diff --git a/.ci/php-cs-fixer/composer.lock b/.ci/php-cs-fixer/composer.lock index d0534abbcf..d70e001fc0 100644 --- a/.ci/php-cs-fixer/composer.lock +++ b/.ci/php-cs-fixer/composer.lock @@ -226,16 +226,16 @@ }, { "name": "friendsofphp/php-cs-fixer", - "version": "v3.43.1", + "version": "v3.45.0", "source": { "type": "git", "url": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer.git", - "reference": "91c0b47216aa43b09656b4d99aa9dade2f3ad8fc" + "reference": "c0daa33cb2533cd73f48dde1c70c2afa3e7953b5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/91c0b47216aa43b09656b4d99aa9dade2f3ad8fc", - "reference": "91c0b47216aa43b09656b4d99aa9dade2f3ad8fc", + "url": "https://api.github.com/repos/PHP-CS-Fixer/PHP-CS-Fixer/zipball/c0daa33cb2533cd73f48dde1c70c2afa3e7953b5", + "reference": "c0daa33cb2533cd73f48dde1c70c2afa3e7953b5", "shasum": "" }, "require": { @@ -304,7 +304,7 @@ ], "support": { "issues": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues", - "source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.43.1" + "source": "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/tree/v3.45.0" }, "funding": [ { @@ -312,7 +312,7 @@ "type": "github" } ], - "time": "2023-12-29T09:42:16+00:00" + "time": "2023-12-30T02:07:07+00:00" }, { "name": "psr/container", diff --git a/app/Api/V1/Controllers/Models/Attachment/DestroyController.php b/app/Api/V1/Controllers/Models/Attachment/DestroyController.php index d4c95c948b..b886fb757f 100644 --- a/app/Api/V1/Controllers/Models/Attachment/DestroyController.php +++ b/app/Api/V1/Controllers/Models/Attachment/DestroyController.php @@ -29,6 +29,8 @@ use FireflyIII\Models\Attachment; use FireflyIII\Repositories\Attachment\AttachmentRepositoryInterface; use FireflyIII\User; use Illuminate\Http\JsonResponse; +use Illuminate\Support\Facades\Log; +use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; /** * Class DestroyController @@ -64,6 +66,12 @@ class DestroyController extends Controller */ public function destroy(Attachment $attachment): JsonResponse { + if(true === auth()->user()->hasRole('demo')) { + Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__)); + + throw new NotFoundHttpException(); + } + $this->repository->destroy($attachment); app('preferences')->mark(); diff --git a/app/Api/V1/Controllers/Models/Attachment/ShowController.php b/app/Api/V1/Controllers/Models/Attachment/ShowController.php index 301cbde6b3..39b215b25e 100644 --- a/app/Api/V1/Controllers/Models/Attachment/ShowController.php +++ b/app/Api/V1/Controllers/Models/Attachment/ShowController.php @@ -33,9 +33,11 @@ use FireflyIII\User; use Illuminate\Http\JsonResponse; use Illuminate\Http\Response as LaravelResponse; use Illuminate\Pagination\LengthAwarePaginator; +use Illuminate\Support\Facades\Log; use League\Fractal\Pagination\IlluminatePaginatorAdapter; use League\Fractal\Resource\Collection as FractalCollection; use League\Fractal\Resource\Item; +use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; /** * Class ShowController @@ -73,6 +75,11 @@ class ShowController extends Controller */ public function download(Attachment $attachment): LaravelResponse { + if(true === auth()->user()->hasRole('demo')) { + Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__)); + + throw new NotFoundHttpException(); + } if (false === $attachment->uploaded) { throw new FireflyException('200000: File has not been uploaded (yet).'); } @@ -116,6 +123,12 @@ class ShowController extends Controller */ public function index(): JsonResponse { + if(true === auth()->user()->hasRole('demo')) { + Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__)); + + throw new NotFoundHttpException(); + } + $manager = $this->getManager(); // types to get, page size: @@ -148,6 +161,11 @@ class ShowController extends Controller */ public function show(Attachment $attachment): JsonResponse { + if(true === auth()->user()->hasRole('demo')) { + Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__)); + + throw new NotFoundHttpException(); + } $manager = $this->getManager(); /** @var AttachmentTransformer $transformer */ diff --git a/app/Api/V1/Controllers/Models/Attachment/StoreController.php b/app/Api/V1/Controllers/Models/Attachment/StoreController.php index f16ebda590..8e9ffd0c57 100644 --- a/app/Api/V1/Controllers/Models/Attachment/StoreController.php +++ b/app/Api/V1/Controllers/Models/Attachment/StoreController.php @@ -34,7 +34,9 @@ use FireflyIII\Transformers\AttachmentTransformer; use FireflyIII\User; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Log; use League\Fractal\Resource\Item; +use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; /** * Class StoreController @@ -72,6 +74,11 @@ class StoreController extends Controller */ public function store(StoreRequest $request): JsonResponse { + if(true === auth()->user()->hasRole('demo')) { + Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__)); + + throw new NotFoundHttpException(); + } app('log')->debug(sprintf('Now in %s', __METHOD__)); $data = $request->getAll(); $attachment = $this->repository->store($data); @@ -91,6 +98,12 @@ class StoreController extends Controller */ public function upload(Request $request, Attachment $attachment): JsonResponse { + if(true === auth()->user()->hasRole('demo')) { + Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__)); + + throw new NotFoundHttpException(); + } + /** @var AttachmentHelperInterface $helper */ $helper = app(AttachmentHelperInterface::class); $body = $request->getContent(); diff --git a/app/Api/V1/Controllers/Models/Attachment/UpdateController.php b/app/Api/V1/Controllers/Models/Attachment/UpdateController.php index 5e2bd07702..ed095212a2 100644 --- a/app/Api/V1/Controllers/Models/Attachment/UpdateController.php +++ b/app/Api/V1/Controllers/Models/Attachment/UpdateController.php @@ -31,7 +31,9 @@ use FireflyIII\Repositories\Attachment\AttachmentRepositoryInterface; use FireflyIII\Transformers\AttachmentTransformer; use FireflyIII\User; use Illuminate\Http\JsonResponse; +use Illuminate\Support\Facades\Log; use League\Fractal\Resource\Item; +use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; /** * Class UpdateController @@ -67,6 +69,11 @@ class UpdateController extends Controller */ public function update(UpdateRequest $request, Attachment $attachment): JsonResponse { + if(true === auth()->user()->hasRole('demo')) { + Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__)); + + throw new NotFoundHttpException(); + } $data = $request->getAll(); $this->repository->update($attachment, $data); $manager = $this->getManager(); diff --git a/app/Repositories/Tag/OperationsRepository.php b/app/Repositories/Tag/OperationsRepository.php index be11f64ef4..2e77c1adc1 100644 --- a/app/Repositories/Tag/OperationsRepository.php +++ b/app/Repositories/Tag/OperationsRepository.php @@ -160,13 +160,14 @@ class OperationsRepository implements OperationsRepositoryInterface // may have multiple tags: foreach ($journal['tags'] as $tag) { - if(!in_array($tagId, $tagIds, true)) { - continue; - } $tagId = (int)$tag['id']; $tagName = (string)$tag['name']; $journalId = (int)$journal['transaction_journal_id']; + if(!in_array($tagId, $tagIds, true)) { + continue; + } + if (in_array($journalId, $listedJournals, true)) { continue; } diff --git a/app/Services/Webhook/StandardWebhookSender.php b/app/Services/Webhook/StandardWebhookSender.php index 596bc455b4..c3c211d60b 100644 --- a/app/Services/Webhook/StandardWebhookSender.php +++ b/app/Services/Webhook/StandardWebhookSender.php @@ -29,6 +29,7 @@ use FireflyIII\Models\WebhookAttempt; use FireflyIII\Models\WebhookMessage; use GuzzleHttp\Client; use GuzzleHttp\Exception\ConnectException; +use GuzzleHttp\Exception\GuzzleException; use GuzzleHttp\Exception\RequestException; /** @@ -45,7 +46,7 @@ class StandardWebhookSender implements WebhookSenderInterface } /** - * @throws \GuzzleHttp\Exception\GuzzleException + * @throws GuzzleException * * @SuppressWarnings(PHPMD.ExcessiveMethodLength) */ diff --git a/app/Transformers/V2/BillTransformer.php b/app/Transformers/V2/BillTransformer.php index df6ee5bfb9..f90961c5aa 100644 --- a/app/Transformers/V2/BillTransformer.php +++ b/app/Transformers/V2/BillTransformer.php @@ -25,6 +25,7 @@ namespace FireflyIII\Transformers\V2; use Carbon\Carbon; use Carbon\CarbonInterface; +use FireflyIII\Exceptions\FireflyException; use FireflyIII\Models\Bill; use FireflyIII\Models\Note; use FireflyIII\Models\ObjectGroup; @@ -49,7 +50,7 @@ class BillTransformer extends AbstractTransformer private array $paidDates; /** - * @throws \FireflyIII\Exceptions\FireflyException + * @throws FireflyException * * @SuppressWarnings(PHPMD.ExcessiveMethodLength) */