7358244626

Committed 29 Dec 2023 04:31PM UTC coverage: 37.248%. Remained the same

Build # 7358244626

Build Type

push

github

Committed by

soyuka

Commit Message

style: latest cs-fixer

Run Details

2 of 3 new or added lines in 2 files covered. (66.67%)

69 existing lines in 7 files now uncovered.

10299 of 27650 relevant lines covered (37.25%)

28.67 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.14

/src/Symfony/EventListener/DenyAccessListener.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Symfony\EventListener;

use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
use ApiPlatform\State\Util\OperationRequestInitiatorTrait;
use ApiPlatform\Symfony\Security\ResourceAccessCheckerInterface;
use ApiPlatform\Symfony\Util\RequestAttributesExtractor;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\Event\ViewEvent;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;

/**
 * Denies access to the current resource if the logged user doesn't have sufficient permissions.
 *
 * @author Kévin Dunglas <dunglas@gmail.com>
 */
final class DenyAccessListener
{
    use OperationRequestInitiatorTrait;

    public function __construct(ResourceMetadataCollectionFactoryInterface $resourceMetadataCollectionFactory = null, private readonly ?ResourceAccessCheckerInterface $resourceAccessChecker = null)
    {
        $this->resourceMetadataCollectionFactory = $resourceMetadataCollectionFactory;
    }

    public function onSecurity(RequestEvent $event): void
    {
        $this->checkSecurity($event->getRequest(), 'security');
    }

    public function onSecurityPostDenormalize(RequestEvent $event): void
    {
        $request = $event->getRequest();
        $this->checkSecurity($request, 'security_post_denormalize', [
            'previous_object' => $request->attributes->get('previous_data'),
        ]);
    }

    public function onSecurityPostValidation(ViewEvent $event): void
    {
        $request = $event->getRequest();
        $this->checkSecurity($request, 'security_post_validation', [
            'previous_object' => $request->attributes->get('previous_data'),
        ]);
    }

    /**
     * @throws AccessDeniedException
     */
    private function checkSecurity(Request $request, string $attribute, array $extraVariables = []): void
    {
        if ($request->attributes->get('_api_platform_disable_listeners') || !$this->resourceAccessChecker || !$attributes = RequestAttributesExtractor::extractAttributes($request)) {
            return;
        }

        $operation = $this->initializeOperation($request);
        if ('api_platform.symfony.main_controller' === $operation?->getController()) {
            return;
        }

        if (!$operation) {
            return;
        }

        switch ($attribute) {
            case 'security_post_denormalize':
                $isGranted = $operation->getSecurityPostDenormalize();
                $message = $operation->getSecurityPostDenormalizeMessage();
                break;
            case 'security_post_validation':
                $isGranted = $operation->getSecurityPostValidation();
                $message = $operation->getSecurityPostValidationMessage();
                break;
            default:
                $isGranted = $operation->getSecurity();
                $message = $operation->getSecurityMessage();
        }

        if (null === $isGranted) {
            return;
        }

        $extraVariables += $request->attributes->all();
        $extraVariables['object'] = $request->attributes->get('data');
        $extraVariables['previous_object'] = $request->attributes->get('previous_data');
        $extraVariables['request'] = $request;

        if (!$this->resourceAccessChecker->isGranted($attributes['resource_class'], $isGranted, $extraVariables)) {
            throw new AccessDeniedException($message ?? 'Access Denied.');
        }
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\Symfony\EventListener;
15
16	use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
17	use ApiPlatform\State\Util\OperationRequestInitiatorTrait;
18	use ApiPlatform\Symfony\Security\ResourceAccessCheckerInterface;
19	use ApiPlatform\Symfony\Util\RequestAttributesExtractor;
20	use Symfony\Component\HttpFoundation\Request;
21	use Symfony\Component\HttpKernel\Event\RequestEvent;
22	use Symfony\Component\HttpKernel\Event\ViewEvent;
23	use Symfony\Component\Security\Core\Exception\AccessDeniedException;
24
25	/**
26	* Denies access to the current resource if the logged user doesn't have sufficient permissions.
27	*
28	* @author Kévin Dunglas <dunglas@gmail.com>
29	*/
30	final class DenyAccessListener
31	{
32	use OperationRequestInitiatorTrait;
33
34	public function __construct(ResourceMetadataCollectionFactoryInterface $resourceMetadataCollectionFactory = null, private readonly ?ResourceAccessCheckerInterface $resourceAccessChecker = null)
35	{
36	$this->resourceMetadataCollectionFactory = $resourceMetadataCollectionFactory;	128✔
37	}
38
39	public function onSecurity(RequestEvent $event): void
40	{
41	$this->checkSecurity($event->getRequest(), 'security');	128✔
42	}
43
44	public function onSecurityPostDenormalize(RequestEvent $event): void
45	{
46	$request = $event->getRequest();	104✔
47	$this->checkSecurity($request, 'security_post_denormalize', [	104✔
48	'previous_object' => $request->attributes->get('previous_data'),	104✔
49	]);	104✔
50	}
51
52	public function onSecurityPostValidation(ViewEvent $event): void
53	{
UNCOV 54	$request = $event->getRequest();	14✔
UNCOV 55	$this->checkSecurity($request, 'security_post_validation', [	14✔
UNCOV 56	'previous_object' => $request->attributes->get('previous_data'),	14✔
UNCOV 57	]);	14✔
58	}
59
60	/**
61	* @throws AccessDeniedException
62	*/
63	private function checkSecurity(Request $request, string $attribute, array $extraVariables = []): void
64	{
65	if ($request->attributes->get('_api_platform_disable_listeners') \|\| !$this->resourceAccessChecker \|\| !$attributes = RequestAttributesExtractor::extractAttributes($request)) {	128✔
66	return;	64✔
67	}
68
69	$operation = $this->initializeOperation($request);	75✔
70	if ('api_platform.symfony.main_controller' === $operation?->getController()) {	75✔
71	return;	45✔
72	}
73
74	if (!$operation) {	30✔
75	return;	×
76	}
77
78	switch ($attribute) {
79	case 'security_post_denormalize':	30✔
UNCOV 80	$isGranted = $operation->getSecurityPostDenormalize();	14✔
UNCOV 81	$message = $operation->getSecurityPostDenormalizeMessage();	14✔
UNCOV 82	break;	14✔
83	case 'security_post_validation':	30✔
UNCOV 84	$isGranted = $operation->getSecurityPostValidation();	14✔
UNCOV 85	$message = $operation->getSecurityPostValidationMessage();	14✔
UNCOV 86	break;	14✔
87	default:
88	$isGranted = $operation->getSecurity();	30✔
89	$message = $operation->getSecurityMessage();	30✔
90	}
91
92	if (null === $isGranted) {	30✔
93	return;	18✔
94	}
95
96	$extraVariables += $request->attributes->all();	16✔
97	$extraVariables['object'] = $request->attributes->get('data');	16✔
98	$extraVariables['previous_object'] = $request->attributes->get('previous_data');	16✔
99	$extraVariables['request'] = $request;	16✔
100
101	if (!$this->resourceAccessChecker->isGranted($attributes['resource_class'], $isGranted, $extraVariables)) {	16✔
102	throw new AccessDeniedException($message ?? 'Access Denied.');	8✔
103	}
104	}
105	}

api-platform / core / 7358244626

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous