Impersonate::checkPermission() - Code Metrics - SCIF/laravel-pretend - Measure and Improve Code Quality continuously with Scrutinizer

Impersonate::checkPermission() A
last analyzed 2020-04-04 11:27 UTC

↳ Parent: Impersonate

Complexity

Conditions	4
Paths	4

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	8
CRAP Score	4

Importance

Changes

Metric	Value
dl	0
loc	19
ccs	8
cts	8
cp	1
rs	9.6333
c	0
b	0
f	0
cc	4
nc	4
nop	1
crap	4

<?php declare(strict_types=1);

namespace Scif\LaravelPretend\Middleware;

use Closure;
use Illuminate\Contracts\Auth\Access\Gate;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Contracts\Config\Repository;
use Illuminate\Http\Request;
use Illuminate\Routing\Redirector;
use Scif\LaravelPretend\Interfaces\Impersonable;
use Scif\LaravelPretend\Service\Impersonator;

class Impersonate
{
    /** @var Gate $gate */
    protected $gate;

    /** @var Repository $config */
    protected $config;

    /** @var Impersonator $impersonator */
    protected $impersonator;

    /** @var Guard  */
    protected $guard;

    /** @var Redirector */
    protected $redirect;

    const SESSION_NAME = 'pretend:_switch_user';

    public function __construct(
        Guard $guard,
        Gate $gate,
        Repository $config,
        Impersonator $impersonator,
        Redirector $redirect
    ) {
        $this->guard        = $guard;
        $this->gate         = $gate;
        $this->config       = $config;
        $this->impersonator = $impersonator;
        $this->redirect     = $redirect;
    }

    /**
     * Handle an incoming request.
     *
     * @throws \HttpException In event of double attempt to impersonate
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure                 $next
     *
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        if ($this->guard->guest()) {
            return $next($request);
        }

        /** @var string $name */
        $name = $request->query('_switch_user', null);
        $allMiddlewares = $request->route()->gatherMiddleware();

        if (in_array(ForbidImpersonation::class, $allMiddlewares, true)) {
            abort(403, 'This route is forbidden to access as impersonated user');
        }

        if (null !== $name) {
            $this->checkPermission($name);

            if ('_exit' === $name) {
                $this->impersonator->exitImpersonation();
            } elseif ($this->impersonator->isImpersonated()) {
                    abort(403, 'Cannot use impersonation once you already done that');
            } else {
                $this->impersonator->enterImpersonation($name);
            }

            if (!$request->isXmlHttpRequest() && $request->isMethod('GET')) {
                $input = $request->input();
                unset($input['_switch_user']);
                $input += $request->route()->parameters();

                return $this->redirect->route(
                    $request->route()->getName(),
                    $input
                );
            }
        } elseif ($this->impersonator->isImpersonated()) {
            $this->checkPermission($this->impersonator->getImpersonatingIdentifier());
            $this->impersonator->continueImpersonation();
        }

        return $next($request);
    }

    /**
     * @throws \HttpException In event of lack required abilities will be throw 403 exception
     *
     * @param string $username Username of impersonable user
     */
    protected function checkPermission(string $username)
    {
        $ability  = $this->config->get('pretend.impersonate.auth_check');

        if (!$this->gate->has($ability)) {

            $this->gate->define($ability, function ($user): bool {
                if (!$user instanceof Impersonable) {
                    return false;
                }

                return $user->canImpersonate();
            });
        }

        if (!$this->gate->forUser($this->guard->user())->check($ability, [$username])) {
            abort(403, "Current user have no ability '{$ability}'");
        }
    }
}


1		<?php declare(strict_types=1);
2
3		namespace Scif\LaravelPretend\Middleware;
4
5		use Closure;
6		use Illuminate\Contracts\Auth\Access\Gate;
7		use Illuminate\Contracts\Auth\Guard;
8		use Illuminate\Contracts\Config\Repository;
9		use Illuminate\Http\Request;
10		use Illuminate\Routing\Redirector;
11		use Scif\LaravelPretend\Interfaces\Impersonable;
12		use Scif\LaravelPretend\Service\Impersonator;
13
14		class Impersonate
15		{
16		/** @var Gate $gate */
17		protected $gate;
18
19		/** @var Repository $config */
20		protected $config;
21
22		/** @var Impersonator $impersonator */
23		protected $impersonator;
24
25		/** @var Guard */
26		protected $guard;
27
28		/** @var Redirector */
29		protected $redirect;
30
31		const SESSION_NAME = 'pretend:_switch_user';
32
33	7	public function __construct(
34		Guard $guard,
35		Gate $gate,
36		Repository $config,
37		Impersonator $impersonator,
38		Redirector $redirect
39		) {
40	7	$this->guard = $guard;
41	7	$this->gate = $gate;
42	7	$this->config = $config;
43	7	$this->impersonator = $impersonator;
44	7	$this->redirect = $redirect;
45	7	}
46
47		/**
48		* Handle an incoming request.
49		*
50		* @throws \HttpException In event of double attempt to impersonate
51		*
52		* @param \Illuminate\Http\Request $request
53		* @param \Closure $next
54		*
55		* @return mixed
56		*/
57	7	public function handle(Request $request, Closure $next)
58		{
59	7	if ($this->guard->guest()) {
60		return $next($request);
61		}
62
63		/** @var string $name */
64	7	$name = $request->query('_switch_user', null);
65	7	$allMiddlewares = $request->route()->gatherMiddleware();
66
67	7	if (in_array(ForbidImpersonation::class, $allMiddlewares, true)) {
68	1	abort(403, 'This route is forbidden to access as impersonated user');
69		}
70
71	6	if (null !== $name) {
72	6	$this->checkPermission($name);
73
74	5	if ('_exit' === $name) {
75	2	$this->impersonator->exitImpersonation();
76	4	} elseif ($this->impersonator->isImpersonated()) {
77	1	abort(403, 'Cannot use impersonation once you already done that');
78		} else {
79	4	$this->impersonator->enterImpersonation($name);
80		}
81
82	3	if (!$request->isXmlHttpRequest() && $request->isMethod('GET')) {
83	3	$input = $request->input();
84	3	unset($input['_switch_user']);
85	3	$input += $request->route()->parameters();
86
87	3	return $this->redirect->route(
88	3	$request->route()->getName(),
89	3	$input
90		);
91		}
92	1	} elseif ($this->impersonator->isImpersonated()) {
93	1	$this->checkPermission($this->impersonator->getImpersonatingIdentifier());
94	1	$this->impersonator->continueImpersonation();
95		}
96
97	1	return $next($request);
98		}
99
100		/**
101		* @throws \HttpException In event of lack required abilities will be throw 403 exception
102		*
103		* @param string $username Username of impersonable user
104		*/
105	6	protected function checkPermission(string $username)
106		{
107	6	$ability = $this->config->get('pretend.impersonate.auth_check');
108
109	6	if (!$this->gate->has($ability)) {
110
111	1	$this->gate->define($ability, function ($user): bool {
112	1	if (!$user instanceof Impersonable) {
113	1	return false;
114		}
115
116	1	return $user->canImpersonate();
117	1	});
118		}
119
120		if (!$this->gate->forUser($this->guard->user())->check($ability, [$username])) {
121		abort(403, "Current user have no ability '{$ability}'");
122		}
123		}
124		}
125

SCIF / laravel-pretend

Impersonate::checkPermission() A last analyzed 2020-04-04 11:27 UTC

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like

Impersonate::checkPermission() A
last analyzed 2020-04-04 11:27 UTC