Skip to content

Commit d57e035

Browse files
vinodrautvinodraut
committedFeb 20, 2019
Critical issue fixed for permission inheritance from last user permission
·
2.9.162.9.7
1 parent 4f18f8a commit d57e035

File tree

1 file changed

+35
-29
lines changed

1 file changed

+35
-29
lines changed
 

‎src/YesAuthority.php

+35-29
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ class YesAuthority
101101
protected $accessResultContainer = [];
102102

103103
protected $defaultAllowedAccessIds = [];
104+
protected $uniqueIdKeyString = null;
104105

105106
/**
106107
* Constructor
@@ -259,6 +260,7 @@ protected function configure($requestForUserId = null, $options = [])
259260
$this->userPermissions = array_merge($this->userPermissions, $rawUserPermissions);
260261
}
261262
}
263+
262264
}
263265

264266
if($this->accessScope === 'role') {
@@ -510,10 +512,13 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti
510512
$this->initialize();
511513
return $accessResultArray;
512514
}
515+
516+
$this->uniqueIdKeyString = $this->generateUniqueIdKeyString($accessIdKey, $requestForUserId, $options);
517+
513518
// try to retrive already checked item
514519
$existingUniqueIdItem = array_get(
515520
$this->accessResultContainer,
516-
$this->uniqueIdKeyString($accessIdKey, $requestForUserId, $options),
521+
$this->uniqueIdKeyString,
517522
null
518523
);
519524
// if found return that same
@@ -591,9 +596,9 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti
591596

592597
return $this->processResult($accessIdKey, $requestForUserId, $wildCardResult, $options);
593598
}
594-
595-
if(!isset($this->accessStages[$accessIdKey])) {
596-
$this->accessStages[$accessIdKey] = [];
599+
600+
if(!isset($this->accessStages[$this->uniqueIdKeyString])) {
601+
$this->accessStages[$this->uniqueIdKeyString] = [];
597602
}
598603

599604
if(array_get($this->permissions, 'rules.base')) {
@@ -644,7 +649,7 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti
644649
);
645650
}
646651
}
647-
652+
648653
if($this->performLevelChecks(4)) {
649654
if($this->userPermissions and !empty($this->userPermissions)) {
650655
// check for permissions using user custom permissions
@@ -750,8 +755,8 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti
750755
);
751756

752757
if((is_bool($entityConditionIsAccess) === true)) {
753-
$this->accessStages[$accessIdKey]['__result'] = 'ENTITY_CONDITION';
754-
$isAccess = $this->accessStages[$accessIdKey]['ENTITY_CONDITION'] = $entityConditionIsAccess;
758+
$this->accessStages[$this->uniqueIdKeyString]['__result'] = 'ENTITY_CONDITION';
759+
$isAccess = $this->accessStages[$this->uniqueIdKeyString]['ENTITY_CONDITION'] = $entityConditionIsAccess;
755760
}
756761
}
757762
}
@@ -811,18 +816,18 @@ public function check($accessIdKey = null, $requestForUserId = null, array $opti
811816
// expect boolean
812817
if(($isMatchFound === true) and $uses and (is_bool($isConditionalAccess) === true)) {
813818

814-
if(! isset($this->accessStages[$accessIdKey]['__conditions'])) {
815-
$this->accessStages[$accessIdKey]['__conditions'] = [];
819+
if(! isset($this->accessStages[$this->uniqueIdKeyString]['__conditions'])) {
820+
$this->accessStages[$this->uniqueIdKeyString]['__conditions'] = [];
816821
}
817822

818-
$this->accessStages[$accessIdKey]['__result'] = 'CONDITIONS';
819-
$name = (array_key_exists($name, $this->accessStages[$accessIdKey]['__conditions']))
823+
$this->accessStages[$this->uniqueIdKeyString]['__result'] = 'CONDITIONS';
824+
$name = (array_key_exists($name, $this->accessStages[$this->uniqueIdKeyString]['__conditions']))
820825
? $name.'_'.$index : $name;
821826

822-
$this->accessStages[$accessIdKey]['__conditions']['__result'] = $name;
823-
$this->accessStages[$accessIdKey]['__conditions'][$name] = $isConditionalAccess;
827+
$this->accessStages[$this->uniqueIdKeyString]['__conditions']['__result'] = $name;
828+
$this->accessStages[$this->uniqueIdKeyString]['__conditions'][$name] = $isConditionalAccess;
824829

825-
$isAccess = $this->accessStages[$accessIdKey]['CONDITIONS'] = $isConditionalAccess;
830+
$isAccess = $this->accessStages[$this->uniqueIdKeyString]['CONDITIONS'] = $isConditionalAccess;
826831
}
827832

828833
}
@@ -878,7 +883,7 @@ protected function processResult($accessIdKey, $requestForUserId, $accessIdKeyRe
878883
if(is_string($accessIdKey)) {
879884

880885
$this->accessResultContainer[
881-
$this->uniqueIdKeyString($accessIdKey, $requestForUserId, $options)
886+
$this->uniqueIdKeyString
882887
] = [
883888
'access_id_key' => $accessIdKey,
884889
'result' => $accessIdKeyResult,
@@ -900,7 +905,7 @@ protected function processResult($accessIdKey, $requestForUserId, $accessIdKeyRe
900905
*
901906
* @return mixed
902907
*---------------------------------------------------------------- */
903-
protected function uniqueIdKeyString($accessIdKey, $requestForUserId, $options = [])
908+
protected function generateUniqueIdKeyString($accessIdKey, $requestForUserId, $options = [])
904909
{
905910
return strtolower(str_replace('.', '_', $accessIdKey)
906911
. '_'
@@ -1371,7 +1376,7 @@ protected function performChecks($initialAccess, $accessIdKey, $accessList, $den
13711376
}
13721377

