Skip to content

Commit

Permalink
Critical issue fixed for permission inheritance from last user permis…
Browse files Browse the repository at this point in the history 
…sion
  • Loading branch information
@vinodraut
vinodraut committed Feb 20, 2019
1 parent 4f18f8a commit d57e035
Showing 1 changed file with 35 additions and 29 deletions.
64 changes: 35 additions & 29 deletions src/YesAuthority.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ class YesAuthority
protected $accessResultContainer = [];

protected $defaultAllowedAccessIds = [];
protected $uniqueIdKeyString = null;

/**
* Constructor
Expand Down Expand Up @@ -259,6 +260,7 @@ protected function configure($requestForUserId = null, $options = [])
$this->userPermissions = array_merge($this->userPermissions, $rawUserPermissions);
}
}

}

if($this->accessScope === 'role') {
Expand Down Expand Up @@ -510,10 +512,13 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti
$this->initialize();
return $accessResultArray;
}

$this->uniqueIdKeyString = $this->generateUniqueIdKeyString($accessIdKey, $requestForUserId, $options);

// try to retrive already checked item
$existingUniqueIdItem = array_get(
$this->accessResultContainer,
$this->uniqueIdKeyString($accessIdKey, $requestForUserId, $options),
$this->uniqueIdKeyString,
null
);
// if found return that same
Expand Down Expand Up @@ -591,9 +596,9 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti

return $this->processResult($accessIdKey, $requestForUserId, $wildCardResult, $options);
}

if(!isset($this->accessStages[$accessIdKey])) {
$this->accessStages[$accessIdKey] = [];
if(!isset($this->accessStages[$this->uniqueIdKeyString])) {
$this->accessStages[$this->uniqueIdKeyString] = [];
}

if(array_get($this->permissions, 'rules.base')) {
Expand Down Expand Up @@ -644,7 +649,7 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti
);
}
}

if($this->performLevelChecks(4)) {
if($this->userPermissions and !empty($this->userPermissions)) {
// check for permissions using user custom permissions
Expand Down Expand Up @@ -750,8 +755,8 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti
);

if((is_bool($entityConditionIsAccess) === true)) {
$this->accessStages[$accessIdKey]['__result'] = 'ENTITY_CONDITION';
$isAccess = $this->accessStages[$accessIdKey]['ENTITY_CONDITION'] = $entityConditionIsAccess;
$this->accessStages[$this->uniqueIdKeyString]['__result'] = 'ENTITY_CONDITION';
$isAccess = $this->accessStages[$this->uniqueIdKeyString]['ENTITY_CONDITION'] = $entityConditionIsAccess;
}
}
}
Expand Down Expand Up @@ -811,18 +816,18 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti
// expect boolean
if(($isMatchFound === true) and $uses and (is_bool($isConditionalAccess) === true)) {

if(! isset($this->accessStages[$accessIdKey]['__conditions'])) {
$this->accessStages[$accessIdKey]['__conditions'] = [];
if(! isset($this->accessStages[$this->uniqueIdKeyString]['__conditions'])) {
$this->accessStages[$this->uniqueIdKeyString]['__conditions'] = [];
}

$this->accessStages[$accessIdKey]['__result'] = 'CONDITIONS';
$name = (array_key_exists($name, $this->accessStages[$accessIdKey]['__conditions']))
$this->accessStages[$this->uniqueIdKeyString]['__result'] = 'CONDITIONS';
$name = (array_key_exists($name, $this->accessStages[$this->uniqueIdKeyString]['__conditions']))
? $name.'_'.$index : $name;

$this->accessStages[$accessIdKey]['__conditions']['__result'] = $name;
$this->accessStages[$accessIdKey]['__conditions'][$name] = $isConditionalAccess;
$this->accessStages[$this->uniqueIdKeyString]['__conditions']['__result'] = $name;
$this->accessStages[$this->uniqueIdKeyString]['__conditions'][$name] = $isConditionalAccess;

$isAccess = $this->accessStages[$accessIdKey]['CONDITIONS'] = $isConditionalAccess;
$isAccess = $this->accessStages[$this->uniqueIdKeyString]['CONDITIONS'] = $isConditionalAccess;
}

}
Expand Down Expand Up @@ -878,7 +883,7 @@ protected function processResult($accessIdKey, $requestForUserId, $accessIdKeyRe
if(is_string($accessIdKey)) {

