6067528200

Committed 04 Sep 2023 12:12AM UTC coverage: 36.875% (-21.9%) from 58.794%

Build # 6067528200

Build Type

Pull #5791

github

Committed by

web-flow

Commit Message

Merge 64157e578 into d09cfc9d2

Pull Request Pull Request #5791: fix: strip down any sql function name

Run Details

3096 of 3096 new or added lines in 205 files covered. (100.0%)

9926 of 26918 relevant lines covered (36.87%)

6.5 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.77

/src/Symfony/Security/State/AccessCheckerProvider.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Symfony\Security\State;

use ApiPlatform\Metadata\GraphQl\Operation as GraphQlOperation;
use ApiPlatform\Metadata\GraphQl\QueryCollection;
use ApiPlatform\Metadata\HttpOperation;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProviderInterface;
use ApiPlatform\Symfony\Security\Exception\AccessDeniedException;
use ApiPlatform\Symfony\Security\ResourceAccessCheckerInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

/**
 * Allows access to content the resourceAccessChecker.
 *
 * @see ResourceAccessCheckerInterface
 */
final class AccessCheckerProvider implements ProviderInterface
{
    public function __construct(private readonly ProviderInterface $decorated, private readonly ResourceAccessCheckerInterface $resourceAccessChecker, private readonly ?string $event = null)
    {
    }

    public function provide(Operation $operation, array $uriVariables = [], array $context = []): object|array|null
    {
        switch ($this->event) {
            case 'post_denormalize':
                $isGranted = $operation->getSecurityPostDenormalize();
                $message = $operation->getSecurityPostDenormalizeMessage();
                break;
            case 'post_validate':
                $isGranted = $operation->getSecurityPostValidation();
                $message = $operation->getSecurityPostValidationMessage();
                break;
            default:
                $isGranted = $operation->getSecurity();
                $message = $operation->getSecurityMessage();
        }

        $body = $this->decorated->provide($operation, $uriVariables, $context);
        if (null === $isGranted) {
            return $body;
        }

        // On a GraphQl QueryCollection we want to perform security stage only on the top-level query
        if ($operation instanceof QueryCollection && null !== ($context['source'] ?? null)) {
            return $body;
        }

        if ($operation instanceof HttpOperation) {
            $request = $context['request'] ?? null;

            $resourceAccessCheckerContext = [
                'object' => $body,
                'previous_object' => $request?->attributes->get('previous_data'),
                'request' => $request,
            ];
        } else {
            $resourceAccessCheckerContext = [
                'object' => $body,
                'previous_object' => $context['graphql_context']['previous_object'] ?? null,
            ];
        }

        if (!$this->resourceAccessChecker->isGranted($operation->getClass(), $isGranted, $resourceAccessCheckerContext)) {
            $operation instanceof GraphQlOperation ? throw new AccessDeniedHttpException($message ?? 'Access Denied.') : throw new AccessDeniedException($message ?? 'Access Denied.');
        }

        return $body;
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\Symfony\Security\State;
15
16	use ApiPlatform\Metadata\GraphQl\Operation as GraphQlOperation;
17	use ApiPlatform\Metadata\GraphQl\QueryCollection;
18	use ApiPlatform\Metadata\HttpOperation;
19	use ApiPlatform\Metadata\Operation;
20	use ApiPlatform\State\ProviderInterface;
21	use ApiPlatform\Symfony\Security\Exception\AccessDeniedException;
22	use ApiPlatform\Symfony\Security\ResourceAccessCheckerInterface;
23	use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
24
25	/**
26	* Allows access to content the resourceAccessChecker.
27	*
28	* @see ResourceAccessCheckerInterface
29	*/
30	final class AccessCheckerProvider implements ProviderInterface
31	{
32	public function __construct(private readonly ProviderInterface $decorated, private readonly ResourceAccessCheckerInterface $resourceAccessChecker, private readonly ?string $event = null)
33	{
34	}	73✔
35
36	public function provide(Operation $operation, array $uriVariables = [], array $context = []): object\|array\|null
37	{
38	switch ($this->event) {	73✔
39	case 'post_denormalize':	73✔
40	$isGranted = $operation->getSecurityPostDenormalize();	61✔
41	$message = $operation->getSecurityPostDenormalizeMessage();	61✔
42	break;	61✔
43	case 'post_validate':	70✔
44	$isGranted = $operation->getSecurityPostValidation();	61✔
45	$message = $operation->getSecurityPostValidationMessage();	61✔
46	break;	61✔
47	default:
48	$isGranted = $operation->getSecurity();	67✔
49	$message = $operation->getSecurityMessage();	67✔
50	}
51
52	$body = $this->decorated->provide($operation, $uriVariables, $context);	73✔
53	if (null === $isGranted) {	73✔
54	return $body;	58✔
55	}
56
57	// On a GraphQl QueryCollection we want to perform security stage only on the top-level query
58	if ($operation instanceof QueryCollection && null !== ($context['source'] ?? null)) {	23✔
59	return $body;	×
60	}
61
62	if ($operation instanceof HttpOperation) {	23✔
63	$request = $context['request'] ?? null;	20✔
64
65	$resourceAccessCheckerContext = [	20✔
66	'object' => $body,	20✔
67	'previous_object' => $request?->attributes->get('previous_data'),	20✔
68	'request' => $request,	20✔
69	];	20✔
70	} else {
71	$resourceAccessCheckerContext = [	3✔
72	'object' => $body,	3✔
73	'previous_object' => $context['graphql_context']['previous_object'] ?? null,	3✔
74	];	3✔
75	}
76
77	if (!$this->resourceAccessChecker->isGranted($operation->getClass(), $isGranted, $resourceAccessCheckerContext)) {	23✔
78	$operation instanceof GraphQlOperation ? throw new AccessDeniedHttpException($message ?? 'Access Denied.') : throw new AccessDeniedException($message ?? 'Access Denied.');	6✔
79	}
80
81	return $body;	17✔
82	}
83	}

api-platform / core / 6067528200

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous