Authorizer - Code Metrics - Inspection of "Merge pull request #6" - locomotivemtl/charcoal-user - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 1f9581...d48de4 )

by Chauncey

created 2020-03-02 17:41 UTC

Authorizer A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	109
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	1

Importance

Changes

Metric	Value
wmc	12
lcom	1
cbo	1
dl	0
loc	109
rs	10
c	0
b	0
f	0

6 Methods

Rating	Name	Size	Complexity
A	__construct()	8	2
A	rolesAllowed()	8	2
A	userAllowed()	8	2
A	isAllowed()	8	2
A	getDefaultResource()	4	1
A	setDefaultResource()	10	3

<?php

namespace Charcoal\User;

use InvalidArgumentException;

// From 'laminas/laminas-permissions-acl'
use Laminas\Permissions\Acl\Exception\ExceptionInterface as AclExceptionInterface;
use Laminas\Permissions\Acl\Resource\ResourceInterface as AclResourceInterface;

// From 'charcoal-user'
use Charcoal\User\UserInterface;

/**
 * User Authorization Checker
 *
 * The authorizer service provides support, upon creation, for a default ACL resource.
 *
 * ## Checking permissions
 *
 * To check if a given ACL (passed in constructor) allows a list of permissions (aka privileges):
 *
 * - `userAllowed(UserInterface $user, string[] $aclPermissions)`
 * - `rolesAllowed(string[] $roles, string[] $aclPermissions)`
 */
class Authorizer extends AbstractAuthorizer
{
    const DEFAULT_RESOURCE = 'DEFAULT_RESOURCE';

    /**
     * The default ACL resource identifier.
     *
     * @var string|null
     */
    private $defaultResource;

    /**
     * @param array $data Class dependencies.
     */
    public function __construct(array $data)
    {
        parent::__construct($data);

        if (isset($data['resource'])) {
            $this->setDefaultResource($data['resource']);
        }
    }

    /**
     * Determine if access is granted by checking the role(s) for permission(s).
     *
     * @deprecated In favour of AbstractAuthorizer::anyRolesGrantedAll()
     *
     * @param  string[] $aclRoles       The ACL role(s) to check.
     * @param  string[] $aclPermissions The ACL privilege(s) to check.
     * @return boolean Returns TRUE if and only if the $aclPermissions are granted against one of the $aclRoles.
     *     Returns TRUE if an empty array of permissions is given.
     *     Returns NULL if no applicable roles or permissions could be checked.
     */
    public function rolesAllowed(array $aclRoles, array $aclPermissions)
    {
        if (empty($aclPermissions)) {
            return true;
        }

        return $this->anyRolesGrantedAll($aclRoles, static::DEFAULT_RESOURCE, $aclPermissions);
    }

    /**
     * Determine if access is granted by checking the user's role(s) for permission(s).
     *
     * @deprecated In favour of AbstractAuthorizer::isUserGranted()
     *
     * @param  UserInterface $user           The user to check.
     * @param  string[]      $aclPermissions The ACL privilege(s) to check.
     * @return boolean
     *     Returns TRUE if and only if the $aclPermissions are granted against one of the roles of the $user.
     *     Returns TRUE if an empty array of permissions is given.
     *     Returns NULL if no applicable roles or permissions could be checked.
     */
    public function userAllowed(UserInterface $user, array $aclPermissions)
    {
        if (empty($aclPermissions)) {
            return true;
        }

        return $this->isUserGranted($user, static::DEFAULT_RESOURCE, $aclPermissions);
    }

    /**
     * {@inheritdoc}
     *
     * This method overrides {@see AbstractAuthorizer::isAllowed()}
     * as proxy to {@see \Laminas\Permissions\Acl\Acl::isAllowed()}
     * to provide support for the special class constant `Authorizer::DEFAULT_RESOURCE`.
     *
     * @param  AclRoleInterface|string     $role      The ACL role to check.
     * @param  AclResourceInterface|string $resource  The ACL resource to check.
     * @param  string                      $privilege The ACL privilege to check.
     * @return boolean Returns TRUE if and only if the $role has access to the $resource.
     */
    public function isAllowed($role = null, $resource = null, $privilege = null)
    {
        if ($resource === static::DEFAULT_RESOURCE) {
            $resource = $this->getDefaultResource();
        }

        return parent::isAllowed($role, $resource, $privilege);
    }

    /**
     * @return string|null
     */
    protected function getDefaultResource()
    {
        return $this->defaultResource;
    }

    /**
     * @param  string|null $resource The ACL resource identifier.
     * @throws InvalidArgumentException If the resource identifier is not a string.
     * @return void
     */
    private function setDefaultResource($resource)
    {
        if (!is_string($resource) && $resource !== null) {
            throw new InvalidArgumentException(
                'ACL resource identifier must be a string or NULL'
            );
        }