$this->accessResultContainer[
$this->uniqueIdKeyString($accessIdKey, $requestForUserId, $options)
$this->uniqueIdKeyString
] = [
'access_id_key' => $accessIdKey,
'result' => $accessIdKeyResult,
Expand All @@ -900,7 +905,7 @@ protected function processResult($accessIdKey, $requestForUserId, $accessIdKeyRe
*
* @return mixed
*---------------------------------------------------------------- */
protected function uniqueIdKeyString($accessIdKey, $requestForUserId, $options = [])
protected function generateUniqueIdKeyString($accessIdKey, $requestForUserId, $options = [])
{
return strtolower(str_replace('.', '_', $accessIdKey)
. '_'
Expand Down Expand Up @@ -1371,7 +1376,7 @@ protected function performChecks($initialAccess, $accessIdKey, $accessList, $den
}

if(is_array($this->dynamicAccessZones) and array_key_exists($accessIdKey, $this->dynamicAccessZones)) {
$this->accessStages[$accessIdKey]['__data'] = [
$this->accessStages[$this->uniqueIdKeyString]['__data'] = [
'is_zone' => true,
'title' => array_get($this->dynamicAccessZones[$accessIdKey], 'title'),
'dependencies' => array_get($this->dynamicAccessZones[$accessIdKey], 'dependencies'),
Expand All @@ -1382,14 +1387,14 @@ protected function performChecks($initialAccess, $accessIdKey, $accessList, $den

// if it specific item then its important
if($specific) {
$this->accessStages[$accessIdKey][$options['check_level']] = ($specific === 'allow') ? true : false;
$this->accessStages[$accessIdKey]['__result'] = $options['check_level'];
return $this->accessStages[$accessIdKey][$options['check_level']];
$this->accessStages[$this->uniqueIdKeyString][$options['check_level']] = ($specific === 'allow') ? true : false;
$this->accessStages[$this->uniqueIdKeyString]['__result'] = $options['check_level'];
return $this->accessStages[$this->uniqueIdKeyString][$options['check_level']];
}

if(empty($decisionStrength) === false) {
$this->accessStages[$accessIdKey]['__result'] = $options['check_level'];
return $this->accessStages[$accessIdKey][$options['check_level']] = $decisionStrength[max(array_keys($decisionStrength))];
$this->accessStages[$this->uniqueIdKeyString]['__result'] = $options['check_level'];
return $this->accessStages[$this->uniqueIdKeyString][$options['check_level']] = $decisionStrength[max(array_keys($decisionStrength))];
}

return $isAccess;
Expand Down Expand Up @@ -1437,8 +1442,8 @@ protected function collectParentZones($accessZone, $allowDenyList, $intialAccess
*---------------------------------------------------------------- */
protected function detailsFormat($isAccess, $accessIdKey, $options = []) {

if(!empty($this->accessStages[$accessIdKey])) {
$itemData = array_pull($this->accessStages[$accessIdKey], '__data');
if(!empty($this->accessStages[$this->uniqueIdKeyString])) {
$itemData = array_pull($this->accessStages[$this->uniqueIdKeyString], '__data');

if(is_array($itemData) and !empty($itemData)) {
$options = array_merge($options, $itemData);
Expand All @@ -1463,9 +1468,9 @@ protected function detailsFormat($isAccess, $accessIdKey, $options = []) {
$conditionsIfAny = [];
$conditionResult = null;

$resultBy = ifIsset($this->accessStages[$accessIdKey], function() use (&$accessIdKey, &$conditionsIfAny, &$conditionResult) {
$conditionsIfAny = array_pull($this->accessStages[$accessIdKey], '__conditions');
return array_pull($this->accessStages[$accessIdKey], '__result');
$resultBy = ifIsset($this->accessStages[$this->uniqueIdKeyString], function() use (&$accessIdKey, &$conditionsIfAny, &$conditionResult) {
$conditionsIfAny = array_pull($this->accessStages[$this->uniqueIdKeyString], '__conditions');
return array_pull($this->accessStages[$this->uniqueIdKeyString], '__result');
}, null);

if(! empty($conditionsIfAny)) {
Expand All @@ -1475,7 +1480,7 @@ protected function detailsFormat($isAccess, $accessIdKey, $options = []) {
$parentLevel = null;
// find parent level item
if($resultBy ) {
foreach (array_reverse($this->accessStages[$accessIdKey]) as $key => $value) {
foreach (array_reverse($this->accessStages[$this->uniqueIdKeyString]) as $key => $value) {
$levelKeyId = $this->checkLevels[$key];
$resultKeyId = $this->checkLevels[$resultBy];
if(($levelKeyId < $resultKeyId) and !$parentLevel) {
Expand All @@ -1497,7 +1502,7 @@ protected function detailsFormat($isAccess, $accessIdKey, $options = []) {
'upper_level' => $parentLevel,
'condition_result_by' => $conditionResult,
'conditions_checked' => $conditionsIfAny,
'levels_checked' => ifIsset($this->accessStages[$accessIdKey], true, []),
'levels_checked' => ifIsset($this->accessStages[$this->uniqueIdKeyString], true, []),
'access_id_key' => $accessIdKey,
'title' => ifIsset($options['title'], true, null),
'is_public' => isset($options['is_public']) ? $options['is_public'] : false,
Expand Down Expand Up @@ -1551,6 +1556,7 @@ private function initialize() {
$this->currentRouteAccessId = null;
// $this->roleIdentified = null;
// $this->userIdentified = null;
$this->userPermissions = [];
}

/**
Expand Down

0 comments on commit d57e035

Please sign in to comment.