Code Coverage for /opt/jenkins/jobs/VuFind/workspace/module/VuFind/src/VuFind/Role/DynamicRoleProviderFactory.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 60	0.00% covered (danger)	0.00%	0 / 5	CRAP	0.00% covered (danger)	0.00%	0 / 1
DynamicRoleProviderFactory	0.00% covered (danger)	0.00%	0 / 60	0.00% covered (danger)	0.00%	0 / 5	462	0.00% covered (danger)	0.00%	0 / 1
__invoke	0.00% covered (danger)	0.00%	0 / 6	0.00% covered (danger)	0.00%	0 / 1	2
getPermissionProviderPluginManager	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	2
getPermissionConfiguration	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	12
addLegacySettings	0.00% covered (danger)	0.00%	0 / 37	0.00% covered (danger)	0.00%	0 / 1	156
permissionDefined	0.00% covered (danger)	0.00%	0 / 5	0.00% covered (danger)	0.00%	0 / 1	20

1	<?php
2
3	/**
4	* VuFind dynamic role provider factory.
5	*
6	* PHP version 8
7	*
8	* Copyright (C) Villanova University 2007.
9	*
10	* This program is free software; you can redistribute it and/or modify
11	* it under the terms of the GNU General Public License version 2,
12	* as published by the Free Software Foundation.
13	*
14	* This program is distributed in the hope that it will be useful,
15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	* GNU General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this program; if not, write to the Free Software
21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22	*
23	* @category VuFind
24	* @package Authorization
25	* @author Demian Katz <demian.katz@villanova.edu>
26	* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
27	* @link https://vufind.org Main Page
28	*/
29
30	namespace VuFind\Role;
31
32	use Laminas\ServiceManager\Config;
33	use Laminas\ServiceManager\Factory\FactoryInterface;
34	use Psr\Container\ContainerInterface;
35
36	use function in_array;
37
38	/**
39	* VuFind dynamic role provider factory.
40	*
41	* @category VuFind
42	* @package Authorization
43	* @author Demian Katz <demian.katz@villanova.edu>
44	* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
45	* @link https://vufind.org Main Page
46	*/
47	class DynamicRoleProviderFactory implements FactoryInterface
48	{
49	/**
50	* Create service
51	*
52	* @param ContainerInterface $sm Service manager
53	* @param string $name Requested service name (unused)
54	* @param array $options Extra options (unused)
55	*
56	* @return object
57	*
58	* @SuppressWarnings(PHPMD.UnusedFormalParameter)
59	*/
60	public function __invoke(ContainerInterface $sm, $name, array $options = null)
61	{
62	$config = $sm->get('config');
63	$rbacConfig = $config['lmc_rbac'];
64	return new $name(
65	$this->getPermissionProviderPluginManager($sm, $rbacConfig),
66	$this->getPermissionConfiguration($sm, $rbacConfig)
67	);
68	}
69
70	/**
71	* Create the supporting plugin manager.
72	*
73	* @param ContainerInterface $serviceLocator Service locator
74	* @param array $rbacConfig LmcRbacMvc configuration
75	*
76	* @return PermissionProviderPluginManager
77	*/
78	protected function getPermissionProviderPluginManager(
79	ContainerInterface $serviceLocator,
80	array $rbacConfig
81	) {
82	$pm = new PermissionProvider\PluginManager(
83	$serviceLocator,
84	$rbacConfig['vufind_permission_provider_manager']
85	);
86	return $pm;
87	}
88
89	/**
90	* Get a configuration array.
