label']);
142	});
143
144	$this->returnJson([
145	'extensions' => $extData,
146	'includedRoles' => $included,
147	'locked' => $this->isLocked(),
148	]);
149	}
150
151	protected function buildExtensionData(common_ext_Extension $extension, $roleUri, $includedRoleUris)
152	{
153	$extAccess = CacheHelper::getExtensionAccess($extension->getId());
154	$extAclUri = AccessService::singleton()->makeEMAUri($extension->getId());
155	$atLeastOneAccess = false;
156	$allAccess = in_array($roleUri, $extAccess);
157	$inherited = count(array_intersect($includedRoleUris, $extAccess)) > 0;
158
159	$controllers = [];
160
161	foreach (ControllerHelper::getControllers($extension->getId()) as $controllerClassName) {
162	$controllerData = $this->buildControllerData($controllerClassName, $roleUri, $includedRoleUris);
163	$atLeastOneAccess = $atLeastOneAccess \|\| $controllerData['access'] != self::ACCESS_NONE;
164	$controllers[] = $controllerData;
165	}
166
167	usort($controllers, function ($a, $b) {
168	return strcmp($a['label'], $b['label']);
169	});
170
171	$access = $inherited ? 'inherited'
172	: ($allAccess ? 'full'
173	: ($atLeastOneAccess ? 'partial' : 'none'));
174
175	return [
176	'uri' => $extAclUri,
177	'label' => $extension->getName(),
178	'access' => $access,
179	'modules' => $controllers,
180	];
181	}
182
183	protected function buildControllerData($controllerClassName, $roleUri, $includedRoleUris)
184	{
185	$modUri = MapHelper::getUriForController($controllerClassName);
186
187	$moduleAccess = CacheHelper::getControllerAccess($controllerClassName);
188	$uri = explode('#', $modUri);
189	list($type, $extId, $modId) = explode('_', $uri[1]);
190
191	$access = self::ACCESS_NONE;
192
193	if (count(array_intersect($includedRoleUris, $moduleAccess['module'])) > 0) {
194	$access = self::ACCESS_INHERITED;
195	} elseif (true === in_array($roleUri, $moduleAccess['module'])) {
196	$access = self::ACCESS_FULL;
197	} else {
198	// have a look at actions.
199	foreach ($moduleAccess['actions'] as $roles) {
200	if (in_array($roleUri, $roles) \|\| count(array_intersect($includedRoleUris, $roles)) > 0) {
201	$access = self::ACCESS_PARTIAL;
202
203	break;
204	}
205	}
206	}
207
208	return [
209	'uri' => $modUri,
210	'label' => $modId,
211	'access' => $access,
212	];
213	}
214
215	/**
216	* @throws common_ext_ExtensionException
217	* @throws common_exception_BadRequest
218	*/
219	private function beforeAction()
220	{
221	$this->defaultData();
222
223	if (!tao_helpers_Request::isAjax()) {
224	throw new common_exception_BadRequest('wrong request mode');
225	}
226	}
227
228	/**
229	* @return bool
230	*/
231	private function isLocked()
232	{
233	$locked = !$this->getServiceLocator()->get(AclProxy::SERVICE_ID) instanceof FuncAcl;
234	$locked = $locked \|\| !$this->getServiceLocator()->get(ApplicationService::SERVICE_ID)->isDebugMode();
235
236	return $locked;
237	}
238
239	/**
240	* @throws common_exception_NotFound
241	*/
242	private function prodLocker()
243	{
244	if ($this->isLocked()) {
245	throw new common_exception_NotFound();
246	}
247	}
248
249	/**
250	* Shows the access to the actions of a controller for a specific role
251	*
252	* @throws common_exception_Error
253	* @throws common_ext_ExtensionException
254	* @throws common_exception_BadRequest
255	*/
256	public function getActions()
257	{
258	$this->beforeAction();
259	$role = new core_kernel_classes_Resource($this->getRequestParameter('role'));
260	$included = [];
261
262	foreach (tao_models_classes_RoleService::singleton()->getIncludedRoles($role) as $includedRole) {
263	$included[] = $includedRole->getUri();
264	}
265	$module = new core_kernel_classes_Resource($this->getRequestParameter('module'));
266
267	$controllerClassName = MapHelper::getControllerFromUri($module->getUri());
268	$controllerAccess = CacheHelper::getControllerAccess($controllerClassName);
269
270	$actions = [];
271
272	foreach (ControllerHelper::getActions($controllerClassName) as $actionName) {
273	$uri = MapHelper::getUriForAction($controllerClassName, $actionName);
274	$part = explode('#', $uri);
275	list($type, $extId, $modId, $actId) = explode('_', $part[1]);
276
277	$allowedRoles = isset($controllerAccess['actions'][$actionName])
278	? array_merge($controllerAccess['module'], $controllerAccess['actions'][$actionName])
279	: $controllerAccess['module'];
280
281	$access = count(array_intersect($included, $allowedRoles)) > 0
282	? self::ACCESS_INHERITED
283	: (in_array($role->getUri(), $allowedRoles)
284	? self::ACCESS_FULL
285	: self::ACCESS_NONE);
286
287	$actions[$actId] = [
288	'uri' => $uri,
289	'access' => $access,
290	'locked' => $this->isLocked(),
291	];
292	}
293
294	ksort($actions);
295
296	$this->returnJson($actions);
297	}
298
299	/**
300	* @throws common_exception_NotFound
301	* @throws common_ext_ExtensionException
302	* @throws common_exception_BadRequest
303	*/
304	public function removeExtensionAccess()
305	{
306	$this->beforeAction();
307	$this->prodLocker();
308	$role = $this->getRequestParameter('role');
309	$uri = $this->getRequestParameter('uri');
310	$extensionService = ExtensionAccessService::singleton();
311	$extensionService->remove($role, $uri);
312
313	$this->returnJson([
314	'uri' => $uri,
315	]);
316	}
317
318	/**
319	* @throws common_exception_NotFound
320	* @throws common_ext_ExtensionException
321	* @throws common_exception_BadRequest
322	*/
323	public function addExtensionAccess()
324	{
325	$this->beforeAction();
326	$this->prodLocker();
327	$role = $this->getRequestParameter('role');
328	$uri = $this->getRequestParameter('uri');
329	$extensionService = ExtensionAccessService::singleton();
330	$extensionService->add($role, $uri);
331
332	$this->returnJson([
333	'uri' => $uri,
334	]);
335	}
336
337	/**
338	* @throws common_exception_NotFound
339	* @throws common_ext_ExtensionException
340	* @throws common_exception_BadRequest
341	*/
342	public function removeModuleAccess()
343	{
344	$this->beforeAction();
345	$this->prodLocker();
346	$role = $this->getRequestParameter('role');
347	$uri = $this->getRequestParameter('uri');
348	$moduleService = ModuleAccessService::singleton();
349	$moduleService->remove($role, $uri);
350
351	$this->returnJson([
352	'uri' => $uri,
353	]);
354	}
355
356	/**
357	* @throws common_exception_NotFound
358	* @throws common_ext_ExtensionException
359	* @throws common_exception_BadRequest
360	*/
361	public function addModuleAccess()
362	{
363	$this->beforeAction();
364	$this->prodLocker();
365	$role = $this->getRequestParameter('role');
366	$uri = $this->getRequestParameter('uri');
367	$moduleService = ModuleAccessService::singleton();
368	$moduleService->add($role, $uri);
369
370	$this->returnJson([
371	'uri' => $uri,
372	]);
373	}
374
375	/**
376	* @throws common_exception_NotFound
377	* @throws common_ext_ExtensionException
378	* @throws common_exception_BadRequest
379	*/
380	public function removeActionAccess()
381	{
382	$this->beforeAction();
383	$this->prodLocker();
384	$role = $this->getRequestParameter('role');
385	$uri = $this->getRequestParameter('uri');
386	$actionService = ActionAccessService::singleton();
387	$actionService->remove($role, $uri);
388
389	$this->returnJson([
390	'uri' => $uri,
391	]);
392	}
393
394	/**
395	* @throws common_exception_NotFound
396	* @throws common_ext_ExtensionException
397	* @throws common_exception_BadRequest
398	*/
399	public function addActionAccess()
400	{
401	$this->beforeAction();
402	$this->prodLocker();
403	$role = $this->getRequestParameter('role');
404	$uri = $this->getRequestParameter('uri');
405	$actionService = ActionAccessService::singleton();
406	$actionService->add($role, $uri);
407
408	$this->returnJson([
409	'uri' => $uri,
410	]);
411	}
412	}