Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 26 additions & 25 deletions src/Auth/AclTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

use ArrayAccess;
use BackedEnum;
use Cake\Collection\CollectionInterface;
use Cake\Core\Configure;
use Cake\Core\Exception\CakeException;
use Cake\Database\Type\EnumLabelInterface;
Expand All @@ -22,32 +23,32 @@ trait AclTrait {
/**
* @var array|null
*/
protected $_acl;
protected ?array $_acl = null;

/**
* @var array<int|string>|null
*/
protected $_roles;
protected ?array $_roles = null;

/**
* @var array<string>|null
*/
protected $_prefixMap;
protected ?array $_prefixMap = null;

/**
* @var array|null
*/
protected $_userRoles;
protected ?array $_userRoles = null;

/**
* @var \TinyAuth\Auth\AclAdapter\AclAdapterInterface|null
*/
protected $_aclAdapter;
protected ?AclAdapterInterface $_aclAdapter = null;

/**
* @var array|null
*/
protected $auth;
protected ?array $auth = null;

/**
* Finds the authorization adapter to use for this request.
Expand All @@ -57,7 +58,7 @@ trait AclTrait {
* @throws \InvalidArgumentException
* @return \TinyAuth\Auth\AclAdapter\AclAdapterInterface
*/
protected function _loadAclAdapter($adapter) {
protected function _loadAclAdapter(string $adapter): AclAdapterInterface {
if ($this->_aclAdapter !== null) {
return $this->_aclAdapter;
}
Expand Down Expand Up @@ -134,7 +135,7 @@ protected function _checkUser(ArrayAccess|array $user, array $params): bool {
*
* @return bool
*/
protected function _isProtectedPrefix($prefix, array $protectedPrefixes) {
protected function _isProtectedPrefix($prefix, array $protectedPrefixes): bool {
foreach ($protectedPrefixes as $protectedPrefix) {
if ($prefix === $protectedPrefix || str_starts_with((string)$prefix, $protectedPrefix . '/')) {
return true;
Expand All @@ -157,7 +158,7 @@ protected function _isProtectedPrefix($prefix, array $protectedPrefixes) {
* @param mixed $rule The value declared on the ACL rule.
* @return bool True when both sides describe the same slot.
*/
protected function _matchesRouteSlot($request, $rule): bool {
protected function _matchesRouteSlot(mixed $request, mixed $rule): bool {
$requestEmpty = $request === null || $request === '';
$ruleEmpty = $rule === null || $rule === '';

Expand All @@ -177,7 +178,7 @@ protected function _matchesRouteSlot($request, $rule): bool {
*
* @return bool
*/
protected function _check(array $userRoles, array $params) {
protected function _check(array $userRoles, array $params): bool {
// Allow access to all prefixed actions for users belonging to
// the specified role that matches the prefix.
$prefixMap = $this->getConfig('authorizeByPrefix');
Expand Down Expand Up @@ -269,7 +270,7 @@ protected function _prefixMap(array $roles): array {
*
* @return array<string>
*/
protected function _prefixesFromRoles(array $roles) {
protected function _prefixesFromRoles(array $roles): array {
$names = array_keys($roles);
$prefixMap = [];
foreach ($names as $name) {
Expand All @@ -288,7 +289,7 @@ protected function _prefixesFromRoles(array $roles) {
*
* @return bool
*/
protected function _isAuthorizedByPrefix($prefix, array $prefixMap, array $userRoles, array $availableRoles) {
protected function _isAuthorizedByPrefix($prefix, array $prefixMap, array $userRoles, array $availableRoles): bool {
if (!$userRoles || !$prefixMap || !$availableRoles) {
return false;
}
Expand All @@ -315,7 +316,7 @@ protected function _isAuthorizedByPrefix($prefix, array $prefixMap, array $userR
*
* @return array<string, mixed>
*/
protected function _normalizePrefixes(array $prefixes) {
protected function _normalizePrefixes(array $prefixes): array {
$normalized = [];
foreach ($prefixes as $prefix => $role) {
if (is_int($prefix)) {
Expand All @@ -334,7 +335,7 @@ protected function _normalizePrefixes(array $prefixes) {
*
* @return bool
*/
protected function _isPublic(array $params) {
protected function _isPublic(array $params): bool {
$authentication = $this->_getAuth();

