UserCreateAuthorizationChecker - Code Metrics - samuelgfeller/slim-example-project - Measure and Improve Code Quality continuously with Scrutinizer

UserCreateAuthorizationChecker A
last analyzed 2025-09-01 15:04 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	66
Duplicated Lines	0 %

Test Coverage

Coverage

77.78%

Importance

Changes

Metric	Value
eloc	24
dl	0
loc	66
ccs	21
cts	27
cp	0.7778
rs	10
c	0
b	0
f	0
wmc	6

2 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	8	1
A	isGrantedToCreate()	0	44	5

<?php

namespace App\Module\User\Create\Service;

use App\Application\Data\UserNetworkSessionData;
use App\Module\Authorization\Repository\AuthorizationUserRoleFinderRepository;
filter:
    dependency_paths: ["lib/*"]
use App\Module\User\AssignRole\Service\UserAssignRoleAuthorizationChecker;
use App\Module\User\Enum\UserRole;
use Psr\Log\LoggerInterface;

/**
 * Check if authenticated user is permitted to do actions
 * Roles: newcomer < advisor < managing_advisor < administrator.
 */
final class UserCreateAuthorizationChecker
{
    private ?int $loggedInUserId = null;

    public function __construct(
        private readonly UserNetworkSessionData $userNetworkSessionData,
        private readonly AuthorizationUserRoleFinderRepository $authorizationUserRoleFinderRepository,
        private readonly UserAssignRoleAuthorizationChecker $userAssignRoleAuthorizationChecker,
        private readonly LoggerInterface $logger,
    ) {
        // Fix error $userId must not be accessed before initialization
        $this->loggedInUserId = $this->userNetworkSessionData->userId ?? null;
    }

    /**
     * Check if the authenticated user is allowed to create
     * Important to have user role in the object.
     *
     * @param array $userValues
     *
     * @return bool
     */
    public function isGrantedToCreate(array $userValues): bool
    {
        if ($this->loggedInUserId === null) {
            $this->logger->error(
                'loggedInUserId not set while authorization check isGrantedToCreate: '
                . json_encode($userValues, JSON_PARTIAL_OUTPUT_ON_ERROR)
            );

            return false;
        }
        $authenticatedUserRoleHierarchy = $this->authorizationUserRoleFinderRepository->getRoleHierarchyByUserId(
            $this->loggedInUserId
        );
        // Returns array with role name as key and hierarchy as value ['role_name' => hierarchy_int]
        // * Lower hierarchy number means higher privileged role
        $userRoleHierarchies = $this->authorizationUserRoleFinderRepository->getUserRolesHierarchies();

        // Newcomer and advisor are not allowed to do anything from other users - only user edit his own profile
        // Managing advisor may change users
        if ($authenticatedUserRoleHierarchy <= $userRoleHierarchies[UserRole::MANAGING_ADVISOR->value]) {
            // Managing advisors can do everything with users except setting a role higher than advisor
            if ($this->userAssignRoleAuthorizationChecker->userRoleIsGranted(
                $userValues['user_role_id'] ?? null,
                null,
                $authenticatedUserRoleHierarchy,
                $userRoleHierarchies
            ) === true
            ) {
                return true;
            }

            // If the user role of the user managing advisors or higher wants to change is empty, allowed
            // It's the validation's job to check if the value is valid
            if ($userValues['user_role_id'] === null) {
                return true;
            }
        }
        // There is no need to check if user wants to create his own user as he can't be logged in if the user doesn't exist

        $this->logger->notice(
            'User ' . $this->loggedInUserId . ' tried to create user but isn\'t allowed.'
        );

        return false;
    }
}


1		<?php
2
3		namespace App\Module\User\Create\Service;
4
5		use App\Application\Data\UserNetworkSessionData;
6		use App\Module\Authorization\Repository\AuthorizationUserRoleFinderRepository;
		0 ignored issues – show Bug introduced 2025-01-30 13:33 UTC by Report Bug Copy Issue Report The type `App\Module\Authorization...serRoleFinderRepository` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
7		use App\Module\User\AssignRole\Service\UserAssignRoleAuthorizationChecker;
8		use App\Module\User\Enum\UserRole;
9		use Psr\Log\LoggerInterface;
10
11		/**
12		* Check if authenticated user is permitted to do actions
13		* Roles: newcomer < advisor < managing_advisor < administrator.
14		*/
15		final class UserCreateAuthorizationChecker
16		{
17		private ?int $loggedInUserId = null;
18
19	9	public function __construct(
20		private readonly UserNetworkSessionData $userNetworkSessionData,
21		private readonly AuthorizationUserRoleFinderRepository $authorizationUserRoleFinderRepository,
22		private readonly UserAssignRoleAuthorizationChecker $userAssignRoleAuthorizationChecker,
23		private readonly LoggerInterface $logger,
24		) {
25		// Fix error $userId must not be accessed before initialization
26	9	$this->loggedInUserId = $this->userNetworkSessionData->userId ?? null;
27		}
28
29		/**
30		* Check if the authenticated user is allowed to create
31		* Important to have user role in the object.
32		*
33		* @param array $userValues
34		*
35		* @return bool
36		*/
37	9	public function isGrantedToCreate(array $userValues): bool
38		{
39	9	if ($this->loggedInUserId === null) {
40		$this->logger->error(
41		'loggedInUserId not set while authorization check isGrantedToCreate: '
42		. json_encode($userValues, JSON_PARTIAL_OUTPUT_ON_ERROR)
43		);
44
45		return false;
46		}
47	9	$authenticatedUserRoleHierarchy = $this->authorizationUserRoleFinderRepository->getRoleHierarchyByUserId(
48	9	$this->loggedInUserId
49	9	);
50		// Returns array with role name as key and hierarchy as value ['role_name' => hierarchy_int]
51		// * Lower hierarchy number means higher privileged role
52	9	$userRoleHierarchies = $this->authorizationUserRoleFinderRepository->getUserRolesHierarchies();
53
54		// Newcomer and advisor are not allowed to do anything from other users - only user edit his own profile
55		// Managing advisor may change users
56	9	if ($authenticatedUserRoleHierarchy <= $userRoleHierarchies[UserRole::MANAGING_ADVISOR->value]) {
57		// Managing advisors can do everything with users except setting a role higher than advisor
58	8	if ($this->userAssignRoleAuthorizationChecker->userRoleIsGranted(
59	8	$userValues['user_role_id'] ?? null,
60	8	null,
61	8	$authenticatedUserRoleHierarchy,
62	8	$userRoleHierarchies
63	8	) === true
64		) {
65	7	return true;
66		}
67
68		// If the user role of the user managing advisors or higher wants to change is empty, allowed
69		// It's the validation's job to check if the value is valid
70	1	if ($userValues['user_role_id'] === null) {
71		return true;
72		}
73		}
74		// There is no need to check if user wants to create his own user as he can't be logged in if the user doesn't exist
75
76	2	$this->logger->notice(
77	2	'User ' . $this->loggedInUserId . ' tried to create user but isn\'t allowed.'
78	2	);
79
80	2	return false;
81		}
82		}
83

samuelgfeller / slim-example-project

UserCreateAuthorizationChecker A last analyzed 2025-09-01 15:04 UTC

Complexity

Size/Duplication

Test Coverage

Importance

2 Methods

Duplication Side-by-Side

Filter issues like

UserCreateAuthorizationChecker A
last analyzed 2025-09-01 15:04 UTC