Refactoring most of the project

.github/workflows/phpcs.yml

@@ -15,7 +15,7 @@ jobs:
     - name: Setup PHP
       uses: shivammathur/setup-php@v2
       with:
-        php-version: '7.4'
+        php-version: '8.1'
         extensions: imagick, intl, mysql, bcmath, openssl
         ini-values: post_max_size=256M, short_open_tag=On
         tools: pecl, cs2pr, phpcs
@@ -33,7 +33,7 @@ jobs:
           ${{ runner.os }}-php-
 
     - name: Install dependencies
-      run: composer install --prefer-dist --no-progress
+      run: composer install --prefer-dist --no-progress --no-suggest --ignore-platform-req=php
 
     # Add a test script to composer.json, for instance: "test": "vendor/bin/phpunit"
     # Docs: https://getcomposer.org/doc/articles/scripts.md

.gitignore

@@ -1,3 +1,4 @@
 vendor/
 composer.lock
 .idea/
+.phpcs*

Module.php

@@ -1,17 +1,14 @@
-<?php
+<?php declare(strict_types=1);
+/**
+ * @link      https://github.com/monarc-project for the canonical source repository
+ * @copyright Copyright (c) 2016-2024 Luxembourg House of Cybersecurity LHC.lu - Licensed under GNU Affero GPL v3
+ * @license   MONARC is licensed under GNU Affero General Public License version 3
+ */
+
 namespace Monarc\FrontOffice;
 
-use DateTime;
 use Laminas\Stdlib\ResponseInterface;
-use Monarc\Core\Model\Entity\AnrSuperClass;
 use Monarc\Core\Service\ConnectedUserService;
-use Monarc\FrontOffice\CronTask\Service\CronTaskService;
-use Monarc\FrontOffice\Model\Entity\Anr;
-use Monarc\FrontOffice\Model\Entity\CronTask;
-use Monarc\FrontOffice\Model\Table\AnrTable;
-use Monarc\FrontOffice\Model\Table\InstanceTable;
-use Monarc\FrontOffice\Model\Table\SnapshotTable;
-use Monarc\FrontOffice\Model\Table\UserAnrTable;
 use Laminas\Http\Request;
 use Laminas\Mvc\ModuleRouteListener;
 use Laminas\Mvc\MvcEvent;
@@ -30,9 +27,9 @@ public function onBootstrap(MvcEvent $e)
 
             $this->initRbac($e);
 
-            $eventManager->attach(MvcEvent::EVENT_ROUTE, array($this, 'checkRbac'), 0);
-            $eventManager->attach(MvcEvent::EVENT_DISPATCH_ERROR, array($this, 'onDispatchError'), 0);
-            $eventManager->attach(MvcEvent::EVENT_RENDER_ERROR, array($this, 'onRenderError'), 0);
+            $eventManager->attach(MvcEvent::EVENT_ROUTE, [$this, 'checkRbac'], 0);
+            $eventManager->attach(MvcEvent::EVENT_DISPATCH_ERROR, [$this, 'onDispatchError'], 0);
+            $eventManager->attach(MvcEvent::EVENT_RENDER_ERROR, [$this, 'onRenderError'], 0);
         }
     }
 
@@ -55,51 +52,56 @@ public function getJsonModelError($e)
     {
         $error = $e->getError();
         if (!$error) {
-            return;
+            return null;
         }
 
         $exception = $e->getParam('exception');
-        $exceptionJson = array();
+        $exceptionJson = [];
         if ($exception) {
-            $exceptionJson = array(
-                'class' => get_class($exception),
+            $exceptionJson = [
+                'class' => \get_class($exception),
                 'file' => $exception->getFile(),
                 'line' => $exception->getLine(),
                 'message' => $exception->getMessage(),
-                'stacktrace' => $exception->getTraceAsString()
-            );
+                'stacktrace' => $exception->getTraceAsString(),
+            ];
 
