Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | |
0.00% |
0 / 1 |
|
0.00% |
0 / 4 |
CRAP | |
0.00% |
0 / 24 |
| CheckPermissions | |
0.00% |
0 / 1 |
|
0.00% |
0 / 4 |
156 | |
0.00% |
0 / 24 |
| handle | |
0.00% |
0 / 1 |
42 | |
0.00% |
0 / 12 |
|||
| retrieveUserId | |
0.00% |
0 / 1 |
12 | |
0.00% |
0 / 6 |
|||
| check | |
0.00% |
0 / 1 |
6 | |
0.00% |
0 / 4 |
|||
| isSystemCall | |
0.00% |
0 / 1 |
2 | |
0.00% |
0 / 2 |
|||
| 1 | <?php |
| 2 | |
| 3 | namespace Qmp\Laravel\Acls\Middleware; |
| 4 | |
| 5 | use Illuminate\Http\Response; |
| 6 | use Illuminate\Support\Facades\Log; |
| 7 | use Illuminate\Support\Facades\Request; |
| 8 | use Qmp\Laravel\Acls\Client\Client as AclsClient; |
| 9 | use Qmp\Laravel\Acls\Exceptions\RolePermissionException; |
| 10 | use Qmp\Laravel\Acls\Facades\Permission; |
| 11 | use Closure; |
| 12 | use Qmp\Laravel\MicroService\Client\Client as ServiceClient; |
| 13 | use \Qmp\Laravel\MicroService\Client\Tools\Request as ClientRequest; |
| 14 | |
| 15 | class CheckPermissions |
| 16 | { |
| 17 | const ACLS_CONTAINER = 'service_acls'; |
| 18 | |
| 19 | const SERVICE_NAME_ACLS = 'service-acls-laravel'; |
| 20 | |
| 21 | const SERVICE_NAME_API_GATEWAY = 'service-api-gateway-laravel'; |
| 22 | |
| 23 | /** |
| 24 | * @param $request |
| 25 | * @param Closure $next |
| 26 | * @param $permissions |
| 27 | * @param bool $all |
| 28 | * @return $this|mixed |
| 29 | */ |
| 30 | public function handle($request, Closure $next, $permissions, $all = false) |
| 31 | { |
| 32 | try { |
| 33 | if (!$this->isSystemCall($request)) { |
| 34 | if ($all !== false && $all === 'true') { |
| 35 | $all = true; |
| 36 | } |
| 37 | |
| 38 | $container = config('micro-services.name'); |
| 39 | $userId = $this->retrieveUserId($request, $container); |
| 40 | $this->check($container, $userId, $permissions, $all); |
| 41 | } |
| 42 | } catch(RolePermissionException $e) { |
| 43 | Log::debug('check permision refused:' . var_export(['message' => $e->getMessage(), 'line' => $e->getLine(), 'file' => $e->getFile()], true)); |
| 44 | if (Request::is('api*')) { |
| 45 | return response()->json(['status' => 'ko', 'route' => $permissions])->setStatusCode(424); |
| 46 | } |
| 47 | |
| 48 | return response(view('errors.403'), 403); |
| 49 | } |
| 50 | |
| 51 | return $next($request); |
| 52 | } |
| 53 | |
| 54 | private function retrieveUserId($request, $container) |
| 55 | { |
| 56 | $userId = $container === self::SERVICE_NAME_API_GATEWAY |
| 57 | ? $request->auth_user_id |
| 58 | : $request->header(ServiceClient::KEYWORD_HEADER_REQUEST); |
| 59 | if (!isset($userId)) { |
| 60 | throw new RolePermissionException('User is not setted !'); |
| 61 | } |
| 62 | |
| 63 | return $userId; |
| 64 | } |
| 65 | |
| 66 | private function check($container, $userId, $permissions, $all) |
| 67 | { |
| 68 | if ($container === self::SERVICE_NAME_ACLS) { |
| 69 | Permission::needed($userId, explode('|', $permissions), $all); |
| 70 | } else { |
| 71 | AclsClient::perm($userId, explode('|', $permissions), $all); |
| 72 | } |
| 73 | } |
| 74 | |
| 75 | private function isSystemCall($request) |
| 76 | { |
| 77 | $token = $request->header(ServiceClient::KEYWORD_HEADER_REQUEST_SYSTEM_CALL); |
| 78 | |
| 79 | return $token === env('TOKEN_SYSTEM_CALL', ''); |
| 80 | } |
| 81 | } |