13731378
if(is_array($this->dynamicAccessZones) and array_key_exists($accessIdKey, $this->dynamicAccessZones)) {
1374-
$this->accessStages[$accessIdKey]['__data'] = [
1379+
$this->accessStages[$this->uniqueIdKeyString]['__data'] = [
13751380
'is_zone' => true,
13761381
'title' => array_get($this->dynamicAccessZones[$accessIdKey], 'title'),
13771382
'dependencies' => array_get($this->dynamicAccessZones[$accessIdKey], 'dependencies'),
@@ -1382,14 +1387,14 @@ protected function performChecks($initialAccess, $accessIdKey, $accessList, $den
13821387

13831388
// if it specific item then its important
13841389
if($specific) {
1385-
$this->accessStages[$accessIdKey][$options['check_level']] = ($specific === 'allow') ? true : false;
1386-
$this->accessStages[$accessIdKey]['__result'] = $options['check_level'];
1387-
return $this->accessStages[$accessIdKey][$options['check_level']];
1390+
$this->accessStages[$this->uniqueIdKeyString][$options['check_level']] = ($specific === 'allow') ? true : false;
1391+
$this->accessStages[$this->uniqueIdKeyString]['__result'] = $options['check_level'];
1392+
return $this->accessStages[$this->uniqueIdKeyString][$options['check_level']];
13881393
}
13891394

13901395
if(empty($decisionStrength) === false) {
1391-
$this->accessStages[$accessIdKey]['__result'] = $options['check_level'];
1392-
return $this->accessStages[$accessIdKey][$options['check_level']] = $decisionStrength[max(array_keys($decisionStrength))];
1396+
$this->accessStages[$this->uniqueIdKeyString]['__result'] = $options['check_level'];
1397+
return $this->accessStages[$this->uniqueIdKeyString][$options['check_level']] = $decisionStrength[max(array_keys($decisionStrength))];
13931398
}
13941399

13951400
return $isAccess;
@@ -1437,8 +1442,8 @@ protected function collectParentZones($accessZone, $allowDenyList, $intialAccess
14371442
*---------------------------------------------------------------- */
14381443
protected function detailsFormat($isAccess, $accessIdKey, $options = []) {
14391444

1440-
if(!empty($this->accessStages[$accessIdKey])) {
1441-
$itemData = array_pull($this->accessStages[$accessIdKey], '__data');
1445+
if(!empty($this->accessStages[$this->uniqueIdKeyString])) {
1446+
$itemData = array_pull($this->accessStages[$this->uniqueIdKeyString], '__data');
14421447

14431448
if(is_array($itemData) and !empty($itemData)) {
14441449
$options = array_merge($options, $itemData);
@@ -1463,9 +1468,9 @@ protected function detailsFormat($isAccess, $accessIdKey, $options = []) {
14631468
$conditionsIfAny = [];
14641469
$conditionResult = null;
14651470

1466-
$resultBy = ifIsset($this->accessStages[$accessIdKey], function() use (&$accessIdKey, &$conditionsIfAny, &$conditionResult) {
1467-
$conditionsIfAny = array_pull($this->accessStages[$accessIdKey], '__conditions');
1468-
return array_pull($this->accessStages[$accessIdKey], '__result');
1471+
$resultBy = ifIsset($this->accessStages[$this->uniqueIdKeyString], function() use (&$accessIdKey, &$conditionsIfAny, &$conditionResult) {
1472+
$conditionsIfAny = array_pull($this->accessStages[$this->uniqueIdKeyString], '__conditions');
1473+
return array_pull($this->accessStages[$this->uniqueIdKeyString], '__result');
14691474
}, null);
14701475

14711476
if(! empty($conditionsIfAny)) {
@@ -1475,7 +1480,7 @@ protected function detailsFormat($isAccess, $accessIdKey, $options = []) {
14751480
$parentLevel = null;
14761481
// find parent level item
14771482
if($resultBy ) {
1478-
foreach (array_reverse($this->accessStages[$accessIdKey]) as $key => $value) {
1483+
foreach (array_reverse($this->accessStages[$this->uniqueIdKeyString]) as $key => $value) {
14791484
$levelKeyId = $this->checkLevels[$key];
14801485
$resultKeyId = $this->checkLevels[$resultBy];
14811486
if(($levelKeyId < $resultKeyId) and !$parentLevel) {
@@ -1497,7 +1502,7 @@ protected function detailsFormat($isAccess, $accessIdKey, $options = []) {
14971502
'upper_level' => $parentLevel,
14981503
'condition_result_by' => $conditionResult,
14991504
'conditions_checked' => $conditionsIfAny,
1500-
'levels_checked' => ifIsset($this->accessStages[$accessIdKey], true, []),
1505+
'levels_checked' => ifIsset($this->accessStages[$this->uniqueIdKeyString], true, []),
15011506
'access_id_key' => $accessIdKey,
15021507
'title' => ifIsset($options['title'], true, null),
15031508
'is_public' => isset($options['is_public']) ? $options['is_public'] : false,
@@ -1551,6 +1556,7 @@ private function initialize() {
15511556
$this->currentRouteAccessId = null;
15521557
// $this->roleIdentified = null;
15531558
// $this->userIdentified = null;
1559+
$this->userPermissions = [];
15541560
}
15551561

15561562
/**

0 commit comments

Comments
 (0)
Please sign in to comment.