2026-02-24 08:49:40 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace MintyPHP\Service\Access;
|
|
|
|
|
|
2026-03-06 00:44:52 +01:00
|
|
|
// Immutable value object returned by every authorization policy.
|
|
|
|
|
// The $attributes bag lets policies carry extra computed data to the caller
|
|
|
|
|
// (e.g. the capabilities map built during the user-edit context check).
|
2026-02-24 08:49:40 +01:00
|
|
|
class AuthorizationDecision
|
|
|
|
|
{
|
|
|
|
|
public function __construct(
|
|
|
|
|
private readonly bool $allowed,
|
|
|
|
|
private readonly int $status = 200,
|
|
|
|
|
private readonly string $error = '',
|
|
|
|
|
private readonly array $attributes = []
|
|
|
|
|
) {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function allow(array $attributes = []): self
|
|
|
|
|
{
|
|
|
|
|
return new self(true, 200, '', $attributes);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function deny(int $status = 403, string $error = 'forbidden', array $attributes = []): self
|
|
|
|
|
{
|
|
|
|
|
return new self(false, $status, $error, $attributes);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isAllowed(): bool
|
|
|
|
|
{
|
|
|
|
|
return $this->allowed;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function status(): int
|
|
|
|
|
{
|
|
|
|
|
return $this->status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function error(): string
|
|
|
|
|
{
|
|
|
|
|
return $this->error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function attributes(): array
|
|
|
|
|
{
|
|
|
|
|
return $this->attributes;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function attribute(string $key, mixed $default = null): mixed
|
|
|
|
|
{
|
|
|
|
|
return array_key_exists($key, $this->attributes) ? $this->attributes[$key] : $default;
|
|
|
|
|
}
|
|
|
|
|
}
|