override def validateUser()

in app/controllers/PanDomainAuthActions.scala [25:39]

• 12 lines of code
• 7 McCabe index (conditional complexity)

  override def validateUser(authedUser: AuthenticatedUser): Boolean = {
    val isValid = (authedUser.user.emailDomain == "guardian.co.uk") &&
      (authedUser.multiFactor || (config.no2faUser.nonEmpty && config.no2faUser == authedUser.user.email))

    val hasAnyWorkflowPermission = hasAtLeastAccessPermission(authedUser.user.email)

    if (!isValid) {
      logger.warn(s"User ${authedUser.user.email} failed validation")
    }
    if (!hasAnyWorkflowPermission) {
      logger.warn(s"User ${authedUser.user.email} lacks any permission for workflow")
    }

    isValid && hasAnyWorkflowPermission
  }