api-platform / core / 10682869832

coverage: 70.804%. Remained the same
10682869832

push

github

soyuka 
docs: changelog v3.4.0-alpha.4

3075 of 4343 relevant lines covered (70.8%)

75.56 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

68.57
/src/Symfony/EventListener/DenyAccessListener.php
1 
<?php
2 









3



/*










4



 * This file is part of the API Platform project.










5



 *










6



 * (c) Kévin Dunglas <dunglas@gmail.com>










7



 *










8



 * For the full copyright and license information, please view the LICENSE










9



 * file that was distributed with this source code.










10



 */










11












12



declare(strict_types=1);










13












14



namespace ApiPlatform\Symfony\EventListener;










15












16



use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;










17



use ApiPlatform\State\Util\OperationRequestInitiatorTrait;










18



use ApiPlatform\Symfony\Security\ResourceAccessCheckerInterface;










19



use ApiPlatform\Symfony\Util\RequestAttributesExtractor;










20



use Symfony\Component\HttpFoundation\Request;










21



use Symfony\Component\HttpKernel\Event\RequestEvent;










22



use Symfony\Component\HttpKernel\Event\ViewEvent;










23



use Symfony\Component\Security\Core\Exception\AccessDeniedException;










24












25



/**










26



 * Denies access to the current resource if the logged user doesn't have sufficient permissions.










27



 *










28



 * @deprecated use ApiPlatform\Symfony\Security\State\AccessCheckerProvider instead










29



 *










30



 * @author Kévin Dunglas <dunglas@gmail.com>










31



 */










32



final class DenyAccessListener










33



{










34



    use OperationRequestInitiatorTrait;










35












36



    public function __construct(?ResourceMetadataCollectionFactoryInterface $resourceMetadataCollectionFactory = null, private readonly ?ResourceAccessCheckerInterface $resourceAccessChecker = null)










37



    {










38



        $this->resourceMetadataCollectionFactory = $resourceMetadataCollectionFactory;




138





39



    }










40












41



    public function onSecurity(RequestEvent $event): void










42



    {










43



        $this->checkSecurity($event->getRequest(), 'security');




138





44



    }










45












46



    public function onSecurityPostDenormalize(RequestEvent $event): void










47



    {










48



        $request = $event->getRequest();




114





49



        $this->checkSecurity($request, 'security_post_denormalize', [




114





50



            'previous_object' => $request->attributes->get('previous_data'),




114





51



        ]);




114





52



    }










53












54



    public function onSecurityPostValidation(ViewEvent $event): void










55



    {










56



        $request = $event->getRequest();




×







57



        $this->checkSecurity($request, 'security_post_validation', [




×







58



            'previous_object' => $request->attributes->get('previous_data'),




×







59



        ]);




×







60



    }










61












62



    /**










63



     * @throws AccessDeniedException










64



     */










65



    private function checkSecurity(Request $request, string $attribute, array $extraVariables = []): void










66



    {










67



        if ($request->attributes->get('_api_platform_disable_listeners') || !$this->resourceAccessChecker || !$attributes = RequestAttributesExtractor::extractAttributes($request)) {




138





68



            return;




45





69



        }










70












71



        $operation = $this->initializeOperation($request);




111





72



        if ('api_platform.symfony.main_controller' === $operation?->getController()) {




111





73



            return;




95





74



        }










75












76



        if (!$operation) {




16





77



            return;




×







78



        }










79












80



        switch ($attribute) {










81



            case 'security_post_denormalize':




16





82



                $isGranted = $operation->getSecurityPostDenormalize();




×







83



                $message = $operation->getSecurityPostDenormalizeMessage();




×







84



                break;




×







85



            case 'security_post_validation':




16





86



                $isGranted = $operation->getSecurityPostValidation();




×







87



                $message = $operation->getSecurityPostValidationMessage();




×







88



                break;




×







89



            default:










90



                $isGranted = $operation->getSecurity();




16





91



                $message = $operation->getSecurityMessage();




16





92



        }










93












94



        if (null === $isGranted) {




16





95



            return;




4





96



        }










97












98



        $extraVariables += $request->attributes->all();




12





99



        $extraVariables['object'] = $request->attributes->get('data');




12





100



        $extraVariables['previous_object'] = $request->attributes->get('previous_data');




12





101



        $extraVariables['request'] = $request;




12





102












103



        if (!$this->resourceAccessChecker->isGranted($attributes['resource_class'], $isGranted, $extraVariables)) {




12





104



            throw new AccessDeniedException($message ?? 'Access Denied.');




8





105



        }










106



    }










107



}
























    

  • 

    •