-
Notifications
You must be signed in to change notification settings - Fork 112
Expand file tree
/
Copy pathSplitAndSecurityAttributeToIsGrantedRector.php
More file actions
127 lines (103 loc) · 3.7 KB
/
SplitAndSecurityAttributeToIsGrantedRector.php
File metadata and controls
127 lines (103 loc) · 3.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
declare(strict_types=1);
namespace Rector\Symfony\CodeQuality\Rector\Class_;
use Nette\Utils\Strings;
use PhpParser\Node;
use PhpParser\Node\Arg;
use PhpParser\Node\Attribute;
use PhpParser\Node\AttributeGroup;
use PhpParser\Node\Name\FullyQualified;
use PhpParser\Node\Scalar\String_;
use PhpParser\Node\Stmt\Class_;
use PhpParser\Node\Stmt\ClassMethod;
use Rector\Rector\AbstractRector;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
use Symplify\RuleDocGenerator\ValueObject\CodeSample\CodeSample;
use Symplify\RuleDocGenerator\ValueObject\RuleDefinition;
/**
* @see \Rector\Symfony\Tests\CodeQuality\Rector\Class_\SplitAndSecurityAttributeToIsGrantedRector\SplitAndSecurityAttributeToIsGrantedRectorTest
*/
final class SplitAndSecurityAttributeToIsGrantedRector extends AbstractRector
{
public function getRuleDefinition(): RuleDefinition
{
return new RuleDefinition(
'Split #[Security] attribute with "and" condition string to multiple #[IsGranted] attributes with sole values',
[
new CodeSample(
<<<'CODE_SAMPLE'
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
#[Security("is_granted('ROLE_USER') and has_role('ROLE_ADMIN')")]
class SomeClass
{
}
CODE_SAMPLE
,
<<<'CODE_SAMPLE'
use Symfony\Component\Security\Http\Attribute\IsGranted;
#[IsGranted('ROLE_USER')]
#[IsGranted('ROLE_ADMIN')]
class SomeClass
{
}
CODE_SAMPLE
),
]
);
}
public function getNodeTypes(): array
{
return [Class_::class, ClassMethod::class];
}
/**
* @param Class_|ClassMethod $node
*/
public function refactor(Node $node): ?Node
{
$hasChanged = false;
foreach ($node->attrGroups as $key => $attrGroup) {
foreach ($attrGroup->attrs as $attr) {
if (! $this->isName($attr->name, Security::class)) {
continue;
}
$firstArgValue = $attr->args[0]->value;
if (! $firstArgValue instanceof String_) {
continue;
}
$content = $firstArgValue->value;
// unable to resolve with pure attributes
if (str_contains($content, ' or ')) {
continue;
}
// we look for "and"s
if (! str_contains($content, ' and ') && ! str_contains($content, ' && ')) {
continue;
}
// split by && and "and"
$andItems = str_contains($content, ' && ') ? explode(' && ', $content) : explode(' and ', $content);
$accessRights = [];
foreach ($andItems as $andItem) {
$matches = Strings::match($andItem, '#^(is_granted|has_role)\(\'(?<access_right>[A-Za-z_]+)\'\)$#');
if (! isset($matches['access_right'])) {
// all or nothing
return null;
}
$accessRights[] = $matches['access_right'];
}
unset($node->attrGroups[$key]);
$hasChanged = true;
foreach ($accessRights as $accessRight) {
$attributeGroup = new AttributeGroup([
new Attribute(new FullyQualified(IsGranted::class), [new Arg(new String_($accessRight))]),
]);
$node->attrGroups[] = $attributeGroup;
}
}
}
if ($hasChanged) {
return $node;
}
return null;
}
}