43 lines
1.2 KiB
PHP
43 lines
1.2 KiB
PHP
|
|
<?php
|
||
|
|
|
||
|
|
namespace MintyPHP\Module\AddressBook;
|
||
|
|
|
||
|
|
use MintyPHP\Service\Access\AuthorizationDecision;
|
||
|
|
use MintyPHP\Service\Access\AuthorizationPolicyInterface;
|
||
|
|
use MintyPHP\Service\Access\PermissionService;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Authorization policy for address book abilities.
|
||
|
|
*
|
||
|
|
* Owns the 'addressbook.view' ability and delegates to the
|
||
|
|
* 'address_book.view' permission in the Core PermissionService.
|
||
|
|
*/
|
||
|
|
final class AddressBookAuthorizationPolicy implements AuthorizationPolicyInterface
|
||
|
|
{
|
||
|
|
public const ABILITY_VIEW = 'addressbook.view';
|
||
|
|
|
||
|
|
public function __construct(
|
||
|
|
private readonly PermissionService $permissionService
|
||
|
|
) {
|
||
|
|
}
|
||
|
|
|
||
|
|
public function supports(string $ability): bool
|
||
|
|
{
|
||
|
|
return $ability === self::ABILITY_VIEW;
|
||
|
|
}
|
||
|
|
|
||
|
|
public function authorize(string $ability, array $context = []): AuthorizationDecision
|
||
|
|
{
|
||
|
|
$actorUserId = (int) ($context['actor_user_id'] ?? 0);
|
||
|
|
if ($actorUserId <= 0) {
|
||
|
|
return AuthorizationDecision::deny(403, 'forbidden');
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!$this->permissionService->userHas($actorUserId, PermissionService::ADDRESS_BOOK_VIEW)) {
|
||
|
|
return AuthorizationDecision::deny(403, 'forbidden');
|
||
|
|
}
|
||
|
|
|
||
|
|
return AuthorizationDecision::allow();
|
||
|
|
}
|
||
|
|
}
|