0abf66041f
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
78 lines
2.2 KiB
Plaintext
78 lines
2.2 KiB
Plaintext
== How to fix it in Symfony
|
|
|
|
=== Code examples
|
|
|
|
==== Noncompliant code example
|
|
|
|
The ``++vote++`` method of a https://symfony.com/doc/current/security/voters.html[VoterInterface] implementation is not compliant when it returns only an affirmative decision (``++ACCESS_GRANTED++``):
|
|
|
|
[source,php,diff-id=201,diff-type=noncompliant]
|
|
----
|
|
class NoncompliantVoter implements VoterInterface
|
|
{
|
|
public function vote(TokenInterface $token, $subject, array $attributes)
|
|
{
|
|
return self::ACCESS_GRANTED; // Noncompliant
|
|
}
|
|
}
|
|
----
|
|
|
|
The ``++voteOnAttribute++`` method of a https://symfony.com/doc/current/security/voters.html[Voter] class is not compliant when it returns only an affirmative decision (``++true++``):
|
|
|
|
[source,php,diff-id=202,diff-type=noncompliant]
|
|
----
|
|
class NoncompliantVoter extends Voter
|
|
{
|
|
protected function supports(string $attribute, $subject)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)
|
|
{
|
|
return true; // Noncompliant
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
The ``++vote++`` method of a https://symfony.com/doc/current/security/voters.html[VoterInterface] type should return a negative decision (``++ACCESS_DENIED++``) or abstain from making a decision (``++ACCESS_ABSTAIN++``):
|
|
|
|
[source,php,diff-id=201,diff-type=compliant]
|
|
----
|
|
class CompliantVoter implements VoterInterface
|
|
{
|
|
public function vote(TokenInterface $token, $subject, array $attributes)
|
|
{
|
|
if (foo()) {
|
|
return self::ACCESS_GRANTED;
|
|
} else if (bar()) {
|
|
return self::ACCESS_ABSTAIN;
|
|
}
|
|
return self::ACCESS_DENIED;
|
|
}
|
|
}
|
|
----
|
|
|
|
The ``++voteOnAttribute++`` method of a https://symfony.com/doc/current/security/voters.html[Voter] type should return a negative decision (``++false++``):
|
|
|
|
[source,php,diff-id=202,diff-type=compliant]
|
|
----
|
|
class CompliantVoter extends Voter
|
|
{
|
|
protected function supports(string $attribute, $subject)
|
|
{
|
|
return true;
|
|
}
|
|
|
|
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)
|
|
{
|
|
if (foo()) {
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
}
|
|
----
|