GuardInterceptor::__construct() - Code Metrics - Inspection of "- added core interceptors and base domain bootload..." - spiral/framework - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( abc2ba...40955b )

by Anton

created 2019-11-01 12:08 UTC

GuardInterceptor::__construct() A

↳ Parent: GuardInterceptor

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
eloc	1
c	1
b	0
f	1
dl	0
loc	3
rs	10
cc	1
nc	1
nop	1

<?php

/**
 * Spiral Framework.
 *
 * @license   MIT
 * @author    Anton Titov (Wolfy-J)
 */

declare(strict_types=1);

namespace Spiral\Domain;

use Doctrine\Common\Annotations\AnnotationReader;
use Spiral\Core\CoreInterceptorInterface;
use Spiral\Core\CoreInterface;
use Spiral\Core\Exception\ControllerException;
use Spiral\Core\Exception\InterceptorException;
use Spiral\Domain\Annotation\Guarded;
use Spiral\Domain\Annotation\GuardNamespace;
use Spiral\Security\GuardInterface;

class GuardInterceptor implements CoreInterceptorInterface
{
    /** @var GuardInterface */
    private $guard;

    /** @var array */
    private $permissionCache = [];

    /**
     * @param GuardInterface $guard
     */
    public function __construct(GuardInterface $guard)
    {
        $this->guard = $guard;
    }

    /**
     * @inheritDoc
     */
    public function process(string $controller, string $action, array $parameters, CoreInterface $core)
    {
        $permission = $this->getPermissions($controller, $action);

        if ($permission !== null && !$this->guard->allows($permission[0], $parameters)) {
            throw new ControllerException(
                sprintf(
                    'Unauthorized permission `%s` for action `%s`->`%s`',
                    $permission[0],
                    $controller,
                    $action
                ),
                $permission[1]
            );
        }

        return $core->callAction($controller, $action, $parameters);
    }

    /**
     * Get method RBAC permission if any. Automatically merges with controller namespace.
     *
     * @param string $controller
     * @param string $action
     * @return array|null
     *
     * @throws \Doctrine\Common\Annotations\AnnotationException
     */
    private function getPermissions(string $controller, string $action): ?array
    {
        $key = sprintf('%s:%s', $controller, $action);
        if (array_key_exists($key, $this->permissionCache)) {
            return $this->permissionCache[$key];
        }

        $this->permissionCache[$key] = null;
        try {
            $method = new \ReflectionMethod($controller, $action);
        } catch (\ReflectionException $e) {
            return [];
        }

        $reader = new AnnotationReader();

        /** @var GuardNamespace $guardNamespace */
        $guardNamespace = $reader->getClassAnnotation($method->getDeclaringClass(), GuardNamespace::class);

        /** @var Guarded $guarded */
        $guarded = $reader->getMethodAnnotation($method, Guarded::class);

        if ($guarded === null) {
            return null;
        }

        if ($guarded->permission === null && $guardNamespace === null) {
            throw new InterceptorException(
                'Unable to apply @Guarded annotation without specified permission name or @GuardNamespace'
            );
        }

        $permission = [
            $guarded->permission ?? $action,
            ControllerException::FORBIDDEN
        ];

        if ($guardNamespace !== null) {
            $permission[0] = sprintf('%s.%s', $guardNamespace->namespace, $permission[0]);
        }

        switch ($guarded->else) {
            case 'badAction':
                $permission[1] = ControllerException::BAD_ACTION;
                break;
            case 'notFound':
                $permission[1] = ControllerException::NOT_FOUND;
                break;
            case 'error':
                $permission[1] = ControllerException::ERROR;
                break;
        }

        $this->permissionCache[$key] = $permission;

        return $permission;
    }
}


1			<?php
2
3			/**
4			* Spiral Framework.
5			*
6			* @license MIT
7			* @author Anton Titov (Wolfy-J)
8			*/
9
10			declare(strict_types=1);
11
12			namespace Spiral\Domain;
13
14			use Doctrine\Common\Annotations\AnnotationReader;
15			use Spiral\Core\CoreInterceptorInterface;
16			use Spiral\Core\CoreInterface;
17			use Spiral\Core\Exception\ControllerException;
18			use Spiral\Core\Exception\InterceptorException;
19			use Spiral\Domain\Annotation\Guarded;
20			use Spiral\Domain\Annotation\GuardNamespace;
21			use Spiral\Security\GuardInterface;
22
23			class GuardInterceptor implements CoreInterceptorInterface
24			{
25			/** @var GuardInterface */
26			private $guard;
27
28			/** @var array */
29			private $permissionCache = [];
30
31			/**
32			* @param GuardInterface $guard
33			*/
34			public function __construct(GuardInterface $guard)
35			{
36			$this->guard = $guard;
37			}
38
39			/**
40			* @inheritDoc
41			*/
42			public function process(string $controller, string $action, array $parameters, CoreInterface $core)
43			{
44			$permission = $this->getPermissions($controller, $action);
45
46			if ($permission !== null && !$this->guard->allows($permission[0], $parameters)) {
47			throw new ControllerException(
48			sprintf(
49			'Unauthorized permission `%s` for action `%s`->`%s`',
50			$permission[0],
51			$controller,
52			$action
53			),
54			$permission[1]
55			);
56			}
57
58			return $core->callAction($controller, $action, $parameters);
59			}
60
61			/**
62			* Get method RBAC permission if any. Automatically merges with controller namespace.
63			*
64			* @param string $controller
65			* @param string $action
66			* @return array\|null
67			*
68			* @throws \Doctrine\Common\Annotations\AnnotationException
69			*/
70			private function getPermissions(string $controller, string $action): ?array
71			{
72			$key = sprintf('%s:%s', $controller, $action);
73			if (array_key_exists($key, $this->permissionCache)) {
74			return $this->permissionCache[$key];
75			}
76
77			$this->permissionCache[$key] = null;
78			try {
79			$method = new \ReflectionMethod($controller, $action);
80			} catch (\ReflectionException $e) {
81			return [];
82			}
83
84			$reader = new AnnotationReader();
85
86			/** @var GuardNamespace $guardNamespace */
87			$guardNamespace = $reader->getClassAnnotation($method->getDeclaringClass(), GuardNamespace::class);
88
89			/** @var Guarded $guarded */
90			$guarded = $reader->getMethodAnnotation($method, Guarded::class);
91
92			if ($guarded === null) {
93			return null;
94			}
95
96			if ($guarded->permission === null && $guardNamespace === null) {
97			throw new InterceptorException(
98			'Unable to apply @Guarded annotation without specified permission name or @GuardNamespace'
99			);
100			}
101
102			$permission = [
103			$guarded->permission ?? $action,
104			ControllerException::FORBIDDEN
105			];
106
107			if ($guardNamespace !== null) {
108			$permission[0] = sprintf('%s.%s', $guardNamespace->namespace, $permission[0]);
109			}
110
111			switch ($guarded->else) {
112			case 'badAction':
113			$permission[1] = ControllerException::BAD_ACTION;
114			break;
115			case 'notFound':
116			$permission[1] = ControllerException::NOT_FOUND;
117			break;
118			case 'error':
119			$permission[1] = ControllerException::ERROR;
120			break;
121			}
122
123			$this->permissionCache[$key] = $permission;
124
125			return $permission;
126			}
127			}
128

spiral / framework

Push — master ( abc2ba...40955b )

GuardInterceptor::__construct() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like