Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
CRAP | |
0.00% |
0 / 1 |
| IsSuperAdminOrSelf | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
12 | |
0.00% |
0 / 1 |
| __invoke | |
0.00% |
0 / 9 |
|
0.00% |
0 / 1 |
12 | |||
| 1 | <?php |
| 2 | |
| 3 | declare(strict_types=1); |
| 4 | |
| 5 | use Psr\Http\Message\ResponseInterface; |
| 6 | use Psr\Http\Server\RequestHandlerInterface; |
| 7 | use Slim\Exception\HttpInternalServerErrorException; |
| 8 | use Slim\Http\ServerRequest; |
| 9 | |
| 10 | class IsSuperAdminOrSelf extends IsSuperAdmin { |
| 11 | public function __invoke(ServerRequest $request, RequestHandlerInterface $handler): ResponseInterface { |
| 12 | try { |
| 13 | $this->checkAuthToken($request); |
| 14 | } catch(Exception $e) { |
| 15 | $authToken = $request->getAttribute('AuthToken'); |
| 16 | $requestUserId = (int) $request->getAttribute('__route__')->getArgument('user_id'); |
| 17 | $adminDao = new AdminDAO(); |
| 18 | $dbUserId = (int) $adminDao->getAdmin($authToken->getToken())->getId(); |
| 19 | |
| 20 | if ($requestUserId !== $dbUserId) { |
| 21 | throw new HttpInternalServerErrorException($request, 'User is neither owner nor super admin'); |
| 22 | } |
| 23 | } |
| 24 | |
| 25 | return $handler->handle($request); |
| 26 | } |
| 27 | } |