|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Copyright 2019 SURFnet B.V. |
|
5
|
|
|
* |
|
6
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
7
|
|
|
* you may not use this file except in compliance with the License. |
|
8
|
|
|
* You may obtain a copy of the License at |
|
9
|
|
|
* |
|
10
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0 |
|
11
|
|
|
* |
|
12
|
|
|
* Unless required by applicable law or agreed to in writing, software |
|
13
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, |
|
14
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15
|
|
|
* See the License for the specific language governing permissions and |
|
16
|
|
|
* limitations under the License. |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
namespace Surfnet\StepupMiddleware\ApiBundle\Identity\Service; |
|
20
|
|
|
|
|
21
|
|
|
use Surfnet\Stepup\Identity\Value\IdentityId; |
|
22
|
|
|
use Surfnet\Stepup\Identity\Value\Institution; |
|
23
|
|
|
use Surfnet\StepupMiddleware\ApiBundle\Identity\Repository\RaListingRepository; |
|
24
|
|
|
use Surfnet\StepupMiddleware\ApiBundle\Identity\Value\AuthorizedInstitutionCollection; |
|
25
|
|
|
use Surfnet\StepupMiddleware\ApiBundle\Identity\Value\Profile; |
|
26
|
|
|
|
|
27
|
|
|
class ProfileService extends AbstractSearchService |
|
28
|
|
|
{ |
|
29
|
|
|
/** |
|
30
|
|
|
* @var RaListingRepository |
|
31
|
|
|
*/ |
|
32
|
|
|
private $raListingRepository; |
|
33
|
|
|
|
|
34
|
|
|
/** |
|
35
|
|
|
* @var IdentityService |
|
36
|
|
|
*/ |
|
37
|
|
|
private $identityService; |
|
38
|
|
|
|
|
39
|
|
|
public function __construct( |
|
40
|
|
|
RaListingRepository $raListingRepository, |
|
41
|
|
|
IdentityService $identityService |
|
42
|
|
|
) { |
|
43
|
|
|
$this->raListingRepository = $raListingRepository; |
|
44
|
|
|
$this->identityService = $identityService; |
|
45
|
|
|
} |
|
46
|
|
|
|
|
47
|
|
|
/** |
|
48
|
|
|
* Uses the identityId to first load the ra credentials (if present) |
|
49
|
|
|
* These credentials are then used to test what type of administrator we are dealing with ((S)RA(A)). Next the |
|
50
|
|
|
* authorizations are retrieved from the InstitutionAuthorizationRepository. Finally identity is retrieved for the |
|
51
|
|
|
* provided identityId. This data is then merged in a Profile value object. |
|
52
|
|
|
* |
|
53
|
|
|
* When the profile is incorrect, for example because no identity can be found, null is returned instead of a |
|
54
|
|
|
* Profile. Its possible to retrieve profile data for a non RA user, in that case no authorization data is set |
|
55
|
|
|
* on the profile. The same goes for the SRAA user. As that user is allowed all authorizations for all institutions. |
|
56
|
|
|
* An additional isSraa flag is set to true for these administrators. |
|
57
|
|
|
* |
|
58
|
|
|
* @param $identityId |
|
59
|
|
|
* @return Profile|null |
|
60
|
|
|
*/ |
|
61
|
|
|
public function createProfile($identityId) |
|
62
|
|
|
{ |
|
63
|
|
|
$raCredentials = $this->identityService->findRegistrationAuthorityCredentialsOf($identityId); |
|
64
|
|
|
$isSraa = false; |
|
65
|
|
|
if ($raCredentials) { |
|
66
|
|
|
$isSraa = $raCredentials->isSraa(); |
|
67
|
|
|
if (!$isSraa && ($raCredentials->isRa() || $raCredentials->isRaa())) { |
|
68
|
|
|
$authorizations = $this->findAuthorizationsBy( |
|
69
|
|
|
new IdentityId($raCredentials->getIdentityId()) |
|
70
|
|
|
); |
|
71
|
|
|
} |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
$identity = $this->identityService->find($identityId); |
|
75
|
|
|
if ($identity === null) { |
|
76
|
|
|
return null; |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
// If the user is not authorized at all (non ra user), or when the user is SRAA, then build an empty collection. |
|
80
|
|
|
if (!isset($authorizations)) { |
|
81
|
|
|
$authorizations = new AuthorizedInstitutionCollection($identity->institution); |
|
|
|
|
|
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
|
|
return new Profile($identity, $authorizations, $isSraa); |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
/** |
|
88
|
|
|
* @param Institution $identity |
|
|
|
|
|
|
89
|
|
|
* @return AuthorizedInstitutionCollection |
|
90
|
|
|
*/ |
|
91
|
|
|
private function findAuthorizationsBy(IdentityId $identity) |
|
92
|
|
|
{ |
|
93
|
|
|
$authorizations = $this->raListingRepository->findByIdentityId($identity); |
|
94
|
|
|
|
|
95
|
|
|
return AuthorizedInstitutionCollection::fromInstitutionAuthorization($authorizations); |
|
96
|
|
|
} |
|
97
|
|
|
} |
|
98
|
|
|
|
OpenConext /
Stepup-Middleware
Loading history...
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.
In this case you can add the
@ignorePhpDoc annotation to the duplicate definition and it will be ignored.