ResourceAclHelper - Code Metrics - Inspection of "Merge remote-tracking branch 'origin/master'" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 577984...690f51 )

by Angel Fernando Quiroz

created 2025-12-03 23:38 UTC

ResourceAclHelper A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	81
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	40
c	1
b	0
f	0
dl	0
loc	81
rs	10
wmc	8

2 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	3	1
B	isAllowed()	0	75	7

<?php

/* For licensing terms, see /license.txt */

declare(strict_types=1);

namespace Chamilo\CoreBundle\Helpers;

use Chamilo\CoreBundle\Entity\ResourceLink;
use Chamilo\CoreBundle\Security\Authorization\Voter\ResourceNodeVoter;
use Laminas\Permissions\Acl\Acl;
use Laminas\Permissions\Acl\Resource\GenericResource;
use Laminas\Permissions\Acl\Role\GenericRole;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Security\Acl\Permission\MaskBuilder;
use Symfony\Component\Security\Core\Authentication\Token\NullToken;
use Symfony\Component\Security\Core\User\UserInterface;

readonly class ResourceAclHelper
{
    public function __construct(
        private Security $security,
    ) { }

    public function isAllowed(
        string $attribute,
        ResourceLink $resourceLink,
        iterable $rights,
        bool $allowAnonsToView,
    ): bool {
        // Creating roles
        $anon = new GenericRole('IS_AUTHENTICATED_ANONYMOUSLY');
        $userRole = new GenericRole('ROLE_USER');
        $student = new GenericRole('ROLE_STUDENT');
        $teacher = new GenericRole('ROLE_TEACHER');
        $studentBoss = new GenericRole('ROLE_STUDENT_BOSS');

        $currentStudent = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_STUDENT);
        $currentTeacher = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_TEACHER);

        $currentStudentGroup = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_GROUP_STUDENT);
        $currentTeacherGroup = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_GROUP_TEACHER);

        $currentStudentSession = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT);
        $currentTeacherSession = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);

        // Setting Simple ACL.
        $acl = (new Acl())
            ->addRole($anon)
            ->addRole($userRole)
            ->addRole($student)
            ->addRole($teacher)
            ->addRole($studentBoss)

            ->addRole($currentStudent)
            ->addRole($currentTeacher, ResourceNodeVoter::ROLE_CURRENT_COURSE_STUDENT)

            ->addRole($currentStudentSession)
            ->addRole($currentTeacherSession, ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT)

            ->addRole($currentStudentGroup)
            ->addRole($currentTeacherGroup, ResourceNodeVoter::ROLE_CURRENT_COURSE_GROUP_STUDENT)
        ;

        // Add a security resource.
        $acl->addResource(new GenericResource((string) $resourceLink->getId()));

        // Check all the right this link has.
        // Set rights from the ResourceRight.
        foreach ($rights as $right) {
            $acl->allow($right->getRole(), null, (string) $right->getMask());
        }

        // Anons can see.
        if ($allowAnonsToView) {
            $acl->allow($anon, null, (string) ResourceNodeVoter::getReaderMask());
        }

        // Asked mask
        $mask = new MaskBuilder();
        $mask->add($attribute);

        $askedMask = (string) $mask->get();

        if ($this->security->getToken() instanceof NullToken) {
            return (bool) $acl->isAllowed('IS_AUTHENTICATED_ANONYMOUSLY', $resourceLink->getId(), $askedMask);
        }

        $user = $this->security->getUser();

        $roles = $user instanceof UserInterface ? $user->getRoles() : [];

        foreach ($roles as $role) {
            if ($acl->isAllowed($role, $resourceLink->getId(), $askedMask)) {
                return true;
            }
        }

        return false;
    }
}

1			<?php
2
3			/* For licensing terms, see /license.txt */
4
5			declare(strict_types=1);
6
7			namespace Chamilo\CoreBundle\Helpers;
8
9			use Chamilo\CoreBundle\Entity\ResourceLink;
10			use Chamilo\CoreBundle\Security\Authorization\Voter\ResourceNodeVoter;
11			use Laminas\Permissions\Acl\Acl;
12			use Laminas\Permissions\Acl\Resource\GenericResource;
13			use Laminas\Permissions\Acl\Role\GenericRole;
14			use Symfony\Bundle\SecurityBundle\Security;
15			use Symfony\Component\Security\Acl\Permission\MaskBuilder;
16			use Symfony\Component\Security\Core\Authentication\Token\NullToken;
17			use Symfony\Component\Security\Core\User\UserInterface;
18
19			readonly class ResourceAclHelper
20			{
21			public function __construct(
22			private Security $security,
23			) { }
24
25			public function isAllowed(
26			string $attribute,
27			ResourceLink $resourceLink,
28			iterable $rights,
29			bool $allowAnonsToView,
30			): bool {
31			// Creating roles
32			$anon = new GenericRole('IS_AUTHENTICATED_ANONYMOUSLY');
33			$userRole = new GenericRole('ROLE_USER');
34			$student = new GenericRole('ROLE_STUDENT');
35			$teacher = new GenericRole('ROLE_TEACHER');
36			$studentBoss = new GenericRole('ROLE_STUDENT_BOSS');
37
38			$currentStudent = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_STUDENT);
39			$currentTeacher = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_TEACHER);
40
41			$currentStudentGroup = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_GROUP_STUDENT);
42			$currentTeacherGroup = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_GROUP_TEACHER);
43
44			$currentStudentSession = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT);
45			$currentTeacherSession = new GenericRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);
46
47			// Setting Simple ACL.
48			$acl = (new Acl())
49			->addRole($anon)
50			->addRole($userRole)
51			->addRole($student)
52			->addRole($teacher)
53			->addRole($studentBoss)
54
55			->addRole($currentStudent)
56			->addRole($currentTeacher, ResourceNodeVoter::ROLE_CURRENT_COURSE_STUDENT)
57
58			->addRole($currentStudentSession)
59			->addRole($currentTeacherSession, ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT)
60
61			->addRole($currentStudentGroup)
62			->addRole($currentTeacherGroup, ResourceNodeVoter::ROLE_CURRENT_COURSE_GROUP_STUDENT)
63			;
64
65			// Add a security resource.
66			$acl->addResource(new GenericResource((string) $resourceLink->getId()));
67
68			// Check all the right this link has.
69			// Set rights from the ResourceRight.
70			foreach ($rights as $right) {
71			$acl->allow($right->getRole(), null, (string) $right->getMask());
72			}
73
74			// Anons can see.
75			if ($allowAnonsToView) {
76			$acl->allow($anon, null, (string) ResourceNodeVoter::getReaderMask());
77			}
78
79			// Asked mask
80			$mask = new MaskBuilder();
81			$mask->add($attribute);
82
83			$askedMask = (string) $mask->get();
84
85			if ($this->security->getToken() instanceof NullToken) {
86			return (bool) $acl->isAllowed('IS_AUTHENTICATED_ANONYMOUSLY', $resourceLink->getId(), $askedMask);
87			}
88
89			$user = $this->security->getUser();
90
91			$roles = $user instanceof UserInterface ? $user->getRoles() : [];
92
93			foreach ($roles as $role) {
94			if ($acl->isAllowed($role, $resourceLink->getId(), $askedMask)) {
95			return true;
96			}
97			}
98
99			return false;
100			}
101			}

chamilo / chamilo-lms

Push — master ( 577984...690f51 )

ResourceAclHelper A

Complexity

Size/Duplication

Importance

2 Methods

Duplication Side-by-Side

Filter issues like