ezsystems /
ezpublish-kernel
| Conditions | 17 |
| Paths | 35 |
| Total Lines | 80 |
| Code Lines | 40 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php |
||
| 60 | public function getPermissionsCriterion($module = 'content', $function = 'read') |
||
| 61 | { |
||
| 62 | $permissionSets = $this->permissionResolver->hasAccess($module, $function); |
||
| 63 | if ($permissionSets === false || $permissionSets === true) { |
||
| 64 | return $permissionSets; |
||
| 65 | } |
||
| 66 | |||
| 67 | if (empty($permissionSets)) { |
||
| 68 | throw new RuntimeException("Got an empty array of limitations from hasAccess( '{$module}', '{$function}' )"); |
||
| 69 | } |
||
| 70 | |||
| 71 | /* |
||
| 72 | * RoleAssignment is a OR condition, so is policy, while limitations is a AND condition |
||
| 73 | * |
||
| 74 | * If RoleAssignment has limitation then policy OR conditions are wrapped in a AND condition with the |
||
| 75 | * role limitation, otherwise it will be merged into RoleAssignment's OR condition. |
||
| 76 | */ |
||
| 77 | $currentUserRef = $this->permissionResolver->getCurrentUserReference(); |
||
| 78 | $roleAssignmentOrCriteria = array(); |
||
| 79 | foreach ($permissionSets as $permissionSet) { |
||
|
|
|||
| 80 | // $permissionSet is a RoleAssignment, but in the form of role limitation & role policies hash |
||
| 81 | $policyOrCriteria = array(); |
||
| 82 | /** |
||
| 83 | * @var \eZ\Publish\API\Repository\Values\User\Policy |
||
| 84 | */ |
||
| 85 | foreach ($permissionSet['policies'] as $policy) { |
||
| 86 | $limitations = $policy->getLimitations(); |
||
| 87 | if ($limitations === '*' || empty($limitations)) { |
||
| 88 | // Given policy gives full access, optimize away all role policies (but not role limitation if any) |
||
| 89 | // This should be optimized on create/update of Roles, however we keep this here for bc with older data |
||
| 90 | $policyOrCriteria = []; |
||
| 91 | break; |
||
| 92 | } |
||
| 93 | |||
| 94 | $limitationsAndCriteria = array(); |
||
| 95 | foreach ($limitations as $limitation) { |
||
| 96 | $type = $this->limitationService->getLimitationType($limitation->getIdentifier()); |
||
| 97 | $limitationsAndCriteria[] = $type->getCriterion($limitation, $currentUserRef); |
||
| 98 | } |
||
| 99 | |||
| 100 | $policyOrCriteria[] = isset($limitationsAndCriteria[1]) ? |
||
| 101 | new LogicalAnd($limitationsAndCriteria) : |
||
| 102 | $limitationsAndCriteria[0]; |
||
| 103 | } |
||
| 104 | |||
| 105 | /** |
||
| 106 | * Apply role limitations if there is one. |
||
| 107 | * |
||
| 108 | * @var \eZ\Publish\API\Repository\Values\User\Limitation[] |
||
| 109 | */ |
||
| 110 | if ($permissionSet['limitation'] instanceof Limitation) { |
||
| 111 | // We need to match both the limitation AND *one* of the policies, aka; roleLimit AND policies(OR) |
||
| 112 | $type = $this->limitationService->getLimitationType($permissionSet['limitation']->getIdentifier()); |
||
| 113 | if (!empty($policyOrCriteria)) { |
||
| 114 | $roleAssignmentOrCriteria[] = new LogicalAnd( |
||
| 115 | array( |
||
| 116 | $type->getCriterion($permissionSet['limitation'], $currentUserRef), |
||
| 117 | isset($policyOrCriteria[1]) ? new LogicalOr($policyOrCriteria) : $policyOrCriteria[0], |
||
| 118 | ) |
||
| 119 | ); |
||
| 120 | } else { |
||
| 121 | $roleAssignmentOrCriteria[] = $type->getCriterion($permissionSet['limitation'], $currentUserRef); |
||
| 122 | } |
||
| 123 | } elseif (!empty($policyOrCriteria)) { |
||
| 124 | // Otherwise merge $policyOrCriteria into $roleAssignmentOrCriteria |
||
| 125 | // There is no role limitation, so any of the policies can globally match in the returned OR criteria |
||
| 126 | $roleAssignmentOrCriteria = empty($roleAssignmentOrCriteria) ? |
||
| 127 | $policyOrCriteria : |
||
| 128 | array_merge($roleAssignmentOrCriteria, $policyOrCriteria); |
||
| 129 | } |
||
| 130 | } |
||
| 131 | |||
| 132 | if (empty($roleAssignmentOrCriteria)) { |
||
| 133 | return false; |
||
| 134 | } |
||
| 135 | |||
| 136 | return isset($roleAssignmentOrCriteria[1]) ? |
||
| 137 | new LogicalOr($roleAssignmentOrCriteria) : |
||
| 138 | $roleAssignmentOrCriteria[0]; |
||
| 139 | } |
||
| 140 | } |
||
| 141 |
There are different options of fixing this problem.
If you want to be on the safe side, you can add an additional type-check:
If you are sure that the expression is traversable, you might want to add a doc comment cast to improve IDE auto-completion and static analysis:
Mark the issue as a false-positive: Just hover the remove button, in the top-right corner of this issue for more options.