Passed
Push — master ( d90b52...2a2bc7 )
by Damien
02:46
created

src/Security/RoleChecker.php (1 issue)

Labels
Severity
1
<?php
2
3
namespace DH\AuditorBundle\Security;
4
5
use DH\Auditor\Provider\Doctrine\DoctrineProvider;
6
use DH\Auditor\Security\RoleCheckerInterface;
7
use DH\Auditor\User\UserInterface;
8
use Symfony\Component\Security\Core\Security;
9
10
class RoleChecker implements RoleCheckerInterface
11
{
12
    /**
13
     * @var Security
14
     */
15
    private $security;
16
17
    /**
18
     * @var DoctrineProvider
19
     */
20
    private $provider;
21
22
    public function __construct(Security $security, DoctrineProvider $doctrineProvider)
23
    {
24
        $this->security = $security;
25
        $this->provider = $doctrineProvider;
26
    }
27
28
    public function __invoke(string $entity, string $scope): bool
29
    {
30
        $userProvider = $this->provider->getAuditor()->getConfiguration()->getUserProvider();
0 ignored issues
show
The method getUserProvider() does not exist on DH\Auditor\Configuration. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

30
        $userProvider = $this->provider->getAuditor()->getConfiguration()->/** @scrutinizer ignore-call */ getUserProvider();

This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.

This is most likely a typographical error or the method has been renamed.

Loading history...
31
        $user = null === $userProvider ? null : $userProvider();
32
        $security = null === $userProvider ? null : $this->security;
33
34
        if (!($user instanceof UserInterface) || !($security instanceof Security)) {
35
            // If no security defined or no user identified, consider access granted
36
            return true;
37
        }
38
39
        $entities = $this->provider->getConfiguration()->getEntities();
40
        $roles = $entities[$entity]['roles'] ?? null;
41
42
        if (null === $roles) {
43
            // If no roles are configured, consider access granted
44
            return true;
45
        }
46
47
        if (!\array_key_exists($scope, $roles)) {
48
            // If no roles for the given scope are configured, consider access granted
49
            return true;
50
        }
51
52
        // roles are defined for the give scope
53
        foreach ($roles[$scope] as $role) {
54
            if ($security->isGranted($role)) {
55
                // role granted => access granted
56
                return true;
57
            }
58
        }
59
60
        // access denied
61
        return false;
62
    }
63
}
64