16531587208

Committed 25 Jul 2025 09:05PM UTC coverage: 0.0% (-22.1%) from 22.07%

Build # 16531587208

Build Type

Pull #7225

github

Committed by

web-flow

Commit Message

Merge 23f449a58 into 02a764950

Pull Request Pull Request #7225: feat: json streamer

Run Details

0 of 294 new or added lines in 31 files covered. (0.0%)

11514 existing lines in 375 files now uncovered.

0 of 51976 relevant lines covered (0.0%)

0.0 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/State/Provider/SecurityParameterProvider.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\State\Provider;

use ApiPlatform\Metadata\Exception\AccessDeniedException as MetadataAccessDeniedException;
use ApiPlatform\Metadata\GraphQl\Operation as GraphQlOperation;
use ApiPlatform\Metadata\HttpOperation;
use ApiPlatform\Metadata\Link;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\Metadata\Parameters;
use ApiPlatform\Metadata\ResourceAccessCheckerInterface;
use ApiPlatform\State\ParameterNotFound;
use ApiPlatform\State\ProviderInterface;
use ApiPlatform\State\Util\ParameterParserTrait;
use ApiPlatform\Symfony\Security\Exception\AccessDeniedException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

/**
 * Loops over parameters to check parameter security.
 * Throws an exception if security is not granted.
 *
 * @experimental
 *
 * @implements ProviderInterface<object>
 */
final class SecurityParameterProvider implements ProviderInterface
{
    use ParameterParserTrait;

    /**
     * @param ProviderInterface<object> $decorated
     */
    public function __construct(private readonly ProviderInterface $decorated, private readonly ?ResourceAccessCheckerInterface $resourceAccessChecker = null)
    {
    }

    public function provide(Operation $operation, array $uriVariables = [], array $context = []): object|array|null
    {
        $body = $this->decorated->provide($operation, $uriVariables, $context);
        $request = $context['request'] ?? null;

        $operation = $request?->attributes->get('_api_operation') ?? $operation;

        $parameters = $operation->getParameters() ?? new Parameters();

        if ($operation instanceof HttpOperation) {
            foreach ($operation->getUriVariables() ?? [] as $key => $uriVariable) {
                if ($uriVariable->getValue() instanceof ParameterNotFound) {
                    $uriVariable->setValue($uriVariables[$key] ?? new ParameterNotFound());
                }

                $parameters->add($key, $uriVariable->withKey($key));
            }
        }

        foreach ($parameters as $parameter) {
            $extraProperties = $parameter->getExtraProperties();
            if (null === $security = $parameter->getSecurity()) {
                continue;
            }

            $value = $parameter->getValue();
            if ($parameter instanceof Link) {
                $targetResource = $parameter->getFromClass() ?? $parameter->getToClass() ?? null;
            }

            if ($value instanceof ParameterNotFound) {
                continue;
            }

            $targetResource ??= $extraProperties['resource_class'] ?? $context['resource_class'] ?? null;

            if (!$targetResource) {
                continue;
            }

            $securityObjectName = null;
            if ($parameter instanceof Link) {
                $securityObjectName = $parameter->getSecurityObjectName() ?? $parameter->getToProperty() ?? $parameter->getFromProperty() ?? null;
            }

            $securityContext = [
                'object' => $body,
                'operation' => $operation,
                'previous_object' => $request?->attributes->get('previous_data'),
                'request' => $request,
                $parameter->getKey() => $value,
            ];

            if ($securityObjectName) {
                $securityContext[$securityObjectName] = $request?->attributes->get($securityObjectName);
            }

            if (!$this->resourceAccessChecker->isGranted($targetResource, $security, $securityContext)) {
                $exception = match (true) {
                    class_exists(MetadataAccessDeniedException::class, true) => MetadataAccessDeniedException::class,
                    $operation instanceof GraphQlOperation => AccessDeniedHttpException::class,
                    class_exists(AccessDeniedException::class, true) => AccessDeniedException::class,
                    default => AccessDeniedHttpException::class,
                };

                throw new ($exception)($parameter->getSecurityMessage() ?? 'Access Denied.');
            }
        }

