studio-variable/designtopack
3
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity Actions
designtopack/public/site/plugins/kql/src/Kql/Interceptor.php

296 lines
7.3 KiB
PHP
Raw Normal View History

Initial commit
2024-07-10 16:10:33 +02:00
<?php
namespace Kirby\Kql;
use Closure;
use Kirby\Cms\App;
use Kirby\Exception\InvalidArgumentException;
use Kirby\Exception\PermissionException;
use Kirby\Toolkit\Str;
use ReflectionFunction;
use ReflectionMethod;
use Throwable;
/**
* Base class for proxying core classes to
* intercept method calls that are not allowed
* on the related core class
*
* @package Kirby KQL
* @author Bastian Allgeier <bastian@getkirby.com>
* @link https://getkirby.com
* @copyright Bastian Allgeier
* @license https://getkirby.com/license
*/
abstract class Interceptor
{
public const CLASS_ALIAS = null;
protected $toArray = [];
public function __construct(protected $object)
{
}
/**
* Magic caller that prevents access
* to restricted methods
*/
public function __call(string $method, array $args = [])
{
if ($this->isAllowedMethod($method) === true) {
return $this->object->$method(...$args);
}
$this->forbiddenMethod($method);
}
/**
* Return information about corresponding object
* incl. information about allowed methods
*/
public function __debugInfo(): array
{
$help = Help::forMethods($this->object, $this->allowedMethods());
return [
'type' => $this::CLASS_ALIAS,
'methods' => $help,
'value' => $this->toArray()
];
}
/**
* Returns list of allowed classes. Specific list
* to be implemented in specific interceptor child classes.
* @codeCoverageIgnore
*/
public function allowedMethods(): array
{
return [];
}
/**
* Returns class name for Interceptor that responds
* to passed name string of a Kirby core class
* @internal
*/
public static function class(string $class): string
{
return str_replace('Kirby\\', 'Kirby\\Kql\\Interceptors\\', $class);
}
/**
* Throws exception for accessing a restricted method
* @throws \Kirby\Exception\PermissionException
*/
protected function forbiddenMethod(string $method)
{
$name = get_class($this->object) . '::' . $method . '()';
throw new PermissionException('The method "' . $name . '" is not allowed in the API context');
}
/**
* Checks if method is allowed to call
*/
public function isAllowedMethod($method)
{
$kirby = App::instance();
$name = strtolower(get_class($this->object) . '::' . $method);
// get list of blocked methods from config
$blocked = $kirby->option('kql.methods.blocked', []);
$blocked = array_map('strtolower', $blocked);
// check in the block list from the config
if (in_array($name, $blocked) === true) {
return false;
}
// check in class allow list
if (in_array($method, $this->allowedMethods()) === true) {
return true;
}
// get list of explicitly allowed methods from config
$allowed = $kirby->option('kql.methods.allowed', []);
$allowed = array_map('strtolower', $allowed);
// check in the allow list from the config
if (in_array($name, $allowed) === true) {
return true;
}
// support for model methods with docblock comment
if ($this->isAllowedCallable($method) === true) {
return true;
}
// support for custom methods with docblock comment
if ($this->isAllowedCustomMethod($method) === true) {
return true;
}
return false;
}
/**
* Checks if closure or object method is allowed
*/
protected function isAllowedCallable($method): bool
{
try {
$ref = match (true) {
$method instanceof Closure
=> new ReflectionFunction($method),
is_string($method) === true
=> new ReflectionMethod($this->object, $method),
default
=> throw new InvalidArgumentException('Invalid method')
};
if ($comment = $ref->getDocComment()) {
if (Str::contains($comment, '@kql-allowed') === true) {
return true;
}
}
} catch (Throwable) {
return false;
}
return false;
}
protected function isAllowedCustomMethod(string $method): bool
{
// has no custom methods
if (property_exists($this->object, 'methods') === false) {
return false;
}
// does not have that method
if (!$call = $this->method($method)) {
return false;
}
// check for a docblock comment
if ($this->isAllowedCallable($call) === true) {
return true;
}
return false;
}
/**
* Returns a registered method by name, either from
* the current class or from a parent class ordered by
* inheritance order (top to bottom)
*/
protected function method(string $method)
{
if (isset($this->object::$methods[$method]) === true) {
return $this->object::$methods[$method];
}
foreach (class_parents($this->object) as $parent) {
if (isset($parent::$methods[$method]) === true) {
return $parent::$methods[$method];
}
}
return null;
}
/**
* Tries to replace a Kirby core object with the
* corresponding interceptor.
* @throws \Kirby\Exception\InvalidArgumentException for non-objects
* @throws \Kirby\Exception\PermissionException when accessing blocked class
*/
public static function replace($object)
{
if (is_object($object) === false) {
throw new InvalidArgumentException('Unsupported value: ' . gettype($object));
}
$kirby = App::instance();
$class = get_class($object);
$name = strtolower($class);
// 1. Is $object class explicitly blocked?
// get list of blocked classes from config
$blocked = $kirby->option('kql.classes.blocked', []);
$blocked = array_map('strtolower', $blocked);
// check in the block list from the config
if (in_array($name, $blocked) === true) {
throw new PermissionException('Access to the class "' . $class . '" is blocked');
}
// 2. Is $object already an interceptor?
// directly return interceptor objects
if ($object instanceof Interceptor) {
return $object;
}
// 3. Does an interceptor class for $object exist?
// check for an interceptor class
$interceptors = $kirby->option('kql.interceptors', []);
$interceptors = array_change_key_case($interceptors, CASE_LOWER);
// load an interceptor from config if it exists and otherwise fall back to a built-in interceptor
$interceptor = $interceptors[$name] ?? static::class($class);
// check for a valid interceptor class
if ($class !== $interceptor && class_exists($interceptor) === true) {
return new $interceptor($object);
}
// 4. Also check for parent classes of $object
// go through parents of the current object to use their interceptors as fallback
foreach (class_parents($object) as $parent) {
$interceptor = static::class($parent);
if (class_exists($interceptor) === true) {
return new $interceptor($object);
}
}
// 5. $object has no interceptor but is explicitly allowed?
// check for a class in the allow list
$allowed = $kirby->option('kql.classes.allowed', []);
$allowed = array_map('strtolower', $allowed);
// return the plain object if it is allowed
if (in_array($name, $allowed) === true) {
return $object;
}
// 6. None of the above? Block class.
throw new PermissionException('Access to the class "' . $class . '" is not supported');
}
public function toArray(): array|null
{
$toArray = [];
// filter methods which cannot be called
foreach ($this->toArray as $method) {
if ($this->isAllowedMethod($method) === true) {
$toArray[] = $method;
}
}
return Kql::select($this, $toArray);
}
/**
* Mirrors by default ::toArray but can be
* implemented differently by specifc interceptor.
* KQL will prefer ::toResponse over ::toArray
*/
public function toResponse()
{
return $this->toArray();
}
}
Reference in a new issue Copy permalink