AclMiddleware::__invoke() - Code Metrics - KIVagant/staticus-core - Measure and Improve Code Quality continuously with Scrutinizer

AclMiddleware::__invoke() C
last analyzed 2017-08-22 07:53 UTC

↳ Parent: AclMiddleware

Complexity

Conditions	13
Paths	4

Size

Total Lines	57
Code Lines	31

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	182

Importance

Changes

Metric	Value
dl	0
loc	57
ccs	0
cts	27
cp	0
rs	6.5962
c	0
b	0
f	0
cc	13
eloc	31
nc	4
nop	3
crap	182

How to fix Long Method Complexity

<?php
namespace Staticus\Acl;

use Staticus\Auth\User;
use Staticus\Auth\UserInterface;
use Staticus\Config\ConfigInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Staticus\Diactoros\Response\ResourceDoResponse;
use Staticus\Exceptions\WrongRequestException;
use Staticus\Resources\Middlewares\PrepareResourceMiddlewareAbstract;
use Staticus\Resources\ResourceDOInterface;
use Zend\Diactoros\Response\EmptyResponse;
use Zend\Permissions\Acl\Resource\ResourceInterface;
use Zend\Stratigility\MiddlewareInterface;

class AclMiddleware implements MiddlewareInterface
{
    protected $config;

    /**
     * @var AclServiceInterface|AclService
     */
    protected $service;

    /**
     * @var UserInterface|User
     */
    protected $user;

    public function __construct(ConfigInterface $config, AclServiceInterface $service, UserInterface $user)
    {
        $this->config = $config->get('acl');
        $this->service = $service;
        $this->user = $user;
    }

    public function __invoke(
        ServerRequestInterface $request,
        ResponseInterface $response,
        callable $next = null
    )
    {
        /** @var $response ResourceDoResponse */
        $this->checkResponseOrDie($response);
        $action = $this->getAction($request);
        $resourceDO = $response->getContent();
        $resourceNamespace = $resourceDO->getNamespace();
        $userNamespace = $this->user->getNamespace();
        $AclResourceCommon = get_class($resourceDO);
        $AclResourceUnique = $resourceDO instanceof ResourceInterface
            ? $resourceDO->getResourceId()
            : null;

        if (
            // User have access to this type of resources regardless namespaces
            $this->isAllowedForUser($AclResourceCommon, $action, '')

            // User have access to this unique resource regardless namespaces
            || $this->isAllowedForUser($AclResourceUnique, $action, '')

            // User have access to this resource type in common namespace
            || (
                !$resourceNamespace
                && $this->isAllowedForUser($AclResourceCommon, $action, ResourceDOInterface::NAMESPACES_WILDCARD)
            )

            // User have access to this resource type in concrete selected namespace
            || (
                $resourceNamespace
                && $this->isAllowedForUser($AclResourceCommon, $action, $resourceNamespace)
            )
            || (
                // This is a user home namespace
                $resourceNamespace === $userNamespace

                // User have access to the current action in his own namespace
                && $this->isAllowedForUser($AclResourceCommon, $action, UserInterface::NAMESPACES_WILDCARD)
            )
            || (
                // This is an another user namespace
                $resourceNamespace !== $userNamespace
                && 0 === strpos($resourceNamespace, UserInterface::NAMESPACES)

                // User have access to the current action in his own namespace
                && $this->isAllowedForGuest($AclResourceCommon, $action, UserInterface::NAMESPACES_WILDCARD)
            )
        ) {

            return $next($request, $response);
        }

        return new EmptyResponse(403);
    }


    /**
     * @param ResponseInterface $response
     */
    protected function checkResponseOrDie(ResponseInterface $response)
    {
        if (!$this->isSupportedResponse($response)) {

            // something like PrepareResourceMiddleware should be called before this
            throw new WrongRequestException(
                'Unsupported type of the response for ACL. Resource preparing layer must be called before this.');
        }
    }

    /**
     * @param ResponseInterface $response
     * @return bool
     */
    protected function isSupportedResponse(ResponseInterface $response)
    {
        return $response instanceof ResourceDoResponse;
    }

    /**
     * @param ServerRequestInterface $request
     * @return string
     */
    protected function getAction(ServerRequestInterface $request)
    {
        if (PrepareResourceMiddlewareAbstract::getParamFromRequest(Actions::ACTION_SEARCH, $request)) {

            return Actions::ACTION_SEARCH;
        }
        if (PrepareResourceMiddlewareAbstract::getParamFromRequest(Actions::ACTION_LIST, $request)) {

            return Actions::ACTION_LIST;
        }

        $method = $request->getMethod();
        switch ($method) {
            case 'GET':
                $action = Actions::ACTION_READ;
                break;
            case 'POST':
                $action = Actions::ACTION_WRITE;
                break;
            case 'DELETE':
                $action = Actions::ACTION_DELETE;
                break;
            default:
                throw new WrongRequestException('Unknown access control action');
        }

        return $action;
    }

    protected function isAllowedForUser($aclResource, $action, $namespace = '')
    {
        if (!$this->service->acl()->hasResource($namespace . $aclResource)) {

            return false;
        }

        return $this->user->can($namespace . $aclResource, $action);
    }

    protected function isAllowedForGuest($aclResource, $action, $namespace = '')
    {
        if (!$aclResource || !$this->service->acl()->hasResource($namespace . $aclResource)) {

            return false;
        }

        return $this->service->acl()->isAllowed(Roles::GUEST, $namespace . $aclResource, $action);
    }
}

