0abf66041f
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
52 lines
1.4 KiB
Plaintext
52 lines
1.4 KiB
Plaintext
== How to fix it in Laravel
|
|
|
|
=== Code examples
|
|
|
|
==== Noncompliant code example
|
|
|
|
The ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/master/authorization#gates[Gate] are not compliant when they return only an affirmative decision (``++true++`` or ``++Response::allow()++``):
|
|
|
|
[source,php,diff-id=101,diff-type=noncompliant]
|
|
----
|
|
class NoncompliantGuard
|
|
{
|
|
public function boot()
|
|
{
|
|
Gate::define('xxx', function ($user) {
|
|
return true; // Noncompliant
|
|
});
|
|
|
|
Gate::define('xxx', function ($user) {
|
|
return Response::allow(); // Noncompliant
|
|
});
|
|
}
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
The ``++define++``, ``++before++``, and ``++after++`` methods of a https://laravel.com/docs/master/authorization#gates[Gate] should return a negative decision (``++false++`` or ``++Response::deny()++``) or abstain from making a decision (``++null++``):
|
|
|
|
[source,php,diff-id=101,diff-type=compliant]
|
|
----
|
|
class CompliantGuard
|
|
{
|
|
public function boot()
|
|
{
|
|
Gate::define('xxx', function ($user) {
|
|
if (foo()) {
|
|
return true;
|
|
}
|
|
return false;
|
|
});
|
|
|
|
Gate::define('xxx', function ($user) {
|
|
if (foo()) {
|
|
return Response::allow();
|
|
}
|
|
return Response::deny();
|
|
});
|
|
}
|
|
}
|
|
----
|