rspec/rules/S5808/php/how-to-fix-it/laravel.adoc

== How to fix it in Laravel

=== Code examples

==== Noncompliant code example

The ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/master/authorization#gates[Gate] are not compliant when they return only an affirmative decision (``++true++`` or ``++Response::allow()++``):

[source,php,diff-id=101,diff-type=noncompliant]
----
class NoncompliantGuard
{
    public function boot()
    {
        Gate::define('xxx', function ($user) {
            return true; // Noncompliant
        });

        Gate::define('xxx', function ($user) {
            return Response::allow(); // Noncompliant
        });
    }
}
----

==== Compliant solution

The ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/master/authorization#gates[Gate] should return a negative decision (``++false++`` or ``++Response::deny()++``) or abstain from making a decision (``++null++``):

[source,php,diff-id=101,diff-type=compliant]
----
class CompliantGuard
{
    public function boot()
    {
        Gate::define('xxx', function ($user) {
            if (foo()) {
                return true;
            }
            return false;
        });

        Gate::define('xxx', function ($user) {
            if (foo()) {
                return Response::allow();
            }
            return Response::deny();
        });
    }
}
----
Update rule S5808: update to LaYC format (APPSEC-972) (#2991) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) 2023-09-05 15:48:54 +02:00			`== How to fix it in Laravel`

			`=== Code examples`

			`==== Noncompliant code example`

			The ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/master/authorization#gates[Gate] are not compliant when they return only an affirmative decision (``++true++`` or ``++Response::allow()++``):

			`[source,php,diff-id=101,diff-type=noncompliant]`
			`----`
			`class NoncompliantGuard`
			`{`
			`public function boot()`
			`{`
			`Gate::define('xxx', function ($user) {`
			`return true; // Noncompliant`
			`});`

			`Gate::define('xxx', function ($user) {`
			`return Response::allow(); // Noncompliant`
			`});`
			`}`
			`}`
			`----`

			`==== Compliant solution`

			The ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/master/authorization#gates[Gate] should return a negative decision (``++false++`` or ``++Response::deny()++``) or abstain from making a decision (``++null++``):

			`[source,php,diff-id=101,diff-type=compliant]`
			`----`
			`class CompliantGuard`
			`{`
			`public function boot()`
			`{`
			`Gate::define('xxx', function ($user) {`
			`if (foo()) {`
			`return true;`
			`}`
			`return false;`
			`});`

			`Gate::define('xxx', function ($user) {`
			`if (foo()) {`
			`return Response::allow();`
			`}`
			`return Response::deny();`
			`});`
			`}`
			`}`
			`----`