Complex classes like AclSecurityHandler often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use AclSecurityHandler, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
32 | final class AclSecurityHandler implements AclSecurityHandlerInterface |
||
33 | { |
||
34 | /** |
||
35 | * @var TokenStorageInterface |
||
36 | */ |
||
37 | private $tokenStorage; |
||
38 | |||
39 | /** |
||
40 | * @var AuthorizationCheckerInterface |
||
41 | */ |
||
42 | private $authorizationChecker; |
||
43 | |||
44 | /** |
||
45 | * @var MutableAclProviderInterface |
||
46 | */ |
||
47 | private $aclProvider; |
||
48 | |||
49 | /** |
||
50 | * @var array |
||
51 | */ |
||
52 | private $superAdminRoles = []; |
||
53 | |||
54 | /** |
||
55 | * @var array |
||
56 | */ |
||
57 | private $adminPermissions = []; |
||
58 | |||
59 | /** |
||
60 | * @var array |
||
61 | */ |
||
62 | private $objectPermissions = []; |
||
63 | |||
64 | /** |
||
65 | * @var string |
||
66 | */ |
||
67 | private $maskBuilderClass; |
||
68 | |||
69 | public function __construct( |
||
70 | TokenStorageInterface $tokenStorage, |
||
71 | AuthorizationCheckerInterface $authorizationChecker, |
||
72 | MutableAclProviderInterface $aclProvider, |
||
73 | string $maskBuilderClass, |
||
74 | array $superAdminRoles |
||
75 | ) { |
||
76 | $this->tokenStorage = $tokenStorage; |
||
77 | $this->authorizationChecker = $authorizationChecker; |
||
78 | $this->aclProvider = $aclProvider; |
||
79 | $this->maskBuilderClass = $maskBuilderClass; |
||
80 | $this->superAdminRoles = $superAdminRoles; |
||
81 | } |
||
82 | |||
83 | public function setAdminPermissions(array $permissions): void |
||
84 | { |
||
85 | $this->adminPermissions = $permissions; |
||
86 | } |
||
87 | |||
88 | public function getAdminPermissions() |
||
89 | { |
||
90 | return $this->adminPermissions; |
||
91 | } |
||
92 | |||
93 | public function setObjectPermissions(array $permissions): void |
||
94 | { |
||
95 | $this->objectPermissions = $permissions; |
||
96 | } |
||
97 | |||
98 | public function getObjectPermissions() |
||
99 | { |
||
100 | return $this->objectPermissions; |
||
101 | } |
||
102 | |||
103 | public function isGranted(AdminInterface $admin, $attributes, $object = null) |
||
104 | { |
||
105 | if (!\is_array($attributes)) { |
||
106 | $attributes = [$attributes]; |
||
107 | } |
||
108 | |||
109 | try { |
||
110 | return $this->isAnyGranted($this->superAdminRoles) || |
||
111 | $this->isAnyGranted($attributes, $object); |
||
112 | } catch (AuthenticationCredentialsNotFoundException $e) { |
||
113 | return false; |
||
114 | } |
||
115 | } |
||
116 | |||
117 | public function getBaseRole(AdminInterface $admin) |
||
118 | { |
||
119 | return sprintf('ROLE_%s_%%s', str_replace('.', '_', strtoupper($admin->getCode()))); |
||
120 | } |
||
121 | |||
122 | public function buildSecurityInformation(AdminInterface $admin) |
||
123 | { |
||
124 | $baseRole = $this->getBaseRole($admin); |
||
125 | |||
126 | $results = []; |
||
127 | foreach ($admin->getSecurityInformation() as $role => $permissions) { |
||
128 | $results[sprintf($baseRole, $role)] = $permissions; |
||
129 | } |
||
130 | |||
131 | return $results; |
||
132 | } |
||
133 | |||
134 | public function createObjectSecurity(AdminInterface $admin, $object): void |
||
135 | { |
||
136 | // retrieving the ACL for the object identity |
||
137 | $objectIdentity = ObjectIdentity::fromDomainObject($object); |
||
138 | $acl = $this->getObjectAcl($objectIdentity); |
||
139 | if (null === $acl) { |
||
140 | $acl = $this->createAcl($objectIdentity); |
||
141 | } |
||
142 | |||
143 | // retrieving the security identity of the currently logged-in user |
||
144 | $user = $this->tokenStorage->getToken()->getUser(); |
||
145 | $securityIdentity = UserSecurityIdentity::fromAccount($user); |
||
146 | |||
147 | $this->addObjectOwner($acl, $securityIdentity); |
||
148 | $this->addObjectClassAces($acl, $this->buildSecurityInformation($admin)); |
||
149 | $this->updateAcl($acl); |
||
150 | } |
||
151 | |||
152 | public function deleteObjectSecurity(AdminInterface $admin, $object): void |
||
153 | { |
||
154 | $objectIdentity = ObjectIdentity::fromDomainObject($object); |
||
155 | $this->deleteAcl($objectIdentity); |
||
156 | } |
||
157 | |||
158 | public function getObjectAcl(ObjectIdentityInterface $objectIdentity): ?MutableAclInterface |
||
159 | { |
||
160 | try { |
||
161 | $acl = $this->aclProvider->findAcl($objectIdentity); |
||
162 | // todo - remove `assert` statement after https://github.com/phpstan/phpstan-symfony/pull/92 is released |
||
163 | \assert($acl instanceof MutableAclInterface); |
||
164 | } catch (AclNotFoundException $e) { |
||
165 | return null; |
||
166 | } |
||
167 | |||
168 | return $acl; |
||
169 | } |
||
170 | |||
171 | public function findObjectAcls(\Traversable $oids, array $sids = []) |
||
183 | |||
184 | public function addObjectOwner(MutableAclInterface $acl, ?UserSecurityIdentity $securityIdentity = null): void |
||
191 | |||
192 | public function addObjectClassAces(MutableAclInterface $acl, array $roleInformation = []): void |
||
221 | |||
222 | public function createAcl(ObjectIdentityInterface $objectIdentity): MutableAclInterface |
||
226 | |||
227 | public function updateAcl(MutableAclInterface $acl): void |
||
231 | |||
232 | public function deleteAcl(ObjectIdentityInterface $objectIdentity): void |
||
236 | |||
237 | public function findClassAceIndexByRole(MutableAclInterface $acl, $role) |
||
247 | |||
248 | public function findClassAceIndexByUsername(MutableAclInterface $acl, $username) |
||
258 | |||
259 | private function isAnyGranted(array $attributes, $subject = null): bool |
||
269 | } |
||
270 |