        $this->defaultResource = $resource;
    }
}


1			<?php
2
3			namespace Charcoal\User;
4
5			use InvalidArgumentException;
6
7			// From 'laminas/laminas-permissions-acl'
8			use Laminas\Permissions\Acl\Exception\ExceptionInterface as AclExceptionInterface;
9			use Laminas\Permissions\Acl\Resource\ResourceInterface as AclResourceInterface;
10
11			// From 'charcoal-user'
12			use Charcoal\User\UserInterface;
13
14			/**
15			* User Authorization Checker
16			*
17			* The authorizer service provides support, upon creation, for a default ACL resource.
18			*
19			* ## Checking permissions
20			*
21			* To check if a given ACL (passed in constructor) allows a list of permissions (aka privileges):
22			*
23			* - `userAllowed(UserInterface $user, string[] $aclPermissions)`
24			* - `rolesAllowed(string[] $roles, string[] $aclPermissions)`
25			*/
26			class Authorizer extends AbstractAuthorizer
27			{
28			const DEFAULT_RESOURCE = 'DEFAULT_RESOURCE';
29
30			/**
31			* The default ACL resource identifier.
32			*
33			* @var string\|null
34			*/
35			private $defaultResource;
36
37			/**
38			* @param array $data Class dependencies.
39			*/
40			public function __construct(array $data)
41			{
42			parent::__construct($data);
43
44			if (isset($data['resource'])) {
45			$this->setDefaultResource($data['resource']);
46			}
47			}
48
49			/**
50			* Determine if access is granted by checking the role(s) for permission(s).
51			*
52			* @deprecated In favour of AbstractAuthorizer::anyRolesGrantedAll()
53			*
54			* @param string[] $aclRoles The ACL role(s) to check.
55			* @param string[] $aclPermissions The ACL privilege(s) to check.
56			* @return boolean Returns TRUE if and only if the $aclPermissions are granted against one of the $aclRoles.
57			* Returns TRUE if an empty array of permissions is given.
58			* Returns NULL if no applicable roles or permissions could be checked.
59			*/
60			public function rolesAllowed(array $aclRoles, array $aclPermissions)
61			{
62			if (empty($aclPermissions)) {
63			return true;
64			}
65
66			return $this->anyRolesGrantedAll($aclRoles, static::DEFAULT_RESOURCE, $aclPermissions);
67			}
68
69			/**
70			* Determine if access is granted by checking the user's role(s) for permission(s).
71			*
72			* @deprecated In favour of AbstractAuthorizer::isUserGranted()
73			*
74			* @param UserInterface $user The user to check.
75			* @param string[] $aclPermissions The ACL privilege(s) to check.
76			* @return boolean
77			* Returns TRUE if and only if the $aclPermissions are granted against one of the roles of the $user.
78			* Returns TRUE if an empty array of permissions is given.
79			* Returns NULL if no applicable roles or permissions could be checked.
80			*/
81			public function userAllowed(UserInterface $user, array $aclPermissions)
82			{
83			if (empty($aclPermissions)) {
84			return true;
85			}
86
87			return $this->isUserGranted($user, static::DEFAULT_RESOURCE, $aclPermissions);
88			}
89
90			/**
91			* {@inheritdoc}
92			*
93			* This method overrides {@see AbstractAuthorizer::isAllowed()}
94			* as proxy to {@see \Laminas\Permissions\Acl\Acl::isAllowed()}
95			* to provide support for the special class constant `Authorizer::DEFAULT_RESOURCE`.
96			*
97			* @param AclRoleInterface\|string $role The ACL role to check.
98			* @param AclResourceInterface\|string $resource The ACL resource to check.
99			* @param string $privilege The ACL privilege to check.
100			* @return boolean Returns TRUE if and only if the $role has access to the $resource.
101			*/
102			public function isAllowed($role = null, $resource = null, $privilege = null)
103			{
104			if ($resource === static::DEFAULT_RESOURCE) {
105			$resource = $this->getDefaultResource();
106			}
107
108			return parent::isAllowed($role, $resource, $privilege);
109			}
110
111			/**
112			* @return string\|null
113			*/
114			protected function getDefaultResource()
115			{
116			return $this->defaultResource;
117			}
118
119			/**
120			* @param string\|null $resource The ACL resource identifier.
121			* @throws InvalidArgumentException If the resource identifier is not a string.
122			* @return void
123			*/
124			private function setDefaultResource($resource)
125			{
126			if (!is_string($resource) && $resource !== null) {
127			throw new InvalidArgumentException(
128			'ACL resource identifier must be a string or NULL'
129			);
130			}
131
132			$this->defaultResource = $resource;
133			}
134			}
135

locomotivemtl / charcoal-user

Push — master ( 1f9581...d48de4 )

Authorizer A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

6 Methods

Duplication Side-by-Side

Filter issues like