Completed
Push — develop ( 35e2e2...34d848 )
by
unknown
14s
created

buildInstitutionAuthorizationContextForManagement()   A

Complexity

Conditions 3
Paths 3

Size

Total Lines 19

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
dl 0
loc 19
rs 9.6333
c 0
b 0
f 0
cc 3
nc 3
nop 2
1
<?php
2
3
/**
4
 * Copyright 2018 SURFnet B.V.
5
 *
6
 * Licensed under the Apache License, Version 2.0 (the "License");
7
 * you may not use this file except in compliance with the License.
8
 * You may obtain a copy of the License at
9
 *
10
 *     http://www.apache.org/licenses/LICENSE-2.0
11
 *
12
 * Unless required by applicable law or agreed to in writing, software
13
 * distributed under the License is distributed on an "AS IS" BASIS,
14
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
 * See the License for the specific language governing permissions and
16
 * limitations under the License.
17
 */
18
19
namespace Surfnet\StepupMiddleware\ApiBundle\Authorization\Service;
20
21
use Surfnet\Stepup\Identity\Value\IdentityId;
22
use Surfnet\Stepup\Identity\Value\Institution;
23
use Surfnet\StepupMiddleware\ApiBundle\Authorization\Value\InstitutionAuthorizationContext;
24
use Surfnet\StepupMiddleware\ApiBundle\Authorization\Value\InstitutionRoleSet;
25
use Surfnet\StepupMiddleware\ApiBundle\Exception\InvalidArgumentException;
26
use Surfnet\StepupMiddleware\ApiBundle\Identity\Repository\InstitutionListingRepository;
27
use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\IdentityService;
28
use Surfnet\StepupMiddleware\ApiBundle\Identity\Service\SraaService;
29
30
/**
31
 * Creates InstitutionAuthorizationContext
32
 *
33
 * The Context is enriched with the 'isSraa' setting. It verifies if the
34
 * actor id matches that of one of the SRAA's.
35
 */
36
class InstitutionAuthorizationService
37
{
38
    /**
39
     * @var SraaService
40
     */
41
    private $sraaService;
42
43
    /**
44
     * @var IdentityService
45
     */
46
    private $identityService;
47
    /**
48
     * @var InstitutionListingRepository
49
     */
50
    private $institutionListingRepository;
51
52
    public function __construct(
53
        SraaService $sraaService,
54
        IdentityService $identityService,
55
        InstitutionListingRepository $institutionListingRepository
56
    ) {
57
        $this->sraaService = $sraaService;
58
        $this->identityService = $identityService;
59
        $this->institutionListingRepository = $institutionListingRepository;
60
    }
61
62
    /**
63
     * Build the InstitutionAuthorizationContext for use in queries
64
     *
65
     * The additional test is performed to indicate if the actor is SRAA.
66
     *
67
     * @param IdentityId $actorId
68
     * @param InstitutionRoleSet $roleRequirements
69
     * @return InstitutionAuthorizationContext
70
     */
71
    public function buildInstitutionAuthorizationContext(IdentityId $actorId, InstitutionRoleSet $roleRequirements)
72
    {
73
        $identity = $this->identityService->find((string) $actorId);
74
75
        if (!$identity) {
76
            throw new InvalidArgumentException('The provided id is not associated with any known identity');
77
        }
78
79
        $sraa = $this->sraaService->findByNameId($identity->nameId);
80
        $isSraa = !is_null($sraa);
81
82
        $institutions = $this->institutionListingRepository->getInstitutionsForRaa($roleRequirements, $actorId);
83
84
        return new InstitutionAuthorizationContext($institutions, $isSraa);
85
    }
86
87
    /**
88
     * Build the InstitutionAuthorizationContext for use in queries
89
     *
90
     * The additional test is performed to indicate if the actor is SRAA.
91
     *
92
     * @param IdentityId $actorId
93
     * @param Institution $institution
94
     * @return InstitutionAuthorizationContext
95
     */
96
    public function buildInstitutionAuthorizationContextForManagement(IdentityId $actorId, Institution $institution)
97
    {
98
        $identity = $this->identityService->find((string) $actorId);
99
100
        if (!$identity) {
101
            throw new InvalidArgumentException('The provided id is not associated with any known identity');
102
        }
103
104
        $sraa = $this->sraaService->findByNameId($identity->nameId);
105
        $isSraa = !is_null($sraa);
106
107
        if ($isSraa) {
108
            $institutions = $this->institutionListingRepository->getInstitutionsForSelectRaaAsSraa($institution);
109
        } else {
110
            $institutions = $this->institutionListingRepository->getInstitutionsForSelectRaa($actorId);
111
        }
112
113
        return new InstitutionAuthorizationContext($institutions, $isSraa);
114
    }
115
}
116