func scopedIdentity()

in lib/ic/info_release.go [208:269]

• 59 lines of code
• 17 McCabe index (conditional complexity)

func scopedIdentity(identity *ga4gh.Identity, rcp *cspb.RememberedConsentPreference, scope, iss, subject string, iat, nbf, exp int64) (*ga4gh.Identity, error) {
	normalizeRememberedConsentPreference(rcp)
	var scopes []string
	for _, s := range strings.Split(scope, " ") {
		switch s {
		case "link":
			if !rcp.ReleaseLink {
				continue
			}
		case "account_admin":
			if !rcp.ReleaseAccountAdmin {
				continue
			}
		}
		scopes = append(scopes, s)
	}

	claims := &ga4gh.Identity{
		Issuer:           iss,
		Subject:          subject,
		IssuedAt:         iat,
		NotBefore:        nbf,
		ID:               uuid.New(),
		Expiry:           exp,
		Scope:            strings.Join(scopes, " "),
		IdentityProvider: identity.IdentityProvider,
	}
	// TODO: remove this extra "ga4gh" check once DDAP is compatible.
	if hasScopes("identities", scope, matchFullScope) || hasScopes(passportScope, scope, matchFullScope) || hasScopes(ga4ghScope, scope, matchFullScope) {
		if rcp.ReleaseIdentities {
			claims.Identities = identity.Identities
		}
	}
	if hasScopes("profile", scope, matchFullScope) {
		if rcp.ReleaseProfileName {
			claims.Name = identity.Name
			claims.FamilyName = identity.FamilyName
			claims.GivenName = identity.GivenName
			claims.Username = identity.Username
		}
		if rcp.ReleaseProfileEmail {
			claims.Email = identity.Email
		}
		if rcp.ReleaseProfileOther {
			claims.Picture = identity.Picture
			claims.Locale = identity.Locale
		}
	}
	if hasScopes("ga4gh_passport_v1", scope, matchFullScope) {
		if rcp.ReleaseType == cspb.RememberedConsentPreference_ANYTHING_NEEDED {
			claims.VisaJWTs = identity.VisaJWTs
		} else {
			visas, err := releasedVisas(identity.VisaJWTs, rcp.SelectedVisas)
			if err != nil {
				return nil, err
			}
			claims.VisaJWTs = visas
		}
	}

	return claims, nil
}