main/app/sprinkles/account/src/Authorize/ParserNodeFunctionEvaluator.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193

<?php
/**
 * UserFrosting (http://www.userfrosting.com)
 *
 * @link      https://github.com/userfrosting/UserFrosting
 * @license   https://github.com/userfrosting/UserFrosting/blob/master/licenses/UserFrosting.md (MIT License)
 */
namespace UserFrosting\Sprinkle\Account\Authorize;

use Monolog\Logger;
use PhpParser\Node;
use PhpParser\NodeVisitorAbstract;
use PhpParser\PrettyPrinter\Standard as StandardPrettyPrinter;

/**
 * ParserNodeFunctionEvaluator class
 *
 * This class parses access control condition expressions.
 *
 * @author Alex Weissman (https://alexanderweissman.com)
 * @see http://www.userfrosting.com/components/#authorization
 */
class ParserNodeFunctionEvaluator extends NodeVisitorAbstract
{

    /**
     * @var array[callable] An array of callback functions to be used when evaluating a condition expression.
     */
    protected $callbacks;
    /**
     * @var \PhpParser\PrettyPrinter\Standard The PrettyPrinter object to use (initialized in the ctor)
     */
    protected $prettyPrinter;
    /**
     * @var array The parameters to be used when evaluating the methods in the condition expression, as an array.
     */
    protected $params = [];

    /**
     * @var Logger
     */
    protected $logger;

    /**
     * @var bool Set to true if you want debugging information printed to the auth log.
     */
    protected $debug;

    /**
     * Create a new ParserNodeFunctionEvaluator object.
     *
     * @param array $params The parameters to be used when evaluating the methods in the condition expression, as an array.
     * @param Logger $logger A Monolog logger, used to dump debugging info for authorization evaluations.
     * @param bool $debug Set to true if you want debugging information printed to the auth log.
     */
    public function __construct($callbacks, $logger, $debug = false)
    {
        $this->callbacks = $callbacks;
        $this->prettyPrinter = new StandardPrettyPrinter;
        $this->logger        = $logger;
        $this->debug = $debug;
        $this->params = [];
    }

    public function leaveNode(Node $node)
    {
        // Look for function calls
        if ($node instanceof \PhpParser\Node\Expr\FuncCall) {
            $eval = new \PhpParser\Node\Scalar\LNumber;

            // Get the method name
            $callbackName = $node->name->toString();
            // Get the method arguments
            $argNodes = $node->args;

            $args = [];
            $argsInfo = [];
            foreach ($argNodes as $arg) {
                $argString = $this->prettyPrinter->prettyPrintExpr($arg->value);

                // Debugger info
                $currentArgInfo = [
                    'expression' => $argString
                ];
                // Resolve parameter placeholders ('variable' names (either single-word or array-dot identifiers))
                if (($arg->value instanceof \PhpParser\Node\Expr\BinaryOp\Concat) || ($arg->value instanceof \PhpParser\Node\Expr\ConstFetch)) {
                    $value = $this->resolveParamPath($argString);
                    $currentArgInfo['type'] = "parameter";
                    $currentArgInfo['resolved_value'] = $value;
                // Resolve arrays
                } elseif ($arg->value instanceof \PhpParser\Node\Expr\Array_) {
                    $value = $this->resolveArray($arg);
                    $currentArgInfo['type'] = "array";
                    $currentArgInfo['resolved_value'] = print_r($value, true);
                // Resolve strings
                } elseif ($arg->value instanceof \PhpParser\Node\Scalar\String_) {
                    $value = $arg->value->value;
                    $currentArgInfo['type'] = "string";
                    $currentArgInfo['resolved_value'] = $value;
                // Resolve numbers
                } elseif ($arg->value instanceof \PhpParser\Node\Scalar\DNumber) {
                    $value = $arg->value->value;
                    $currentArgInfo['type'] = "float";
                    $currentArgInfo['resolved_value'] = $value;
                } elseif ($arg->value instanceof \PhpParser\Node\Scalar\LNumber) {
                    $value = $arg->value->value;
                    $currentArgInfo['type'] = "integer";
                    $currentArgInfo['resolved_value'] = $value;
                // Anything else is simply interpreted as its literal string value
                } else {
                    $value = $argString;
                    $currentArgInfo['type'] = "unknown";
                    $currentArgInfo['resolved_value'] = $value;
                }

                $args[] = $value;
                $argsInfo[] = $currentArgInfo;
            }

            if ($this->debug) {
                if (count($args)) {
                    $this->logger->debug("Evaluating callback '$callbackName' on: ", $argsInfo);
                } else {
                    $this->logger->debug("Evaluating callback '$callbackName'...");
                }
            }

            // Call the specified access condition callback with the specified arguments.
            if (isset($this->callbacks[$callbackName]) && is_callable($this->callbacks[$callbackName])) {
                $result = call_user_func_array($this->callbacks[$callbackName], $args);
            } else {
                throw new AuthorizationException("Authorization failed: Access condition method '$callbackName' does not exist.");
            }

            if ($this->debug) {
                $this->logger->debug("Result: " . ($result ? "1" : "0"));
            }

            return new \PhpParser\Node\Scalar\LNumber($result ? "1" : "0");
        }
    }

    public function setParams($params)
    {
        $this->params = $params;
    }

    /**
     * Resolve an array expression in a condition expression into an actual array.
     *
     * @param string $arg the array, represented as a string.
     * @return array[mixed] the array, as a plain ol' PHP array.
     */
    private function resolveArray($arg)
    {
        $arr = [];
        $items = (array) $arg->value->items;
        foreach ($items as $item) {
            if ($item->key) {
                $arr[$item->key] = $item->value->value;
            } else {
                $arr[] = $item->value->value;
            }
        }
        return $arr;
    }

    /**
     * Resolve a parameter path (e.g. "user.id", "post", etc) into its value.
     *
     * @param string $path the name of the parameter to resolve, based on the parameters set in this object.
     * @throws Exception the path could not be resolved.  Path is malformed or key does not exist.
     * @return mixed the value of the specified parameter.
     */
    private function resolveParamPath($path)
    {
        $pathTokens = explode(".", $path);
        $value = $this->params;
        foreach ($pathTokens as $token) {
            $token = trim($token);
            if (is_array($value) && isset($value[$token])) {
                $value = $value[$token];
                continue;
            } elseif (is_object($value) && isset($value->$token)) {
                $value = $value->$token;
                continue;
            } else {
                throw new AuthorizationException("Cannot resolve the path \"$path\".  Error at token \"$token\".");
            }
        }
        return $value;
    }
}