From a38abd3363d639174fe8e085a4d283378a40ffaa Mon Sep 17 00:00:00 2001 From: Philipp Date: Sun, 31 Oct 2021 12:31:55 +0100 Subject: [PATCH 1/8] AAdd domain specific Exceptions for PermissionSet --- .../PermissionSetNotFoundException.php | 13 ++ .../PermissionSetPersistenceException.php | 13 ++ .../Repository/PermissionSet.php | 118 ++++++++++++------ 3 files changed, 104 insertions(+), 40 deletions(-) create mode 100644 src/Security/PermissionSet/Exception/PermissionSetNotFoundException.php create mode 100644 src/Security/PermissionSet/Exception/PermissionSetPersistenceException.php diff --git a/src/Security/PermissionSet/Exception/PermissionSetNotFoundException.php b/src/Security/PermissionSet/Exception/PermissionSetNotFoundException.php new file mode 100644 index 000000000..83678a44c --- /dev/null +++ b/src/Security/PermissionSet/Exception/PermissionSetNotFoundException.php @@ -0,0 +1,13 @@ +getArrayCopy()); @@ -108,7 +114,9 @@ class PermissionSet extends BaseRepository * @param int $id A PermissionSet table row id or self::PUBLIC * @param int $uid The owner of the PermissionSet * @return Entity\PermissionSet - * @throws NotFoundException + * + * @throws PermissionSetNotFoundException + * @throws PermissionSetPersistenceException */ public function selectOneById(int $id, int $uid): Entity\PermissionSet { @@ -116,7 +124,13 @@ class PermissionSet extends BaseRepository return $this->factory->createFromString($uid); } - return $this->selectOne(['id' => $id, 'uid' => $uid]); + try { + return $this->selectOne(['id' => $id, 'uid' => $uid]); + } catch (NotFoundException $exception) { + throw new PermissionSetNotFoundException(sprintf('PermissionSet with id %d for user %u doesn\'t exist.', $id, $uid), $exception); + } catch (Exception $exception) { + throw new PermissionSetPersistenceException(sprintf('Cannot select PermissionSet %d for user %d', $id, $uid), $exception); + } } /** @@ -126,45 +140,51 @@ class PermissionSet extends BaseRepository * @param int $uid User id whom the items belong, used for ownership check. * * @return Collection\PermissionSets + * + * @throws PermissionSetPersistenceException */ public function selectByContactId(int $cid, int $uid): Collection\PermissionSets { - $cdata = Contact::getPublicAndUserContactID($cid, $uid); - if (!empty($cdata)) { - $public_contact_str = $this->aclFormatter->toString($cdata['public']); - $user_contact_str = $this->aclFormatter->toString($cdata['user']); - $cid = $cdata['user']; - } else { - $public_contact_str = $this->aclFormatter->toString($cid); - $user_contact_str = ''; - } + try { + $cdata = Contact::getPublicAndUserContactID($cid, $uid); + if (!empty($cdata)) { + $public_contact_str = $this->aclFormatter->toString($cdata['public']); + $user_contact_str = $this->aclFormatter->toString($cdata['user']); + $cid = $cdata['user']; + } else { + $public_contact_str = $this->aclFormatter->toString($cid); + $user_contact_str = ''; + } - $groups = []; - if (!empty($user_contact_str) && $this->db->exists('contact', [ - 'id' => $cid, - 'uid' => $uid, - 'blocked' => false - ])) { - $groups = Group::getIdsByContactId($cid); - } + $groups = []; + if (!empty($user_contact_str) && $this->db->exists('contact', [ + 'id' => $cid, + 'uid' => $uid, + 'blocked' => false + ])) { + $groups = Group::getIdsByContactId($cid); + } - $group_str = '<<>>'; // should be impossible to match - foreach ($groups as $group_id) { - $group_str .= '|<' . preg_quote($group_id) . '>'; - } + $group_str = '<<>>'; // should be impossible to match + foreach ($groups as $group_id) { + $group_str .= '|<' . preg_quote($group_id) . '>'; + } - if (!empty($user_contact_str)) { - $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR `deny_cid` REGEXP ? OR deny_gid REGEXP ?) + if (!empty($user_contact_str)) { + $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR `deny_cid` REGEXP ? OR deny_gid REGEXP ?) AND (allow_cid REGEXP ? OR allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))", - $uid, $user_contact_str, $public_contact_str, $group_str, - $user_contact_str, $public_contact_str, $group_str]; - } else { - $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?) + $uid, $user_contact_str, $public_contact_str, $group_str, + $user_contact_str, $public_contact_str, $group_str]; + } else { + $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?) AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))", - $uid, $public_contact_str, $group_str, $public_contact_str, $group_str]; - } + $uid, $public_contact_str, $group_str, $public_contact_str, $group_str]; + } - return $this->select($condition); + return $this->select($condition); + } catch (Exception $exception) { + throw new PermissionSetPersistenceException(sprintf('Cannot select PermissionSet for contact %d and user %d', $cid, $uid), $exception); + } } /** @@ -173,11 +193,20 @@ class PermissionSet extends BaseRepository * @param int $uid * * @return Entity\PermissionSet - * @throws Exception + * + * @throws PermissionSetPersistenceException */ public function selectDefaultForUser(int $uid): Entity\PermissionSet { - $self_contact = Contact::selectFirst(['id'], ['uid' => $uid, 'self' => true]); + try { + $self_contact = Contact::selectFirst(['id'], ['uid' => $uid, 'self' => true]); + } catch (Exception $exception) { + throw new PermissionSetPersistenceException(sprintf('Cannot select Contact for user %d', $uid)); + } + + if (!$this->db->isResult($self_contact)) { + throw new PermissionSetPersistenceException(sprintf('No "self" contact found for user %d', $uid)); + } return $this->selectOrCreate($this->factory->createFromString( $uid, @@ -203,6 +232,8 @@ class PermissionSet extends BaseRepository * @param Entity\PermissionSet $permissionSet * * @return Entity\PermissionSet + * + * @throws PermissionSetPersistenceException */ public function selectOrCreate(Entity\PermissionSet $permissionSet): Entity\PermissionSet { @@ -219,6 +250,8 @@ class PermissionSet extends BaseRepository return $this->selectOne($this->convertToTableRow($permissionSet)); } catch (NotFoundException $exception) { return $this->save($permissionSet); + } catch (Exception $exception) { + throw new PermissionSetPersistenceException(sprintf('Cannot select PermissionSet %d', $permissionSet->id ?? 0), $exception); } } @@ -226,7 +259,8 @@ class PermissionSet extends BaseRepository * @param Entity\PermissionSet $permissionSet * * @return Entity\PermissionSet - * @throws NotFoundException + * + * @throws PermissionSetPersistenceException */ public function save(Entity\PermissionSet $permissionSet): Entity\PermissionSet { @@ -237,12 +271,16 @@ class PermissionSet extends BaseRepository $fields = $this->convertToTableRow($permissionSet); - if ($permissionSet->id) { - $this->db->update(self::$table_name, $fields, ['id' => $permissionSet->id]); - } else { - $this->db->insert(self::$table_name, $fields); + try { + if ($permissionSet->id) { + $this->db->update(self::$table_name, $fields, ['id' => $permissionSet->id]); + } else { + $this->db->insert(self::$table_name, $fields); - $permissionSet = $this->selectOneById($this->db->lastInsertId(), $permissionSet->uid); + $permissionSet = $this->selectOneById($this->db->lastInsertId(), $permissionSet->uid); + } + } catch (Exception $exception) { + throw new PermissionSetPersistenceException(sprintf('Cannot save PermissionSet %d', $permissionSet->id ?? 0), $exception); } return $permissionSet; From dcbf8e18f0a7e7c0dafa2ae42ab70d0352ee7f68 Mon Sep 17 00:00:00 2001 From: Philipp Date: Sun, 31 Oct 2021 13:40:54 +0100 Subject: [PATCH 2/8] Add tests for the PermissionSet repository --- .../Repository/PermissionSetTest.php | 148 ++++++++++++++++++ 1 file changed, 148 insertions(+) diff --git a/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php b/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php index 697c5885f..ac0dd9afe 100644 --- a/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php +++ b/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php @@ -2,6 +2,8 @@ namespace