overblog /
GraphQLBundle
We could not synchronize checks via GitHub's checks API since Scrutinizer's GitHub App is not installed for this repository.
| 1 | <?php |
||
| 15 | class AccessResolver |
||
| 16 | { |
||
| 17 | /** @var PromiseAdapter */ |
||
| 18 | private $promiseAdapter; |
||
| 19 | |||
| 20 | 94 | public function __construct(PromiseAdapter $promiseAdapter) |
|
| 24 | |||
| 25 | 12 | public function resolve(callable $accessChecker, callable $resolveCallback, array $resolveArgs = [], $useStrictAccess = false) |
|
| 26 | { |
||
| 27 | 12 | if ($useStrictAccess || self::isMutationRootField($resolveArgs[3])) { |
|
| 28 | 11 | return $this->checkAccessForStrictMode($accessChecker, $resolveCallback, $resolveArgs); |
|
| 29 | } |
||
| 30 | |||
| 31 | 4 | $result = \call_user_func_array($resolveCallback, $resolveArgs); |
|
| 32 | |||
| 33 | 4 | if ($result instanceof Promise) { |
|
| 34 | 1 | $result = $result->adoptedPromise; |
|
| 35 | } |
||
| 36 | |||
| 37 | 4 | if ($this->promiseAdapter->isThenable($result) || $result instanceof SyncPromise) { |
|
| 38 | 1 | return $this->promiseAdapter->then( |
|
| 39 | 1 | new Promise($result, $this->promiseAdapter), |
|
| 40 | function ($result) use ($accessChecker, $resolveArgs) { |
||
| 41 | 1 | return $this->processFilter($result, $accessChecker, $resolveArgs); |
|
| 42 | 1 | } |
|
| 43 | ); |
||
| 44 | } |
||
| 45 | |||
| 46 | 3 | return $this->processFilter($result, $accessChecker, $resolveArgs); |
|
| 47 | } |
||
| 48 | |||
| 49 | 9 | private static function isMutationRootField(ResolveInfo $info) |
|
| 50 | { |
||
| 51 | 9 | return 'mutation' === $info->operation->operation && $info->parentType === $info->schema->getMutationType(); |
|
| 52 | } |
||
| 53 | |||
| 54 | 11 | private function checkAccessForStrictMode(callable $accessChecker, callable $resolveCallback, array $resolveArgs = []) |
|
| 55 | { |
||
| 56 | 11 | if (!$this->hasAccess($accessChecker, $resolveArgs)) { |
|
| 57 | 5 | $exceptionClassName = self::isMutationRootField($resolveArgs[3]) ? UserError::class : UserWarning::class; |
|
| 58 | 5 | throw new $exceptionClassName('Access denied to this field.'); |
|
| 59 | } |
||
| 60 | |||
| 61 | 6 | return \call_user_func_array($resolveCallback, $resolveArgs); |
|
| 62 | } |
||
| 63 | |||
| 64 | 4 | private function processFilter($result, $accessChecker, $resolveArgs) |
|
| 65 | { |
||
| 66 | /** @var ResolveInfo $resolveInfo */ |
||
| 67 | 4 | $resolveInfo = $resolveArgs[3]; |
|
| 68 | |||
| 69 | 4 | if (self::isIterable($result) && $resolveInfo->returnType instanceof ListOfType) { |
|
| 70 | 1 | foreach ($result as $i => $object) { |
|
| 71 | 1 | $result[$i] = $this->hasAccess($accessChecker, $resolveArgs, $object) ? $object : null; |
|
| 72 | } |
||
| 73 | 3 | } elseif ($result instanceof Connection) { |
|
| 74 | 1 | $result->edges = \array_map( |
|
| 75 | function (Edge $edge) use ($accessChecker, $resolveArgs) { |
||
| 76 | 1 | $edge->node = $this->hasAccess($accessChecker, $resolveArgs, $edge->node) ? $edge->node : null; |
|
| 77 | |||
| 78 | 1 | return $edge; |
|
| 79 | 1 | }, |
|
| 80 | 1 | $result->edges |
|
| 81 | ); |
||
| 82 | 2 | } elseif (!$this->hasAccess($accessChecker, $resolveArgs, $result)) { |
|
| 83 | 1 | throw new UserWarning('Access denied to this field.'); |
|
| 84 | } |
||
| 85 | |||
| 86 | 3 | return $result; |
|
| 87 | } |
||
| 88 | |||
| 89 | 12 | private function hasAccess(callable $accessChecker, array $resolveArgs = [], $object = null) |
|
| 96 | |||
| 97 | /** |
||
| 98 | * @param mixed $data |
||
| 99 | * |
||
| 100 | * @return bool |
||
| 101 | */ |
||
| 102 | 4 | private static function isIterable($data) |
|
| 110 | } |
||
| 111 |
