DenyAccessListener::onPreDeserialize() - Code Metrics - Inspection of "Fix: Rework security on components based on locati..." - components-web-app/api-components-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Test Failed

Push — master ( 9ceea8...5b7b5b )

by Daniel

created 2021-12-27 17:06 UTC

DenyAccessListener::onPreDeserialize() A

↳ Parent: DenyAccessListener

Complexity

Conditions	5
Paths	5

Size

Total Lines	18
Code Lines	10

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	30

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	5
eloc	10
c	1
b	0
f	0
nc	5
nop	1
dl	0
loc	18
rs	9.6111
ccs	0
cts	12
cp	0
crap	30

<?php

/*
 * This file is part of the Silverback API Components Bundle Project
 *
 * (c) Daniel West <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace Silverback\ApiComponentsBundle\Security\EventListener;

use Silverback\ApiComponentsBundle\Entity\Core\AbstractComponent;
use Silverback\ApiComponentsBundle\Entity\Core\AbstractPageData;
use Silverback\ApiComponentsBundle\Repository\Core\RouteRepository;
use Silverback\ApiComponentsBundle\Security\Voter\ComponentVoter;
use Silverback\ApiComponentsBundle\Security\Voter\RouteVoter;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Security;

/**
 * This will NOT restrict access to components fetched as a collection. As recommended by API Platform best practices, that should
 * be implemented in a Doctrine extension by the application developer.
 *
 * @author Daniel West <[email protected]>
 */
final class DenyAccessListener
{
    private Security $security;
    private RouteRepository $routeRepository;

    public function __construct(Security $security, RouteRepository $routeRepository)
    {
        $this->security = $security;
        $this->routeRepository = $routeRepository;
    }

    public function onPreDeserialize(RequestEvent $event): void
    {
        $request = $event->getRequest();

        $resource = $request->attributes->get('data');

        if ($resource instanceof AbstractComponent) {
            if ($this->security->isGranted(ComponentVoter::READ_COMPONENT, $resource)) {
                return;
            }
            throw new AccessDeniedException('Component access denied.');
        }

        if ($resource instanceof AbstractPageData) {
            if (false !== $this->isPageDataAllowedByRoute($resource)) {
                return;
            }
            throw new AccessDeniedException('Page data access denied.');
        }
    }

    private function isPageDataAllowedByRoute(AbstractPageData $pageData): ?bool
    {
        $routes = $this->routeRepository->findByPageData($pageData);

        // abstain - no route to check
        if (!\count($routes)) {
            return null;
        }

        foreach ($routes as $route) {
            $isGranted = $this->security->isGranted(RouteVoter::READ_ROUTE, $route);
            if ($isGranted) {
                return true;
            }
        }

        return false;
    }
}


1			<?php
2
3			/*
4			* This file is part of the Silverback API Components Bundle Project
5			*
6			* (c) Daniel West <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			declare(strict_types=1);
13
14			namespace Silverback\ApiComponentsBundle\Security\EventListener;
15
16			use Silverback\ApiComponentsBundle\Entity\Core\AbstractComponent;
17			use Silverback\ApiComponentsBundle\Entity\Core\AbstractPageData;
18			use Silverback\ApiComponentsBundle\Repository\Core\RouteRepository;
19			use Silverback\ApiComponentsBundle\Security\Voter\ComponentVoter;
20			use Silverback\ApiComponentsBundle\Security\Voter\RouteVoter;
21			use Symfony\Component\HttpKernel\Event\RequestEvent;
22			use Symfony\Component\Security\Core\Exception\AccessDeniedException;
23			use Symfony\Component\Security\Core\Security;
24
25			/**
26			* This will NOT restrict access to components fetched as a collection. As recommended by API Platform best practices, that should
27			* be implemented in a Doctrine extension by the application developer.
28			*
29			* @author Daniel West <[email protected]>
30			*/
31			final class DenyAccessListener
32			{
33			private Security $security;
34			private RouteRepository $routeRepository;
35
36			public function __construct(Security $security, RouteRepository $routeRepository)
37			{
38			$this->security = $security;
39			$this->routeRepository = $routeRepository;
40			}
41
42			public function onPreDeserialize(RequestEvent $event): void
43			{
44			$request = $event->getRequest();
45
46			$resource = $request->attributes->get('data');
47
48			if ($resource instanceof AbstractComponent) {
49			if ($this->security->isGranted(ComponentVoter::READ_COMPONENT, $resource)) {
50			return;
51			}
52			throw new AccessDeniedException('Component access denied.');
53			}
54
55			if ($resource instanceof AbstractPageData) {
56			if (false !== $this->isPageDataAllowedByRoute($resource)) {
57			return;
58			}
59			throw new AccessDeniedException('Page data access denied.');
60			}
61			}
62
63			private function isPageDataAllowedByRoute(AbstractPageData $pageData): ?bool
64			{
65			$routes = $this->routeRepository->findByPageData($pageData);
66
67			// abstain - no route to check
68			if (!\count($routes)) {
69			return null;
70			}
71
72			foreach ($routes as $route) {
73			$isGranted = $this->security->isGranted(RouteVoter::READ_ROUTE, $route);
74			if ($isGranted) {
75			return true;
76			}
77			}
78
79			return false;
80			}
81			}
82

components-web-app / api-components-bundle

Push — master ( 9ceea8...5b7b5b )

DenyAccessListener::onPreDeserialize() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like