Implement AccessDenied exception, remove access_denied() function

The removed access_denied() function did have some redirect magic for the login page that will need to be reimplemented again using a more modern OO exception handling approach.
mantisbt · Dec 18, 2011 · 9d49376 · 9d49376
1 parent 62c3cf2
commit 9d49376
Show file tree

Hide file tree

Showing 28 changed files with 125 additions and 167 deletions.
diff --git a/application/MantisBT/Error.php b/application/MantisBT/Error.php
@@ -2,6 +2,8 @@
 namespace MantisBT;
 use \stdClass;
 
+require_api('lang_api.php');
+
 class Error {
 	/**
 	 * Indicates previous errors
@@ -45,21 +47,29 @@ public static function init(){
 		}
 	}
 
-	public static function exception_handler( Exception $ex) {
-		self::init();
-
-        $errorInfo = new stdClass();
-        $errorInfo->time = time();
-        $errorInfo->type = 'EXCEPTION';
-        $errorInfo->name = get_class($ex);
-        $errorInfo->code = $ex->getCode();
-        $errorInfo->message = $ex->getMessage();
-        $errorInfo->file = $ex->getFile();
-        $errorInfo->line = $ex->getLine();
-        $errorInfo->trace = $ex->getTrace();
-		$errorInfo->context = $ex->getContext();
+	public static function exception_handler($exception) {
+		$errorInfo = new stdClass();
+		$errorInfo->time = time();
+		$errorInfo->type = 'EXCEPTION';
+		$errorInfo->name = 'InvalidException';
+		$errorInfo->code = 0;
+		$errorInfo->message = 'An invalid exception type was caught by the exception handler. Unfortuantly no further information can be obtained.';
+
+		if (is_object($exception)) {
+			$reflectionClass = new \ReflectionClass($exception);
+			if ($reflectionClass->isSubclassOf('Exception')) {
+				$errorInfo->name = $reflectionClass->getName();
+				$errorInfo->code = $exception->getCode();
+				$errorInfo->message = $exception->getMessage();
+				$errorInfo->file = $exception->getFile();
+				$errorInfo->line = $exception->getLine();
+				$errorInfo->trace = $exception->getTrace();
+				$errorInfo->context = $exception->getContext();
+			}
+		}
 
-        self::$allErrors[] = $errorInfo;
+		self::init();
+		self::$allErrors[] = $errorInfo;
 	}
 
 	public static function error_handler( $type, $error, $file, $line, $context ) {

diff --git a/application/MantisBT/Exception/Access/AccessDenied.php b/application/MantisBT/Exception/Access/AccessDenied.php
@@ -0,0 +1,10 @@
+<?php
+namespace MantisBT\Exception\Access;
+use MantisBT\Exception\ExceptionAbstract;
+use MantisBT\Error;
+
+class AccessDenied extends ExceptionAbstract {
+	public function __construct() {
+		parent::__construct( ERROR_ACCESS_DENIED, Error::error_string(ERROR_ACCESS_DENIED), null );
+	}
+}
diff --git a/application/MantisBT/Exception/ExceptionAbstract.php b/application/MantisBT/Exception/ExceptionAbstract.php
@@ -11,7 +11,7 @@ abstract class ExceptionAbstract extends Exception {
     private   $trace;                             // Unknown
 
 	private $context = null;		// Mantis Context
-    public function __construct($code = 0, $parameters, Exception $previous = null) {
+    public function __construct($code = 0, $parameters = null, Exception $previous = null) {
 		$message = var_export( $parameters, true);
 
 		$this->context = $parameters;

diff --git a/application/core/access_api.php b/application/core/access_api.php
@@ -39,6 +39,8 @@
  * @uses user_api.php
  */
 
+use MantisBT\Exception\Access\AccessDenied;
+
 require_api( 'authentication_api.php' );
 require_api( 'bug_api.php' );
 require_api( 'bugnote_api.php' );
@@ -72,45 +74,6 @@
  */
 $g_cache_access_matrix_user_ids = array();
 
-/**
- * Function to be called when a user is attempting to access a page that
- * he/she is not authorised to.  This outputs an access denied message then
- * re-directs to the mainpage.
- */
-function access_denied() {
-	if( !auth_is_user_authenticated() ) {
-		if( basename( $_SERVER['SCRIPT_NAME'] ) != 'login_page.php' ) {
-			$t_return_page = $_SERVER['SCRIPT_NAME'];
-			if( isset( $_SERVER['QUERY_STRING'] ) ) {
-				$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
-			}
-			$t_return_page = string_url( string_sanitize_url( $t_return_page ) );
-			print_header_redirect( 'login_page.php' . '?return=' . $t_return_page );
-		}
-	} else {
-		if( current_user_is_anonymous() ) {
-			if( basename( $_SERVER['SCRIPT_NAME'] ) != 'login_page.php' ) {
-				$t_return_page = $_SERVER['SCRIPT_NAME'];
-				if( isset( $_SERVER['QUERY_STRING'] ) ) {
-					$t_return_page .= '?' . $_SERVER['QUERY_STRING'];
-				}
-				$t_return_page = string_url( string_sanitize_url( $t_return_page ) );
-				echo '<p class="center">' . error_string( ERROR_ACCESS_DENIED ) . '</p><p class="center">';
-				print_bracket_link( helper_mantis_url( 'login_page.php' ) . '?return=' . $t_return_page, lang_get( 'click_to_login' ) );
-				echo '</p><p class="center">';
-				print_bracket_link( helper_mantis_url( 'main_page.php' ), lang_get( 'proceed' ) );
-				echo '</p>';
-			}
-		} else {
-			echo '<p class="center">' . error_string( ERROR_ACCESS_DENIED ) . '</p>';
-			echo '<p class="center">';
-			print_bracket_link( helper_mantis_url( 'main_page.php' ), lang_get( 'proceed' ) );
-			echo '</p>';
-		}
-	}
-	exit;
-}
-
 /**
  * retrieves and returns access matrix for a project from cache or caching if required.
  * @param int $p_project_id integer representing project id
@@ -254,7 +217,7 @@ function access_has_global_level( $p_access_level, $p_user_id = null ) {
  */
 function access_ensure_global_level( $p_access_level, $p_user_id = null ) {
 	if( !access_has_global_level( $p_access_level, $p_user_id ) ) {
-		access_denied();
+		throw new AccessDenied();
 	}
 }
 
@@ -351,7 +314,7 @@ function access_has_project_level( $p_access_level, $p_project_id = null, $p_use
  */
 function access_ensure_project_level( $p_access_level, $p_project_id = null, $p_user_id = null ) {
 	if( !access_has_project_level( $p_access_level, $p_project_id, $p_user_id ) ) {
-		access_denied();
+		throw new AccessDenied();
 	}
 }
 
@@ -436,7 +399,7 @@ function access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) {
  */
 function access_ensure_bug_level( $p_access_level, $p_bug_id, $p_user_id = null ) {
 	if( !access_has_bug_level( $p_access_level, $p_bug_id, $p_user_id ) ) {
-		access_denied();
+		throw new AccessDenied();
 	}
 }
 
@@ -478,7 +441,7 @@ function access_has_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id =
  */
  function access_ensure_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id = null ) {
 	if( !access_has_bugnote_level( $p_access_level, $p_bugnote_id, $p_user_id ) ) {
-		access_denied();
+		throw new AccessDenied();
 	}
 }
 
@@ -515,7 +478,7 @@ function access_can_close_bug( $p_bug_id, $p_user_id = null ) {
  */
  function access_ensure_can_close_bug( $p_bug_id, $p_user_id = null ) {
 	if( !access_can_close_bug( $p_bug_id, $p_user_id ) ) {
-		access_denied();
+		throw new AccessDenied();
 	}
 }
 
