firefly-iii/app/Support/Http/Api/ValidatesUserGroupTrait.php

<?php
/*
 * ValidatesUserGroupTrait.php
 * Copyright (c) 2023 james@firefly-iii.org
 *
 * This file is part of Firefly III (https://github.com/firefly-iii).
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace FireflyIII\Support\Http\Api;

use FireflyIII\Enums\UserRoleEnum;
use FireflyIII\Models\UserGroup;
use FireflyIII\Repositories\UserGroup\UserGroupRepositoryInterface;
use FireflyIII\User;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;

/**
 * Trait ValidatesUserGroupTrait
 */
trait ValidatesUserGroupTrait
{
    /**
     * @throws AuthorizationException
     * @throws AuthenticationException
     */
    protected function validateUserGroup(Request $request): UserGroup
    {
        Log::debug(sprintf('validateUserGroup: %s', static::class));
        if (!auth()->check()) {
            Log::debug('validateUserGroup: user is not logged in, return NULL.');

            throw new AuthenticationException();
        }

        /** @var User $user */
        $user        = auth()->user();
        $groupId     = 0;
        if (!$request->has('user_group_id')) {
            $groupId = $user->user_group_id;
            Log::debug(sprintf('validateUserGroup: no user group submitted, use default group #%d.', $groupId));
        }
        if ($request->has('user_group_id')) {
            $groupId = (int) $request->get('user_group_id');
            Log::debug(sprintf('validateUserGroup: user group submitted, search for memberships in group #%d.', $groupId));
        }

        /** @var UserGroupRepositoryInterface $repository */
        $repository  = app(UserGroupRepositoryInterface::class);
        $repository->setUser($user);
        $memberships = $repository->getMembershipsFromGroupId($groupId);

        if (0 === $memberships->count()) {
            Log::debug(sprintf('validateUserGroup: user has no access to group #%d.', $groupId));

            throw new AuthorizationException((string) trans('validation.no_access_group'));
        }

        // need to get the group from the membership:
        $group       = $repository->getById($groupId);
        if (null === $group) {
            Log::debug(sprintf('validateUserGroup: group #%d does not exist.', $groupId));

            throw new AuthorizationException((string) trans('validation.belongs_user_or_user_group'));
        }
        Log::debug(sprintf('validateUserGroup: validate access of user to group #%d ("%s").', $groupId, $group->title));
        $roles       = property_exists($this, 'acceptedRoles') ? $this->acceptedRoles : []; // @phpstan-ignore-line
        if (0 === count($roles)) {
            Log::debug('validateUserGroup: no roles defined, so no access.');

            throw new AuthorizationException((string) trans('validation.no_accepted_roles_defined'));
        }
        Log::debug(sprintf('validateUserGroup: have %d roles to check.', count($roles)), $roles);

        /** @var UserRoleEnum $role */
        foreach ($roles as $role) {
            if ($user->hasRoleInGroupOrOwner($group, $role)) {
                Log::debug(sprintf('validateUserGroup: User has role "%s" in group #%d, return the group.', $role->value, $groupId));

                return $group;
            }
            Log::debug(sprintf('validateUserGroup: User does NOT have role "%s" in group #%d, continue searching.', $role->value, $groupId));
        }

        Log::debug('validateUserGroup: User does NOT have enough rights to access endpoint.');

        throw new AuthorizationException((string) trans('validation.belongs_user_or_user_group'));
    }
}
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`<?php`
			`/*`
			`* ValidatesUserGroupTrait.php`
			`* Copyright (c) 2023 james@firefly-iii.org`
			`*`
			`* This file is part of Firefly III (https://github.com/firefly-iii).`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
			`*/`

