Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 54
0.00% covered (danger)
0.00%
0 / 4
 CRAP
0.00% covered (danger)
0.00%
0 / 1
DynamicRoleProviderFactory
0.00% covered (danger)
0.00%
0 / 54
0.00% covered (danger)
0.00%
0 / 4
 420
0.00% covered (danger)
0.00%
0 / 1
 __invoke
0.00% covered (danger)
0.00%
0 / 5
0.00% covered (danger)
0.00%
0 / 1
 2
 getPermissionConfiguration
0.00% covered (danger)
0.00%
0 / 7
0.00% covered (danger)
0.00%
0 / 1
 12
 addLegacySettings
0.00% covered (danger)
0.00%
0 / 37
0.00% covered (danger)
0.00%
0 / 1
 156
 permissionDefined
0.00% covered (danger)
0.00%
0 / 5
0.00% covered (danger)
0.00%
0 / 1
 20
1<?php
2
3/**
4 * VuFind dynamic role provider factory.
5 *
6 * PHP version 8
7 *
8 * Copyright (C) Villanova University 2007.
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2,
12 * as published by the Free Software Foundation.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
22 *
23 * @category VuFind
24 * @package  Authorization
25 * @author   Demian Katz <demian.katz@villanova.edu>
26 * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
27 * @link     https://vufind.org Main Page
28 */
29
30namespace VuFind\Role;
31
32use Laminas\ServiceManager\Config;
33use Laminas\ServiceManager\Factory\FactoryInterface;
34use Psr\Container\ContainerInterface;
35
36use function in_array;
37
38/**
39 * VuFind dynamic role provider factory.
40 *
41 * @category VuFind
42 * @package  Authorization
43 * @author   Demian Katz <demian.katz@villanova.edu>
44 * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
45 * @link     https://vufind.org Main Page
46 */
47class DynamicRoleProviderFactory implements FactoryInterface
48{
49    /**
50     * Create service
51     *
52     * @param ContainerInterface $container Service container
53     * @param string             $name      Requested service name (unused)
54     * @param array              $options   Extra options (unused)
55     *
56     * @return object
57     *
58     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
59     */
60    public function __invoke(ContainerInterface $container, $name, array $options = null)
61    {
62        $config = $container->get('config');
63        return new $name(
64            $container->get(PermissionProvider\PluginManager::class),
65            $this->getPermissionConfiguration($container, $config['lmc_rbac'])
66        );
67    }
68
69    /**
70     * Get a configuration array.
71     *
72     * @param ContainerInterface $container  Service container
73     * @param array              $rbacConfig LmcRbacMvc configuration
74     *
75     * @return array
76     */
77    protected function getPermissionConfiguration(
78        ContainerInterface $container,
79        array $rbacConfig
80    ) {
81        // Get role provider settings from the LmcRbacMvc configuration:
82        $config = $rbacConfig['role_provider']['VuFind\Role\DynamicRoleProvider'];
83
84        // Load the permissions:
85        $configLoader = $container->get(\VuFind\Config\PluginManager::class);
86        $permissions = $configLoader->get('permissions')->toArray();
87
88        // If we're configured to map legacy settings, do so now:
89        if (
90            isset($config['map_legacy_settings'])
91            && $config['map_legacy_settings']
92        ) {
93            $permissions = $this->addLegacySettings($configLoader, $permissions);
94        }
95
96        return $permissions;
97    }
98
99    /**
100     * Map legacy VuFind settings into the permissions.ini setup.
101     *
102     * @param \VuFind\Config\PluginManager $loader      Config loader
103     * @param array                        $permissions Permissions to update
104     *
105     * @return array
106     */
107    protected function addLegacySettings(
108        \VuFind\Config\PluginManager $loader,
109        array $permissions
110    ) {
111        // Add admin settings if they are absent:
112        if (!$this->permissionDefined($permissions, 'access.AdminModule')) {
113            $config = $loader->get('config')->toArray();
114            $permissions['legacy.AdminModule'] = [];
115            if (isset($config['AdminAuth']['ipRegEx'])) {
116                $permissions['legacy.AdminModule']['ipRegEx']
117                    = $config['AdminAuth']['ipRegEx'];
118            }
119            if (isset($config['AdminAuth']['userWhitelist'])) {
120                $permissions['legacy.AdminModule']['username']
121                    = $config['AdminAuth']['userWhitelist'];
122            }
123            // If no settings exist in config.ini, we grant access to everyone
124            // by allowing both logged-in and logged-out roles.
125            if (empty($permissions['legacy.AdminModule'])) {
126                $permissions['legacy.AdminModule']['role'] = ['guest', 'loggedin'];
127            }
128            $permissions['legacy.AdminModule']['permission'] = 'access.AdminModule';
129        }
130
131        // Add staff view setting it they are absent:
132        if (!$this->permissionDefined($permissions, 'access.StaffViewTab')) {
133            $permissions['legacy.StaffViewTab']['role'] = ['guest', 'loggedin'];
134            $permissions['legacy.StaffViewTab']['permission']
135                = 'access.StaffViewTab';
136        }
137
138        // Add EIT settings if they are absent:
139        if (!$this->permissionDefined($permissions, 'access.EITModule')) {
140            $permissions['legacy.EITModule'] = [
141                'role' => 'loggedin',
142                'permission' => 'access.EITModule',
143            ];
144        }
145
146        // Add Summon settings if they are absent:
147        // Check based on login status
148        $defined = $this
149            ->permissionDefined($permissions, 'access.SummonExtendedResults');
150        if (!$defined) {
151            $config = $loader->get('Summon');
152            $permissions['legacy.SummonExtendedResults'] = [];
153            if (isset($config->Auth->check_login) && $config->Auth->check_login) {
154                $permissions['legacy.SummonExtendedResults']['role'] = ['loggedin'];
155            }
156            if (isset($config->Auth->ip_range)) {
157                $permissions['legacy.SummonExtendedResults']['ipRegEx']
158                    = $config->Auth->ip_range;
159            }
160            if (!empty($permissions['legacy.SummonExtendedResults'])) {
161                $permissions['legacy.SummonExtendedResults']['require'] = 'ANY';
162                $permissions['legacy.SummonExtendedResults']['permission']
163                    = 'access.SummonExtendedResults';
164            } else {
165                unset($permissions['legacy.SummonExtendedResults']);
166            }
167        }
168
169        return $permissions;
170    }
171
172    /**
173     * Is the specified permission already defined in the provided configuration?
174     *
175     * @param array  $config     Configuration
176     * @param string $permission Permission to check
177     *
178     * @return bool
179     */
180    protected function permissionDefined(array $config, $permission)
181    {
182        foreach ($config as $current) {
183            if (
184                isset($current['permission'])
185                && in_array($permission, (array)$current['permission'])
186            ) {
187                return true;
188            }
189        }
190        return false;
191    }
192}