ResourceAccessCheckerTrait::canAccess() - Code Metrics - Inspection of "[WIP] Deprecate access_control attribute, add secu..." - api-platform/core - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — 2.4 (#2992)

by Vincent

created 2019-08-19 11:38 UTC

ResourceAccessCheckerTrait::canAccess() B

↳ Parent: ResourceAccessCheckerTrait

Complexity

Conditions	7
Paths	14

Size

Total Lines	24
Code Lines	12

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	7
eloc	12
nc	14
nop	7
dl	0
loc	24
rs	8.8333
c	0
b	0
f	0

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Core\GraphQl\Resolver;

use ApiPlatform\Core\Metadata\Resource\ResourceMetadata;
use ApiPlatform\Core\Security\ResourceAccessCheckerInterface;
use GraphQL\Error\Error;
use GraphQL\Type\Definition\ResolveInfo;

/**
 * Checks if the current logged in user can access to this resource.
 *
 * @experimental
 *
 * @author Kévin Dunglas <[email protected]>
 */
trait ResourceAccessCheckerTrait
{
    /**
     * @throws Error
     */
    public function canAccess(?ResourceAccessCheckerInterface $resourceAccessChecker, ResourceMetadata $resourceMetadata, string $resourceClass, ResolveInfo $info, string $attribute, $extraVariables = [], string $operationName = null): void
    {
        if ('access_control' === $attribute) {
            @trigger_error('Sending "access_control" attribute is deprecated since API Platform 2.4 and will not be possible anymore in API Platform 3. Use "security" or "late_security" attributes instead.', E_USER_DEPRECATED);
        }

        if (null === $resourceAccessChecker) {
            return;
        }

        $isGranted = $resourceMetadata->getGraphqlAttribute($operationName ?? '', $attribute, null, true);
        if (null === $isGranted) {
            // Backward compatibility
            $isGranted = $resourceMetadata->getGraphqlAttribute($operationName ?? '', 'access_control', null, true);
            if (null !== $isGranted) {
                @trigger_error('Using "access_control" attribute is deprecated since API Platform 2.4 and will not be possible anymore in API Platform 3. Use "security" attribute instead.', E_USER_DEPRECATED);
            }
        }

        if (null === $isGranted || $resourceAccessChecker->isGranted($resourceClass, $isGranted, $extraVariables)) {
            return;
        }

        throw Error::createLocatedError($resourceMetadata->getGraphqlAttribute($operationName ?? '', 'security_message', 'Access Denied.'), $info->fieldNodes, $info->path);
    }
}


1			<?php
2
3			/*
4			* This file is part of the API Platform project.
5			*
6			* (c) Kévin Dunglas <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			declare(strict_types=1);
13
14			namespace ApiPlatform\Core\GraphQl\Resolver;
15
16			use ApiPlatform\Core\Metadata\Resource\ResourceMetadata;
17			use ApiPlatform\Core\Security\ResourceAccessCheckerInterface;
18			use GraphQL\Error\Error;
19			use GraphQL\Type\Definition\ResolveInfo;
20
21			/**
22			* Checks if the current logged in user can access to this resource.
23			*
24			* @experimental
25			*
26			* @author Kévin Dunglas <[email protected]>
27			*/
28			trait ResourceAccessCheckerTrait
29			{
30			/**
31			* @throws Error
32			*/
33			public function canAccess(?ResourceAccessCheckerInterface $resourceAccessChecker, ResourceMetadata $resourceMetadata, string $resourceClass, ResolveInfo $info, string $attribute, $extraVariables = [], string $operationName = null): void
34			{
35			if ('access_control' === $attribute) {
36			@trigger_error('Sending "access_control" attribute is deprecated since API Platform 2.4 and will not be possible anymore in API Platform 3. Use "security" or "late_security" attributes instead.', E_USER_DEPRECATED);
37			}
38
39			if (null === $resourceAccessChecker) {
40			return;
41			}
42
43			$isGranted = $resourceMetadata->getGraphqlAttribute($operationName ?? '', $attribute, null, true);
44			if (null === $isGranted) {
45			// Backward compatibility
46			$isGranted = $resourceMetadata->getGraphqlAttribute($operationName ?? '', 'access_control', null, true);
47			if (null !== $isGranted) {
48			@trigger_error('Using "access_control" attribute is deprecated since API Platform 2.4 and will not be possible anymore in API Platform 3. Use "security" attribute instead.', E_USER_DEPRECATED);
49			}
50			}
51
52			if (null === $isGranted \|\| $resourceAccessChecker->isGranted($resourceClass, $isGranted, $extraVariables)) {
53			return;
54			}
55
56			throw Error::createLocatedError($resourceMetadata->getGraphqlAttribute($operationName ?? '', 'security_message', 'Access Denied.'), $info->fieldNodes, $info->path);
57			}
58			}
59

api-platform / core

Pull Request — 2.4 (#2992)

ResourceAccessCheckerTrait::canAccess() B

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like