Issues in SecurityStage.php - New Issues - Inspection of "Merge branch '2.5'" - api-platform/core - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 1931f1...dfc177 )

by Kévin

created 2019-10-14 15:15 UTC

src/GraphQl/Resolver/Stage/SecurityStage.php (1 issue)

Labels

Bug 1

Severity

Major 1

Alan Poulain 1

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Core\GraphQl\Resolver\Stage;

use ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface;
use ApiPlatform\Core\Security\ResourceAccessCheckerInterface;
use GraphQL\Error\Error;
use GraphQL\Type\Definition\ResolveInfo;

/**
 * Security stage of GraphQL resolvers.
 *
 * @experimental
 *
 * @author Alan Poulain <[email protected]>
 */
final class SecurityStage implements SecurityStageInterface
{
    private $resourceMetadataFactory;
    private $resourceAccessChecker;

    public function __construct(ResourceMetadataFactoryInterface $resourceMetadataFactory, ?ResourceAccessCheckerInterface $resourceAccessChecker)
    {
        $this->resourceMetadataFactory = $resourceMetadataFactory;
        $this->resourceAccessChecker = $resourceAccessChecker;
    }

    /**
     * {@inheritdoc}
     */
    public function __invoke(string $resourceClass, string $operationName, array $context): void
    {
        $resourceMetadata = $this->resourceMetadataFactory->create($resourceClass);

        $isGranted = $resourceMetadata->getGraphqlAttribute($operationName, 'security', null, true);

        if (null !== $isGranted && null === $this->resourceAccessChecker) {
            throw new \LogicException('Cannot check security expression when SecurityBundle is not installed. Try running "composer require symfony/security-bundle".');
        }

        if (null === $isGranted || $this->resourceAccessChecker->isGranted($resourceClass, (string) $isGranted, $context['extra_variables'])) {
        if (null === $isGranted || $this->resourceAccessChecker->/** @scrutinizer ignore-call */ isGranted($resourceClass, (string) $isGranted, $context['extra_variables'])) {
            return;
        }

        /** @var ResolveInfo $info */
        $info = $context['info'];
        throw Error::createLocatedError($resourceMetadata->getGraphqlAttribute($operationName, 'security_message', 'Access Denied.'), $info->fieldNodes, $info->path);
    }
}


api-platform / core

Push — master ( 1931f1...dfc177 )

src/GraphQl/Resolver/Stage/SecurityStage.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like