Friendica\Test\src\Security\PermissionSet\Repository; +use Friendica\Database\Database; +use Friendica\Security\PermissionSet\Collection\PermissionSets; use Friendica\Security\PermissionSet\Repository\PermissionSet as PermissionSetRepository; use Friendica\Security\PermissionSet\Entity\PermissionSet; use Friendica\Security\PermissionSet\Factory\PermissionSet as PermissionSetFactory; @@ -61,4 +63,150 @@ class PermissionSetTest extends FixtureTest self::assertEquals($savedPermissionSet, $permissionSetSavedSelected); } + + /** + * Asserts that the actual permissionset is equal to the expected permissionset + * --> It skips the "id" fields + * + * @param PermissionSets $expected + * @param PermissionSets $actual + */ + public static function assertEqualPermissionSets(PermissionSets $expected, PermissionSets $actual) + { + self::assertEquals($expected->count(), $actual->count(), 'PermissionSets not even ' . PHP_EOL . 'expected: ' . print_r($expected, true) . 'actual: ' . print_r($actual, true)); + + foreach ($expected as $outputPermissionSet) { + self::assertCount(1, $actual->filter(function (PermissionSet $actualPermissionSet) use ($outputPermissionSet) { + return ( + $actualPermissionSet->uid == $outputPermissionSet->uid && + $actualPermissionSet->allow_cid == $outputPermissionSet->allow_cid && + $actualPermissionSet->allow_gid == $outputPermissionSet->allow_gid && + $actualPermissionSet->deny_cid == $outputPermissionSet->deny_cid && + $actualPermissionSet->deny_gid == $outputPermissionSet->deny_gid + ); + }), 'PermissionSet not found: ' . print_r($outputPermissionSet, true)); + } + } + + public function dataSet() + { + return [ + 'standard' => [ + 'permissionSets' => [ + [ + 'uid' => 42, + 'allow_cid' => '<<43>>', + 'allow_gid' => '', + 'deny_cid' => '<<44>>', + 'deny_gid' => '', + ], + [ + 'uid' => 42, + 'allow_cid' => '', + 'allow_gid' => '<<>>', + 'deny_cid' => '', + 'deny_gid' => '', + ], + [ + 'uid' => 42, + 'allow_cid' => '<<44>>', + 'allow_gid' => '', + 'deny_cid' => '', + 'deny_gid' => '', + ], + ], + 'assertions' => [ + [ + 'input' => [ + 'cid' => 43, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [43], [], [44], []), + new PermissionSet(42, [], [], [], []), + ]), + ], + [ + 'input' => [ + 'cid' => 44, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], []), + new PermissionSet(42, [44], [], [], []), + ]), + ], + [ + 'input' => [ + 'cid' => 47, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], []), + ]), + ], + ] + ], + 'empty' => [ + 'permissionSets' => [ + [ + 'uid' => 42, + 'allow_cid' => '', + 'allow_gid' => '<<>>', + 'deny_cid' => '', + 'deny_gid' => '', + ], + ], + 'assertions' => [ + [ + 'input' => [ + 'cid' => 43, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], []), + ]), + ], + [ + 'input' => [ + 'cid' => 44, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], []), + ]), + ], + [ + 'input' => [ + 'cid' => 47, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], []), + ]), + ], + ] + ], + ]; + } + + /** + * @dataProvider dataSet + */ + public function testSelectContactId(array $inputPermissionSets, array $assertions) + { + /** @var Database $db */ + $db = $this->dice->create(Database::class); + + + foreach ($inputPermissionSets as $inputPermissionSet) { + $db->insert('permissionset', $inputPermissionSet); + } + + foreach ($assertions as $assertion) { + $permissionSets = $this->repository->selectByContactId($assertion['input']['cid'], $assertion['input']['uid']); + self::assertInstanceOf(PermissionSets::class, $permissionSets); + self::assertEqualPermissionSets($assertion['output'], $permissionSets); + } + } } From 71cdbcfc24b882ff3e35d7b526185a961cd83e5e Mon Sep 17 00:00:00 2001 From: Philipp Date: Sun, 31 Oct 2021 13:42:31 +0100 Subject: [PATCH 3/8] Add default value for "user_contact_str" (fixes https://github.com/friendica/friendica/issues/10943 ) --- src/Security/PermissionSet/Repository/PermissionSet.