             if ($exception->getCode() >= 400 && $exception->getCode() < 600) {
                 $e->getResponse()->setStatusCode($exception->getCode());
             }
         }
-        $errorJson = array(
-            'message'   => $exception
-                ? $exception->getMessage() : 'An error occurred during execution; please try again later.',
-            'error'     => $error,
+        $errorJson = [
+            'message' => $exception
+                ? $exception->getMessage()
+                : 'An error occurred during execution; please try again later.',
+            'error' => $error,
             'exception' => $exceptionJson,
-        );
+        ];
         if ($error === 'error-router-no-match') {
             $errorJson['message'] = 'Resource not found.';
         }
-        $model = new JsonModel(array('errors' => array($errorJson)));
+
+        if ($exception && $exception->getCode() === 400) {
+            $model = new JsonModel([
+                'errors' => [json_decode($exception->getMessage(), true, 512, JSON_THROW_ON_ERROR)],
+            ]);
+        } else {
+            $model = new JsonModel(['errors' => [$errorJson]]);
+        }
+
         $e->setResult($model);
+
         return $model;
     }
 
-    /**
-     * init Rbac
-     *
-     * @param MvcEvent $e
-     */
-    public function initRbac(MvcEvent $e)
+    public function initRbac(MvcEvent $mvcEvent)
     {
-        $sm = $e->getApplication()->getServiceManager();
+        $sm = $mvcEvent->getApplication()->getServiceManager();
         $config = $sm->get('Config');
 
-        $globalPermissions = isset($config['permissions']) ? $config['permissions'] : [];
+        $globalPermissions = $config['permissions'] ?? [];
 
-        $rolesPermissions = isset($config['roles']) ? $config['roles'] : [];
+        $rolesPermissions = $config['roles'] ?? [];
 
         $rbac = new Rbac();
         foreach ($rolesPermissions as $role => $permissions) {
@@ -132,186 +134,36 @@ public function initRbac(MvcEvent $e)
         $rbac->addRole($role);
 
         //setting to view
-        $e->getViewModel()->rbac = $rbac;
+        $mvcEvent->getViewModel()->rbac = $rbac;
     }
 
     /**
-     * Check Rbac
+     * @param MvcEvent $mvcEvent
      *
-     * @param MvcEvent $e
-     * @return \Laminas\Stdlib\ResponseInterface
+     * @return ResponseInterface|void
      */
-    public function checkRbac(MvcEvent $e)
+    public function checkRbac(MvcEvent $mvcEvent)
     {
-        $route = $e->getRouteMatch()->getMatchedRouteName();
-        $sm = $e->getApplication()->getServiceManager();
+        $route = $mvcEvent->getRouteMatch()->getMatchedRouteName();
+        $serviceManager = $mvcEvent->getApplication()->getServiceManager();
 
         /** @var ConnectedUserService $connectedUserService */
-        $connectedUserService = $sm->get(ConnectedUserService::class);
+        $connectedUserService = $serviceManager->get(ConnectedUserService::class);
         $connectedUser = $connectedUserService->getConnectedUser();
 
         $roles[] = 'guest';
         if ($connectedUser !== null) {
-            $roles = $connectedUser->getRoles();
+            $roles = $connectedUser->getRolesArray();
         }
 
-        $isGranted = false;
         foreach ($roles as $role) {
-            if ($e->getViewModel()->rbac->isGranted($role, $route)) {
-                $id = (int)$e->getRouteMatch()->getParam('id');
-                if (($route === 'monarc_api_client_anr' && !empty($id))
-                    || strncmp($route, 'monarc_api_global_client_anr/', 29) === 0
-                ) {
-                    if ($route === 'monarc_api_client_anr') {
-                        $anrid = $id;
-                    } else {
-                        $anrid = (int)$e->getRouteMatch()->getParam('anrid');
-                    }
-                    if (empty($anrid)) {
-                        break;
-                    }
-
-                    $result = $this->validateAnrStatusAndGetResponseIfInvalid($anrid, $e, $route);
-                    if ($result !== null) {
-                        return $result;
-                    }
-
-                    $lk = current($sm->get(UserAnrTable::class)->getEntityByFields(
-                        ['anr' => $anrid, 'user' => $connectedUser->getId()]
-                    ));
-                    if (empty($lk)) {
-                        // On doit tester si c'est un snapshot, dans ce cas, on autorise l'accès mais en READ-ONLY
-                        if ($e->getRequest()->getMethod() !== Request::METHOD_GET
-                            && !$this->authorizedPost($route, $e->getRequest()->getMethod())
-                        ) {
-                            break; // même si c'est un snapshot, on n'autorise que du GET
-                        }
-                        $snap = current($sm->get(SnapshotTable::class)->getEntityByFields(['anr' => $anrid]));
-                        if (empty($snap)) {
-                            break; // ce n'est pas un snapshot
-                        }
-                        $lk = current($sm->get(UserAnrTable::class)->getEntityByFields(
-                            ['anr' => $snap->get('anrReference')->get('id'), 'user' => $connectedUser->getId()]
-                        ));
-                        if (empty($lk)) {
-                            break; // l'user n'avait de toute façon pas accès à l'anr dont est issue ce snapshot
-                        }
-                        $isGranted = true;
-                        break;
-                    }
-
-                    if ($lk->get('rwd') === 0 && $e->getRequest()->getMethod() !== Request::METHOD_GET) {
-                        if ($this->authorizedPost($route, $e->getRequest()->getMethod())) {
-                            // on autorise les POST pour les export
-                            $isGranted = true;
-                        }
-                        break; // les droits ne sont pas bon
-                    }
-                }
-
-                $isGranted = true;
-                break;
-            }
-        }
-
-        if (!$isGranted) {
-            $response = $e->getResponse();
-            $response->setStatusCode($connectedUser === null ? 401 : 403);
-
-            return $response;
-        }
-    }
-
-    private function authorizedPost($route, $method)
-    {
-        return $method === 'POST' &&
-                ($route === 'monarc_api_global_client_anr/export' || // export ANR
-                $route === 'monarc_api_global_client_anr/instance_export' || // export Instance
-                $route === 'monarc_api_global_client_anr/objects_export' || // export  Object
-                $route === 'monarc_api_global_client_anr/deliverable'); // generate a report
-    }
-
-    /**
-     * Validates the anr status for NON GET method requests exclude DELETE (cancellation of background import).
-     */
-    private function validateAnrStatusAndGetResponseIfInvalid(
-        int $anrId,
-        MvcEvent $e,
-        string $route
-    ): ?ResponseInterface {
-        /* GET requests are always allowed and cancellation of import (delete import process -> PID). */
-        if ($e->getRequest()->getMethod() === Request::METHOD_GET
-            || (
-                $e->getRequest()->getMethod() === Request::METHOD_DELETE
-                && $route === 'monarc_api_global_client_anr/instance_import'
-            )
-        ) {
-            return null;
-        }
-
-        $sm = $e->getApplication()->getServiceManager();
-
-        /** @var Anr $anr */
-        $anr = $sm->get(AnrTable::class)->findById($anrId);
-        if ($anr->isActive()) {
-            return null;
-        }
-
-        /* Allow deleting anr if the status is waiting for import or there is an import error. */
-        if ($route === 'monarc_api_client_anr'
-            && $e->getRequest()->getMethod() === Request::METHOD_DELETE
-            && ($anr->getStatus() === AnrSuperClass::STATUS_IMPORT_ERROR
-                || $anr->getStatus() === AnrSuperClass::STATUS_AWAITING_OF_IMPORT
-            )
-        ) {
-            return null;
-        }
-
-        /* Allow to restore a snapshot if there is an import error. */
-        if ($route === 'monarc_api_global_client_anr/snapshot_restore'
-            && $anr->getStatus() === AnrSuperClass::STATUS_IMPORT_ERROR
-            && $e->getRequest()->getMethod() === Request::METHOD_POST
-        ) {
-            return null;
-        }
-
-        $result = [
-            'status' => $anr->getStatusName(),
-            'importStatus' => [],
-        ];
-        /** @var CronTaskService $cronTaskService */
-        $cronTaskService = $sm->get(CronTaskService::class);
-
-        if ($anr->getStatus() === AnrSuperClass::STATUS_UNDER_IMPORT) {
-            $importCronTask = $cronTaskService->getLatestTaskByNameWithParam(
-                CronTask::NAME_INSTANCE_IMPORT,
-                ['anrId' => $anrId]
-            );
-            if ($importCronTask !== null && $importCronTask->getStatus() === CronTask::STATUS_IN_PROGRESS) {
-                /** @var InstanceTable $instanceTable */
-                $instanceTable = $sm->get(InstanceTable::class);
-                $timeDiff = $importCronTask->getUpdatedAt()->diff(new DateTime());
-                $instancesNumber = $instanceTable->countByAnrIdFromDate($anrId, $importCronTask->getUpdatedAt());
-                $result['importStatus'] = [
-                    'executionTime' => $timeDiff->h . ' hours ' . $timeDiff->i . ' min ' . $timeDiff->s . ' sec',
-                    'createdInstances' => $instancesNumber,
-                ];
-            }
-        } elseif ($anr->getStatus() === AnrSuperClass::STATUS_IMPORT_ERROR) {
-            $importCronTask = $cronTaskService->getLatestTaskByNameWithParam(
-                CronTask::NAME_INSTANCE_IMPORT,
-                ['anrId' => $anrId]
-            );
-            if ($importCronTask !== null && $importCronTask->getStatus() === CronTask::STATUS_FAILURE) {
-                $result['importStatus'] = [
-                    'errorMessage' => $importCronTask->getResultMessage(),
-                ];
+            if ($mvcEvent->getViewModel()->rbac->isGranted($role, $route)) {
+                return;
             }
         }
 