        return $body;
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\State\Provider;
15
16	use ApiPlatform\Metadata\Exception\AccessDeniedException as MetadataAccessDeniedException;
17	use ApiPlatform\Metadata\GraphQl\Operation as GraphQlOperation;
18	use ApiPlatform\Metadata\HttpOperation;
19	use ApiPlatform\Metadata\Link;
20	use ApiPlatform\Metadata\Operation;
21	use ApiPlatform\Metadata\Parameters;
22	use ApiPlatform\Metadata\ResourceAccessCheckerInterface;
23	use ApiPlatform\State\ParameterNotFound;
24	use ApiPlatform\State\ProviderInterface;
25	use ApiPlatform\State\Util\ParameterParserTrait;
26	use ApiPlatform\Symfony\Security\Exception\AccessDeniedException;
27	use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
28
29	/**
30	* Loops over parameters to check parameter security.
31	* Throws an exception if security is not granted.
32	*
33	* @experimental
34	*
35	* @implements ProviderInterface<object>
36	*/
37	final class SecurityParameterProvider implements ProviderInterface
38	{
39	use ParameterParserTrait;
40
41	/**
42	* @param ProviderInterface<object> $decorated
43	*/
44	public function __construct(private readonly ProviderInterface $decorated, private readonly ?ResourceAccessCheckerInterface $resourceAccessChecker = null)
45	{
UNCOV 46	}	×
47
48	public function provide(Operation $operation, array $uriVariables = [], array $context = []): object\|array\|null
49	{
UNCOV 50	$body = $this->decorated->provide($operation, $uriVariables, $context);	×
UNCOV 51	$request = $context['request'] ?? null;	×
52
UNCOV 53	$operation = $request?->attributes->get('_api_operation') ?? $operation;	×
54
UNCOV 55	$parameters = $operation->getParameters() ?? new Parameters();	×
56
UNCOV 57	if ($operation instanceof HttpOperation) {	×
UNCOV 58	foreach ($operation->getUriVariables() ?? [] as $key => $uriVariable) {	×
UNCOV 59	if ($uriVariable->getValue() instanceof ParameterNotFound) {	×
UNCOV 60	$uriVariable->setValue($uriVariables[$key] ?? new ParameterNotFound());	×
61	}
62
UNCOV 63	$parameters->add($key, $uriVariable->withKey($key));	×
64	}
65	}
66
UNCOV 67	foreach ($parameters as $parameter) {	×
UNCOV 68	$extraProperties = $parameter->getExtraProperties();	×
UNCOV 69	if (null === $security = $parameter->getSecurity()) {	×
UNCOV 70	continue;	×
71	}
72
UNCOV 73	$value = $parameter->getValue();	×
UNCOV 74	if ($parameter instanceof Link) {	×
UNCOV 75	$targetResource = $parameter->getFromClass() ?? $parameter->getToClass() ?? null;	×
76	}
77
UNCOV 78	if ($value instanceof ParameterNotFound) {	×
UNCOV 79	continue;	×
80	}
81
UNCOV 82	$targetResource ??= $extraProperties['resource_class'] ?? $context['resource_class'] ?? null;	×
83
UNCOV 84	if (!$targetResource) {	×
85	continue;	×
86	}
87
UNCOV 88	$securityObjectName = null;	×
UNCOV 89	if ($parameter instanceof Link) {	×
UNCOV 90	$securityObjectName = $parameter->getSecurityObjectName() ?? $parameter->getToProperty() ?? $parameter->getFromProperty() ?? null;	×
91	}
92
UNCOV 93	$securityContext = [	×
UNCOV 94	'object' => $body,	×
UNCOV 95	'operation' => $operation,	×
UNCOV 96	'previous_object' => $request?->attributes->get('previous_data'),	×
UNCOV 97	'request' => $request,	×
UNCOV 98	$parameter->getKey() => $value,	×
UNCOV 99	];	×
100
UNCOV 101	if ($securityObjectName) {	×
UNCOV 102	$securityContext[$securityObjectName] = $request?->attributes->get($securityObjectName);	×
103	}
104
UNCOV 105	if (!$this->resourceAccessChecker->isGranted($targetResource, $security, $securityContext)) {	×
UNCOV 106	$exception = match (true) {	×
UNCOV 107	class_exists(MetadataAccessDeniedException::class, true) => MetadataAccessDeniedException::class,	×
108	$operation instanceof GraphQlOperation => AccessDeniedHttpException::class,	×
109	class_exists(AccessDeniedException::class, true) => AccessDeniedException::class,	×
110	default => AccessDeniedHttpException::class,	×
UNCOV 111	};	×
112
UNCOV 113	throw new ($exception)($parameter->getSecurityMessage() ?? 'Access Denied.');	×
114	}
115	}
116
UNCOV 117	return $body;	×
118	}
119	}

api-platform / core / 16531587208

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous