BeUserAuthenticationController::__isAllowed() - Code Metrics - AOEpeople/TYPO3_Restler - Measure and Improve Code Quality continuously with Scrutinizer

BeUserAuthenticationController::__isAllowed() A
last analyzed 2025-10-08 14:03 UTC

↳ Parent: BeUserAuthenticationController

Complexity

Conditions	2
Paths	2

Size

Total Lines	10
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	4
CRAP Score	2

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	2
eloc	4
c	1
b	0
f	0
nc	2
nop	0
dl	0
loc	10
ccs	4
cts	4
cp	1
crap	2
rs	10

<?php

namespace Aoe\Restler\Controller;

/***************************************************************
 *  Copyright notice
 *
 *  (c) 2024 AOE GmbH <[email protected]>
 *
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
 *  free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  The GNU General Public License can be found at
 *  http://www.gnu.org/copyleft/gpl.html.
 *
 *  This script is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/

use Aoe\Restler\System\TYPO3\Loader;
use Luracast\Restler\iAuthenticate;
use Luracast\Restler\Restler;
use Luracast\Restler\Scope;
use TYPO3\CMS\Core\SingletonInterface;

/**
 * This class checks, if client is allowed to access the requested and protected API-class
 * This class checks, if BE-user is logged in
 */
class BeUserAuthenticationController implements iAuthenticate, SingletonInterface
{
    /**
     * This property defines (when it's set), that this controller should check authentication
     * This property will be automatically set by restler, when in the API-class/controller this
     * is configured (in PHPdoc/annotations)
     *
     * Where do we set this property?
     * When the property should be used, than it must be set inside the PHPdoc-comment of the API-class-method,
     * which handle the API-request
     *
     * Syntax:
     * The PHPdoc-comment must look like this:
     * @class [className] {@[propertyName] [propertyValue]}
     *
     * Example:
     * When this controller should be used for authentication-checks, than the PHPdoc-comment must look like this:
     * @class Aoe\Restler\Controller\BeUserAuthenticationController {@checkAuthentication true}
     */
    public bool $checkAuthentication = false;

    /**
     * Instance of Restler class injected at runtime.
     *
     * @var Restler
     */
    public $restler;

    public function __construct(
        private readonly Loader $typo3Loader
    ) {
        $this->restler = Scope::get('Restler');
    }

    /**
     * This method checks, if client is allowed to access the requested API-class
     *
     * @return boolean
     */
    // phpcs:ignore
    public function __isAllowed()
    {
        if (!$this->checkAuthentication) {
            // this controller is not responsible for the authentication
            return false;
        }

        $this->typo3Loader->initializeBackendUser();

        return $this->typo3Loader->hasActiveBackendUser();
    }

    /**
     * return dummy string, because we DON'T need that for our case (we use NO base-authentification via REST-API)
     *
     * @return string
     * @see \Luracast\Restler\iAuthenticate
     */
    // phpcs:ignore
    public function __getWWWAuthenticateString()
    {
        return '';
    }
}


1		<?php
2
3		namespace Aoe\Restler\Controller;
4
5		/***************************************************************
6		* Copyright notice
7		*
8		* (c) 2024 AOE GmbH <[email protected]>
9		*
10		* All rights reserved
11		*
12		* This script is part of the TYPO3 project. The TYPO3 project is
13		* free software; you can redistribute it and/or modify
14		* it under the terms of the GNU General Public License as published by
15		* the Free Software Foundation; either version 3 of the License, or
16		* (at your option) any later version.
17		*
18		* The GNU General Public License can be found at
19		* http://www.gnu.org/copyleft/gpl.html.
20		*
21		* This script is distributed in the hope that it will be useful,
22		* but WITHOUT ANY WARRANTY; without even the implied warranty of
23		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24		* GNU General Public License for more details.
25		*
26		* This copyright notice MUST APPEAR in all copies of the script!
27		***************************************************************/
28
29		use Aoe\Restler\System\TYPO3\Loader;
30		use Luracast\Restler\iAuthenticate;
31		use Luracast\Restler\Restler;
32		use Luracast\Restler\Scope;
33		use TYPO3\CMS\Core\SingletonInterface;
34
35		/**
36		* This class checks, if client is allowed to access the requested and protected API-class
37		* This class checks, if BE-user is logged in
38		*/
39		class BeUserAuthenticationController implements iAuthenticate, SingletonInterface
40		{
41		/**
42		* This property defines (when it's set), that this controller should check authentication
43		* This property will be automatically set by restler, when in the API-class/controller this
44		* is configured (in PHPdoc/annotations)
45		*
46		* Where do we set this property?
47		* When the property should be used, than it must be set inside the PHPdoc-comment of the API-class-method,
48		* which handle the API-request
49		*
50		* Syntax:
51		* The PHPdoc-comment must look like this:
52		* @class [className] {@[propertyName] [propertyValue]}
53		*
54		* Example:
55		* When this controller should be used for authentication-checks, than the PHPdoc-comment must look like this:
56		* @class Aoe\Restler\Controller\BeUserAuthenticationController {@checkAuthentication true}
57		*/
58		public bool $checkAuthentication = false;
59
60		/**
61		* Instance of Restler class injected at runtime.
62		*
63		* @var Restler
64		*/
65		public $restler;
66
67		public function __construct(
68	4	private readonly Loader $typo3Loader
69		) {
70	4	$this->restler = Scope::get('Restler');
71	4	}
72	4
73		/**
74		* This method checks, if client is allowed to access the requested API-class
75		*
76		* @return boolean
77		*/
78		// phpcs:ignore
79		public function __isAllowed()
80	3	{
81		if (!$this->checkAuthentication) {
82	3	// this controller is not responsible for the authentication
83		return false;
84	1	}
85
86		$this->typo3Loader->initializeBackendUser();
87	2
88		return $this->typo3Loader->hasActiveBackendUser();
89	2	}
90
91		/**
92		* return dummy string, because we DON'T need that for our case (we use NO base-authentification via REST-API)
93		*
94		* @return string
95		* @see \Luracast\Restler\iAuthenticate
96		*/
97		// phpcs:ignore
98		public function __getWWWAuthenticateString()
99	1	{
100		return '';
101	1	}
102		}
103

AOEpeople / TYPO3_Restler

BeUserAuthenticationController::__isAllowed() A last analyzed 2025-10-08 14:03 UTC

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like

BeUserAuthenticationController::__isAllowed() A
last analyzed 2025-10-08 14:03 UTC