ProfileService - Code Metrics - Inspection of "Use RA roles when testing authorizations" - OpenConext/Stepup-Middleware - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — bugfix/5.1-profile ( 934735...50d43f )

by Michiel

created 2024-02-20 13:32 UTC

ProfileService A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	71
Duplicated Lines	0 %

Importance

Changes	3
Bugs	0	Features	0

Metric	Value
eloc	24
c	3
b	0
f	0
dl	0
loc	71
rs	10
wmc	3

2 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	10	1
A	createProfile()	0	26	2

<?php

/**
 * Copyright 2019 SURFnet B.V.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */


namespace Surfnet\StepupMiddleware\ApiBundle\Identity\Service;

use Psr\Log\LoggerInterface;
use Surfnet\Stepup\Identity\Value\IdentityId;
use Surfnet\Stepup\Identity\Value\RegistrationAuthorityRole;
use Surfnet\StepupMiddleware\ApiBundle\Authorization\Service\AuthorizationContextService;
use Surfnet\StepupMiddleware\ApiBundle\Identity\Repository\RaListingRepository;
use Surfnet\StepupMiddleware\ApiBundle\Identity\Value\AuthorizedInstitutionCollection;
use Surfnet\StepupMiddleware\ApiBundle\Identity\Value\Profile;

class ProfileService extends AbstractSearchService

{
    /**
     * @var RaListingRepository
     */
    private $raListingRepository;

    /**
     * @var IdentityService
     */
    private $identityService;

    /**
     * @var AuthorizationContextService
     */
    private $authorizationService;

    public function __construct(
        RaListingRepository $raListingRepository,
        IdentityService $identityService,
        AuthorizationContextService $institutionAuthorizationService,
        LoggerInterface $logger
    ) {
        $this->raListingRepository = $raListingRepository;
        $this->identityService = $identityService;
        $this->authorizationService = $institutionAuthorizationService;
        $this->logger = $logger;

    }

    /**
     * Uses the identityId to first load the ra credentials (if present)
     * These credentials are then used to test what type of administrator we are dealing with ((S)RA(A)). Next the
     * authorizations are retrieved from the InstitutionAuthorizationRepository. Not that we distinguish between
     * implicit and explicitly appointed roles. The implicit roles are based on the institution configuration
     * (SELECT_RAA). Finally identity is retrieved for the provided identityId. This data is then merged in a Profile
     * value object.
     *
     * When the profile is incorrect, for example because no identity can be found, null is returned instead of a
     * Profile. Its possible to retrieve profile data for a non RA user, in that case no authorization data is set
     * on the profile. The same goes for the SRAA user. As that user is allowed all authorizations for all institutions.
     * An additional isSraa flag is set to true for these administrators.
     *
     * @param string $identityId

     * @return Profile|null

     */
    public function createProfile($identityId)
    {
        $identity = $this->identityService->find($identityId);
        if ($identity === null) {
            return null;
        }

        $authorizationContextRa = $this->authorizationService->buildInstitutionAuthorizationContext(
            new IdentityId($identityId),
            RegistrationAuthorityRole::ra()
        );

        $authorizationContextRaa = $this->authorizationService->buildInstitutionAuthorizationContext(
            new IdentityId($identityId),
            RegistrationAuthorityRole::raa()
        );

        $authorizations = AuthorizedInstitutionCollection::from(
            $authorizationContextRa->getInstitutions(),
            $authorizationContextRaa->getInstitutions()
        );

        return new Profile(
            $identity,
            $authorizations,
            $authorizationContextRa->isActorSraa()
        );
    }
}


