Add missing self vetting token endpoint

src/Surfnet/StepupMiddlewareClient/Identity/Service/AuthorizationService.php

@@ -61,6 +61,25 @@ public function assertRegistrationOfSelfAssertedTokensIsAllowed(Identity $identi
         return $response && array_key_exists('code', $response) && $response['code'] === 200;
     }
 
+    /**
+     * Is an identity allowed to self vet using a self-asserted token?
+     *
+     * One is allowed to do so when:
+     *  - SAT is allowed for the institution of the identity
+     *  - All the tokens of the identity are vetted using the SAT vetting type
+     *
+     * @throws AccessDeniedToResourceException When the consumer isn't authorised to access given resource.
+     * @throws ResourceReadException When the server doesn't respond with the resource.
+     * @throws MalformedResponseException When the server doesn't respond with (well-formed) JSON.
+     */
+    public function assertSelfVettingOfSelfAssertedTokensIsAllowed(Identity $identity): bool
+    {
+        $response = $this->apiService->read(
+            sprintf('/authorization/may-self-vet-using-self-asserted-token/%s', $identity->id)
+        );
+        return $response && array_key_exists('code', $response) && $response['code'] === 200;
+    }
+
     /**
      * Is the Identity allowed to register a Recovery Token?
      *

src/Surfnet/StepupMiddlewareClientBundle/Identity/Service/AuthorizationService.php

@@ -34,6 +34,11 @@ public function assertRegistrationOfSelfAssertedTokensIsAllowed(Identity $identi
         return $this->authorizationService->assertRegistrationOfSelfAssertedTokensIsAllowed($identity);
     }
 
+    public function assertSelfVettingOfSelfAssertedTokensIsAllowed(Identity $identity): bool
+    {
+        return $this->authorizationService->assertSelfVettingOfSelfAssertedTokensIsAllowed($identity);
+    }
+
     public function assertRegistrationOfRecoveryTokensIsAllowed(Identity $identity): bool
     {
         return $this->authorizationService->assertRegistrationOfRecoveryTokensAreAllowed($identity);

src/Surfnet/StepupMiddlewareClientBundle/Tests/Identity/Service/AuthorizationServiceTest.php

@@ -67,6 +67,30 @@ public function test_self_asserted_tokens_authorization_can_be_performed_negativ
         $this->assertFalse($this->service->assertRegistrationOfRecoveryTokensIsAllowed($identity));
     }
 
+    public function test_self_vetting_of_tokens_authorization_can_be_performed_positive_outcome(): void
+    {
+        $identity = new Identity();
+        $identity->id = 'ff17c086-ebae-11ec-8ea0-0242ac120002';
+        $identity->commonName = 'Evangelos Odysseas Papathanassiou';
+        $this->apiService
+            ->shouldReceive('assertSelfVettingOfSelfAssertedTokensIsAllowed')
+            ->with($identity)
+            ->andReturnTrue();
+        $this->assertTrue($this->service->assertSelfVettingOfSelfAssertedTokensIsAllowed($identity));
+    }
+
+    public function test_self_vetting_of_token_authorization_can_be_performed_negative_outcome(): void
+    {
+        $identity = new Identity();
+        $identity->id = 'ff17c086-ebae-11ec-8ea0-0242ac120002';
+        $identity->commonName = 'Evangelos Odysseas Papathanassiou';
+        $this->apiService
+            ->shouldReceive('assertSelfVettingOfSelfAssertedTokensIsAllowed')
+            ->with($identity)
+            ->andReturnFalse();
+        $this->assertFalse($this->service->assertSelfVettingOfSelfAssertedTokensIsAllowed($identity));
+    }
+
     public function test_recovery_token_authorization_can_be_performed_positive_outcome(): void
     {
         $identity = new Identity();