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Security/PermissionSet/Repository/PermissionSet.php b/src/Security/PermissionSet/Repository/PermissionSet.php index 83b65bd2e..7ffe36cf2 100644 --- a/src/Security/PermissionSet/Repository/PermissionSet.php +++ b/src/Security/PermissionSet/Repository/PermissionSet.php @@ -153,7 +153,7 @@ class PermissionSet extends BaseRepository $cid = $cdata['user']; } else { $public_contact_str = $this->aclFormatter->toString($cid); - $user_contact_str = ''; + $user_contact_str = '<<>>'; } $groups = []; From 130f97717d4b8abfeb0786a19c2d6deeb373cfa1 Mon Sep 17 00:00:00 2001 From: Philipp Date: Sun, 31 Oct 2021 13:58:52 +0100 Subject: [PATCH 4/8] Add tests & remove unused method --- .../Repository/PermissionSet.php | 16 ------------ .../Repository/PermissionSetTest.php | 26 ++++++++++++++++++- 2 files changed, 25 insertions(+), 17 deletions(-) diff --git a/src/Security/PermissionSet/Repository/PermissionSet.php b/src/Security/PermissionSet/Repository/PermissionSet.php index 7ffe36cf2..097f66941 100644 --- a/src/Security/PermissionSet/Repository/PermissionSet.php +++ b/src/Security/PermissionSet/Repository/PermissionSet.php @@ -55,22 +55,6 @@ class PermissionSet extends BaseRepository $this->aclFormatter = $aclFormatter; } - /** - * replaces the PUBLIC id for the public permissionSet - * (no need to create the default permission set over and over again) - * - * @param $condition - */ - private function checkPublicSelect(&$condition) - { - if (empty($condition['allow_cid']) && - empty($condition['allow_gid']) && - empty($condition['deny_cid']) && - empty($condition['deny_gid'])) { - $condition['uid'] = self::PUBLIC; - } - } - /** * @param array $condition * @param array $params diff --git a/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php b/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php index ac0dd9afe..958512aa6 100644 --- a/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php +++ b/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php @@ -4,6 +4,7 @@ namespace Friendica\Test\src\Security\PermissionSet\Repository; use Friendica\Database\Database; use Friendica\Security\PermissionSet\Collection\PermissionSets; +use Friendica\Security\PermissionSet\Exception\PermissionSetNotFoundException; use Friendica\Security\PermissionSet\Repository\PermissionSet as PermissionSetRepository; use Friendica\Security\PermissionSet\Entity\PermissionSet; use Friendica\Security\PermissionSet\Factory\PermissionSet as PermissionSetFactory; @@ -198,7 +199,6 @@ class PermissionSetTest extends FixtureTest /** @var Database $db */ $db = $this->dice->create(Database::class); - foreach ($inputPermissionSets as $inputPermissionSet) { $db->insert('permissionset', $inputPermissionSet); } @@ -209,4 +209,28 @@ class PermissionSetTest extends FixtureTest self::assertEqualPermissionSets($assertion['output'], $permissionSets); } } + + public function testSelectOneByIdInvalid() + { + self::expectException(PermissionSetNotFoundException::class); + self::expectExceptionMessage('PermissionSet with id -1 for user 42 doesn\'t exist.'); + + $this->repository->selectOneById(-1, 42); + } + + /** + * @dataProvider dataSet + */ + public function testSelectOneById(array $inputPermissionSets, array $assertions) + { + /** @var Database $db */ + $db = $this->dice->create(Database::class); + + foreach ($inputPermissionSets as $inputPermissionSet) { + $db->insert('permissionset', $inputPermissionSet); + $id = $db->lastInsertId(); + + self::assertInstanceOf(PermissionSet::class, $this->repository->selectOneById($id, $inputPermissionSet['uid'])); + } + } } From 49c16a9dad7c2e92d9a5cf5fccfa7b3300cc4ee2 Mon Sep 17 00:00:00 2001 From: Philipp Date: Sun, 31 Oct 2021 15:14:57 +0100 Subject: [PATCH 5/8] Fix HTTP Code --- .../PermissionSet/Exception/PermissionSetNotFoundException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Security/PermissionSet/Exception/PermissionSetNotFoundException.php b/src/Security/PermissionSet/Exception/PermissionSetNotFoundException.php index 83678a44c..b14e4d832 100644 --- a/src/Security/PermissionSet/Exception/PermissionSetNotFoundException.php +++ b/src/Security/PermissionSet/Exception/PermissionSetNotFoundException.php @@ -8,6 +8,6 @@ class PermissionSetNotFoundException extends \RuntimeException { public function __construct($message = '', Exception $previous = null) { - parent::__construct($message, 500, $previous); + parent::__construct($message, 404, $previous); } } From 1a2f33578bf25f124ba6eb2e4d9a7b87f6409340 Mon Sep 17 00:00:00 2001 From: Philipp Date: Sun, 31 Oct 2021 19:13:42 +0100 Subject: [PATCH 6/8] Add more PermissionSet tests with groups --- .../Repository/PermissionSetTest.php | 174 +++++++++++++++++- 1 file changed, 167 insertions(+), 7 deletions(-) diff --git a/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php b/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php index 958512aa6..e2a4d3276 100644 --- a/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php +++ b/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php @@ -93,12 +93,13 @@ class PermissionSetTest extends FixtureTest { return [ 'standard' => [ + 'group_member' => [], 'permissionSets' => [ [ 'uid' => 42, - 'allow_cid' => '<<43>>', + 'allow_cid' => '<43>', 'allow_gid' => '', - 'deny_cid' => '<<44>>', + 'deny_cid' => '<44>', 'deny_gid' => '', ], [ @@ -110,7 +111,7 @@ class PermissionSetTest extends FixtureTest ], [ 'uid' => 42, - 'allow_cid' => '<<44>>', + 'allow_cid' => '<44>', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '', @@ -146,9 +147,10 @@ class PermissionSetTest extends FixtureTest new PermissionSet(42, [], [], [], []), ]), ], - ] + ], ], 'empty' => [ + 'group_member' => [], 'permissionSets' => [ [ 'uid' => 42, @@ -188,19 +190,173 @@ class PermissionSetTest extends FixtureTest ], ] ], + 'nothing' => [ + 'group_member' => [], + 'permissionSets' => [ + ], + 'assertions' => [ + [ + 'input' => [ + 'cid' => 43, + 'uid' => 42, + ], + 'output' => new PermissionSets(), + ], + [ + 'input' => [ + 'cid' => 44, + 'uid' => 42, + ], + 'output' => new PermissionSets(), + ], + [ + 'input' => [ + 'cid' => 47, + 'uid' => 42, + ], + 'output' => new PermissionSets(), + ], + ] + ], + 'with_groups' => [ + 'group_member' => [ + [ + 'id' => 1, + 'gid' => 1, + 'contact-id' => 47, + ], + [ + 'id' => 2, + 'gid' => 1, + 'contact-id' => 42, + ], + [ + 'id' => 3, + 'gid' => 2, + 'contact-id' => 43, + ], + ], + 'permissionSets' => [ + [ + 'uid' => 42, + 'allow_cid' => '<43>', + 'allow_gid' => '<3>', + 'deny_cid' => '<44>,<46>', + 'deny_gid' => '', + ], + [ + 'uid' => 42, + 'allow_cid' => '', + 'allow_gid' => '<<>>', + 'deny_cid' => '', + 'deny_gid' => '<2>', + ], + [ + 'uid' => 42, + 'allow_cid' => '<44>', + 'allow_gid' => '', + 'deny_cid' => '', + 'deny_gid' => '', + ], + [ + 'uid' => 42, + 'allow_cid' => '', + 'allow_gid' => '', + 'deny_cid' => '', + 'deny_gid' => '<1>', + ], + [ + 'uid' => 42, + 'allow_cid' => '<45>', + 'allow_gid' => '', + 'deny_cid' => '', + 'deny_gid' => '<1><2>', + ], + ], + 'assertions' => [ + [ + 'input' => [ + 'cid' => 42, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], [2]), + ]), + ], + [ + 'input' => [ + 'cid' => 43, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [43], [3], [44, 46], []), + new PermissionSet(42, [], [], [], [2]), + new PermissionSet(42, [], [], [], [1]), + ]), + ], + [ + 'input' => [ + 'cid' => 44, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], [2]), + new PermissionSet(42, [44], [], [], []), + new PermissionSet(42, [], [], [], [1]), + new PermissionSet(42, [45], [], [], [1, 2]), + ]), + ], + [ + 'input' => [ + 'cid' => 45, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], [2]), + new PermissionSet(42, [44], [], [], []), + new PermissionSet(42, [], [], [], [1]), + new PermissionSet(42, [45], [], [], [1, 2]), + ]), + ], + [ + 'input' => [ + 'cid' => 46, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], [2]), + new PermissionSet(42, [], [], [], [1]), + ]), + ], + [ + 'input' => [ + 'cid' => 47, + 'uid' => 42, + ], + 'output' => new PermissionSets([ + new PermissionSet(42, [], [], [], [2]), + new