fix: static analysis

yajra · Mar 17, 2024 · b6cd5b3 · b6cd5b3
1 parent c0f0f51
commit b6cd5b3
Show file tree

Hide file tree

Showing 11 changed files with 162 additions and 94 deletions.
diff --git a/src/Directives/CanAtLeastDirective.php b/src/Directives/CanAtLeastDirective.php
@@ -9,13 +9,11 @@ class CanAtLeastDirective extends DirectiveAbstract
     /**
      * Can at least blade directive compiler.
      *
-     * @throws \Exception
-     * @throws \Throwable
+     * @param  string|string[]  $permissions
      */
     public function handle(string|array $permissions): bool
     {
-        if ($this->auth->check()) {
-            // @phpstan-ignore-next-line
+        if ($this->auth->user() && method_exists($this->auth->user(), 'canAtLeast')) {
             return $this->auth->user()->canAtLeast((array) $permissions);
         }
 

diff --git a/src/Directives/RoleDirective.php b/src/Directives/RoleDirective.php
@@ -6,11 +6,12 @@ class RoleDirective extends DirectiveAbstract
 {
     /**
      * Is Role blade directive compiler.
+     *
+     * @param  string|string[]  $role
      */
     public function handle(string|array $role): bool
     {
-        if ($this->auth->check()) {
-            // @phpstan-ignore-next-line
+        if ($this->auth->user() && method_exists($this->auth->user(), 'hasRole')) {
             return $this->auth->user()->hasRole($role);
         }
 

diff --git a/src/GateRegistrar.php b/src/GateRegistrar.php
@@ -5,29 +5,31 @@
 use Exception;
 use Illuminate\Contracts\Auth\Access\Gate as GateContract;
 use Illuminate\Contracts\Cache\Repository;
-use Illuminate\Support\Collection;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Foundation\Auth\User;
 use Illuminate\Support\Str;
 use Yajra\Acl\Models\Permission;
 
 class GateRegistrar
 {
-    /**
-     * GateRegistrar constructor.
-     */
     public function __construct(public GateContract $gate, public Repository $cache)
     {
     }
 
-    /**
-     * Handle permission gate registration.
-     */
     public function register(): void
     {
-        // @phpstan-ignore-next-line
         $this->getPermissions()->each(function (Permission $permission) {
             $ability = $permission->slug;
-            $policy = fn ($user) => // @phpstan-ignore-next-line
-collect($user->getPermissions())->contains($permission->slug);
+            $policy = function (User $user) use ($permission) {
+                if (method_exists($user, 'getPermissions')) {
+                    // @phpstan-ignore-next-line
+                    $permissions = collect($user->getPermissions());
+
+                    return $permissions->contains($permission->slug);
+                }
+
+                return false;
+            };
 
             if (Str::contains($permission->slug, '@')) {
                 $policy = $permission->slug;
@@ -40,6 +42,8 @@ public function register(): void
 
     /**
      * Get all permissions.
+     *
+     * @return \Illuminate\Database\Eloquent\Collection<array-key, \Yajra\Acl\Models\Permission>
      */
     protected function getPermissions(): Collection
     {
@@ -48,21 +52,20 @@ protected function getPermissions(): Collection
 
         try {
             if (config('acl.cache.enabled', true)) {
-                // @phpstan-ignore-next-line
                 return $this->cache->rememberForever($key, fn () => $this->getPermissionClass()->with('roles')->get());
             } else {
                 return $this->getPermissionClass()->with('roles')->get();
             }
         } catch (Exception) {
             $this->cache->forget($key);
 
-            return new Collection;
+            return Collection::make();
         }
     }
 
     protected function getPermissionClass(): Permission
     {
-        /** @var class-string $class */
+        /** @var class-string<Permission> $class */
         $class = config('acl.permission', Permission::class);
 
         return resolve($class);

diff --git a/src/Middleware/CanAtLeastMiddleware.php b/src/Middleware/CanAtLeastMiddleware.php
@@ -10,16 +10,25 @@ class CanAtLeastMiddleware
     /**
      * Handle an incoming request.
      *
-     * @return mixed
+     * @param  string|string[]  $permissions
      */
-    public function handle(Request $request, Closure $next, array|string $permissions)
+    public function handle(Request $request, Closure $next, array|string $permissions): mixed
     {
         $abilities = is_array($permissions) ? $permissions : explode(',', $permissions);
 
-        if (! auth()->check() || ! auth()->user()->canAtLeast($abilities)) {
+        if ($this->deniesAccessUsing($abilities)) {
             abort(403, 'You are not allowed to view this content!');
         }
 
         return $next($request);
     }
+
+    /**
+     * @param  string[]  $abilities
+     */
+    protected function deniesAccessUsing(array $abilities): bool
+    {
+        return ! auth()->user()
+            || (method_exists(auth()->user(), 'canAtLeast') && ! auth()->user()->canAtLeast($abilities));
+    }
 }
diff --git a/src/Middleware/RoleMiddleware.php b/src/Middleware/RoleMiddleware.php
@@ -11,13 +11,16 @@ class RoleMiddleware
     /**
      * Handle an incoming request.
      *
-     * @return mixed
+     * @param  string|string[]  $role
      */
-    public function handle(Request $request, Closure $next, string $role)
+    public function handle(Request $request, Closure $next, string|array $role): mixed
     {
-        $role = Str::of($role)->split('/[|,]/')->toArray();
+        if (is_string($role)) {
+            /** @var string[] $role */
+            $role = Str::of($role)->split('/[|,]/')->toArray();
+        }
 
-        if (! auth()->user() || ! auth()->user()->hasRole($role)) {
+        if ($this->deniesAccessUsing($role)) {
             if ($request->ajax()) {
                 return response()->json([
                     'error' => [
@@ -33,4 +36,13 @@ public function handle(Request $request, Closure $next, string $role)
 
         return $next($request);
     }
+
+    /**
+     * @param  string[]  $role
+     */
+    protected function deniesAccessUsing(array $role): bool
+    {
+        return ! auth()->user()
+            || (method_exists(auth()->user(), 'hasRole') && ! auth()->user()->hasRole($role));
+    }
 }
diff --git a/src/Models/Permission.php b/src/Models/Permission.php
@@ -3,9 +3,9 @@
 namespace Yajra\Acl\Models;
 
 use Exception;
-use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+use Illuminate\Support\Collection;
 use Illuminate\Support\Str;
 use Yajra\Acl\Traits\InteractsWithRole;
 use Yajra\Acl\Traits\RefreshPermissionsCache;
@@ -20,29 +20,31 @@ class Permission extends Model
 {
     use InteractsWithRole, RefreshPermissionsCache;
 
-    /** @var string */
     protected $table = 'permissions';
 
-    /** @var string[] */
-    protected $fillable = ['name', 'slug', 'resource', 'system'];
+    protected $fillable = [
+        'name',
+        'slug',
+        'resource',
+        'system',
+    ];
 
-    /** @var array<string, string> */
-    protected $casts = ['system' => 'bool'];
+    protected $casts = [
+        'system' => 'bool',
+    ];
 
     /**
      * Find a permission by slug.
-     *
-     * @return \Illuminate\Database\Eloquent\Model|static
-     *
-     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException<\Illuminate\Database\Eloquent\Model>
      */
-    public static function findBySlug(string $slug)
+    public static function findBySlug(string $slug): Permission
     {
         return static::query()->where('slug', $slug)->firstOrFail();
     }
 
     /**
      * Create a permissions for a resource.
+     *
+     * @return \Illuminate\Support\Collection<array-key, \Yajra\Acl\Models\Permission>
      */
     public static function createResource(string $resource, bool $system = false): Collection
     {
@@ -95,10 +97,12 @@ public static function createResource(string $resource, bool $system = false): C
 
     /**
      * Permission can belong to many users.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\BelongsToMany<\Illuminate\Foundation\Auth\User>
      */
     public function users(): BelongsToMany
     {
-        /** @var class-string $model */
+        /** @var class-string<\Illuminate\Foundation\Auth\User> $model */
         $model = config('acl.user', config('auth.providers.users.model'));
 
         return $this->belongsToMany($model)->withTimestamps();

diff --git a/src/Models/Role.php b/src/Models/Role.php
@@ -17,35 +17,35 @@ class Role extends Model
 {
     use HasPermission, RefreshPermissionsCache;
 
-    /** @var string */
     protected $table = 'roles';
 
-    /** @var string[] */
-    protected $fillable = ['name', 'slug', 'description', 'system'];
+    protected $fillable = [
+        'name',
+        'slug',
+        'description',
+        'system',
+    ];
 
-    /** @var array<string, string> */
     protected $casts = [
         'system' => 'bool',
     ];
 
     /**
      * Find a role by slug.
-     *
-     * @return \Illuminate\Database\Eloquent\Model|static
-     *
-     * @throws \Illuminate\Database\Eloquent\ModelNotFoundException
      */
-    public static function findBySlug(string $slug)
+    public static function findBySlug(string $slug): Role
     {
         return static::query()->where('slug', $slug)->firstOrFail();
     }
 
     /**
      * Roles can belong to many users.
+     *
+     * @return \Illuminate\Database\Eloquent\Relations\BelongsToMany<\Illuminate\Foundation\Auth\User>
      */
     public function users(): BelongsToMany
     {
-        /** @var class-string $model */
+        /** @var class-string<\Illuminate\Foundation\Auth\User> $model */
         $model = config('acl.user', config('auth.providers.users.model'));
 
         return $this->belongsToMany($model)->withTimestamps();

diff --git a/src/Traits/HasPermission.php b/src/Traits/HasPermission.php
@@ -2,14 +2,24 @@
 
 namespace Yajra\Acl\Traits;
 
-use Yajra\Acl\Models\Permission;
-
 trait HasPermission
 {
     use InteractsWithPermission;
 
+    /**
+     * Checks if the role does not have the given permission.
+     *
+     * @param  string|string[]  $permission
+     */
+    public function cannot(array|string $permission): bool
+    {
+        return ! $this->can($permission);
+    }
+
     /**
      * Checks if the role has the given permission.
+     *
+     * @param  string|string[]  $permission
      */
     public function can(array|string $permission): bool
     {
@@ -26,16 +36,10 @@ public function can(array|string $permission): bool
         return in_array($permission, $permissions);
     }
 
-    /**
-     * Checks if the role does not have the given permission.
-     */
-    public function cannot(array|string $permission): bool
-    {
-        return ! $this->can($permission);
-    }
-
     /**
      * Check if the role has at least one of the given permissions.
+     *
+     * @param  string|string[]  $permission
      */
     public function canAtLeast(string|array $permission): bool
     {