App\Security\EasyAdminSecurityEventSubscriber

Complexity

Total Complexity

6

Size/Duplication

Total Lines	38
Duplicated Lines	0 %

Importance

Changes

0

3 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	4	1
A	getSubscribedEvents()	0	8	1
A	isAuthorized()	0	16	4

<?php
namespace App\Security;

use EasyCorp\Bundle\EasyAdminBundle\Event\EasyAdminEvents;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\EventDispatcher\GenericEvent;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;

class EasyAdminSecurityEventSubscriber implements EventSubscriberInterface
{
    private $decisionManager;
    private $token;

    public function __construct(AccessDecisionManagerInterface $decisionManager, TokenStorageInterface $token)
    {
        $this->decisionManager = $decisionManager;
        $this->token = $token;
    }

    public static function getSubscribedEvents()
    {
        return [
            EasyAdminEvents::PRE_LIST => ['isAuthorized'],
            EasyAdminEvents::PRE_EDIT => ['isAuthorized'],
            EasyAdminEvents::PRE_DELETE => ['isAuthorized'],
            EasyAdminEvents::PRE_NEW => ['isAuthorized'],
            EasyAdminEvents::PRE_SHOW => ['isAuthorized'],
        ];
    }

    public function isAuthorized(GenericEvent $event)
    {
        $entityConfig = $event['entity'];

        $action = $event->getArgument('request')->query->get('action');

        if (!array_key_exists('permissions', $entityConfig) ||
            !array_key_exists($action, $entityConfig['permissions'])
        ) {
            return;
        }

        $authorizedRoles = $entityConfig['permissions']['action'];

        if (!$this->decisionManager->decide($this->token->getToken(), $authorizedRoles)) {

It seems like $this->token->getToken() can also be of type null; however, parameter $token of Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface::decide() does only seem to accept Symfony\Component\Security\Core\Authentication\Token\TokenInterface, maybe add an additional type check?

            throw new AccessDeniedException();
        }
    }
}