FilesExpand file tree

 develop

/

EncryptedData.php

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

102 lines (88 loc) · 3.24 KB

 develop

/

EncryptedData.php

Top

File metadata and controls

• Code
• Blame

102 lines (88 loc) · 3.24 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

<?php

namespace ProcessMaker\Models;

use Illuminate\Validation\ValidationException;

use ProcessMaker\Models\Process;

use ProcessMaker\Models\ProcessMakerModel;

use ProcessMaker\Models\Screen;

use ProcessMaker\Traits\HasUuids;

class EncryptedData extends ProcessMakerModel

{

use HasUuids;

protected $connection = 'processmaker';

protected $table = 'encrypted_data';

/**

* The attributes that aren't mass assignable.

*

* @var array

*/

protected $guarded = [

'id',

'uuid',

'created_at',

'updated_at',

];

/**

* The attributes that are mass assignable.

*

* @var array

*/

protected $fillable = [

'field_name',

'iv',

'data',

];

/**

* Check user permission for the encrypted data

*

* @param string $userId

* @param string $screenId

* @param string $fieldName

*

* @throws ValidationException

*/

public static function checkUserPermission($userId, $screenId, $fieldName)

{

// Get screen fields

$screen = Screen::find($screenId);

$fields = $screen->getFieldsAttribute()->toArray();

// Search encrypted fields

$encryptedFields = array_filter($fields, function ($field) use ($fieldName) {

return $field->field === $fieldName;

});

// Use the first definition

$encryptedField = array_pop($encryptedFields) ?? null;

// Run validations

if (is_null($encryptedField)) {

throw ValidationException::withMessages([

'encrypted_field_not_exists' => __("There is no field with the name ':fieldName'.", ['fieldName' => $fieldName]),

]);

}

if (is_null($encryptedField->encryptedConfig)) {

throw ValidationException::withMessages([

'encrypted_field_config_empty' => __('Configuration related to encryption is not found for this field.'),

]);

}

if (is_null($encryptedField->encryptedConfig['encrypted'])) {

throw ValidationException::withMessages([

'encrypted_field_encryption_disabled' => __('Encryption is not enabled for this field.'),

]);

}

if (empty($encryptedField->encryptedConfig['assignments']['users']) && empty($encryptedField->encryptedConfig['assignments']['groups'])) {

throw ValidationException::withMessages([

'encrypted_field_assignments_empty' => __('Configuration related to assignments is missing for this field.'),

]);

}

// Get groups and users from config

$groupsAssigned = $encryptedField->encryptedConfig['assignments']['groups'];

$usersAssigned = $encryptedField->encryptedConfig['assignments']['users'];

// Get consolidated users list

$process = new Process();

$usersAssigned = $process->getConsolidatedUsers($groupsAssigned, $usersAssigned);

// Validate if current user have permissions for this cencrypted field

if (!in_array($userId, $usersAssigned)) {

throw ValidationException::withMessages([

'encrypted_field_assignments_invalid' => __('You are not assigned to this encrypted field.'),

]);

}

}

}