InstitutionAuthorizationService::getInstitutions() - Code Metrics - Inspection of "Refactored the auth filter to confirm to KISS" - OpenConext/Stepup-Middleware - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — feature/tokens-sraa ( cf9115...9c65ea )

unknown

created 2019-02-05 16:40 UTC

InstitutionAuthorizationService::getInstitutions() A

↳ Parent: InstitutionAuthorizationService

Complexity

Conditions	2
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	22
rs	9.568
c	0
b	0
f	0
cc	2
nc	2
nop	2

<?php

/**
 * Copyright 2018 SURFnet B.V.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

namespace Surfnet\StepupMiddleware\ApiBundle\Authorization\Service;

use Doctrine\ORM\Query\Expr\Join;
use Surfnet\Stepup\Configuration\Value\InstitutionRole;
use Surfnet\Stepup\Identity\Collection\InstitutionCollection;
use Surfnet\Stepup\Identity\Value\IdentityId;
use Surfnet\Stepup\Identity\Value\Institution;
use Surfnet\StepupMiddleware\ApiBundle\Authorization\Value\InstitutionAuthorizationContext;
use Surfnet\StepupMiddleware\ApiBundle\Authorization\Value\InstitutionRoleSet;
use Surfnet\StepupMiddleware\ApiBundle\Configuration\Entity\InstitutionAuthorization;
use Surfnet\StepupMiddleware\ApiBundle\Exception\InvalidArgumentException;
use Surfnet\StepupMiddleware\ApiBundle\Identity\Entity\RaListing;
use Surfnet\StepupMiddleware\ApiBundle\Identity\Repository\InstitutionListingRepository;
use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\IdentityService;
use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\SraaService;

/**
 * Creates InstitutionAuthorizationContext
 *
 * The Context is enriched with the 'isSraa' setting. It verifies if the
 * actor id matches that of one of the SRAA's.
 */
class InstitutionAuthorizationService
{
    /**
     * @var SraaService
     */
    private $sraaService;

    /**
     * @var IdentityService
     */
    private $identityService;
    /**
     * @var InstitutionListingRepository
     */
    private $institutionListingRepository;

    public function __construct(
        SraaService $sraaService,
        IdentityService $identityService,
        InstitutionListingRepository $institutionListingRepository
    ) {
        $this->sraaService = $sraaService;
        $this->identityService = $identityService;
        $this->institutionListingRepository = $institutionListingRepository;
    }

    /**
     * Build the InstitutionAuthorizationContext for use in queries
     *
     * The additional test is performed to indicate if the actor is SRAA.
     *
     * @param Institution $actorInstitution
     * @param InstitutionRoleSet $roleRequirements
     * @param IdentityId $actorId
     * @return InstitutionAuthorizationContext
     */
    public function buildInstitutionAuthorizationContext(Institution $actorInstitution, InstitutionRoleSet $roleRequirements, IdentityId $actorId)
    {
        $identity = $this->identityService->find((string) $actorId);

        if (!$identity) {
            throw new InvalidArgumentException('The provided id is not associated with any known identity');
        }

        $sraa = $this->sraaService->findByNameId($identity->nameId);
        $isSraa = !is_null($sraa);

        $institutions = $this->getInstitutions($roleRequirements, $actorId);

        return new InstitutionAuthorizationContext($actorInstitution, $roleRequirements, $institutions, $isSraa);
    }

    /**
     * @param InstitutionRoleSet $roleRequirements
     * @param IdentityId $actorId
     * @return InstitutionCollection
     */
    private function getInstitutions(InstitutionRoleSet $roleRequirements, IdentityId $actorId) {
        $qb = $this->institutionListingRepository->createQueryBuilder('i')
            ->select("a.institution")
            ->innerJoin(RaListing::class, 'r', Join::WITH, "i.institution = r.raInstitution")
            ->leftJoin(InstitutionAuthorization::class, 'a', Join::WITH, "i.institution = a.institutionRelation AND a.institutionRole IN (:authorizationRoles)")
            ->where("r.identityId = :identityId AND r.role IN(:roles)")
            ->groupBy("a.institution");


        $qb->setParameter('identityId', (string)$actorId);
        $qb->setParameter('authorizationRoles', $this->getAuthorizationRoles($roleRequirements, [InstitutionRole::ROLE_USE_RA => InstitutionRole::ROLE_USE_RA, InstitutionRole::ROLE_USE_RAA => InstitutionRole::ROLE_USE_RAA]));
        $qb->setParameter('roles', $this->getAuthorizationRoles($roleRequirements, [InstitutionRole::ROLE_USE_RA => 'ra', InstitutionRole::ROLE_USE_RAA => 'raa']));

        $institutions = $qb->getQuery()->getArrayResult();

        $result = new InstitutionCollection();
        foreach ($institutions as $institution) {
            $result->add(new Institution((string)$institution['institution']));
        }

        return $result;
    }

    /**
     * @param InstitutionRoleSet $roleRequirements
     * @param array $map
     * @return array
     */
    private function getAuthorizationRoles(InstitutionRoleSet $roleRequirements, array $map)
    {
        $result = [];
        foreach ($roleRequirements->getRoles() as $role) {
            $result[] = $map[(string)$role];
        }
        return $result;
    }
}


1			<?php
2
3			/**
4			* Copyright 2018 SURFnet B.V.
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
18
19			namespace Surfnet\StepupMiddleware\ApiBundle\Authorization\Service;
20
21			use Doctrine\ORM\Query\Expr\Join;
22			use Surfnet\Stepup\Configuration\Value\InstitutionRole;
23			use Surfnet\Stepup\Identity\Collection\InstitutionCollection;
24			use Surfnet\Stepup\Identity\Value\IdentityId;
25			use Surfnet\Stepup\Identity\Value\Institution;
26			use Surfnet\StepupMiddleware\ApiBundle\Authorization\Value\InstitutionAuthorizationContext;
27			use Surfnet\StepupMiddleware\ApiBundle\Authorization\Value\InstitutionRoleSet;
28			use Surfnet\StepupMiddleware\ApiBundle\Configuration\Entity\InstitutionAuthorization;
29			use Surfnet\StepupMiddleware\ApiBundle\Exception\InvalidArgumentException;
30			use Surfnet\StepupMiddleware\ApiBundle\Identity\Entity\RaListing;
31			use Surfnet\StepupMiddleware\ApiBundle\Identity\Repository\InstitutionListingRepository;
32			use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\IdentityService;
33			use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\SraaService;
34
35			/**
36			* Creates InstitutionAuthorizationContext
37			*
38			* The Context is enriched with the 'isSraa' setting. It verifies if the
39			* actor id matches that of one of the SRAA's.
40			*/
41			class InstitutionAuthorizationService
42			{
43			/**
44			* @var SraaService
45			*/
46			private $sraaService;
47
48			/**
49			* @var IdentityService
50			*/
51			private $identityService;
52			/**
53			* @var InstitutionListingRepository
54			*/
55			private $institutionListingRepository;
56
57			public function __construct(
58			SraaService $sraaService,
59			IdentityService $identityService,
60			InstitutionListingRepository $institutionListingRepository
61			) {
62			$this->sraaService = $sraaService;
63			$this->identityService = $identityService;
64			$this->institutionListingRepository = $institutionListingRepository;
65			}
66
67			/**
68			* Build the InstitutionAuthorizationContext for use in queries
69			*
70			* The additional test is performed to indicate if the actor is SRAA.
71			*
72			* @param Institution $actorInstitution
73			* @param InstitutionRoleSet $roleRequirements
74			* @param IdentityId $actorId
75			* @return InstitutionAuthorizationContext
76			*/
77			public function buildInstitutionAuthorizationContext(Institution $actorInstitution, InstitutionRoleSet $roleRequirements, IdentityId $actorId)
78			{
79			$identity = $this->identityService->find((string) $actorId);
80
81			if (!$identity) {
82			throw new InvalidArgumentException('The provided id is not associated with any known identity');
83			}
84
85			$sraa = $this->sraaService->findByNameId($identity->nameId);
86			$isSraa = !is_null($sraa);
87
88			$institutions = $this->getInstitutions($roleRequirements, $actorId);
89
90			return new InstitutionAuthorizationContext($actorInstitution, $roleRequirements, $institutions, $isSraa);
91			}
92
93			/**
94			* @param InstitutionRoleSet $roleRequirements
95			* @param IdentityId $actorId
96			* @return InstitutionCollection
97			*/
98			private function getInstitutions(InstitutionRoleSet $roleRequirements, IdentityId $actorId) {
99			$qb = $this->institutionListingRepository->createQueryBuilder('i')
100			->select("a.institution")
101			->innerJoin(RaListing::class, 'r', Join::WITH, "i.institution = r.raInstitution")
102			->leftJoin(InstitutionAuthorization::class, 'a', Join::WITH, "i.institution = a.institutionRelation AND a.institutionRole IN (:authorizationRoles)")
103			->where("r.identityId = :identityId AND r.role IN(:roles)")
104			->groupBy("a.institution");
105
106
107			$qb->setParameter('identityId', (string)$actorId);
108			$qb->setParameter('authorizationRoles', $this->getAuthorizationRoles($roleRequirements, [InstitutionRole::ROLE_USE_RA => InstitutionRole::ROLE_USE_RA, InstitutionRole::ROLE_USE_RAA => InstitutionRole::ROLE_USE_RAA]));
109			$qb->setParameter('roles', $this->getAuthorizationRoles($roleRequirements, [InstitutionRole::ROLE_USE_RA => 'ra', InstitutionRole::ROLE_USE_RAA => 'raa']));
110
111			$institutions = $qb->getQuery()->getArrayResult();
112
113			$result = new InstitutionCollection();
114			foreach ($institutions as $institution) {
115			$result->add(new Institution((string)$institution['institution']));
116			}
117
118			return $result;
119			}
120
121			/**
122			* @param InstitutionRoleSet $roleRequirements
123			* @param array $map
124			* @return array
125			*/
126			private function getAuthorizationRoles(InstitutionRoleSet $roleRequirements, array $map)
127			{
128			$result = [];
129			foreach ($roleRequirements->getRoles() as $role) {
130			$result[] = $map[(string)$role];
131			}
132			return $result;
133			}
134			}
135

OpenConext / Stepup-Middleware

Push — feature/tokens-sraa ( cf9115...9c65ea )

InstitutionAuthorizationService::getInstitutions() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like