			`declare(strict_types=1);`

			`namespace FireflyIII\Support\Http\Api;`

Expand API administration validation 2024-04-07 06:06:40 +02:00			`use FireflyIII\Enums\UserRoleEnum;`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`use FireflyIII\Models\UserGroup;`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`use FireflyIII\Repositories\UserGroup\UserGroupRepositoryInterface;`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`use FireflyIII\User;`
Expand API administration validation 2024-04-07 06:06:40 +02:00			`use Illuminate\Auth\Access\AuthorizationException;`
			`use Illuminate\Auth\AuthenticationException;`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`use Illuminate\Http\Request;`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`use Illuminate\Support\Facades\Log;`
Catch most exceptions. 2023-09-21 16:26:07 +02:00
First attempt at "create transaction"-form for v2 users. 2023-10-08 16:11:04 +02:00			`/**`
			`* Trait ValidatesUserGroupTrait`
			`*/`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`trait ValidatesUserGroupTrait`
			`{`
			`/**`
Expand API administration validation 2024-04-07 06:06:40 +02:00			`* @throws AuthorizationException`
			`* @throws AuthenticationException`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`*/`
Expand API administration validation 2024-04-07 06:06:40 +02:00			`protected function validateUserGroup(Request $request): UserGroup`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`{`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug(sprintf('validateUserGroup: %s', static::class));`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`if (!auth()->check()) {`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug('validateUserGroup: user is not logged in, return NULL.');`
Code cleanup. 2023-12-20 19:35:52 +01:00
Expand API administration validation 2024-04-07 06:06:40 +02:00			`throw new AuthenticationException();`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`}`
Code cleanup. 2023-12-20 19:35:52 +01:00
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`/** @var User $user */`
Auto commit for release 'develop' on 2024-04-21 2024-04-21 17:23:16 +02:00			`$user = auth()->user();`
			`$groupId = 0;`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`if (!$request->has('user_group_id')) {`
Auto commit for release 'develop' on 2024-04-07 2024-04-07 06:51:34 +02:00			`$groupId = $user->user_group_id;`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug(sprintf('validateUserGroup: no user group submitted, use default group #%d.', $groupId));`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`}`
Expand API administration validation 2024-04-07 06:06:40 +02:00			`if ($request->has('user_group_id')) {`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`$groupId = (int) $request->get('user_group_id');`
			`Log::debug(sprintf('validateUserGroup: user group submitted, search for memberships in group #%d.', $groupId));`
Expand API administration validation 2024-04-07 06:06:40 +02:00			`}`
Auto commit for release 'develop' on 2024-04-21 2024-04-21 17:23:16 +02:00
Expand accounts page. 2024-04-20 16:18:41 +02:00			`/** @var UserGroupRepositoryInterface $repository */`
Auto commit for release 'develop' on 2024-04-21 2024-04-21 17:23:16 +02:00			`$repository = app(UserGroupRepositoryInterface::class);`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`$repository->setUser($user);`
			`$memberships = $repository->getMembershipsFromGroupId($groupId);`
Auto commit for release 'develop' on 2024-04-07 2024-04-07 06:51:34 +02:00
Expand accounts page. 2024-04-20 16:18:41 +02:00			`if (0 === $memberships->count()) {`
			`Log::debug(sprintf('validateUserGroup: user has no access to group #%d.', $groupId));`
Expand API administration validation 2024-04-07 06:06:40 +02:00
Expand accounts page. 2024-04-20 16:18:41 +02:00			`throw new AuthorizationException((string) trans('validation.no_access_group'));`
Expand API administration validation 2024-04-07 06:06:40 +02:00			`}`
Code cleanup. 2023-12-20 19:35:52 +01:00
Expand API administration validation 2024-04-07 06:06:40 +02:00			`// need to get the group from the membership:`
Auto commit for release 'develop' on 2024-04-21 2024-04-21 17:23:16 +02:00			`$group = $repository->getById($groupId);`
Expand API administration validation 2024-04-07 06:06:40 +02:00			`if (null === $group) {`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug(sprintf('validateUserGroup: group #%d does not exist.', $groupId));`
Auto commit for release 'develop' on 2024-04-07 2024-04-07 06:51:34 +02:00
Expand accounts page. 2024-04-20 16:18:41 +02:00			`throw new AuthorizationException((string) trans('validation.belongs_user_or_user_group'));`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`}`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug(sprintf('validateUserGroup: validate access of user to group #%d ("%s").', $groupId, $group->title));`
Fix phpstan issues. 2024-04-23 19:40:48 +02:00			`$roles = property_exists($this, 'acceptedRoles') ? $this->acceptedRoles : []; // @phpstan-ignore-line`
Auto commit for release 'develop' on 2024-04-07 2024-04-07 06:51:34 +02:00			`if (0 === count($roles)) {`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug('validateUserGroup: no roles defined, so no access.');`
Expand API administration validation 2024-04-07 06:06:40 +02:00
Expand accounts page. 2024-04-20 16:18:41 +02:00			`throw new AuthorizationException((string) trans('validation.no_accepted_roles_defined'));`
Expand API administration validation 2024-04-07 06:06:40 +02:00			`}`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug(sprintf('validateUserGroup: have %d roles to check.', count($roles)), $roles);`
Auto commit for release 'develop' on 2024-04-07 2024-04-07 06:51:34 +02:00
Expand API administration validation 2024-04-07 06:06:40 +02:00			`/** @var UserRoleEnum $role */`
Auto commit for release 'develop' on 2024-04-07 2024-04-07 06:51:34 +02:00			`foreach ($roles as $role) {`
			`if ($user->hasRoleInGroupOrOwner($group, $role)) {`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug(sprintf('validateUserGroup: User has role "%s" in group #%d, return the group.', $role->value, $groupId));`
Auto commit for release 'develop' on 2024-04-07 2024-04-07 06:51:34 +02:00
Expand API administration validation 2024-04-07 06:06:40 +02:00			`return $group;`
			`}`
Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug(sprintf('validateUserGroup: User does NOT have role "%s" in group #%d, continue searching.', $role->value, $groupId));`
Expand API administration validation 2024-04-07 06:06:40 +02:00			`}`

Expand accounts page. 2024-04-20 16:18:41 +02:00			`Log::debug('validateUserGroup: User does NOT have enough rights to access endpoint.');`
Code cleanup. 2023-12-20 19:35:52 +01:00
Expand accounts page. 2024-04-20 16:18:41 +02:00			`throw new AuthorizationException((string) trans('validation.belongs_user_or_user_group'));`
Catch most exceptions. 2023-09-21 16:26:07 +02:00			`}`
			`}`