SessionVoter - Code Metrics - Inspection of "Merge remote-tracking branch 'origin/master'" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( bd8ed8...9d8dba )

by Angel Fernando Quiroz

created 2024-05-31 13:54 UTC

SessionVoter A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	181
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	80
c	1
b	0
f	0
dl	0
loc	181
rs	9.0399
wmc	42

7 Methods

Rating	Name	Size	Complexity
A	__construct()	4	1
B	allowed()	21	8
A	allowToManageSessions()	9	3
A	allowManageAllSessions()	3	2
A	supports()	9	2
D	voteOnAttribute()	98	21
A	canEditSession()	15	5

How to fix Complexity

<?php

declare(strict_types=1);

/* For licensing terms, see /license.txt */

namespace Chamilo\CoreBundle\Security\Authorization\Voter;

use Chamilo\CoreBundle\Entity\Session;
use Chamilo\CoreBundle\Entity\User;
use Chamilo\CoreBundle\Settings\SettingsManager;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * @todo remove legacy code.
 *
 * @extends Voter<'VIEW'|'EDIT'|'DELETE', Session>
 */
class SessionVoter extends Voter
{
    public const VIEW = 'VIEW';
    public const EDIT = 'EDIT';
    public const DELETE = 'DELETE';

    public function __construct(
        private readonly Security $security,
        private readonly SettingsManager $settingsManager
    ) {}

    protected function supports(string $attribute, $subject): bool
    {
        $options = [
            self::VIEW,
            self::EDIT,
            self::DELETE,
        ];

        return $subject instanceof Session && \in_array($attribute, $options, true);
    }

    /**
     * Check if user has access to a session.
     *
     * {@inheritdoc}
     */
    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
    {
        /** @var User $user */
        $user = $token->getUser();

        // Make sure there is a user object (i.e. that the user is logged in)
        if (!$user instanceof UserInterface) {
            return false;
        }

        // Admins have access to everything.
        if ($this->security->isGranted('ROLE_ADMIN')) {
            return true;
        }

        // Checks if the current course was set up
        // $session->getCurrentCourse() is set in the class CidReqListener.
        /** @var Session $session */
        $session = $subject;
        $currentCourse = $session->getCurrentCourse();

        // Course checks.
        if ($currentCourse && $currentCourse->isHidden()) {
            return false;
        }

        switch ($attribute) {
            case self::VIEW:
                // @todo improve performance.
                $userIsGeneralCoach = $session->hasUserAsGeneralCoach($user);
                if (null === $currentCourse) {
                    $userIsStudent = $session->getSessionRelCourseByUser($user, Session::STUDENT)->count() > 0;
                    $userIsCourseCoach = $session->hasCoachInCourseList($user); // The current course will be checked in CourseVoter.
                } else {
                    $userIsCourseCoach = $session->hasCourseCoachInCourse($user, $currentCourse);
                    $userIsStudent = $session->hasUserInCourse($user, $currentCourse, Session::STUDENT);
                }
                $duration = (int) $session->getDuration();
                if (0 === $duration) {
                    // General coach.
                    if ($userIsGeneralCoach && $session->isActiveForCoach()) {
                        $user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);

                        return true;
                    }

                    // Course-Coach access.
                    if ($userIsCourseCoach && $session->isActiveForCoach()) {
                        $user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);

                        return true;
                    }

                    // Student access.
                    if ($userIsStudent && $session->isActiveForStudent()) {
                        $user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT);

                        return true;
                    }
                }

                if ($session->isAvailableByDurationForUser($user)) {
                    if ($userIsGeneralCoach) {
                        $user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);

                        return true;
                    }

                    if ($userIsCourseCoach) {
                        $user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);

                        return true;
                    }

                    if ($userIsStudent) {
                        $user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT);

                        return true;
                    }
                }

                return false;

            case self::EDIT:
            case self::DELETE:
                $canEdit = $this->canEditSession($user, $session, false);

                if ($canEdit) {
                    $user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);

                    return true;
                }

                return false;
        }

        // User don't have access to the session
        return false;
    }

    private function canEditSession(User $user, Session $session, bool $checkSession = true): bool
    {
        if (!$this->allowToManageSessions()) {
            return false;
        }

        if ($this->security->isGranted('ROLE_ADMIN') && $this->allowed($user, $session)) {
            return true;
        }

        if ($checkSession) {
            return $this->allowed($user, $session);
        }

        return true;
    }

    private function allowToManageSessions(): bool
    {
        if ($this->allowManageAllSessions()) {
            return true;
        }

        $setting = $this->settingsManager->getSetting('session.allow_teachers_to_create_sessions');

        return 'true' === $setting && $this->security->isGranted('ROLE_TEACHER');
    }

    private function allowManageAllSessions(): bool
    {
        return $this->security->isGranted('ROLE_ADMIN') || $this->security->isGranted('ROLE_SESSION_MANAGER');
    }

    private function allowed(User $user, Session $session): bool
    {
        if ($this->security->isGranted('ROLE_ADMIN')) {
            return true;
        }

        if ($this->security->isGranted('ROLE_SESSION_MANAGER')
            && 'true' !== $this->settingsManager->getSetting('session.allow_session_admins_to_manage_all_sessions')
            && !$session->hasUserAsSessionAdmin($user)
        ) {
            return false;
        }

        if ($this->security->isGranted('ROLE_TEACHER')
            && 'true' === $this->settingsManager->getSetting('session.allow_teachers_to_create_sessions')
            && !$session->hasUserAsGeneralCoach($user)
        ) {
            return false;
        }

        return true;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/* For licensing terms, see /license.txt */
6
7			namespace Chamilo\CoreBundle\Security\Authorization\Voter;
8
9			use Chamilo\CoreBundle\Entity\Session;
10			use Chamilo\CoreBundle\Entity\User;
11			use Chamilo\CoreBundle\Settings\SettingsManager;
12			use Symfony\Bundle\SecurityBundle\Security;
13			use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
14			use Symfony\Component\Security\Core\Authorization\Voter\Voter;
15			use Symfony\Component\Security\Core\User\UserInterface;
16
17			/**
18			* @todo remove legacy code.
19			*
20			* @extends Voter<'VIEW'\|'EDIT'\|'DELETE', Session>
21			*/
22			class SessionVoter extends Voter
23			{
24			public const VIEW = 'VIEW';
25			public const EDIT = 'EDIT';
26			public const DELETE = 'DELETE';
27
28			public function __construct(
29			private readonly Security $security,
30			private readonly SettingsManager $settingsManager
31			) {}
32
33			protected function supports(string $attribute, $subject): bool
34			{
35			$options = [
36			self::VIEW,
37			self::EDIT,
38			self::DELETE,
39			];
40
41			return $subject instanceof Session && \in_array($attribute, $options, true);
42			}
43
44			/**
45			* Check if user has access to a session.
46			*
47			* {@inheritdoc}
48			*/
49			protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
50			{
51			/** @var User $user */
52			$user = $token->getUser();
53
54			// Make sure there is a user object (i.e. that the user is logged in)
55			if (!$user instanceof UserInterface) {
56			return false;
57			}
58
59			// Admins have access to everything.
60			if ($this->security->isGranted('ROLE_ADMIN')) {
61			return true;
62			}
63
64			// Checks if the current course was set up
65			// $session->getCurrentCourse() is set in the class CidReqListener.
66			/** @var Session $session */
67			$session = $subject;
68			$currentCourse = $session->getCurrentCourse();
69
70			// Course checks.
71			if ($currentCourse && $currentCourse->isHidden()) {
72			return false;
73			}
74
75			switch ($attribute) {
76			case self::VIEW:
77			// @todo improve performance.
78			$userIsGeneralCoach = $session->hasUserAsGeneralCoach($user);
79			if (null === $currentCourse) {
80			$userIsStudent = $session->getSessionRelCourseByUser($user, Session::STUDENT)->count() > 0;
81			$userIsCourseCoach = $session->hasCoachInCourseList($user); // The current course will be checked in CourseVoter.
82			} else {
83			$userIsCourseCoach = $session->hasCourseCoachInCourse($user, $currentCourse);
84			$userIsStudent = $session->hasUserInCourse($user, $currentCourse, Session::STUDENT);
85			}
86			$duration = (int) $session->getDuration();
87			if (0 === $duration) {
88			// General coach.
89			if ($userIsGeneralCoach && $session->isActiveForCoach()) {
90			$user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);
91
92			return true;
93			}
94
95			// Course-Coach access.
96			if ($userIsCourseCoach && $session->isActiveForCoach()) {
97			$user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);
98
99			return true;
100			}
101
102			// Student access.
103			if ($userIsStudent && $session->isActiveForStudent()) {
104			$user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT);
105
106			return true;
107			}
108			}
109
110			if ($session->isAvailableByDurationForUser($user)) {
111			if ($userIsGeneralCoach) {
112			$user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);
113
114			return true;
115			}
116
117			if ($userIsCourseCoach) {
118			$user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);
119
120			return true;
121			}
122
123			if ($userIsStudent) {
124			$user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT);
125
126			return true;
127			}
128			}
129
130			return false;
131
132			case self::EDIT:
133			case self::DELETE:
134			$canEdit = $this->canEditSession($user, $session, false);
135
136			if ($canEdit) {
137			$user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);
138
139			return true;
140			}
141
142			return false;
143			}
144
145			// User don't have access to the session
146			return false;
147			}
148
149			private function canEditSession(User $user, Session $session, bool $checkSession = true): bool
150			{
151			if (!$this->allowToManageSessions()) {
152			return false;
153			}
154
155			if ($this->security->isGranted('ROLE_ADMIN') && $this->allowed($user, $session)) {
156			return true;
157			}
158
159			if ($checkSession) {
160			return $this->allowed($user, $session);
161			}
162
163			return true;
164			}
165
166			private function allowToManageSessions(): bool
167			{
168			if ($this->allowManageAllSessions()) {
169			return true;
170			}
171
172			$setting = $this->settingsManager->getSetting('session.allow_teachers_to_create_sessions');
173
174			return 'true' === $setting && $this->security->isGranted('ROLE_TEACHER');
175			}
176
177			private function allowManageAllSessions(): bool
178			{
179			return $this->security->isGranted('ROLE_ADMIN') \|\| $this->security->isGranted('ROLE_SESSION_MANAGER');
180			}
181
182			private function allowed(User $user, Session $session): bool
183			{
184			if ($this->security->isGranted('ROLE_ADMIN')) {
185			return true;
186			}
187
188			if ($this->security->isGranted('ROLE_SESSION_MANAGER')
189			&& 'true' !== $this->settingsManager->getSetting('session.allow_session_admins_to_manage_all_sessions')
190			&& !$session->hasUserAsSessionAdmin($user)
191			) {
192			return false;
193			}
194
195			if ($this->security->isGranted('ROLE_TEACHER')
196			&& 'true' === $this->settingsManager->getSetting('session.allow_teachers_to_create_sessions')
197			&& !$session->hasUserAsGeneralCoach($user)
198			) {
199			return false;
200			}
201
202			return true;
203			}
204			}
205

chamilo / chamilo-lms

Push — master ( bd8ed8...9d8dba )

SessionVoter A

Complexity

Size/Duplication

Importance

7 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like