18188466427

Committed 02 Oct 2025 09:03AM UTC coverage: 61.928% (-1.1%) from 63.01%

Build # 18188466427

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #105 from klinge/65-add-a-better-routerdispatcher

Changes to League Route instead of AltoRouter

Coverage Stats

65 of 98 new or added lines in 11 files covered. (66.33%)

1 existing line in 1 file now uncovered.

1272 of 2054 relevant lines covered (61.93%)

3.29 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

90.48

/App/Middleware/AuthorizationMiddleware.php

<?php

declare(strict_types=1);

namespace App\Middleware;

use App\Utils\Session;
use App\Config\RouteConfig;
use App\Middleware\Contracts\RequestHandlerInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Laminas\Diactoros\Response\RedirectResponse;

class AuthorizationMiddleware extends BaseMiddleware
{
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        $routeName = $request->getAttribute('route_name');

        if (!$routeName) {
            $this->logger->error('No route name found in request attributes. Path: ' . $request->getUri()->getPath());
            throw new \RuntimeException('Route name not set on request. League Route integration issue.');
        }

        // Admins can access everything
        if (Session::isAdmin()) {
            return $handler->handle($request);
        }
        // Anyone can access user routes and routes that don't require login
        if ($this->isUserRoute($routeName) || $this->isOpenRoute($routeName)) {
            return $handler->handle($request);
        }
        // If we get here the user is not admin and it's a protected route
        $this->logger->info('Request to an admin page, user is not admin. URI: ' . $request->getUri()->__toString() .
            ', Remote IP: ' . $request->getServerParams()['REMOTE_ADDR'] .
            ', User ID: ' . Session::get('user_id'));

        if ($this->isAjaxRequest($request)) {
            return $this->jsonResponse(['success' => false, 'message' => 'Du måste vara administratör för att få komma åt denna resurs.'], 401);
        } else {
            Session::setFlashMessage('error', 'Du måste vara administratör för att se denna sida.');
            return new RedirectResponse('/user');
        }
    }



    protected function isOpenRoute(string $routeName): bool
    {
        //The no-login routes are defined in RouteConfig
        $result = in_array($routeName, RouteConfig::$noLoginRequiredRoutes);
        $this->logger->debug('>isOpenRoute: ' . $routeName . ':' . (string) $result);
        return $result;
    }

    protected function isUserRoute(string $routeName): bool
    {
        $result = strpos($routeName, 'user-') !== false;
        $this->logger->debug('>isUserRoute: ' . $routeName . ':' . (string) $result);
        return $result;
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	namespace App\Middleware;
6
7	use App\Utils\Session;
8	use App\Config\RouteConfig;
9	use App\Middleware\Contracts\RequestHandlerInterface;
10	use Psr\Http\Message\ResponseInterface;
11	use Psr\Http\Message\ServerRequestInterface;
12	use Laminas\Diactoros\Response\RedirectResponse;
13
14	class AuthorizationMiddleware extends BaseMiddleware
15	{
16	public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
17	{
18	$routeName = $request->getAttribute('route_name');	6✔
19
20	if (!$routeName) {	6✔
NEW 21	$this->logger->error('No route name found in request attributes. Path: ' . $request->getUri()->getPath());	×
NEW 22	throw new \RuntimeException('Route name not set on request. League Route integration issue.');	×
23	}
24
25	// Admins can access everything
26	if (Session::isAdmin()) {	6✔
27	return $handler->handle($request);	2✔
28	}
29	// Anyone can access user routes and routes that don't require login
30	if ($this->isUserRoute($routeName) \|\| $this->isOpenRoute($routeName)) {	4✔
31	return $handler->handle($request);	2✔
32	}
33	// If we get here the user is not admin and it's a protected route
34	$this->logger->info('Request to an admin page, user is not admin. URI: ' . $request->getUri()->__toString() .	2✔
35	', Remote IP: ' . $request->getServerParams()['REMOTE_ADDR'] .	2✔
36	', User ID: ' . Session::get('user_id'));	2✔
37
38	if ($this->isAjaxRequest($request)) {	2✔
39	return $this->jsonResponse(['success' => false, 'message' => 'Du måste vara administratör för att få komma åt denna resurs.'], 401);	1✔
40	} else {
41	Session::setFlashMessage('error', 'Du måste vara administratör för att se denna sida.');	1✔
42	return new RedirectResponse('/user');	1✔
43	}
44	}
45
46
47
48	protected function isOpenRoute(string $routeName): bool
49	{
50	//The no-login routes are defined in RouteConfig
51	$result = in_array($routeName, RouteConfig::$noLoginRequiredRoutes);	3✔
52	$this->logger->debug('>isOpenRoute: ' . $routeName . ':' . (string) $result);	3✔
53	return $result;	3✔
54	}
55
56	protected function isUserRoute(string $routeName): bool
57	{
58	$result = strpos($routeName, 'user-') !== false;	4✔
59	$this->logger->debug('>isUserRoute: ' . $routeName . ':' . (string) $result);	4✔
60	return $result;	4✔
61	}
62	}

klinge / sl-webapp / 18188466427

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous