Completed
Push — master ( 1931f1...dfc177 )
by Kévin
10:13 queued 05:53
created

SecurityPostDenormalizeStage::__invoke()   B

Complexity

Conditions 7
Paths 9

Size

Total Lines 25
Code Lines 12

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
cc 7
eloc 12
c 1
b 0
f 0
nc 9
nop 3
dl 0
loc 25
rs 8.8333
1
<?php
2
3
/*
4
 * This file is part of the API Platform project.
5
 *
6
 * (c) Kévin Dunglas <[email protected]>
7
 *
8
 * For the full copyright and license information, please view the LICENSE
9
 * file that was distributed with this source code.
10
 */
11
12
declare(strict_types=1);
13
14
namespace ApiPlatform\Core\GraphQl\Resolver\Stage;
15
16
use ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface;
17
use ApiPlatform\Core\Security\ResourceAccessCheckerInterface;
18
use GraphQL\Error\Error;
19
use GraphQL\Type\Definition\ResolveInfo;
20
21
/**
22
 * Security post denormalize stage of GraphQL resolvers.
23
 *
24
 * @experimental
25
 *
26
 * @author Vincent Chalamon <[email protected]>
27
 */
28
final class SecurityPostDenormalizeStage implements SecurityPostDenormalizeStageInterface
29
{
30
    private $resourceMetadataFactory;
31
    private $resourceAccessChecker;
32
33
    public function __construct(ResourceMetadataFactoryInterface $resourceMetadataFactory, ?ResourceAccessCheckerInterface $resourceAccessChecker)
34
    {
35
        $this->resourceMetadataFactory = $resourceMetadataFactory;
36
        $this->resourceAccessChecker = $resourceAccessChecker;
37
    }
38
39
    /**
40
     * {@inheritdoc}
41
     */
42
    public function __invoke(string $resourceClass, string $operationName, array $context): void
43
    {
44
        $resourceMetadata = $this->resourceMetadataFactory->create($resourceClass);
45
46
        $isGranted = $resourceMetadata->getGraphqlAttribute($operationName, 'security_post_denormalize', null, true);
47
48
        if (null === $isGranted) {
49
            // Backward compatibility
50
            $isGranted = $resourceMetadata->getGraphqlAttribute($operationName, 'access_control', null, true);
51
            if (null !== $isGranted) {
52
                @trigger_error('Attribute "access_control" is deprecated since API Platform 2.5, prefer using "security" attribute instead', E_USER_DEPRECATED);
53
            }
54
        }
55
56
        if (null !== $isGranted && null === $this->resourceAccessChecker) {
57
            throw new \LogicException('Cannot check security expression when SecurityBundle is not installed. Try running "composer require symfony/security-bundle".');
58
        }
59
60
        if (null === $isGranted || $this->resourceAccessChecker->isGranted($resourceClass, (string) $isGranted, $context['extra_variables'])) {
0 ignored issues
show
Bug introduced by Alan Poulain
The method isGranted() does not exist on null. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

60
        if (null === $isGranted || $this->resourceAccessChecker->/** @scrutinizer ignore-call */ isGranted($resourceClass, (string) $isGranted, $context['extra_variables'])) {

This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.

This is most likely a typographical error or the method has been renamed.

Loading history...
61
            return;
62
        }
63
64
        /** @var ResolveInfo $info */
65
        $info = $context['info'];
66
        throw Error::createLocatedError($resourceMetadata->getGraphqlAttribute($operationName, 'security_post_denormalize_message', 'Access Denied.'), $info->fieldNodes, $info->path);
67
    }
68
}
69