-        $response = $e->getResponse();
-        $response->setContent(json_encode($result, JSON_THROW_ON_ERROR));
-        $response->setStatusCode(409);
+        $response = $mvcEvent->getResponse();
+        $response->setStatusCode($connectedUser === null ? 401 : 403);
 
         return $response;
     }

README.md

@@ -1,7 +1,28 @@
+MONARC client project
+=====================
+
+Objective
+---------
+
+The backend part of the FrontOffice tool. It provides all the api endpoints to server the frontend calls with the json data.
+The export/import functionality as wells as statistics aggregation is the other side of the functionality of the project. 
+It is dependent on the zm-core projects. 
+
+
+Middleware
+----------
+
+There is a AnrValidationMiddleware that is processed before the controllers actions and performs the anr access validation and some related endpoints access.
+In case if the middleware validations passed successfully the anr object is added to the attribute of the request and can be accessible across all the /client-anr based controllers/actions. 
 
 License
 -------
 
 This software is licensed under [GNU Affero General Public License version 3](http://www.gnu.org/licenses/agpl-3.0.html)
 
-Copyright (C) 2016-2020 SMILE gie securitymadein.lu
+- Copyright (C) 2022-2024 Luxembourg House of Cybersecurity https://lhc.lu
+- Copyright (C) 2016-2022 SMILE gie securitymadein.lu
+- Copyright (C) 2016-2024 Jérôme Lombardi - https://github.com/jerolomb
+- Copyright (C) 2016-2024 Juan Rocha - https://github.com/jfrocha
+- Copyright (C) 2017-2024 Cédric Bonhomme - https://www.cedricbonhomme.org
+- Copyright (C) 2019-2024 Ruslan Baidan - https://github.com/ruslanbaidan

composer.json

@@ -41,24 +41,27 @@
         }
     ],
     "require": {
-        "php": "^7.4 || ^8.0",
+        "php": "^8.0",
         "ext-intl": "*",
+        "ext-imagick": "*",
         "ext-json": "*",
         "ext-bcmath": "*",
         "ext-openssl": "*",
         "ext-posix": "*",
         "doctrine/doctrine-orm-module": "^5.1",
-        "monarc/core": "^2.12.6",
+        "monarc/core": "dev-feature/remove-db-abstract as v2.12.7",
         "robmorgan/phinx": "^0.13.4",
         "laminas/laminas-di": "^3.1",
         "laminas/laminas-mvc": "^3.1",
+        "laminas/laminas-mvc-console": "^1.2",
         "laminas/laminas-permissions-rbac": "^3.0",
         "laminas/laminas-filter": "^2.9",
         "laminas/laminas-inputfilter": "^2.10",
         "laminas/laminas-dependency-plugin": "^2.0",
         "symfony/console": "^5.0",
         "guzzlehttp/guzzle": "^6.5",
-        "phpoffice/phpword": "^0.18.1"
+        "phpoffice/phpword": "^0.18.1",
+        "laminas/laminas-mvc-middleware": "^2.2"
     },
     "require-dev": {
         "roave/security-advisories": "dev-master"