foreach ($authentication as $rule) {
Expand Down Expand Up @@ -376,7 +377,7 @@ protected function _isPublic(array $params) {
* @throws \Cake\Core\Exception\CakeException
* @return array
*/
protected function _getAuth() {
protected function _getAuth(): array {
if ($this->auth) {
return $this->auth;
}
Expand All @@ -399,7 +400,7 @@ protected function _getAuth() {
* @param array|string|null $path
* @return array
*/
protected function _getAcl($path = null) {
protected function _getAcl(array|string|null $path = null): array {
if ($this->getConfig('autoClearCache') && Configure::read('debug')) {
Cache::clear(Cache::KEY_ACL);
}
Expand Down Expand Up @@ -430,7 +431,7 @@ protected function _getAcl($path = null) {
* @param string $file INI file name.
* @return array List with all found files.
*/
protected function _parseFiles($paths, $file) {
protected function _parseFiles(array|string|null $paths, string $file): array {
return Utility::parseFiles($paths, $file);
}

Expand All @@ -440,7 +441,7 @@ protected function _parseFiles($paths, $file) {
* @param string $key INI section key as found in acl.ini
* @return array<string, mixed> Array with named keys for controller, plugin and prefix
*/
protected function _deconstructIniKey($key) {
protected function _deconstructIniKey(string $key): array {
return Utility::deconstructIniKey($key);
}

Expand All @@ -450,7 +451,7 @@ protected function _deconstructIniKey($key) {
* @param array $params The request params
* @return string|null Hash with named keys for controller, plugin and prefix
*/
protected function _constructIniKey($params): ?string {
protected function _constructIniKey(array $params): ?string {
$res = $params['controller'] ?? null;
if ($res === null) {
return null;
Expand All @@ -474,7 +475,7 @@ protected function _constructIniKey($params): ?string {
* @throws \Cake\Core\Exception\CakeException
* @return array<string, int|string> List with all available roles
*/
protected function _getAvailableRoles() {
protected function _getAvailableRoles(): array {
if ($this->_roles !== null) {
return $this->_roles;
}
Expand Down Expand Up @@ -526,7 +527,7 @@ protected function _getRolesFromDb(string $rolesTableKey): array {
try {
$rolesTable = TableRegistry::getTableLocator()->get($rolesTableKey);
$roleIdColumn = $this->getConfig('roleIdColumn') ?: 'id';
$result = $rolesTable->find()->formatResults(function (ResultSetInterface $results) use ($roleIdColumn) {
$result = $rolesTable->find()->formatResults(function (ResultSetInterface $results) use ($roleIdColumn): CollectionInterface {
return $results->combine($this->getConfig('aliasColumn'), $roleIdColumn);
});
} catch (RuntimeException $e) {
Expand All @@ -548,7 +549,7 @@ protected function _getRolesFromDb(string $rolesTableKey): array {
* @param \ArrayAccess|array $user The user to get the roles for
* @return array<string, int|string> List with all role ids belonging to the user
*/
protected function _getUserRoles(ArrayAccess|array $user) {
protected function _getUserRoles(ArrayAccess|array $user): array {
// Single-role from session
if (!$this->getConfig('multiRole')) {
$roleColumn = $this->getConfig('roleColumn');
Expand Down Expand Up @@ -611,7 +612,7 @@ protected function _getUserRoles(ArrayAccess|array $user) {
/**
* @return string
*/
protected function _pivotTableName() {
protected function _pivotTableName(): string {
$pivotTableName = $this->getConfig('pivotTable');
if (!$pivotTableName) {
[, $rolesTableName] = pluginSplit($this->getConfig('rolesTable'));
Expand All @@ -632,7 +633,7 @@ protected function _pivotTableName() {
* @param int $id User ID
* @return array
*/
protected function _getRolesFromJunction($pivotTableName, $id) {
protected function _getRolesFromJunction(string $pivotTableName, $id): array {
if (isset($this->_userRoles[$id])) {
return $this->_userRoles[$id];
}
Expand All @@ -657,7 +658,7 @@ protected function _getRolesFromJunction($pivotTableName, $id) {
* @param array<int|string|\BackedEnum> $roles
* @return array<string, int|string>
*/
protected function _mapped(array $roles) {
protected function _mapped(array $roles): array {
$availableRoles = $this->_getAvailableRoles();

