From cf14306c2b3f82a81f8d56669a71633b4d4b5fce Mon Sep 17 00:00:00 2001
From: marvin-borner@live.com
Date: Mon, 16 Apr 2018 21:09:05 +0200
Subject: Main merge to user management system - files are now at /main/public/

---
 .../src/Authorize/AccessConditionExpression.php    | 139 +++++++++++++++++++++
 1 file changed, 139 insertions(+)
 create mode 100755 main/app/sprinkles/account/src/Authorize/AccessConditionExpression.php

(limited to 'main/app/sprinkles/account/src/Authorize/AccessConditionExpression.php')

diff --git a/main/app/sprinkles/account/src/Authorize/AccessConditionExpression.php b/main/app/sprinkles/account/src/Authorize/AccessConditionExpression.php
new file mode 100755
index 0000000..dd5647e
--- /dev/null
+++ b/main/app/sprinkles/account/src/Authorize/AccessConditionExpression.php
@@ -0,0 +1,139 @@
+<?php
+/**
+ * UserFrosting (http://www.userfrosting.com)
+ *
+ * @link      https://github.com/userfrosting/UserFrosting
+ * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
+ */
+namespace UserFrosting\Sprinkle\Account\Authorize;
+
+use Monolog\Logger;
+use PhpParser\Lexer\Emulative as EmulativeLexer;
+use PhpParser\Node;
+use PhpParser\NodeTraverser;
+use PhpParser\Parser as Parser;
+use PhpParser\PrettyPrinter\Standard as StandardPrettyPrinter;
+use PhpParser\Error as PhpParserException;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use UserFrosting\Sprinkle\Account\Database\Models\User;
+
+/**
+ * AccessConditionExpression class
+ *
+ * This class models the evaluation of an authorization condition expression, as associated with permissions.
+ * A condition is built as a boolean expression composed of AccessCondition method calls.
+ *
+ * @author Alex Weissman (https://alexanderweissman.com)
+ */
+class AccessConditionExpression
+{
+    /**
+     * @var User A user object, which for convenience can be referenced as 'self' in access conditions.
+     */
+    protected $user;
+
+    /**
+     * @var ParserNodeFunctionEvaluator The node visitor, which evaluates access condition callbacks used in a permission condition.
+     */
+    protected $nodeVisitor;
+
+    /**
+     * @var \PhpParser\Parser The PhpParser object to use (initialized in the ctor)
+     */
+    protected $parser;
+
+    /**
+     * @var NodeTraverser The NodeTraverser object to use (initialized in the ctor)
+     */
+    protected $traverser;
+
+    /**
+     * @var StandardPrettyPrinter The PrettyPrinter object to use (initialized in the ctor)
+     */
+    protected $prettyPrinter;
+
+    /**
+     * @var Logger
+     */
+    protected $logger;
+
+    /**
+     * @var bool Set to true if you want debugging information printed to the auth log.
+     */
+    protected $debug;
+
+    /**
+     * Create a new AccessConditionExpression object.
+     *
+     * @param User $user A user object, which for convenience can be referenced as 'self' in access conditions.
+     * @param Logger $logger A Monolog logger, used to dump debugging info for authorization evaluations.
+     * @param bool $debug Set to true if you want debugging information printed to the auth log.
+     */
+    public function __construct(ParserNodeFunctionEvaluator $nodeVisitor, User $user, Logger $logger, $debug = false)
+    {
+        $this->nodeVisitor   = $nodeVisitor;
+        $this->user          = $user;
+        $this->parser        = new Parser(new EmulativeLexer);
+        $this->traverser     = new NodeTraverser;
+        $this->traverser->addVisitor($nodeVisitor);
+        $this->prettyPrinter = new StandardPrettyPrinter;
+        $this->logger        = $logger;
+        $this->debug = $debug;
+    }
+
+    /**
+     * Evaluates a condition expression, based on the given parameters.
+     *
+     * The special parameter `self` is an array of the current user's data.
+     * This get included automatically, and so does not need to be passed in.
+     * @param string $condition a boolean expression composed of calls to AccessCondition functions.
+     * @param array[mixed] $params the parameters to be used when evaluating the expression.
+     * @return bool true if the condition is passed for the given parameters, otherwise returns false.
+     */
+    public function evaluateCondition($condition, $params)
+    {
+        // Set the reserved `self` parameters.
+        // This replaces any values of `self` specified in the arguments, thus preventing them from being overridden in malicious user input.
+        // (For example, from an unfiltered request body).
+        $params['self'] = $this->user->export();
+
+        $this->nodeVisitor->setParams($params);
+
+        $code = "<?php $condition;";
+
+        if ($this->debug) {
+            $this->logger->debug("Evaluating access condition '$condition' with parameters:", $params);
+        }
+
+        // Traverse the parse tree, and execute any callbacks found using the supplied parameters.
+        // Replace the function node with the return value of the callback.
+        try {
+            // parse
+            $stmts = $this->parser->parse($code);
+
+            // traverse
+            $stmts = $this->traverser->traverse($stmts);
+
+            // Evaluate boolean statement.  It is safe to use eval() here, because our expression has been reduced entirely to a boolean expression.
+            $expr = $this->prettyPrinter->prettyPrintExpr($stmts[0]);
+            $expr_eval = "return " . $expr . ";\n";
+            $result = eval($expr_eval);
+
+            if ($this->debug) {
+                $this->logger->debug("Expression '$expr' evaluates to " . ($result == true ? "true" : "false"));
+            }
+
+            return $result;
+        } catch (PhpParserException $e) {
+            if ($this->debug) {
+                $this->logger->debug("Error parsing access condition '$condition':" . $e->getMessage());
+            }
+            return false;   // Access fails if the access condition can't be parsed.
+        } catch (AuthorizationException $e) {
+            if ($this->debug) {
+                $this->logger->debug("Error parsing access condition '$condition':" . $e->getMessage());
+            }
+            return false;
+        }
+    }
+}
-- 
cgit v1.2.3