20847225472

Committed 09 Jan 2026 09:22AM UTC coverage: 29.095% (+0.1%) from 28.946%

Build # 20847225472

Build Type

push

github

Committed by

web-flow

Commit Message

feat(doctrine): uuid filter (#7628)

Co-authored-by: soyuka <soyuka@users.noreply.github.com>

Run Details

130 of 156 new or added lines in 4 files covered. (83.33%)

80 existing lines in 11 files now uncovered.

16992 of 58402 relevant lines covered (29.09%)

81.51 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.37

/src/Symfony/Security/State/AccessCheckerProvider.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Symfony\Security\State;

use ApiPlatform\Metadata\Exception\RuntimeException;
use ApiPlatform\Metadata\GraphQl\Operation as GraphQlOperation;
use ApiPlatform\Metadata\GraphQl\QueryCollection;
use ApiPlatform\Metadata\HttpOperation;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\Metadata\ResourceAccessCheckerInterface;
use ApiPlatform\State\ProviderInterface;
use ApiPlatform\Symfony\Security\Exception\AccessDeniedException;
use ApiPlatform\Symfony\Security\ObjectVariableCheckerInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

/**
 * Allows access based on the ApiPlatform\Metadata\ResourceAccessCheckerInterface.
 * This implementation covers GraphQl and HTTP.
 *
 * @see ResourceAccessCheckerInterface
 */
final class AccessCheckerProvider implements ProviderInterface
{
    public function __construct(private readonly ProviderInterface $decorated, private readonly ResourceAccessCheckerInterface $resourceAccessChecker, private readonly ?string $event = null)
    {
    }

    public function provide(Operation $operation, array $uriVariables = [], array $context = []): object|array|null
    {
        switch ($this->event) {
            case 'post_denormalize':
                $isGranted = $operation->getSecurityPostDenormalize();
                $message = $operation->getSecurityPostDenormalizeMessage();
                break;
            case 'post_validate':
                $isGranted = $operation->getSecurityPostValidation();
                $message = $operation->getSecurityPostValidationMessage();
                break;
            case 'after_resolver':
                if (!$operation instanceof GraphQlOperation) {
                    throw new RuntimeException('Not a graphql operation');
                }

                $isGranted = $operation->getSecurityAfterResolver();
                $message = $operation->getSecurityMessageAfterResolver();
                break;
            default:
                $isGranted = $operation->getSecurity();
                $message = $operation->getSecurityMessage();
        }

        if (
            null === $isGranted
            // On a GraphQl QueryCollection we want to perform security stage only on the top-level query
            || ($operation instanceof QueryCollection && null !== ($context['source'] ?? null))
        ) {
            return $this->decorated->provide($operation, $uriVariables, $context);
        }

        $body = 'pre_read' === $this->event ? null : $this->decorated->provide($operation, $uriVariables, $context);

        if ($operation instanceof HttpOperation) {
            $request = $context['request'] ?? null;

            $resourceAccessCheckerContext = [
                'object' => $body,
                'previous_object' => $request?->attributes->get('previous_data'),
                'request' => $request,
            ];
        } else {
            $resourceAccessCheckerContext = [
                'object' => $body,
                'previous_object' => $context['graphql_context']['previous_object'] ?? null,
            ];
        }

        if ('pre_read' === $this->event && $this->resourceAccessChecker instanceof ObjectVariableCheckerInterface && $this->resourceAccessChecker->usesObjectVariable($isGranted, $resourceAccessCheckerContext)) {
            return $this->decorated->provide($operation, $uriVariables, $context);
        }

        if (!$this->resourceAccessChecker->isGranted($operation->getClass(), $isGranted, $resourceAccessCheckerContext)) {
            $operation instanceof GraphQlOperation ? throw new AccessDeniedHttpException($message ?? 'Access Denied.') : throw new AccessDeniedException($message ?? 'Access Denied.');
        }

        return 'pre_read' === $this->event ? $this->decorated->provide($operation, $uriVariables, $context) : $body;
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\Symfony\Security\State;
15
16	use ApiPlatform\Metadata\Exception\RuntimeException;
17	use ApiPlatform\Metadata\GraphQl\Operation as GraphQlOperation;
18	use ApiPlatform\Metadata\GraphQl\QueryCollection;
19	use ApiPlatform\Metadata\HttpOperation;
20	use ApiPlatform\Metadata\Operation;
21	use ApiPlatform\Metadata\ResourceAccessCheckerInterface;
22	use ApiPlatform\State\ProviderInterface;
23	use ApiPlatform\Symfony\Security\Exception\AccessDeniedException;
24	use ApiPlatform\Symfony\Security\ObjectVariableCheckerInterface;
25	use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
26
27	/**
28	* Allows access based on the ApiPlatform\Metadata\ResourceAccessCheckerInterface.
29	* This implementation covers GraphQl and HTTP.
30	*
31	* @see ResourceAccessCheckerInterface
32	*/
33	final class AccessCheckerProvider implements ProviderInterface
34	{
35	public function __construct(private readonly ProviderInterface $decorated, private readonly ResourceAccessCheckerInterface $resourceAccessChecker, private readonly ?string $event = null)
36	{
37	}	2,387✔
38
39	public function provide(Operation $operation, array $uriVariables = [], array $context = []): object\|array\|null
40	{
41	switch ($this->event) {	2,294✔
42	case 'post_denormalize':	2,294✔
43	$isGranted = $operation->getSecurityPostDenormalize();	1,943✔
44	$message = $operation->getSecurityPostDenormalizeMessage();	1,943✔
45	break;	1,943✔
46	case 'post_validate':	2,292✔
47	$isGranted = $operation->getSecurityPostValidation();	2,254✔
48	$message = $operation->getSecurityPostValidationMessage();	2,254✔
49	break;	2,254✔
50	case 'after_resolver':	2,290✔
51	if (!$operation instanceof GraphQlOperation) {	261✔
52	throw new RuntimeException('Not a graphql operation');	×
53	}
54
55	$isGranted = $operation->getSecurityAfterResolver();	261✔
56	$message = $operation->getSecurityMessageAfterResolver();	261✔
57	break;	261✔
58	default:
59	$isGranted = $operation->getSecurity();	2,290✔
60	$message = $operation->getSecurityMessage();	2,290✔
61	}
62
63	if (
64	null === $isGranted	2,294✔
65	// On a GraphQl QueryCollection we want to perform security stage only on the top-level query
66	\|\| ($operation instanceof QueryCollection && null !== ($context['source'] ?? null))	2,294✔
67	) {
68	return $this->decorated->provide($operation, $uriVariables, $context);	2,282✔
69	}
70
71	$body = 'pre_read' === $this->event ? null : $this->decorated->provide($operation, $uriVariables, $context);	155✔
72
73	if ($operation instanceof HttpOperation) {	155✔
74	$request = $context['request'] ?? null;	85✔
75
76	$resourceAccessCheckerContext = [	85✔
77	'object' => $body,	85✔
78	'previous_object' => $request?->attributes->get('previous_data'),	85✔
79	'request' => $request,	85✔
80	];	85✔
81	} else {
82	$resourceAccessCheckerContext = [	70✔
83	'object' => $body,	70✔
84	'previous_object' => $context['graphql_context']['previous_object'] ?? null,	70✔
85	];	70✔
86	}
87
88	if ('pre_read' === $this->event && $this->resourceAccessChecker instanceof ObjectVariableCheckerInterface && $this->resourceAccessChecker->usesObjectVariable($isGranted, $resourceAccessCheckerContext)) {	155✔
UNCOV 89	return $this->decorated->provide($operation, $uriVariables, $context);	14✔
90	}
91
92	if (!$this->resourceAccessChecker->isGranted($operation->getClass(), $isGranted, $resourceAccessCheckerContext)) {	155✔
93	$operation instanceof GraphQlOperation ? throw new AccessDeniedHttpException($message ?? 'Access Denied.') : throw new AccessDeniedException($message ?? 'Access Denied.');	56✔
94	}
95
96	return 'pre_read' === $this->event ? $this->decorated->provide($operation, $uriVariables, $context) : $body;	103✔
97	}
98	}

api-platform / core / 20847225472

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous