ClientAssignUserAuthorizationChecker::isGrantedToAssignUserToClient() - Code Metrics - samuelgfeller/slim-example-project - Measure and Improve Code Quality continuously with Scrutinizer

isGrantedToAssignUserToClient() B
last analyzed 2025-09-01 15:04 UTC

↳ Parent: ClientAssignUserAuthorizationChecker

Complexity

Conditions	8
Paths	13

Size

Total Lines	37
Code Lines	14

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	12
CRAP Score	9.628

Importance

Changes

Metric	Value
cc	8
eloc	14
nc	13
nop	3
dl	0
loc	37
ccs	12
cts	17
cp	0.7059
crap	9.628
rs	8.4444
c	0
b	0
f	0

<?php

namespace App\Module\Client\AssignUser\Service;

use App\Application\Data\UserNetworkSessionData;
use App\Module\Authorization\Repository\AuthorizationUserRoleFinderRepository;
filter:
    dependency_paths: ["lib/*"]
use App\Module\User\Enum\UserRole;
use Psr\Log\LoggerInterface;

/**
 * Check if the authenticated user is permitted to do actions.
 * Roles: newcomer < advisor < managing_advisor < administrator.
 */
final class ClientAssignUserAuthorizationChecker
{
    private ?int $loggedInUserId = null;

    public function __construct(
        private readonly AuthorizationUserRoleFinderRepository $authorizationUserRoleFinderRepository,
        private readonly UserNetworkSessionData $userNetworkSessionData,
        private readonly LoggerInterface $logger,
    ) {
        $this->loggedInUserId = $this->userNetworkSessionData->userId;
    }

    /**
     * Check if the authenticated user is allowed to assign user to client.
     * (Client id not needed as the same rules applies for new clients and all existing clients)
     * In own function to be used to filter dropdown options for frontend.
     *
     * @param int|string|null $assignedUserId
     * @param int|null $authenticatedUserRoleHierarchy optional so that it can be called outside this class
     * @param array|null $userRoleHierarchies optional so that it can be called outside this class
     *
     * @return bool|void
     */
    public function isGrantedToAssignUserToClient(
        int|string|null $assignedUserId,
        ?int $authenticatedUserRoleHierarchy = null,
        ?array $userRoleHierarchies = null,
    ) {
        if ($this->loggedInUserId === null) {
            $this->logger->error(
                'loggedInUserId not set while isGrantedToAssignUserToClient authorization check $assignedUserId: '
                . $assignedUserId
            );

            return false;
        }

        // $authenticatedUserRoleData and $userRoleHierarchies passed as arguments if called inside this class
        if ($authenticatedUserRoleHierarchy === null) {
            $authenticatedUserRoleHierarchy = $this->authorizationUserRoleFinderRepository->getRoleHierarchyByUserId(
                $this->loggedInUserId
            );
        }
        if ($userRoleHierarchies === null) {
            // Returns array with role name as key and hierarchy as value ['role_name' => hierarchy_int]
            // * Lower hierarchy number means higher privileged role
            $userRoleHierarchies = $this->authorizationUserRoleFinderRepository->getUserRolesHierarchies();
        }



        // If hierarchy privilege is greater or equals advisor, it means that user may assign the user to themself
        if ($authenticatedUserRoleHierarchy <= $userRoleHierarchies[UserRole::ADVISOR->value]) {
            // Advisor may create clients but can only assign them to themselves or leave it unassigned
            if ($assignedUserId === $this->loggedInUserId || $assignedUserId === null
                // managing advisor can link user to someone else
                || $authenticatedUserRoleHierarchy <= $userRoleHierarchies[UserRole::MANAGING_ADVISOR->value]) {
                // If authenticated user is at least advisor and client user id is authenticated user himself,
                // null (unassigned) or authenticated user is managing_advisor -> granted to assign
                return true;
            }
        }
    }
}


1		<?php
2
3		namespace App\Module\Client\AssignUser\Service;
4
5		use App\Application\Data\UserNetworkSessionData;
6		use App\Module\Authorization\Repository\AuthorizationUserRoleFinderRepository;
		0 ignored issues – show Bug introduced 2025-01-30 13:33 UTC by Report Bug Copy Issue Report The type `App\Module\Authorization...serRoleFinderRepository` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
7		use App\Module\User\Enum\UserRole;
8		use Psr\Log\LoggerInterface;
9
10		/**
11		* Check if the authenticated user is permitted to do actions.
12		* Roles: newcomer < advisor < managing_advisor < administrator.
13		*/
14		final class ClientAssignUserAuthorizationChecker
15		{
16		private ?int $loggedInUserId = null;
17
18	45	public function __construct(
19		private readonly AuthorizationUserRoleFinderRepository $authorizationUserRoleFinderRepository,
20		private readonly UserNetworkSessionData $userNetworkSessionData,
21		private readonly LoggerInterface $logger,
22		) {
23	45	$this->loggedInUserId = $this->userNetworkSessionData->userId;
24		}
25
26		/**
27		* Check if the authenticated user is allowed to assign user to client.
28		* (Client id not needed as the same rules applies for new clients and all existing clients)
29		* In own function to be used to filter dropdown options for frontend.
30		*
31		* @param int\|string\|null $assignedUserId
32		* @param int\|null $authenticatedUserRoleHierarchy optional so that it can be called outside this class
33		* @param array\|null $userRoleHierarchies optional so that it can be called outside this class
34		*
35		* @return bool\|void
36		*/
37	15	public function isGrantedToAssignUserToClient(
38		int\|string\|null $assignedUserId,
39		?int $authenticatedUserRoleHierarchy = null,
40		?array $userRoleHierarchies = null,
41		) {
42	15	if ($this->loggedInUserId === null) {
43		$this->logger->error(
44		'loggedInUserId not set while isGrantedToAssignUserToClient authorization check $assignedUserId: '
45		. $assignedUserId
46		);
47
48		return false;
49		}
50
51		// $authenticatedUserRoleData and $userRoleHierarchies passed as arguments if called inside this class
52	15	if ($authenticatedUserRoleHierarchy === null) {
53	6	$authenticatedUserRoleHierarchy = $this->authorizationUserRoleFinderRepository->getRoleHierarchyByUserId(
54	6	$this->loggedInUserId
55	6	);
56		}
57	15	if ($userRoleHierarchies === null) {
58		// Returns array with role name as key and hierarchy as value ['role_name' => hierarchy_int]
59		// * Lower hierarchy number means higher privileged role
60	6	$userRoleHierarchies = $this->authorizationUserRoleFinderRepository->getUserRolesHierarchies();
61		}
62
63
64
65		// If hierarchy privilege is greater or equals advisor, it means that user may assign the user to themself
66	15	if ($authenticatedUserRoleHierarchy <= $userRoleHierarchies[UserRole::ADVISOR->value]) {
67		// Advisor may create clients but can only assign them to themselves or leave it unassigned
68	13	if ($assignedUserId === $this->loggedInUserId \|\| $assignedUserId === null
69		// managing advisor can link user to someone else
70	13	\|\| $authenticatedUserRoleHierarchy <= $userRoleHierarchies[UserRole::MANAGING_ADVISOR->value]) {
71		// If authenticated user is at least advisor and client user id is authenticated user himself,
72		// null (unassigned) or authenticated user is managing_advisor -> granted to assign
73	11	return true;
74		}
75		}
76		}
77		}
78

samuelgfeller / slim-example-project

isGrantedToAssignUserToClient() B last analyzed 2025-09-01 15:04 UTC

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like

isGrantedToAssignUserToClient() B
last analyzed 2025-09-01 15:04 UTC