1			<?php
2
3			/**
4			* Copyright 2019 SURFnet B.V.
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License");
7			* you may not use this file except in compliance with the License.
8			* You may obtain a copy of the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS,
14			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15			* See the License for the specific language governing permissions and
16			* limitations under the License.
17			*/
			0 ignored issues – show Coding Style introduced 2023-09-07 09:35 UTC by Report Bug Copy Issue Report Missing @link tag in file comment Loading history...
18
19			namespace Surfnet\StepupMiddleware\ApiBundle\Identity\Service;
20
21			use Psr\Log\LoggerInterface;
22			use Surfnet\Stepup\Identity\Value\IdentityId;
23			use Surfnet\Stepup\Identity\Value\RegistrationAuthorityRole;
24			use Surfnet\StepupMiddleware\ApiBundle\Authorization\Service\AuthorizationContextService;
25			use Surfnet\StepupMiddleware\ApiBundle\Identity\Repository\RaListingRepository;
26			use Surfnet\StepupMiddleware\ApiBundle\Identity\Value\AuthorizedInstitutionCollection;
27			use Surfnet\StepupMiddleware\ApiBundle\Identity\Value\Profile;
28
29			class ProfileService extends AbstractSearchService
			0 ignored issues – show Coding Style introduced 2023-09-07 09:35 UTC by Report Bug Copy Issue Report Missing doc comment for class ProfileService Loading history...
30			{
31			/**
32			* @var RaListingRepository
33			*/
34			private $raListingRepository;
35
36			/**
37			* @var IdentityService
38			*/
39			private $identityService;
40
41			/**
42			* @var AuthorizationContextService
43			*/
44			private $authorizationService;
45
46			public function __construct(
47			RaListingRepository $raListingRepository,
48			IdentityService $identityService,
49			AuthorizationContextService $institutionAuthorizationService,
50			LoggerInterface $logger
51			) {
52			$this->raListingRepository = $raListingRepository;
53			$this->identityService = $identityService;
54			$this->authorizationService = $institutionAuthorizationService;
55			$this->logger = $logger;
			0 ignored issues – show Bug Best Practice introduced 2024-02-20 13:37 UTC by Report Bug Copy Issue Report The property `logger` does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly. Loading history...
56			}
57
58			/**
59			* Uses the identityId to first load the ra credentials (if present)
60			* These credentials are then used to test what type of administrator we are dealing with ((S)RA(A)). Next the
61			* authorizations are retrieved from the InstitutionAuthorizationRepository. Not that we distinguish between
62			* implicit and explicitly appointed roles. The implicit roles are based on the institution configuration
63			* (SELECT_RAA). Finally identity is retrieved for the provided identityId. This data is then merged in a Profile
64			* value object.
65			*
66			* When the profile is incorrect, for example because no identity can be found, null is returned instead of a
67			* Profile. Its possible to retrieve profile data for a non RA user, in that case no authorization data is set
68			* on the profile. The same goes for the SRAA user. As that user is allowed all authorizations for all institutions.
69			* An additional isSraa flag is set to true for these administrators.
70			*
71			* @param string $identityId
			0 ignored issues – show Coding Style introduced 2023-09-07 09:35 UTC by Report Bug Copy Issue Report Tag value for @param tag indented incorrectly; expected 2 spaces but found 1 Loading history...
72			* @return Profile\|null
			0 ignored issues – show Coding Style introduced 2023-09-07 09:35 UTC by Report Bug Copy Issue Report Tag @return cannot be grouped with parameter tags in a doc comment Loading history...
73			*/
74			public function createProfile($identityId)
75			{
76			$identity = $this->identityService->find($identityId);
77			if ($identity === null) {
78			return null;
79			}
80
81			$authorizationContextRa = $this->authorizationService->buildInstitutionAuthorizationContext(
82			new IdentityId($identityId),
83			RegistrationAuthorityRole::ra()
84			);
85
86			$authorizationContextRaa = $this->authorizationService->buildInstitutionAuthorizationContext(
87			new IdentityId($identityId),
88			RegistrationAuthorityRole::raa()
89			);
90
91			$authorizations = AuthorizedInstitutionCollection::from(
92			$authorizationContextRa->getInstitutions(),
93			$authorizationContextRaa->getInstitutions()
94			);
95
96			return new Profile(
97			$identity,
98			$authorizations,
99			$authorizationContextRa->isActorSraa()
100			);
101			}
102			}
103

OpenConext / Stepup-Middleware

Push — bugfix/5.1-profile ( 934735...50d43f )

ProfileService A

Complexity

Size/Duplication

Importance

2 Methods

Duplication Side-by-Side

Filter issues like