oss-review-toolkit · fviernau · Sep 26, 2023 · Sep 25, 2023 · Sep 25, 2023 · Sep 12, 2023
@@ -188,17 +188,19 @@ data class OrtResult(
     /**
      * Return the dependencies of the given [id] (which can refer to a [Project] or a [Package]), up to and including a
      * depth of [maxLevel] where counting starts at 0 (for the [Project] or [Package] itself) and 1 are direct
-     * dependencies etc. A value below 0 means to not limit the depth.
+     * dependencies etc. A value below 0 means to not limit the depth. If [omitExcluded] is set to true, identifiers of
+     * excluded projects / packages are omitted from the result.
      */
-    fun getDependencies(id: Identifier, maxLevel: Int = -1): Set<Identifier> {
+    fun getDependencies(id: Identifier, maxLevel: Int = -1, omitExcluded: Boolean = false): Set<Identifier> {
         val dependencies = mutableSetOf<Identifier>()
+        val matcher = DependencyNavigator.MATCH_ALL.takeUnless { omitExcluded } ?: { !isExcluded(it.id) }
 
         getProjects().forEach { project ->
             if (project.id == id) {
-                dependencies += dependencyNavigator.projectDependencies(project, maxLevel)
+                dependencies += dependencyNavigator.projectDependencies(project, maxLevel, matcher)
             }
 
-            dependencies += dependencyNavigator.packageDependencies(project, id, maxLevel)
+            dependencies += dependencyNavigator.packageDependencies(project, id, maxLevel, matcher)
         }
 
         return dependencies

@@ -240,10 +240,6 @@
     "spdxElementId" : "SPDXRef-Package-Maven-seventh-package-group-seventh-package-0.0.1",
     "relationshipType" : "GENERATED_FROM",
     "relatedSpdxElement" : "SPDXRef-Package-Maven-seventh-package-group-seventh-package-0.0.1-source-artifact"
-  }, {
-    "spdxElementId" : "SPDXRef-Project-Maven-first-project-group-first-project-name-0.0.1",
-    "relationshipType" : "DEPENDS_ON",
-    "relatedSpdxElement" : "SPDXRef-Package-Maven-fifth-package-group-fifth-package-0.0.1"
   }, {
     "spdxElementId" : "SPDXRef-Project-Maven-first-project-group-first-project-name-0.0.1",
     "relationshipType" : "DEPENDS_ON",

@@ -241,9 +241,6 @@ relationships:
 - spdxElementId: "SPDXRef-Package-Maven-seventh-package-group-seventh-package-0.0.1"
   relationshipType: "GENERATED_FROM"
   relatedSpdxElement: "SPDXRef-Package-Maven-seventh-package-group-seventh-package-0.0.1-source-artifact"
-- spdxElementId: "SPDXRef-Project-Maven-first-project-group-first-project-name-0.0.1"
-  relationshipType: "DEPENDS_ON"
-  relatedSpdxElement: "SPDXRef-Package-Maven-fifth-package-group-fifth-package-0.0.1"
 - spdxElementId: "SPDXRef-Project-Maven-first-project-group-first-project-name-0.0.1"
   relationshipType: "DEPENDS_ON"
   relatedSpdxElement: "SPDXRef-Package-Maven-first-package-group-first-package-0.0.1"

@@ -70,7 +70,11 @@ internal object SpdxDocumentModelMapper : Logging {
                 ortResult
             )
 
-            ortResult.getDependencies(project.id, 1).mapTo(relationships) { dependency ->
+            ortResult.getDependencies(
+                id = project.id,
+                maxLevel = 1,
+                omitExcluded = true
+            ).mapTo(relationships) { dependency ->
                 SpdxRelationship(
                     spdxElementId = spdxProjectPackage.spdxId,
                     relationshipType = SpdxRelationship.Type.DEPENDS_ON,
@@ -91,7 +95,11 @@ internal object SpdxDocumentModelMapper : Logging {
                 ortResult
             )
 
-            ortResult.getDependencies(pkg.id, 1).mapTo(relationships) { dependency ->
+            ortResult.getDependencies(
+                id = pkg.id,
+                maxLevel = 1,
+                omitExcluded = true
+            ).mapTo(relationships) { dependency ->
                 SpdxRelationship(
                     spdxElementId = binaryPackage.spdxId,
                     relationshipType = SpdxRelationship.Type.DEPENDS_ON,