Issues in ResourceAccessChecker.php - All Issues - Inspection of "Enable pagination per resource (#3035)" - api-platform/core - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 8bd912...d93388 )

by Alan

created 2019-09-05 17:16 UTC

src/Security/ResourceAccessChecker.php (1 issue)

Labels

Bug 1

Severity

Major 1

Yanick Witschi 1

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Core\Security;

use Symfony\Component\ExpressionLanguage\ExpressionLanguage;
.
|-- OtherDir
|   |-- Bar.php
|   `-- Foo.php
`-- SomeDir
    `-- Foo.php
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;

/**
 * Checks if the logged user has sufficient permissions to access the given resource.
 *
 * @author Kévin Dunglas <[email protected]>
 */
final class ResourceAccessChecker implements ResourceAccessCheckerInterface
{
    private $expressionLanguage;
    private $authenticationTrustResolver;
    private $roleHierarchy;
    private $tokenStorage;
    private $authorizationChecker;

    public function __construct(ExpressionLanguage $expressionLanguage = null, AuthenticationTrustResolverInterface $authenticationTrustResolver = null, RoleHierarchyInterface $roleHierarchy = null, TokenStorageInterface $tokenStorage = null, AuthorizationCheckerInterface $authorizationChecker = null)
    {
        $this->expressionLanguage = $expressionLanguage;
        $this->authenticationTrustResolver = $authenticationTrustResolver;
        $this->roleHierarchy = $roleHierarchy;
        $this->tokenStorage = $tokenStorage;
        $this->authorizationChecker = $authorizationChecker;
    }

    public function isGranted(string $resourceClass, string $expression, array $extraVariables = []): bool
    {
        if (null === $this->tokenStorage || null === $this->authenticationTrustResolver) {
            throw new \LogicException('The "symfony/security" library must be installed to use the "security" attribute.');
        }
        if (null === $token = $this->tokenStorage->getToken()) {
            throw new \LogicException('The current token must be set to use the "security" attribute (is the URL behind a firewall?).');
        }
        if (null === $this->expressionLanguage) {
            throw new \LogicException('The "symfony/expression-language" library must be installed to use the "security".');
        }

        return (bool) $this->expressionLanguage->evaluate($expression, array_merge($extraVariables, $this->getVariables($token)));
    }

    /**
     * @copyright Fabien Potencier <[email protected]>
     *
     * @see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
     */
    private function getVariables(TokenInterface $token): array
    {
        return [
            'token' => $token,
            'user' => $token->getUser(),
            'roles' => $this->getEffectiveRoles($token),
            'trust_resolver' => $this->authenticationTrustResolver,
            // needed for the is_granted expression function
            'auth_checker' => $this->authorizationChecker,
        ];
    }

    /**
     * @return string[]
     */
    private function getEffectiveRoles(TokenInterface $token): array
    {
        if (null === $this->roleHierarchy) {
            return method_exists($token, 'getRoleNames') ? $token->getRoleNames() : array_map('strval', $token->getRoles());
        }

        if (method_exists($this->roleHierarchy, 'getReachableRoleNames')) {
            return $this->roleHierarchy->getReachableRoleNames($token->getRoleNames());
        }

        return array_map(function (Role $role): string {
            return $role->getRole();
        }, $this->roleHierarchy->getReachableRoles($token->getRoles()));
    }
}


1			<?php
2
3			/*
4			* This file is part of the API Platform project.
5			*
6			* (c) Kévin Dunglas <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			declare(strict_types=1);
13
14			namespace ApiPlatform\Core\Security;
15
16			use Symfony\Component\ExpressionLanguage\ExpressionLanguage;
			0 ignored issues – show Bug introduced 2018-11-06 12:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this This use statement conflicts with another class in this namespace, `ApiPlatform\Core\Security\ExpressionLanguage`. Consider defining an alias. Let?s assume that you have a directory layout like this: . \|-- OtherDir \| \|-- Bar.php \| `-- Foo.php `-- SomeDir `-- Foo.php and let?s assume the following content of `Bar.php`: // Bar.php namespace OtherDir; use SomeDir\Foo; // This now conflicts the class OtherDir\Foo If both files `OtherDir/Foo.php` and `SomeDir/Foo.php` are loaded in the same runtime, you will see a PHP error such as the following: PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php However, as `OtherDir/Foo.php` does not necessarily have to be loaded and the error is only triggered if it is loaded before `OtherDir/Bar.php`, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: // Bar.php namespace OtherDir; use SomeDir\Foo as SomeDirFoo; // There is no conflict anymore. Loading history...
17			use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
18			use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
19			use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
20			use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
21			use Symfony\Component\Security\Core\Role\Role;
22			use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
23
24			/**
25			* Checks if the logged user has sufficient permissions to access the given resource.
26			*
27			* @author Kévin Dunglas <[email protected]>
28			*/
29			final class ResourceAccessChecker implements ResourceAccessCheckerInterface
30			{
31			private $expressionLanguage;
32			private $authenticationTrustResolver;
33			private $roleHierarchy;
34			private $tokenStorage;
35			private $authorizationChecker;
36
37			public function __construct(ExpressionLanguage $expressionLanguage = null, AuthenticationTrustResolverInterface $authenticationTrustResolver = null, RoleHierarchyInterface $roleHierarchy = null, TokenStorageInterface $tokenStorage = null, AuthorizationCheckerInterface $authorizationChecker = null)
38			{
39			$this->expressionLanguage = $expressionLanguage;
40			$this->authenticationTrustResolver = $authenticationTrustResolver;
41			$this->roleHierarchy = $roleHierarchy;
42			$this->tokenStorage = $tokenStorage;
43			$this->authorizationChecker = $authorizationChecker;
44			}
45
46			public function isGranted(string $resourceClass, string $expression, array $extraVariables = []): bool
47			{
48			if (null === $this->tokenStorage \|\| null === $this->authenticationTrustResolver) {
49			throw new \LogicException('The "symfony/security" library must be installed to use the "security" attribute.');
50			}
51			if (null === $token = $this->tokenStorage->getToken()) {
52			throw new \LogicException('The current token must be set to use the "security" attribute (is the URL behind a firewall?).');
53			}
54			if (null === $this->expressionLanguage) {
55			throw new \LogicException('The "symfony/expression-language" library must be installed to use the "security".');
56			}
57
58			return (bool) $this->expressionLanguage->evaluate($expression, array_merge($extraVariables, $this->getVariables($token)));
59			}
60
61			/**
62			* @copyright Fabien Potencier <[email protected]>
63			*
64			* @see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
65			*/
66			private function getVariables(TokenInterface $token): array
67			{
68			return [
69			'token' => $token,
70			'user' => $token->getUser(),
71			'roles' => $this->getEffectiveRoles($token),
72			'trust_resolver' => $this->authenticationTrustResolver,
73			// needed for the is_granted expression function
74			'auth_checker' => $this->authorizationChecker,
75			];
76			}
77
78			/**
79			* @return string[]
80			*/
81			private function getEffectiveRoles(TokenInterface $token): array
82			{
83			if (null === $this->roleHierarchy) {
84			return method_exists($token, 'getRoleNames') ? $token->getRoleNames() : array_map('strval', $token->getRoles());
85			}
86
87			if (method_exists($this->roleHierarchy, 'getReachableRoleNames')) {
88			return $this->roleHierarchy->getReachableRoleNames($token->getRoleNames());
89			}
90
91			return array_map(function (Role $role): string {
92			return $role->getRole();
93			}, $this->roleHierarchy->getReachableRoles($token->getRoles()));
94			}
95			}
96

api-platform / core

Push — master ( 8bd912...d93388 )

src/Security/ResourceAccessChecker.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like