1 | <?php declare(strict_types=1); |
||
14 | class Impersonate |
||
15 | { |
||
16 | /** @var Gate $gate */ |
||
17 | protected $gate; |
||
18 | |||
19 | /** @var Repository $config */ |
||
20 | protected $config; |
||
21 | |||
22 | /** @var Impersonator $impersonator */ |
||
23 | protected $impersonator; |
||
24 | |||
25 | /** @var Guard */ |
||
26 | protected $guard; |
||
27 | |||
28 | /** @var Redirector */ |
||
29 | protected $redirect; |
||
30 | |||
31 | const SESSION_NAME = 'pretend:_switch_user'; |
||
32 | |||
33 | 4 | public function __construct( |
|
47 | |||
48 | /** |
||
49 | * Handle an incoming request. |
||
50 | * |
||
51 | * @throws \HttpException In event of double attempt to impersonate |
||
52 | * |
||
53 | * @param \Illuminate\Http\Request $request |
||
54 | * @param \Closure $next |
||
55 | * |
||
56 | * @return mixed |
||
57 | */ |
||
58 | 4 | public function handle(Request $request, Closure $next) |
|
59 | { |
||
60 | 4 | $name = $request->query('_switch_user', null); |
|
61 | |||
62 | 4 | if (null !== $name) { |
|
63 | 4 | $this->checkPermission($name); |
|
|
|||
64 | |||
65 | 3 | if ('_exit' === $name) { |
|
66 | 1 | $this->impersonator->exitImpersonation(); |
|
67 | } else { |
||
68 | 3 | if ($this->impersonator->isImpersonated()) { |
|
69 | abort(403, 'Cannot use impersonation once you already done that'); |
||
70 | } |
||
71 | |||
72 | 3 | $this->impersonator->enterImpersonation($name); |
|
73 | } |
||
74 | |||
75 | 1 | if (!$request->isXmlHttpRequest() && $request->isMethod('GET')) { |
|
76 | 1 | $input = $request->input(); |
|
77 | 1 | unset($input['_switch_user']); |
|
78 | 1 | $input += $request->route()->parameters(); |
|
79 | |||
80 | 1 | return $this->redirect->route( |
|
81 | 1 | $request->route()->getName(), |
|
82 | $input |
||
83 | ); |
||
84 | } |
||
85 | 1 | } elseif ($this->impersonator->isImpersonated()) { |
|
86 | 1 | $this->checkPermission($this->impersonator->getImpersonatingIdentifier()); |
|
87 | 1 | $this->impersonator->continueImpersonation(); |
|
88 | } |
||
89 | |||
90 | 1 | return $next($request); |
|
91 | } |
||
92 | |||
93 | /** |
||
94 | * @throws \HttpException In event of lack required abilities will be throw 403 exception |
||
95 | * |
||
96 | * @param string $username Username of impersonable user |
||
97 | */ |
||
98 | 4 | protected function checkPermission(string $username) |
|
117 | } |
||
118 |
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.