Silverback\ApiComponentBundle\Security\RestrictedResourceVoter

Complexity

Total Complexity

14

Size/Duplication

Total Lines	41
Duplicated Lines	0 %

Importance

Changes	1
Bugs	0	Features	0

4 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	3	1
A	vote()	0	5	3
A	isSupported()	0	6	3
B	rolesVote()	0	17	7

<?php

declare(strict_types=1);

namespace Silverback\ApiComponentBundle\Security;

use Silverback\ApiComponentBundle\Entity\Content\AbstractContent;
use Silverback\ApiComponentBundle\Entity\RestrictedResourceInterface;
use Symfony\Component\Security\Core\Security;

/**
 * @author Daniel West <daniel@silverback.is>
 */
class RestrictedResourceVoter
{
    private $security;

    public function __construct(Security $security)
    {
        $this->security = $security;
    }

    private function rolesVote(array $roles): bool
    {
        if (!count($roles)) {
            return true;
        }
        $negativeRoles = [];
        $positiveRoles = [];
        foreach ($roles as $role) {
            if (strpos($role, '!') === 0) {
                $negativeRoles[] = substr($role, 1);
                continue;
            }
            $positiveRoles[] = $role;
        }
        $positivePass = count($positiveRoles) && $this->security->isGranted($positiveRoles);
        $negativePass = count($negativeRoles) && !$this->security->isGranted($negativeRoles);
        return $positivePass || $negativePass;
    }

    public function isSupported($data): ?RestrictedResourceInterface
    {
        if ($data instanceof RestrictedResourceInterface && !$data instanceof AbstractContent) {
            return $data;
        }
        return null;
    }

    public function vote($object): bool
    {
        return (!($restrictedResource = $this->isSupported($object)) ||
            !($roles = $restrictedResource->getSecurityRoles()) === null ||
            $this->rolesVote($roles))

It seems like $roles can also be of type null; however, parameter $roles of Silverback\ApiComponentBundle\Security\RestrictedResourceVoter::rolesVote() does only seem to accept array, maybe add an additional type check?

        ;
    }
}