$array = [];
Expand Down
16 changes: 8 additions & 8 deletions src/Auth/AllowTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ trait AllowTrait {
/**
* @var \TinyAuth\Auth\AllowAdapter\AllowAdapterInterface|null
*/
protected $_allowAdapter;
protected ?AllowAdapterInterface $_allowAdapter = null;

/**
* Get the rules for a specific controller.
Expand All @@ -24,7 +24,7 @@ trait AllowTrait {
* @param array $params
* @return array
*/
protected function _getAllowRule(array $params) {
protected function _getAllowRule(array $params): array {
$rules = $this->_getAllow($this->getConfig('allowFilePath'));

$allowDefaults = $this->_getAllowDefaultsForCurrentParams($params);
Expand Down Expand Up @@ -67,7 +67,7 @@ protected function _getAllowRule(array $params) {
* @param mixed $rule
* @return bool
*/
protected function _matchesAllowSlot($request, $rule): bool {
protected function _matchesAllowSlot(mixed $request, mixed $rule): bool {
$requestEmpty = $request === null || $request === '';
$ruleEmpty = $rule === null || $rule === '';

Expand All @@ -83,11 +83,11 @@ protected function _matchesAllowSlot($request, $rule): bool {

/**
* @param array $rule
* @param string $action
* @param string|null $action
*
* @return bool
*/
protected function _isActionAllowed(array $rule, $action) {
protected function _isActionAllowed(array $rule, ?string $action): bool {
$rule += [
'deny' => [],
'allow' => [],
Expand All @@ -104,7 +104,7 @@ protected function _isActionAllowed(array $rule, $action) {
* @param array $params
* @return array<string>
*/
protected function _getAllowDefaultsForCurrentParams(array $params) {
protected function _getAllowDefaultsForCurrentParams(array $params): array {
if ($this->getConfig('allowNonPrefixed') && empty($params['prefix'])) {
return ['*'];
}
Expand Down Expand Up @@ -132,7 +132,7 @@ protected function _getAllowDefaultsForCurrentParams(array $params) {
* @param string|null $path
* @return array
*/
protected function _getAllow($path = null) {
protected function _getAllow(?string $path = null): array {
if ($this->getConfig('autoClearCache') && Configure::read('debug')) {
Cache::clear(Cache::KEY_ALLOW);
}
Expand Down Expand Up @@ -166,7 +166,7 @@ protected function _getAllow($path = null) {
* @throws \InvalidArgumentException
* @return \TinyAuth\Auth\AllowAdapter\AllowAdapterInterface
*/
protected function _loadAllowAdapter($adapter) {
protected function _loadAllowAdapter(string $adapter): AllowAdapterInterface {
if ($this->_allowAdapter !== null) {
return $this->_allowAdapter;
}
Expand Down
8 changes: 4 additions & 4 deletions src/Auth/AuthUserTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ trait AuthUserTrait {
*
* @return string|int|null User id if existent, null otherwise.
*/
public function id() {
public function id(): string|int|null {
$field = $this->getConfig('idColumn');

