ResourceAccessChecker::isGranted() - Code Metrics - Inspection of "fix route name resolver cache with subresources" - api-platform/core - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — 2.1 (#1729)

by Antoine

created 2018-02-23 09:53 UTC

ResourceAccessChecker::isGranted() B

↳ Parent: ResourceAccessChecker

Complexity

Conditions	5
Paths	4

Size

Total Lines	13
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	13
rs	8.8571
c	0
b	0
f	0
cc	5
eloc	7
nc	4
nop	3

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace ApiPlatform\Core\Security;

use ApiPlatform\Core\Util\ClassInfoTrait;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;

/**
 * Checks if the logged user has sufficient permissions to access the given resource.
 *
 * @author Kévin Dunglas <[email protected]>
 */
final class ResourceAccessChecker implements ResourceAccessCheckerInterface
{
    use ClassInfoTrait;

    private $expressionLanguage;
    private $authenticationTrustResolver;
    private $roleHierarchy;
    private $tokenStorage;
    private $authorizationChecker;

    public function __construct(ExpressionLanguage $expressionLanguage = null, AuthenticationTrustResolverInterface $authenticationTrustResolver = null, RoleHierarchyInterface $roleHierarchy = null, TokenStorageInterface $tokenStorage = null, AuthorizationCheckerInterface $authorizationChecker = null)
    {
        $this->expressionLanguage = $expressionLanguage;
        $this->authenticationTrustResolver = $authenticationTrustResolver;
        $this->roleHierarchy = $roleHierarchy;
        $this->tokenStorage = $tokenStorage;
        $this->authorizationChecker = $authorizationChecker;
    }

    public function isGranted(string $resourceClass, string $expression, array $extraVariables = []): bool
    {
        if (null === $this->tokenStorage || null === $this->authenticationTrustResolver) {
            throw new \LogicException('The "symfony/security" library must be installed to use the "access_control" attribute.');
        }
        if (null === $token = $this->tokenStorage->getToken()) {
            throw new \LogicException('The current token must be set to use the "access_control" attribute (is the URL behind a firewall?).');
        }
        if (null === $this->expressionLanguage) {
            throw new \LogicException('The "symfony/expression-language" library must be installed to use the "access_control".');
        }

        return (bool) $this->expressionLanguage->evaluate($expression, array_merge($extraVariables, $this->getVariables($token)));
    }

    /**
     * @copyright Fabien Potencier <[email protected]>
     *
     * @see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
     */
    private function getVariables(TokenInterface $token): array
    {
        $roles = $this->roleHierarchy ? $this->roleHierarchy->getReachableRoles($token->getRoles()) : $token->getRoles();

        return [
            'token' => $token,
            'user' => $token->getUser(),
            'roles' => array_map(function (Role $role) {
                return $role->getRole();
            }, $roles),
            'trust_resolver' => $this->authenticationTrustResolver,
            // needed for the is_granted expression function
            'auth_checker' => $this->authorizationChecker,
        ];
    }
}


1			<?php
2
3			/*
4			* This file is part of the API Platform project.
5			*
6			* (c) Kévin Dunglas <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			declare(strict_types=1);
13
14			/*
15			* This file is part of the API Platform project.
16			*
17			* (c) Kévin Dunglas <[email protected]>
18			*
19			* For the full copyright and license information, please view the LICENSE
20			* file that was distributed with this source code.
21			*/
22
23			namespace ApiPlatform\Core\Security;
24
25			use ApiPlatform\Core\Util\ClassInfoTrait;
26			use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
27			use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
28			use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
29			use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
30			use Symfony\Component\Security\Core\Role\Role;
31			use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
32
33			/**
34			* Checks if the logged user has sufficient permissions to access the given resource.
35			*
36			* @author Kévin Dunglas <[email protected]>
37			*/
38			final class ResourceAccessChecker implements ResourceAccessCheckerInterface
39			{
40			use ClassInfoTrait;
41
42			private $expressionLanguage;
43			private $authenticationTrustResolver;
44			private $roleHierarchy;
45			private $tokenStorage;
46			private $authorizationChecker;
47
48			public function __construct(ExpressionLanguage $expressionLanguage = null, AuthenticationTrustResolverInterface $authenticationTrustResolver = null, RoleHierarchyInterface $roleHierarchy = null, TokenStorageInterface $tokenStorage = null, AuthorizationCheckerInterface $authorizationChecker = null)
49			{
50			$this->expressionLanguage = $expressionLanguage;
51			$this->authenticationTrustResolver = $authenticationTrustResolver;
52			$this->roleHierarchy = $roleHierarchy;
53			$this->tokenStorage = $tokenStorage;
54			$this->authorizationChecker = $authorizationChecker;
55			}
56
57			public function isGranted(string $resourceClass, string $expression, array $extraVariables = []): bool
58			{
59			if (null === $this->tokenStorage \|\| null === $this->authenticationTrustResolver) {
60			throw new \LogicException('The "symfony/security" library must be installed to use the "access_control" attribute.');
61			}
62			if (null === $token = $this->tokenStorage->getToken()) {
63			throw new \LogicException('The current token must be set to use the "access_control" attribute (is the URL behind a firewall?).');
64			}
65			if (null === $this->expressionLanguage) {
66			throw new \LogicException('The "symfony/expression-language" library must be installed to use the "access_control".');
67			}
68
69			return (bool) $this->expressionLanguage->evaluate($expression, array_merge($extraVariables, $this->getVariables($token)));
70			}
71
72			/**
73			* @copyright Fabien Potencier <[email protected]>
74			*
75			* @see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
76			*/
77			private function getVariables(TokenInterface $token): array
78			{
79			$roles = $this->roleHierarchy ? $this->roleHierarchy->getReachableRoles($token->getRoles()) : $token->getRoles();
80
81			return [
82			'token' => $token,
83			'user' => $token->getUser(),
84			'roles' => array_map(function (Role $role) {
85			return $role->getRole();
86			}, $roles),
87			'trust_resolver' => $this->authenticationTrustResolver,
88			// needed for the is_granted expression function
89			'auth_checker' => $this->authorizationChecker,
90			];
91			}
92			}
93

api-platform / core

Pull Request — 2.1 (#1729)

ResourceAccessChecker::isGranted() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like