91	*
92	* @param ContainerInterface $serviceLocator Service locator
93	* @param array $rbacConfig LmcRbacMvc configuration
94	*
95	* @return array
96	*/
97	protected function getPermissionConfiguration(
98	ContainerInterface $serviceLocator,
99	array $rbacConfig
100	) {
101	// Get role provider settings from the LmcRbacMvc configuration:
102	$config = $rbacConfig['role_provider']['VuFind\Role\DynamicRoleProvider'];
103
104	// Load the permissions:
105	$configLoader = $serviceLocator->get(\VuFind\Config\PluginManager::class);
106	$permissions = $configLoader->get('permissions')->toArray();
107
108	// If we're configured to map legacy settings, do so now:
109	if (
110	isset($config['map_legacy_settings'])
111	&& $config['map_legacy_settings']
112	) {
113	$permissions = $this->addLegacySettings($configLoader, $permissions);
114	}
115
116	return $permissions;
117	}
118
119	/**
120	* Map legacy VuFind settings into the permissions.ini setup.
121	*
122	* @param \VuFind\Config\PluginManager $loader Config loader
123	* @param array $permissions Permissions to update
124	*
125	* @return array
126	*/
127	protected function addLegacySettings(
128	\VuFind\Config\PluginManager $loader,
129	array $permissions
130	) {
131	// Add admin settings if they are absent:
132	if (!$this->permissionDefined($permissions, 'access.AdminModule')) {
133	$config = $loader->get('config')->toArray();
134	$permissions['legacy.AdminModule'] = [];
135	if (isset($config['AdminAuth']['ipRegEx'])) {
136	$permissions['legacy.AdminModule']['ipRegEx']
137	= $config['AdminAuth']['ipRegEx'];
138	}
139	if (isset($config['AdminAuth']['userWhitelist'])) {
140	$permissions['legacy.AdminModule']['username']
141	= $config['AdminAuth']['userWhitelist'];
142	}
143	// If no settings exist in config.ini, we grant access to everyone
144	// by allowing both logged-in and logged-out roles.
145	if (empty($permissions['legacy.AdminModule'])) {
146	$permissions['legacy.AdminModule']['role'] = ['guest', 'loggedin'];
147	}
148	$permissions['legacy.AdminModule']['permission'] = 'access.AdminModule';
149	}
150
151	// Add staff view setting it they are absent:
152	if (!$this->permissionDefined($permissions, 'access.StaffViewTab')) {
153	$permissions['legacy.StaffViewTab']['role'] = ['guest', 'loggedin'];
154	$permissions['legacy.StaffViewTab']['permission']
155	= 'access.StaffViewTab';
156	}
157
158	// Add EIT settings if they are absent:
159	if (!$this->permissionDefined($permissions, 'access.EITModule')) {
160	$permissions['legacy.EITModule'] = [
161	'role' => 'loggedin',
162	'permission' => 'access.EITModule',
163	];
164	}
165
166	// Add Summon settings if they are absent:
167	// Check based on login status
168	$defined = $this
169	->permissionDefined($permissions, 'access.SummonExtendedResults');
170	if (!$defined) {
171	$config = $loader->get('Summon');
172	$permissions['legacy.SummonExtendedResults'] = [];
173	if (isset($config->Auth->check_login) && $config->Auth->check_login) {
174	$permissions['legacy.SummonExtendedResults']['role'] = ['loggedin'];
175	}
176	if (isset($config->Auth->ip_range)) {
177	$permissions['legacy.SummonExtendedResults']['ipRegEx']
178	= $config->Auth->ip_range;
179	}
180	if (!empty($permissions['legacy.SummonExtendedResults'])) {
181	$permissions['legacy.SummonExtendedResults']['require'] = 'ANY';
182	$permissions['legacy.SummonExtendedResults']['permission']
183	= 'access.SummonExtendedResults';
184	} else {
185	unset($permissions['legacy.SummonExtendedResults']);
186	}
187	}
188
189	return $permissions;
190	}
191
192	/**
193	* Is the specified permission already defined in the provided configuration?
194	*
195	* @param array $config Configuration
196	* @param string $permission Permission to check
197	*
198	* @return bool
199	*/
200	protected function permissionDefined(array $config, $permission)
201	{
202	foreach ($config as $current) {
203	if (
204	isset($current['permission'])
205	&& in_array($permission, (array)$current['permission'])
206	) {
207	return true;
208	}
209	}
210	return false;
211	}
212	}