ClientCreateAuthorizationChecker - Code Metrics - samuelgfeller/slim-example-project - Measure and Improve Code Quality continuously with Scrutinizer

ClientCreateAuthorizationChecker A
last analyzed 2025-07-14 10:28 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	59
Duplicated Lines	0 %

Test Coverage

Coverage

78.26%

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	20
dl	0
loc	59
ccs	18
cts	23
cp	0.7826
rs	10
c	1
b	0
f	0
wmc	6

2 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	7	1
A	isGrantedToCreate()	0	38	5

<?php

namespace App\Module\Client\Create\Service;

use App\Application\Data\UserNetworkSessionData;
use App\Module\Authorization\Repository\AuthorizationUserRoleFinderRepository;
filter:
    dependency_paths: ["lib/*"]
use App\Module\Client\AssignUser\Service\ClientAssignUserAuthorizationChecker;
use App\Module\Client\Data\ClientData;
use App\Module\User\Enum\UserRole;
use Psr\Log\LoggerInterface;

/**
 * Check if the authenticated user is permitted to do actions.
 * Roles: newcomer < advisor < managing_advisor < administrator.
 */
final class ClientCreateAuthorizationChecker
{
    private ?int $loggedInUserId = null;

    public function __construct(
        private readonly AuthorizationUserRoleFinderRepository $authorizationUserRoleFinderRepository,
        private readonly ClientAssignUserAuthorizationChecker $clientAssignUserAuthorizationChecker,
        private readonly UserNetworkSessionData $userNetworkSessionData,
        private readonly LoggerInterface $logger,
    ) {
        $this->loggedInUserId = $this->userNetworkSessionData->userId;
    }

    /**
     * Check if the authenticated user is allowed to create client.
     *
     * @param ClientData|null $client null if check before actual client creation
     *  request otherwise it has to be provided
     *
     * @return bool
     */
    public function isGrantedToCreate(?ClientData $client = null): bool
    {
        if ($this->loggedInUserId === null) {
            $this->logger->error(
                'loggedInUserId not set while isGrantedToCreate authorization check $client: '
                . json_encode($client, JSON_PARTIAL_OUTPUT_ON_ERROR)
            );

            return false;
        }
        $authenticatedUserRoleHierarchy = $this->authorizationUserRoleFinderRepository->getRoleHierarchyByUserId(
            $this->loggedInUserId
        );
        // Returns array with role name as key and hierarchy as value ['role_name' => hierarchy_int]
        // * Lower hierarchy number means higher privileged role
        $userRoleHierarchies = $this->authorizationUserRoleFinderRepository->getUserRolesHierarchies();

        // Newcomer is not allowed to do anything
        // If hierarchy number is greater or equals newcomer it means that user is not allowed
        if ($authenticatedUserRoleHierarchy <= $userRoleHierarchies[UserRole::ADVISOR->value]) {
            // Advisor may create clients but can only assign them to themself or leave it unassigned.
            // If $client is null (not provided), advisor is authorized (being used to check if create btn should
            // be displayed in template)
            if ($client === null
                || $this->clientAssignUserAuthorizationChecker->isGrantedToAssignUserToClient(
                    $client->userId,
                    $authenticatedUserRoleHierarchy,
                    $userRoleHierarchies
                )) {
                // If authenticated user is at least advisor and client user id is themself, or it's a
                // managing_advisor (logic in isGrantedToAssignUserToClient) -> granted to create
                return true;
            }
        }

        $this->logger->notice('User ' . $this->loggedInUserId . ' tried to create client but isn\'t allowed.');

        return false;
    }
}


1		<?php
2
3		namespace App\Module\Client\Create\Service;
4
5		use App\Application\Data\UserNetworkSessionData;
6		use App\Module\Authorization\Repository\AuthorizationUserRoleFinderRepository;
		0 ignored issues – show Bug introduced 2025-01-30 13:33 UTC by Report Bug Copy Issue Report The type `App\Module\Authorization...serRoleFinderRepository` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
7		use App\Module\Client\AssignUser\Service\ClientAssignUserAuthorizationChecker;
8		use App\Module\Client\Data\ClientData;
9		use App\Module\User\Enum\UserRole;
10		use Psr\Log\LoggerInterface;
11
12		/**
13		* Check if the authenticated user is permitted to do actions.
14		* Roles: newcomer < advisor < managing_advisor < administrator.
15		*/
16		final class ClientCreateAuthorizationChecker
17		{
18		private ?int $loggedInUserId = null;
19
20	12	public function __construct(
21		private readonly AuthorizationUserRoleFinderRepository $authorizationUserRoleFinderRepository,
22		private readonly ClientAssignUserAuthorizationChecker $clientAssignUserAuthorizationChecker,
23		private readonly UserNetworkSessionData $userNetworkSessionData,
24		private readonly LoggerInterface $logger,
25		) {
26	12	$this->loggedInUserId = $this->userNetworkSessionData->userId;
27		}
28
29		/**
30		* Check if the authenticated user is allowed to create client.
31		*
32		* @param ClientData\|null $client null if check before actual client creation
33		* request otherwise it has to be provided
34		*
35		* @return bool
36		*/
37	9	public function isGrantedToCreate(?ClientData $client = null): bool
38		{
39	9	if ($this->loggedInUserId === null) {
40		$this->logger->error(
41		'loggedInUserId not set while isGrantedToCreate authorization check $client: '
42		. json_encode($client, JSON_PARTIAL_OUTPUT_ON_ERROR)
43		);
44
45		return false;
46		}
47	9	$authenticatedUserRoleHierarchy = $this->authorizationUserRoleFinderRepository->getRoleHierarchyByUserId(
48	9	$this->loggedInUserId
49	9	);
50		// Returns array with role name as key and hierarchy as value ['role_name' => hierarchy_int]
51		// * Lower hierarchy number means higher privileged role
52	9	$userRoleHierarchies = $this->authorizationUserRoleFinderRepository->getUserRolesHierarchies();
53
54		// Newcomer is not allowed to do anything
55		// If hierarchy number is greater or equals newcomer it means that user is not allowed
56	9	if ($authenticatedUserRoleHierarchy <= $userRoleHierarchies[UserRole::ADVISOR->value]) {
57		// Advisor may create clients but can only assign them to themself or leave it unassigned.
58		// If $client is null (not provided), advisor is authorized (being used to check if create btn should
59		// be displayed in template)
60	7	if ($client === null
61	7	\|\| $this->clientAssignUserAuthorizationChecker->isGrantedToAssignUserToClient(
62	7	$client->userId,
63	7	$authenticatedUserRoleHierarchy,
64	7	$userRoleHierarchies
65	7	)) {
66		// If authenticated user is at least advisor and client user id is themself, or it's a
67		// managing_advisor (logic in isGrantedToAssignUserToClient) -> granted to create
68	6	return true;
69		}
70		}
71
72	3	$this->logger->notice('User ' . $this->loggedInUserId . ' tried to create client but isn\'t allowed.');
73
74	3	return false;
75		}
76		}
77

samuelgfeller / slim-example-project

ClientCreateAuthorizationChecker A last analyzed 2025-07-14 10:28 UTC

Complexity

Size/Duplication

Test Coverage

Importance

2 Methods

Duplication Side-by-Side

Filter issues like

ClientCreateAuthorizationChecker A
last analyzed 2025-07-14 10:28 UTC