1			<?php
2			namespace Staticus\Acl;
3
4			use Staticus\Auth\User;
5			use Staticus\Auth\UserInterface;
6			use Staticus\Config\ConfigInterface;
7			use Psr\Http\Message\ResponseInterface;
8			use Psr\Http\Message\ServerRequestInterface;
9			use Staticus\Diactoros\Response\ResourceDoResponse;
10			use Staticus\Exceptions\WrongRequestException;
11			use Staticus\Resources\Middlewares\PrepareResourceMiddlewareAbstract;
12			use Staticus\Resources\ResourceDOInterface;
13			use Zend\Diactoros\Response\EmptyResponse;
14			use Zend\Permissions\Acl\Resource\ResourceInterface;
15			use Zend\Stratigility\MiddlewareInterface;
16
17			class AclMiddleware implements MiddlewareInterface
18			{
19			protected $config;
20
21			/**
22			* @var AclServiceInterface\|AclService
23			*/
24			protected $service;
25
26			/**
27			* @var UserInterface\|User
28			*/
29			protected $user;
30
31			public function __construct(ConfigInterface $config, AclServiceInterface $service, UserInterface $user)
32			{
33			$this->config = $config->get('acl');
34			$this->service = $service;
35			$this->user = $user;
36			}
37
38			public function __invoke(
39			ServerRequestInterface $request,
40			ResponseInterface $response,
41			callable $next = null
42			)
43			{
44			/** @var $response ResourceDoResponse */
45			$this->checkResponseOrDie($response);
46			$action = $this->getAction($request);
47			$resourceDO = $response->getContent();
48			$resourceNamespace = $resourceDO->getNamespace();
49			$userNamespace = $this->user->getNamespace();
50			$AclResourceCommon = get_class($resourceDO);
51			$AclResourceUnique = $resourceDO instanceof ResourceInterface
52			? $resourceDO->getResourceId()
53			: null;
54
55			if (
56			// User have access to this type of resources regardless namespaces
57			$this->isAllowedForUser($AclResourceCommon, $action, '')
58
59			// User have access to this unique resource regardless namespaces
60			\|\| $this->isAllowedForUser($AclResourceUnique, $action, '')
61
62			// User have access to this resource type in common namespace
63			\|\| (
64			!$resourceNamespace
65			&& $this->isAllowedForUser($AclResourceCommon, $action, ResourceDOInterface::NAMESPACES_WILDCARD)
66			)
67
68			// User have access to this resource type in concrete selected namespace
69			\|\| (
70			$resourceNamespace
71			&& $this->isAllowedForUser($AclResourceCommon, $action, $resourceNamespace)
72			)
73			\|\| (
74			// This is a user home namespace
75			$resourceNamespace === $userNamespace
76
77			// User have access to the current action in his own namespace
78			&& $this->isAllowedForUser($AclResourceCommon, $action, UserInterface::NAMESPACES_WILDCARD)
79			)
80			\|\| (
81			// This is an another user namespace
82			$resourceNamespace !== $userNamespace
83			&& 0 === strpos($resourceNamespace, UserInterface::NAMESPACES)
84
85			// User have access to the current action in his own namespace
86			&& $this->isAllowedForGuest($AclResourceCommon, $action, UserInterface::NAMESPACES_WILDCARD)
87			)
88			) {
89
90			return $next($request, $response);
91			}
92
93			return new EmptyResponse(403);
94			}
95
96
97			/**
98			* @param ResponseInterface $response
99			*/
100			protected function checkResponseOrDie(ResponseInterface $response)
101			{
102			if (!$this->isSupportedResponse($response)) {
103
104			// something like PrepareResourceMiddleware should be called before this
105			throw new WrongRequestException(
106			'Unsupported type of the response for ACL. Resource preparing layer must be called before this.');
107			}
108			}
109
110			/**
111			* @param ResponseInterface $response
112			* @return bool
113			*/
114			protected function isSupportedResponse(ResponseInterface $response)
115			{
116			return $response instanceof ResourceDoResponse;
117			}
118
119			/**
120			* @param ServerRequestInterface $request
121			* @return string
122			*/
123			protected function getAction(ServerRequestInterface $request)
124			{
125			if (PrepareResourceMiddlewareAbstract::getParamFromRequest(Actions::ACTION_SEARCH, $request)) {
126
127			return Actions::ACTION_SEARCH;
128			}
129			if (PrepareResourceMiddlewareAbstract::getParamFromRequest(Actions::ACTION_LIST, $request)) {
130
131			return Actions::ACTION_LIST;
132			}
133
134			$method = $request->getMethod();
135			switch ($method) {
136			case 'GET':
137			$action = Actions::ACTION_READ;
138			break;
139			case 'POST':
140			$action = Actions::ACTION_WRITE;
141			break;
142			case 'DELETE':
143			$action = Actions::ACTION_DELETE;
144			break;
145			default:
146			throw new WrongRequestException('Unknown access control action');
147			}
148
149			return $action;
150			}
151
152			protected function isAllowedForUser($aclResource, $action, $namespace = '')
153			{
154			if (!$this->service->acl()->hasResource($namespace . $aclResource)) {
155
156			return false;
157			}
158
159			return $this->user->can($namespace . $aclResource, $action);
160			}
161
162			protected function isAllowedForGuest($aclResource, $action, $namespace = '')
163			{
164			if (!$aclResource \|\| !$this->service->acl()->hasResource($namespace . $aclResource)) {
165
166			return false;
167			}
168
169			return $this->service->acl()->isAllowed(Roles::GUEST, $namespace . $aclResource, $action);
170			}
171			}

KIVagant / staticus-core

AclMiddleware::__invoke() C last analyzed 2017-08-22 07:53 UTC

Complexity

Size

Duplication

Code Coverage

Importance

How to fix Long Method Complexity

Long Method

Duplication Side-by-Side

Filter issues like

AclMiddleware::__invoke() C
last analyzed 2017-08-22 07:53 UTC