return $this->user($field);
Expand All @@ -73,7 +73,7 @@ public function isMe($userId): bool {
* @param string|null $key Key in dot syntax.
* @return mixed Data
*/
public function user(?string $key = null) {
public function user(?string $key = null): mixed {
$user = $this->_getUser();
if ($key === null) {
return $user;
Expand Down Expand Up @@ -114,7 +114,7 @@ public function roles(): array {
* @param mixed|null $providedRoles
* @return bool Success
*/
public function hasRole($expectedRole, $providedRoles = null) {
public function hasRole(mixed $expectedRole, mixed $providedRoles = null): bool {
$roles = $providedRoles !== null ? (array)$providedRoles : $this->roles();

if (!$roles) {
Expand Down Expand Up @@ -154,7 +154,7 @@ public function hasRole($expectedRole, $providedRoles = null) {
* @param mixed|null $providedRoles
* @return bool Success
*/
public function hasRoles($expectedRoles, $oneRoleIsEnough = true, $providedRoles = null): bool {
public function hasRoles(mixed $expectedRoles, $oneRoleIsEnough = true, mixed $providedRoles = null): bool {
$roles = $providedRoles ?? $this->roles();

$expectedRoles = (array)$expectedRoles;
Expand Down
6 changes: 2 additions & 4 deletions src/Auth/BaseAuthorize.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,17 +30,15 @@ abstract class BaseAuthorize {

/**
* ComponentRegistry instance for getting more components.
*
* @var \Cake\Controller\ComponentRegistry
*/
protected $_registry;
protected ComponentRegistry $_registry;

/**
* Default config for authorize objects.
*
* @var array<string, mixed>
*/
protected $_defaultConfig = [];
protected array $_defaultConfig = [];

/**
* Constructor
Expand Down
6 changes: 3 additions & 3 deletions src/Command/AddCommand.php
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public static function getDescription(): string {
* @param \Cake\Console\ConsoleIo $io The console io
* @return int
*/
public function execute(Arguments $args, ConsoleIo $io) {
public function execute(Arguments $args, ConsoleIo $io): int {
$adder = $this->_getAdder();

$controller = $args->getArgument('controller');
Expand Down Expand Up @@ -77,7 +77,7 @@ public function execute(Arguments $args, ConsoleIo $io) {
/**
* @return \TinyAuth\Sync\Adder
*/
protected function _getAdder() {
protected function _getAdder(): Adder {
return new Adder();
}

Expand Down Expand Up @@ -129,7 +129,7 @@ protected function buildOptionParser(ConsoleOptionParser $parser): ConsoleOption
/**
* @return array<string>
*/
protected function _getAvailableRoles() {
protected function _getAvailableRoles(): array {
$roles = (new TinyAuth())->getAvailableRoles();

return array_keys($roles);
Expand Down
6 changes: 3 additions & 3 deletions src/Command/SyncCommand.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public static function getDescription(): string {
* @param \Cake\Console\ConsoleIo $io The console io
* @return int
*/
public function execute(Arguments $args, ConsoleIo $io) {
public function execute(Arguments $args, ConsoleIo $io): int {
$syncer = $this->_getSyncer();
$syncer->syncAcl($args, $io);

Expand All @@ -64,7 +64,7 @@ public function execute(Arguments $args, ConsoleIo $io) {
/**
* @return \TinyAuth\Sync\Syncer
*/
protected function _getSyncer() {
protected function _getSyncer(): Syncer {
return new Syncer();
}

Expand Down Expand Up @@ -115,7 +115,7 @@ protected function buildOptionParser(ConsoleOptionParser $parser): ConsoleOption
/**
* @return array<string>
*/
protected function _getAvailableRoles() {
protected function _getAvailableRoles(): array {
$roles = (new TinyAuth())->getAvailableRoles();

return array_keys($roles);
Expand Down
Loading
Loading