rspec/rules/S5808/php/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

In a Symfony web application:

* the ``++vote++`` method of a https://symfony.com/doc/current/security/voters.html[VoterInterface] type is not compliant when it returns only an affirmative decision (``++ACCESS_GRANTED++``):

----
class NoncompliantVoterInterface implements VoterInterface
{
    public function vote(TokenInterface $token, $subject, array $attributes)
    {
        return self::ACCESS_GRANTED; // Noncompliant
    }
}
----

* the ``++voteOnAttribute++`` method of a https://symfony.com/doc/current/security/voters.html[Voter] type is not compliant when it returns only an affirmative decision (``++true++``):

----
class NoncompliantVoter extends Voter
{
    protected function supports(string $attribute, $subject)
    {
        return true;
    }

    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)
    {
        return true; // Noncompliant
    }
}
----

In a Laravel web application:

* the ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/8.x/authorization[Gate] are not compliant when they return only an affirmative decision (``++true++`` or ``++Response::allow()++``):

----
class NoncompliantGuard
{
    public function boot()
    {
        Gate::define('xxx', function ($user) {
            return true; // Noncompliant
        });

        Gate::define('xxx', function ($user) {
            return Response::allow(); // Noncompliant
        });
    }
}
----

== Compliant Solution

In a Symfony web application:

* the ``++vote++`` method of a https://symfony.com/doc/current/security/voters.html[VoterInterface] type should return a negative decision (``++ACCESS_DENIED++``) or abstain from making a decision (``++ACCESS_ABSTAIN++``):

----
class CompliantVoterInterface implements VoterInterface
{
    public function vote(TokenInterface $token, $subject, array $attributes)
    {
        if (foo()) {
            return self::ACCESS_GRANTED; // Compliant
        } else if (bar()) {
            return self::ACCESS_ABSTAIN;
        }
        return self::ACCESS_DENIED;
    }
}
----

* the ``++voteOnAttribute++`` method of a https://symfony.com/doc/current/security/voters.html[Voter] type should return a negative decision (``++false++``):

----
class CompliantVoter extends Voter
{
    protected function supports(string $attribute, $subject)
    {
        return true;
    }

    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)
    {
        if (foo()) {
            return true; // Compliant
        }
        return false;
    }
}
----

In a Laravel web application:

* the ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/8.x/authorization[Gate] should return a negative decision (``++false++`` or ``++Response::deny()++``) or abstain from making a decision (``++null++``):

----
class NoncompliantGuard
{
    public function boot()
    {
        Gate::define('xxx', function ($user) {
            if (foo()) {
                return true; // Compliant
            }
            return false;
        });

        Gate::define('xxx', function ($user) {
            if (foo()) {
                return Response::allow(); // Compliant
            }
            return Response::deny();
        });
    }
}
----

include::../see.adoc[]
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`include::../description.adoc[]`

			`== Noncompliant Code Example`

			`In a Symfony web application:`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			* the ``++vote++`` method of a https://symfony.com/doc/current/security/voters.html[VoterInterface] type is not compliant when it returns only an affirmative decision (``++ACCESS_GRANTED++``):
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
			`----`
			`class NoncompliantVoterInterface implements VoterInterface`
			`{`
			`public function vote(TokenInterface $token, $subject, array $attributes)`
			`{`
			`return self::ACCESS_GRANTED; // Noncompliant`
			`}`
			`}`
			`----`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			* the ``++voteOnAttribute++`` method of a https://symfony.com/doc/current/security/voters.html[Voter] type is not compliant when it returns only an affirmative decision (``++true++``):
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
			`----`
			`class NoncompliantVoter extends Voter`
			`{`
			`protected function supports(string $attribute, $subject)`
			`{`
			`return true;`
			`}`

			`protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)`
			`{`
			`return true; // Noncompliant`
			`}`
			`}`
			`----`

			`In a Laravel web application:`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			* the ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/8.x/authorization[Gate] are not compliant when they return only an affirmative decision (``++true++`` or ``++Response::allow()++``):
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
			`----`
			`class NoncompliantGuard`
			`{`
			`public function boot()`
			`{`
			`Gate::define('xxx', function ($user) {`
			`return true; // Noncompliant`
			`});`

			`Gate::define('xxx', function ($user) {`
			`return Response::allow(); // Noncompliant`
			`});`
			`}`
			`}`
			`----`

			`== Compliant Solution`

			`In a Symfony web application:`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			* the ``++vote++`` method of a https://symfony.com/doc/current/security/voters.html[VoterInterface] type should return a negative decision (``++ACCESS_DENIED++``) or abstain from making a decision (``++ACCESS_ABSTAIN++``):
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
			`----`
			`class CompliantVoterInterface implements VoterInterface`
			`{`
			`public function vote(TokenInterface $token, $subject, array $attributes)`
			`{`
			`if (foo()) {`
			`return self::ACCESS_GRANTED; // Compliant`
			`} else if (bar()) {`
			`return self::ACCESS_ABSTAIN;`
			`}`
			`return self::ACCESS_DENIED;`
			`}`
			`}`
			`----`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			* the ``++voteOnAttribute++`` method of a https://symfony.com/doc/current/security/voters.html[Voter] type should return a negative decision (``++false++``):
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
			`----`
			`class CompliantVoter extends Voter`
			`{`
			`protected function supports(string $attribute, $subject)`
			`{`
			`return true;`
			`}`

			`protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)`
			`{`
			`if (foo()) {`
			`return true; // Compliant`
			`}`
			`return false;`
			`}`
			`}`
			`----`

			`In a Laravel web application:`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			* the ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/8.x/authorization[Gate] should return a negative decision (``++false++`` or ``++Response::deny()++``) or abstain from making a decision (``++null++``):
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
			`----`
			`class NoncompliantGuard`
			`{`
			`public function boot()`
			`{`
			`Gate::define('xxx', function ($user) {`
			`if (foo()) {`
			`return true; // Compliant`
			`}`
			`return false;`
			`});`

			`Gate::define('xxx', function ($user) {`
			`if (foo()) {`
			`return Response::allow(); // Compliant`
			`}`
			`return Response::deny();`
			`});`
			`}`
			`}`
			`----`

			`include::../see.adoc[]`