1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of the API Platform project. |
||
5 | * |
||
6 | * (c) Kévin Dunglas <[email protected]> |
||
7 | * |
||
8 | * For the full copyright and license information, please view the LICENSE |
||
9 | * file that was distributed with this source code. |
||
10 | */ |
||
11 | |||
12 | declare(strict_types=1); |
||
13 | |||
14 | namespace ApiPlatform\Core\GraphQl\Resolver\Stage; |
||
15 | |||
16 | use ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface; |
||
17 | use ApiPlatform\Core\Security\ResourceAccessCheckerInterface; |
||
18 | use GraphQL\Error\Error; |
||
19 | use GraphQL\Type\Definition\ResolveInfo; |
||
20 | |||
21 | /** |
||
22 | * Security stage of GraphQL resolvers. |
||
23 | * |
||
24 | * @experimental |
||
25 | * |
||
26 | * @author Alan Poulain <[email protected]> |
||
27 | */ |
||
28 | final class SecurityStage implements SecurityStageInterface |
||
29 | { |
||
30 | private $resourceMetadataFactory; |
||
31 | private $resourceAccessChecker; |
||
32 | |||
33 | public function __construct(ResourceMetadataFactoryInterface $resourceMetadataFactory, ?ResourceAccessCheckerInterface $resourceAccessChecker) |
||
34 | { |
||
35 | $this->resourceMetadataFactory = $resourceMetadataFactory; |
||
36 | $this->resourceAccessChecker = $resourceAccessChecker; |
||
37 | } |
||
38 | |||
39 | /** |
||
40 | * {@inheritdoc} |
||
41 | */ |
||
42 | public function __invoke(string $resourceClass, string $operationName, array $context): void |
||
43 | { |
||
44 | $resourceMetadata = $this->resourceMetadataFactory->create($resourceClass); |
||
45 | |||
46 | $isGranted = $resourceMetadata->getGraphqlAttribute($operationName, 'security', null, true); |
||
47 | |||
48 | if (null !== $isGranted && null === $this->resourceAccessChecker) { |
||
49 | throw new \LogicException('Cannot check security expression when SecurityBundle is not installed. Try running "composer require symfony/security-bundle".'); |
||
50 | } |
||
51 | |||
52 | if (null === $isGranted || $this->resourceAccessChecker->isGranted($resourceClass, (string) $isGranted, $context['extra_variables'])) { |
||
0 ignored issues
–
show
|
|||
53 | return; |
||
54 | } |
||
55 | |||
56 | /** @var ResolveInfo $info */ |
||
57 | $info = $context['info']; |
||
58 | throw Error::createLocatedError($resourceMetadata->getGraphqlAttribute($operationName, 'security_message', 'Access Denied.'), $info->fieldNodes, $info->path); |
||
59 | } |
||
60 | } |
||
61 |
This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.
This is most likely a typographical error or the method has been renamed.