PermissionSet(42, [], [], [], [1]), + ]), + ], + ], + ], ]; } /** * @dataProvider dataSet */ - public function testSelectContactId(array $inputPermissionSets, array $assertions) + public function testSelectContactId(array $group_member, array $inputPermissionSets, array $assertions) { /** @var Database $db */ $db = $this->dice->create(Database::class); + foreach ($group_member as $gmember) { + $db->insert('group_member', $gmember, true); + } + foreach ($inputPermissionSets as $inputPermissionSet) { - $db->insert('permissionset', $inputPermissionSet); + $db->insert('permissionset', $inputPermissionSet, true); } foreach ($assertions as $assertion) { @@ -221,8 +377,12 @@ class PermissionSetTest extends FixtureTest /** * @dataProvider dataSet */ - public function testSelectOneById(array $inputPermissionSets, array $assertions) + public function testSelectOneById(array $group_member, array $inputPermissionSets, array $assertions) { + if (count($inputPermissionSets) === 0) { + self::markTestSkipped('Nothing to assert.'); + } + /** @var Database $db */ $db = $this->dice->create(Database::class); From fc233fd5e1ed9e163c17a5f3fcc499b93abe2f15 Mon Sep 17 00:00:00 2001 From: Philipp Date: Sun, 31 Oct 2021 19:51:03 +0100 Subject: [PATCH 7/8] Replace REGEXP with LOCATE for allow_cid and deny_cid --- .../PermissionSet/Repository/PermissionSet.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Security/PermissionSet/Repository/PermissionSet.php b/src/Security/PermissionSet/Repository/PermissionSet.php index 097f66941..1c3b39352 100644 --- a/src/Security/PermissionSet/Repository/PermissionSet.php +++ b/src/Security/PermissionSet/Repository/PermissionSet.php @@ -137,7 +137,7 @@ class PermissionSet extends BaseRepository $cid = $cdata['user']; } else { $public_contact_str = $this->aclFormatter->toString($cid); - $user_contact_str = '<<>>'; + $user_contact_str = ''; } $groups = []; @@ -155,13 +155,13 @@ class PermissionSet extends BaseRepository } if (!empty($user_contact_str)) { - $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR `deny_cid` REGEXP ? OR deny_gid REGEXP ?) - AND (allow_cid REGEXP ? OR allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))", + $condition = ["`uid` = ? AND (NOT (LOCATE(?, `deny_cid`) OR LOCATE(?, `deny_cid`) OR deny_gid REGEXP ?) + AND (LOCATE(?, allow_cid) OR LOCATE(?, allow_cid) OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))", $uid, $user_contact_str, $public_contact_str, $group_str, $user_contact_str, $public_contact_str, $group_str]; } else { - $condition = ["`uid` = ? AND (NOT (`deny_cid` REGEXP ? OR deny_gid REGEXP ?) - AND (allow_cid REGEXP ? OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))", + $condition = ["`uid` = ? AND (NOT (LOCATE(?, `deny_cid`) OR deny_gid REGEXP ?) + AND (LOCATE(?, allow_cid) OR allow_gid REGEXP ? OR (allow_cid = '' AND allow_gid = '')))", $uid, $public_contact_str, $group_str, $public_contact_str, $group_str]; } From e122f3059c60091dba520ac9c015de1de57aec08 Mon Sep 17 00:00:00 2001 From: Philipp Date: Mon, 1 Nov 2021 13:39:51 +0100 Subject: [PATCH 8/8] fxied tests --- .../Security/PermissionSet/Repository/PermissionSetTest.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php b/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php index e2a4d3276..250a61bf3 100644 --- a/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php +++ b/tests/src/Security/PermissionSet/Repository/PermissionSetTest.php @@ -105,7 +105,7 @@ class PermissionSetTest extends FixtureTest [ 'uid' => 42, 'allow_cid' => '', - 'allow_gid' => '<<>>', + 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '', ], @@ -155,7 +155,7 @@ class PermissionSetTest extends FixtureTest [ 'uid' => 42, 'allow_cid' => '', - 'allow_gid' => '<<>>', + 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '', ], @@ -247,7 +247,7 @@ class PermissionSetTest extends FixtureTest [ 'uid' => 42, 'allow_cid' => '', - 'allow_gid' => '<<>>', + 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '<2>', ],