@@ -541,15 +504,14 @@ function access_can_reopen_bug( $p_bug_id, $p_user_id = null ) {
 
 /**
  * Make sure that the current user can reopen the specified bug.
- * Calls access_denied if user has no access to terminate script
  * @see access_can_reopen_bug
  * @param int $p_bug_id integer representing bug id to check access against
  * @param int|null $p_user_id integer representing user id, defaults to null to use current user
  * @access public
  */
  function access_ensure_can_reopen_bug( $p_bug_id, $p_user_id = null ) {
 	if( !access_can_reopen_bug( $p_bug_id, $p_user_id ) ) {
-		access_denied();
+		throw new AccessDenied();
 	}
 }
 

diff --git a/application/core/authentication_api.php b/application/core/authentication_api.php
@@ -23,7 +23,6 @@
  * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  * @link http://www.mantisbt.org
  *
- * @uses access_api.php
  * @uses config_api.php
  * @uses constant_inc.php
  * @uses crypto_api.php
@@ -43,7 +42,9 @@
  * @uses utility_api.php
  */
 
-require_api( 'access_api.php' );
+use MantisBT\Error;
+use MantisBT\Exception\Access\AccessDenied;
+
 require_api( 'config_api.php' );
 require_api( 'constant_inc.php' );
 require_api( 'crypto_api.php' );
@@ -827,8 +828,7 @@ function auth_get_current_user_id() {
 	# and give them an Access Denied message.
 	if( !$t_user_id ) {
 		auth_clear_cookies();
-		access_denied();
-		exit();
+		throw new AccessDenied();
 	}
 
 	$g_cache_current_user_id = $t_user_id;
@@ -846,7 +846,7 @@ function auth_http_prompt() {
 	header( 'WWW-Authenticate: Basic realm="' . lang_get( 'http_auth_realm' ) . '"' );
 	header( 'status: 401 Unauthorized' );
 
-	echo '<p class="center error-msg">' . error_string( ERROR_ACCESS_DENIED ) . '</p>';
+	echo '<p class="center error-msg">' . Error::error_string( ERROR_ACCESS_DENIED ) . '</p>';
 	print_bracket_link( 'main_page.php', lang_get( 'proceed' ) );
 
 	exit;

diff --git a/application/core/news_api.php b/application/core/news_api.php
@@ -24,7 +24,6 @@
  * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  * @link http://www.mantisbt.org
  *
- * @uses access_api.php
  * @uses config_api.php
  * @uses constant_inc.php
  * @uses current_user_api.php
@@ -36,7 +35,8 @@
  * @uses utility_api.php
  */
 
-require_api( 'access_api.php' );
+use MantisBT\Exception\Access\AccessDenied;
+
 require_api( 'config_api.php' );
 require_api( 'constant_inc.php' );
 require_api( 'current_user_api.php' );
@@ -332,6 +332,6 @@ function news_is_enabled() {
 # Ensures that the news feature is enabled, otherwise generates an access denied error.
 function news_ensure_enabled() {
 	if ( !news_is_enabled() ) {
-		access_denied();
+		throw new AccessDenied();
 	}
 }
diff --git a/public/account_sponsor_page.php b/public/account_sponsor_page.php
@@ -38,7 +38,6 @@
  * @link http://www.mantisbt.org
  *
  * @uses core.php
- * @uses access_api.php
  * @uses authentication_api.php
  * @uses bug_api.php
  * @uses config_api.php
@@ -57,11 +56,9 @@
  * @uses version_api.php
  */
 
-/**
- * MantisBT Core API's
- */
+use MantisBT\Exception\Access\AccessDenied;
+
 require_once( 'core.php' );
-require_api( 'access_api.php' );
 require_api( 'authentication_api.php' );
 require_api( 'bug_api.php' );
 require_api( 'config_api.php' );
@@ -87,7 +84,7 @@
 
 # anonymous users are not allowed to sponsor issues
 if ( current_user_is_anonymous() ) {
-	access_denied();
+	throw new AccessDenied();
 }
 
 $t_show_all = gpc_get_bool( 'show_all', false );

diff --git a/public/bug_change_status_page.php b/public/bug_change_status_page.php
@@ -40,9 +40,9 @@
  * @uses version_api.php
  */
 
-/**
- * MantisBT Core API's
- */
+
+use MantisBT\Exception\Access\AccessDenied;
+
 require_once( 'core.php' );
 require_api( 'access_api.php' );
 require_api( 'authentication_api.php' );
@@ -90,7 +90,7 @@
 							( ON == config_get( 'allow_reporter_close' ) ) ) ) ||
 			( ( ON == $f_reopen_flag ) && ( access_has_bug_level( config_get( 'reopen_bug_threshold' ), $f_bug_id ) ) )
 		) ) {
-	access_denied();
+	throw new AccessDenied();
 }
 
 $t_can_update_due_date = access_has_bug_level( config_get( 'due_date_update_threshold' ), $f_bug_id );

diff --git a/public/bug_file_add.php b/public/bug_file_add.php
@@ -37,9 +37,8 @@
  * @uses string_api.php
  */
 
-/**
- * MantisBT Core API's
- */
+use MantisBT\Exception\Access\AccessDenied;
+
 require_once( 'core.php' );
 require_api( 'access_api.php' );
 require_api( 'bug_api.php' );
@@ -72,7 +71,7 @@
 }
 
 if ( !file_allow_bug_upload( $f_bug_id ) ) {
-	access_denied();
+	throw new AccessDenied();
 }
 
 access_ensure_bug_level( config_get( 'upload_bug_file_threshold' ), $f_bug_id );

diff --git a/public/bug_relationship_graph.php b/public/bug_relationship_graph.php
@@ -35,9 +35,8 @@
  * @uses relationship_graph_api.php
  */
 
-/**
- * MantisBT Core API's
- */
+use MantisBT\Exception\Access\AccessDenied;
+
 require_once( 'core.php' );
 require_api( 'access_api.php' );
 require_api( 'authentication_api.php' );
@@ -58,7 +57,7 @@
 auth_ensure_user_authenticated();
 
 if ( ON != config_get( 'relationship_graph_enable' ) )
-	access_denied();
+	throw new AccessDenied();
 
 $f_bug_id		= gpc_get_int( 'bug_id' );
 $f_type			= gpc_get_string( 'graph', 'relation' );

diff --git a/public/bug_relationship_graph_img.php b/public/bug_relationship_graph_img.php
@@ -31,9 +31,8 @@
  * @uses relationship_graph_api.php
  */
 
-/**
- * MantisBT Core API's
- */
+use MantisBT\Exception\Access\AccessDenied;
+
 require_once( 'core.php' );
 require_api( 'access_api.php' );
 require_api( 'authentication_api.php' );
@@ -50,7 +49,7 @@
 auth_ensure_user_authenticated();
 
 if ( ON != config_get( 'relationship_graph_enable' ) )
-	access_denied();
+	throw new AccessDenied();
 
 $f_bug_id		= gpc_get_int( 'bug_id' );
 $f_type			= gpc_get_string( 'graph', 'relation' );

diff --git a/public/bug_set_sponsorship.php b/public/bug_set_sponsorship.php
@@ -37,9 +37,8 @@
  * @uses utility_api.php
  */
 
-/**
- * MantisBT Core API's
- */
+use MantisBT\Exception\Access\AccessDenied;
+
 require_once( 'core.php' );
 require_api( 'access_api.php' );
 require_api( 'authentication_api.php' );
@@ -60,7 +59,7 @@
 
 # anonymous users are not allowed to sponsor issues
 if ( current_user_is_anonymous() ) {
-	access_denied();
+	throw new AccessDenied();
 }
 
 $f_bug_id	= gpc_get_int( 'bug_id' );