2026-03-04 15:56:58 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace MintyPHP\Service\Access;
|
|
|
|
|
|
|
|
|
|
use MintyPHP\Service\Directory\DirectoryScopeGateway;
|
|
|
|
|
|
|
|
|
|
class AccessPolicyFactory
|
|
|
|
|
{
|
|
|
|
|
private ?UserAuthorizationPolicy $userAuthorizationPolicy = null;
|
|
|
|
|
private ?RoleAuthorizationPolicy $roleAuthorizationPolicy = null;
|
|
|
|
|
private ?PermissionAuthorizationPolicy $permissionAuthorizationPolicy = null;
|
|
|
|
|
private ?OperationsAuthorizationPolicy $operationsAuthorizationPolicy = null;
|
|
|
|
|
private ?SettingsAuthorizationPolicy $settingsAuthorizationPolicy = null;
|
|
|
|
|
private ?TenantAuthorizationPolicy $tenantAuthorizationPolicy = null;
|
|
|
|
|
private ?DepartmentAuthorizationPolicy $departmentAuthorizationPolicy = null;
|
|
|
|
|
private ?AuthorizationService $authorizationService = null;
|
|
|
|
|
|
|
|
|
|
public function __construct(
|
|
|
|
|
private readonly PermissionGateway $permissionGateway,
|
|
|
|
|
private readonly DirectoryScopeGateway $directoryScopeGateway
|
|
|
|
|
) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function createUserAuthorizationPolicy(): UserAuthorizationPolicy
|
|
|
|
|
{
|
|
|
|
|
return $this->userAuthorizationPolicy ??= new UserAuthorizationPolicy(
|
|
|
|
|
$this->permissionGateway,
|
|
|
|
|
$this->directoryScopeGateway
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function createRoleAuthorizationPolicy(): RoleAuthorizationPolicy
|
|
|
|
|
{
|
|
|
|
|
return $this->roleAuthorizationPolicy ??= new RoleAuthorizationPolicy($this->permissionGateway);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function createPermissionAuthorizationPolicy(): PermissionAuthorizationPolicy
|
|
|
|
|
{
|
|
|
|
|
return $this->permissionAuthorizationPolicy ??= new PermissionAuthorizationPolicy($this->permissionGateway);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function createOperationsAuthorizationPolicy(): OperationsAuthorizationPolicy
|
|
|
|
|
{
|
|
|
|
|
return $this->operationsAuthorizationPolicy ??= new OperationsAuthorizationPolicy($this->permissionGateway);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function createSettingsAuthorizationPolicy(): SettingsAuthorizationPolicy
|
|
|
|
|
{
|
|
|
|
|
return $this->settingsAuthorizationPolicy ??= new SettingsAuthorizationPolicy($this->permissionGateway);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function createTenantAuthorizationPolicy(): TenantAuthorizationPolicy
|
|
|
|
|
{
|
|
|
|
|
return $this->tenantAuthorizationPolicy ??= new TenantAuthorizationPolicy(
|
|
|
|
|
$this->permissionGateway,
|
|
|
|
|
$this->directoryScopeGateway
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function createDepartmentAuthorizationPolicy(): DepartmentAuthorizationPolicy
|
|
|
|
|
{
|
|
|
|
|
return $this->departmentAuthorizationPolicy ??= new DepartmentAuthorizationPolicy(
|
|
|
|
|
$this->permissionGateway,
|
|
|
|
|
$this->directoryScopeGateway
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-06 00:44:52 +01:00
|
|
|
// Assembles all policies into a single AuthorizationService.
|
|
|
|
|
// Policy order doesn't matter — each ability maps to exactly one policy via supports().
|
2026-03-04 15:56:58 +01:00
|
|
|
public function createAuthorizationService(): AuthorizationService
|
|
|
|
|
{
|
|
|
|
|
return $this->authorizationService ??= new AuthorizationService([
|
|
|
|
|
$this->createUserAuthorizationPolicy(),
|
|
|
|
|
$this->createRoleAuthorizationPolicy(),
|
|
|
|
|
$this->createPermissionAuthorizationPolicy(),
|
|
|
|
|
$this->createOperationsAuthorizationPolicy(),
|
|
|
|
|
$this->createSettingsAuthorizationPolicy(),
|
|
|
|
|
$this->createTenantAuthorizationPolicy(),
|
|
|
|
|
$this->createDepartmentAuthorizationPolicy(),
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
}
|