10943429050

Committed 19 Sep 2024 02:48PM UTC coverage: 7.647% (-0.03%) from 7.675%

Build # 10943429050

Build Type

push

github

Committed by

web-flow

Commit Message

feat: api-platform/json-hal component (#6621)

* feat: add hal support for laravel

* feat: quick review

* fix: typo & cs-fixer

* fix: typo in composer.json

* fix: cs-fixer & phpstan

* fix: forgot about hal item normalizer, therefore there's no more createbook nor updatebook test as Hal is a readonly format

Run Details

0 of 94 new or added lines in 2 files covered. (0.0%)

9082 existing lines in 291 files now uncovered.

12629 of 165144 relevant lines covered (7.65%)

22.89 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/src/Symfony/Security/ResourceAccessChecker.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Symfony\Security;

use Symfony\Component\ExpressionLanguage\ExpressionLanguage;
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
use Symfony\Component\Security\Core\Authentication\Token\NullToken;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;

/**
 * Checks if the logged user has sufficient permissions to access the given resource.
 *
 * @author Kévin Dunglas <dunglas@gmail.com>
 */
final class ResourceAccessChecker implements ResourceAccessCheckerInterface
{
    public function __construct(private readonly ?ExpressionLanguage $expressionLanguage = null, private readonly ?AuthenticationTrustResolverInterface $authenticationTrustResolver = null, private readonly ?RoleHierarchyInterface $roleHierarchy = null, private readonly ?TokenStorageInterface $tokenStorage = null, private readonly ?AuthorizationCheckerInterface $authorizationChecker = null)
    {
    }

    public function isGranted(string $resourceClass, string $expression, array $extraVariables = []): bool
    {
        if (null === $this->tokenStorage || null === $this->authenticationTrustResolver) {
            throw new \LogicException('The "symfony/security" library must be installed to use the "security" attribute.');
        }

        if (null === $this->expressionLanguage) {
            throw new \LogicException('The "symfony/expression-language" library must be installed to use the "security" attribute.');
        }

        $variables = array_merge($extraVariables, [
            'trust_resolver' => $this->authenticationTrustResolver,
            'auth_checker' => $this->authorizationChecker, // needed for the is_granted expression function
        ]);

        if (null === $token = $this->tokenStorage->getToken()) {
            $token = new NullToken();
        }

        $variables = array_merge($variables, $this->getVariables($token));

        return (bool) $this->expressionLanguage->evaluate($expression, $variables);
    }

    /**
     * @copyright Fabien Potencier <fabien@symfony.com>
     *
     * @see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
     */
    private function getVariables(TokenInterface $token): array
    {
        return [
            'token' => $token,
            'user' => $token->getUser(),
            'roles' => $this->getEffectiveRoles($token),
        ];
    }

    /**
     * @return string[]
     */
    private function getEffectiveRoles(TokenInterface $token): array
    {
        if (null === $this->roleHierarchy) {
            return $token->getRoleNames();
        }

        return $this->roleHierarchy->getReachableRoleNames($token->getRoleNames());
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\Symfony\Security;
15
16	use Symfony\Component\ExpressionLanguage\ExpressionLanguage;
17	use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
18	use Symfony\Component\Security\Core\Authentication\Token\NullToken;
19	use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
20	use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
21	use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
22	use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
23
24	/**
25	* Checks if the logged user has sufficient permissions to access the given resource.
26	*
27	* @author Kévin Dunglas <dunglas@gmail.com>
28	*/
29	final class ResourceAccessChecker implements ResourceAccessCheckerInterface
30	{
31	public function __construct(private readonly ?ExpressionLanguage $expressionLanguage = null, private readonly ?AuthenticationTrustResolverInterface $authenticationTrustResolver = null, private readonly ?RoleHierarchyInterface $roleHierarchy = null, private readonly ?TokenStorageInterface $tokenStorage = null, private readonly ?AuthorizationCheckerInterface $authorizationChecker = null)
32	{
UNCOV 33	}	2,637✔
34
35	public function isGranted(string $resourceClass, string $expression, array $extraVariables = []): bool
36	{
UNCOV 37	if (null === $this->tokenStorage \|\| null === $this->authenticationTrustResolver) {	245✔
UNCOV 38	throw new \LogicException('The "symfony/security" library must be installed to use the "security" attribute.');	3✔
39	}
40
UNCOV 41	if (null === $this->expressionLanguage) {	242✔
UNCOV 42	throw new \LogicException('The "symfony/expression-language" library must be installed to use the "security" attribute.');	3✔
43	}
44
UNCOV 45	$variables = array_merge($extraVariables, [	239✔
UNCOV 46	'trust_resolver' => $this->authenticationTrustResolver,	239✔
UNCOV 47	'auth_checker' => $this->authorizationChecker, // needed for the is_granted expression function	239✔
UNCOV 48	]);	239✔
49
UNCOV 50	if (null === $token = $this->tokenStorage->getToken()) {	239✔
UNCOV 51	$token = new NullToken();	33✔
52	}
53
UNCOV 54	$variables = array_merge($variables, $this->getVariables($token));	239✔
55
UNCOV 56	return (bool) $this->expressionLanguage->evaluate($expression, $variables);	239✔
57	}
58
59	/**
60	* @copyright Fabien Potencier <fabien@symfony.com>
61	*
62	* @see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
63	*/
64	private function getVariables(TokenInterface $token): array
65	{
UNCOV 66	return [	239✔
UNCOV 67	'token' => $token,	239✔
UNCOV 68	'user' => $token->getUser(),	239✔
UNCOV 69	'roles' => $this->getEffectiveRoles($token),	239✔
UNCOV 70	];	239✔
71	}
72
73	/**
74	* @return string[]
75	*/
76	private function getEffectiveRoles(TokenInterface $token): array
77	{
UNCOV 78	if (null === $this->roleHierarchy) {	239✔
UNCOV 79	return $token->getRoleNames();	9✔
80	}
81
UNCOV 82	return $this->roleHierarchy->getReachableRoleNames($token->getRoleNames());	230✔
83	}
84	}

api-platform / core / 10943429050

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous