refactor(arch): enforce gateway compliance and remove service-wrapping gateways
This commit is contained in:
@@ -8,7 +8,6 @@ use MintyPHP\Service\Audit\AuditServicesFactory;
|
||||
class AccessGatewayFactory
|
||||
{
|
||||
private ?PermissionService $permissionService = null;
|
||||
private ?PermissionGateway $permissionGateway = null;
|
||||
|
||||
public function __construct(
|
||||
private readonly AccessRepositoryFactory $accessRepositoryFactory,
|
||||
@@ -28,8 +27,4 @@ class AccessGatewayFactory
|
||||
);
|
||||
}
|
||||
|
||||
public function createPermissionGateway(): PermissionGateway
|
||||
{
|
||||
return $this->permissionGateway ??= new PermissionGateway($this->createPermissionService());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace MintyPHP\Service\Access;
|
||||
|
||||
use MintyPHP\Service\Directory\DirectoryScopeGateway;
|
||||
use MintyPHP\Service\Tenant\TenantScopeService;
|
||||
|
||||
class AccessPolicyFactory
|
||||
{
|
||||
@@ -16,52 +16,52 @@ class AccessPolicyFactory
|
||||
private ?AuthorizationService $authorizationService = null;
|
||||
|
||||
public function __construct(
|
||||
private readonly PermissionGateway $permissionGateway,
|
||||
private readonly DirectoryScopeGateway $directoryScopeGateway
|
||||
private readonly PermissionService $permissionService,
|
||||
private readonly TenantScopeService $tenantScopeService
|
||||
) {
|
||||
}
|
||||
|
||||
public function createUserAuthorizationPolicy(): UserAuthorizationPolicy
|
||||
{
|
||||
return $this->userAuthorizationPolicy ??= new UserAuthorizationPolicy(
|
||||
$this->permissionGateway,
|
||||
$this->directoryScopeGateway
|
||||
$this->permissionService,
|
||||
$this->tenantScopeService
|
||||
);
|
||||
}
|
||||
|
||||
public function createRoleAuthorizationPolicy(): RoleAuthorizationPolicy
|
||||
{
|
||||
return $this->roleAuthorizationPolicy ??= new RoleAuthorizationPolicy($this->permissionGateway);
|
||||
return $this->roleAuthorizationPolicy ??= new RoleAuthorizationPolicy($this->permissionService);
|
||||
}
|
||||
|
||||
public function createPermissionAuthorizationPolicy(): PermissionAuthorizationPolicy
|
||||
{
|
||||
return $this->permissionAuthorizationPolicy ??= new PermissionAuthorizationPolicy($this->permissionGateway);
|
||||
return $this->permissionAuthorizationPolicy ??= new PermissionAuthorizationPolicy($this->permissionService);
|
||||
}
|
||||
|
||||
public function createOperationsAuthorizationPolicy(): OperationsAuthorizationPolicy
|
||||
{
|
||||
return $this->operationsAuthorizationPolicy ??= new OperationsAuthorizationPolicy($this->permissionGateway);
|
||||
return $this->operationsAuthorizationPolicy ??= new OperationsAuthorizationPolicy($this->permissionService);
|
||||
}
|
||||
|
||||
public function createSettingsAuthorizationPolicy(): SettingsAuthorizationPolicy
|
||||
{
|
||||
return $this->settingsAuthorizationPolicy ??= new SettingsAuthorizationPolicy($this->permissionGateway);
|
||||
return $this->settingsAuthorizationPolicy ??= new SettingsAuthorizationPolicy($this->permissionService);
|
||||
}
|
||||
|
||||
public function createTenantAuthorizationPolicy(): TenantAuthorizationPolicy
|
||||
{
|
||||
return $this->tenantAuthorizationPolicy ??= new TenantAuthorizationPolicy(
|
||||
$this->permissionGateway,
|
||||
$this->directoryScopeGateway
|
||||
$this->permissionService,
|
||||
$this->tenantScopeService
|
||||
);
|
||||
}
|
||||
|
||||
public function createDepartmentAuthorizationPolicy(): DepartmentAuthorizationPolicy
|
||||
{
|
||||
return $this->departmentAuthorizationPolicy ??= new DepartmentAuthorizationPolicy(
|
||||
$this->permissionGateway,
|
||||
$this->directoryScopeGateway
|
||||
$this->permissionService,
|
||||
$this->tenantScopeService
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -39,11 +39,6 @@ class AccessServicesFactory
|
||||
return $this->accessGatewayFactory->createPermissionService();
|
||||
}
|
||||
|
||||
public function createPermissionGateway(): PermissionGateway
|
||||
{
|
||||
return $this->accessGatewayFactory->createPermissionGateway();
|
||||
}
|
||||
|
||||
public function createUserAuthorizationPolicy(): UserAuthorizationPolicy
|
||||
{
|
||||
return $this->accessPolicyFactory()->createUserAuthorizationPolicy();
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace MintyPHP\Service\Access;
|
||||
|
||||
use MintyPHP\Service\Directory\DirectoryScopeGateway;
|
||||
use MintyPHP\Service\Tenant\TenantScopeService;
|
||||
|
||||
class DepartmentAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
{
|
||||
@@ -13,8 +13,8 @@ class DepartmentAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
public const ABILITY_ADMIN_DEPARTMENTS_DELETE = 'admin.departments.delete';
|
||||
|
||||
public function __construct(
|
||||
private readonly PermissionGateway $permissionGateway,
|
||||
private readonly DirectoryScopeGateway $scopeGateway
|
||||
private readonly PermissionService $permissionService,
|
||||
private readonly TenantScopeService $scopeGateway
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -150,7 +150,7 @@ class DepartmentAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
|
||||
private function hasPermission(int $userId, string $permissionKey): bool
|
||||
{
|
||||
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
|
||||
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
|
||||
}
|
||||
|
||||
private function capabilitiesFromDecision(AuthorizationDecision $decision): array
|
||||
|
||||
@@ -42,7 +42,7 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
|
||||
public const ABILITY_API_TOKENS_SELF_MANAGE = 'ops.api.tokens.self_manage';
|
||||
|
||||
public function __construct(
|
||||
private readonly PermissionGateway $permissionGateway
|
||||
private readonly PermissionService $permissionService
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -138,10 +138,10 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
|
||||
|
||||
private function authorizeUsersCreateCustomFields(int $actorUserId): AuthorizationDecision
|
||||
{
|
||||
if (!$this->permissionGateway->userHas($actorUserId, PermissionService::CUSTOM_FIELDS_EDIT_VALUES)) {
|
||||
if (!$this->permissionService->userHas($actorUserId, PermissionService::CUSTOM_FIELDS_EDIT_VALUES)) {
|
||||
return AuthorizationDecision::deny(403, 'forbidden');
|
||||
}
|
||||
if (!$this->permissionGateway->userHas($actorUserId, PermissionService::USERS_UPDATE_ASSIGNMENTS)) {
|
||||
if (!$this->permissionService->userHas($actorUserId, PermissionService::USERS_UPDATE_ASSIGNMENTS)) {
|
||||
return AuthorizationDecision::deny(403, 'forbidden');
|
||||
}
|
||||
return AuthorizationDecision::allow();
|
||||
@@ -149,10 +149,10 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
|
||||
|
||||
private function authorizeApiTokensSelfManage(int $actorUserId): AuthorizationDecision
|
||||
{
|
||||
if ($this->permissionGateway->userHas($actorUserId, PermissionService::USERS_SELF_UPDATE)) {
|
||||
if ($this->permissionService->userHas($actorUserId, PermissionService::USERS_SELF_UPDATE)) {
|
||||
return AuthorizationDecision::allow();
|
||||
}
|
||||
if ($this->permissionGateway->userHas($actorUserId, PermissionService::API_TOKENS_MANAGE)) {
|
||||
if ($this->permissionService->userHas($actorUserId, PermissionService::API_TOKENS_MANAGE)) {
|
||||
return AuthorizationDecision::allow();
|
||||
}
|
||||
return AuthorizationDecision::deny(403, 'forbidden');
|
||||
@@ -160,7 +160,7 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
|
||||
|
||||
private function allowIfHas(int $actorUserId, string $permissionKey): AuthorizationDecision
|
||||
{
|
||||
if (!$this->permissionGateway->userHas($actorUserId, $permissionKey)) {
|
||||
if (!$this->permissionService->userHas($actorUserId, $permissionKey)) {
|
||||
return AuthorizationDecision::deny(403, 'forbidden');
|
||||
}
|
||||
return AuthorizationDecision::allow();
|
||||
|
||||
@@ -11,7 +11,7 @@ class PermissionAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
public const ABILITY_ADMIN_PERMISSIONS_DELETE = 'admin.permissions.delete';
|
||||
|
||||
public function __construct(
|
||||
private readonly PermissionGateway $permissionGateway
|
||||
private readonly PermissionService $permissionService
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -118,7 +118,7 @@ class PermissionAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
|
||||
private function hasPermission(int $userId, string $permissionKey): bool
|
||||
{
|
||||
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
|
||||
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
|
||||
}
|
||||
|
||||
private function capabilitiesFromDecision(AuthorizationDecision $decision): array
|
||||
|
||||
@@ -1,55 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Service\Access;
|
||||
|
||||
class PermissionGateway
|
||||
{
|
||||
public function __construct(private readonly PermissionService $permissionService)
|
||||
{
|
||||
}
|
||||
|
||||
public function userHas(int $userId, string $permissionKey): bool
|
||||
{
|
||||
return $this->permissionService->userHas($userId, $permissionKey);
|
||||
}
|
||||
|
||||
public function getUserPermissions(int $userId, bool $refresh = false): array
|
||||
{
|
||||
return $this->permissionService->getUserPermissions($userId, $refresh);
|
||||
}
|
||||
|
||||
public function getCachedPermissions(int $userId): array
|
||||
{
|
||||
return $this->permissionService->getCachedPermissions($userId);
|
||||
}
|
||||
|
||||
public function clearUserCache(int $userId): void
|
||||
{
|
||||
$this->permissionService->clearUserCache($userId);
|
||||
}
|
||||
|
||||
public function listPaged(array $options): array
|
||||
{
|
||||
return $this->permissionService->listPaged($options);
|
||||
}
|
||||
|
||||
public function find(int $id): ?array
|
||||
{
|
||||
return $this->permissionService->find($id);
|
||||
}
|
||||
|
||||
public function createFromAdmin(array $input): array
|
||||
{
|
||||
return $this->permissionService->createFromAdmin($input);
|
||||
}
|
||||
|
||||
public function updateFromAdmin(int $id, array $input): array
|
||||
{
|
||||
return $this->permissionService->updateFromAdmin($id, $input);
|
||||
}
|
||||
|
||||
public function deleteById(int $id): array
|
||||
{
|
||||
return $this->permissionService->deleteById($id);
|
||||
}
|
||||
}
|
||||
@@ -11,7 +11,7 @@ class RoleAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
public const ABILITY_ADMIN_ROLES_DELETE = 'admin.roles.delete';
|
||||
|
||||
public function __construct(
|
||||
private readonly PermissionGateway $permissionGateway
|
||||
private readonly PermissionService $permissionService
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -116,7 +116,7 @@ class RoleAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
|
||||
private function hasPermission(int $userId, string $permissionKey): bool
|
||||
{
|
||||
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
|
||||
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
|
||||
}
|
||||
|
||||
private function capabilitiesFromDecision(AuthorizationDecision $decision): array
|
||||
|
||||
@@ -11,7 +11,7 @@ class SettingsAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
public const ABILITY_ADMIN_SETTINGS_USER_LIFECYCLE_RUN = 'admin.settings.user_lifecycle.run';
|
||||
|
||||
public function __construct(
|
||||
private readonly PermissionGateway $permissionGateway
|
||||
private readonly PermissionService $permissionService
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -70,6 +70,6 @@ class SettingsAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
|
||||
private function hasPermission(int $userId, string $permissionKey): bool
|
||||
{
|
||||
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
|
||||
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace MintyPHP\Service\Access;
|
||||
|
||||
use MintyPHP\Service\Directory\DirectoryScopeGateway;
|
||||
use MintyPHP\Service\Tenant\TenantScopeService;
|
||||
|
||||
class TenantAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
{
|
||||
@@ -16,8 +16,8 @@ class TenantAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
public const ABILITY_ADMIN_TENANTS_MEDIA_UPDATE = 'admin.tenants.media.update';
|
||||
|
||||
public function __construct(
|
||||
private readonly PermissionGateway $permissionGateway,
|
||||
private readonly DirectoryScopeGateway $scopeGateway
|
||||
private readonly PermissionService $permissionService,
|
||||
private readonly TenantScopeService $scopeGateway
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -223,7 +223,7 @@ class TenantAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
|
||||
private function hasPermission(int $userId, string $permissionKey): bool
|
||||
{
|
||||
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
|
||||
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
|
||||
}
|
||||
|
||||
private function capabilitiesFromDecision(AuthorizationDecision $decision): array
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace MintyPHP\Service\Access;
|
||||
|
||||
use MintyPHP\Service\Directory\DirectoryScopeGateway;
|
||||
use MintyPHP\Service\Tenant\TenantScopeService;
|
||||
|
||||
class UserAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
{
|
||||
@@ -29,8 +29,8 @@ class UserAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
public const ABILITY_API_USERS_SHOW_DELETE = 'api.users.show.delete';
|
||||
|
||||
public function __construct(
|
||||
private readonly PermissionGateway $permissionGateway,
|
||||
private readonly DirectoryScopeGateway $scopeGateway
|
||||
private readonly PermissionService $permissionService,
|
||||
private readonly TenantScopeService $scopeGateway
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -357,7 +357,7 @@ class UserAuthorizationPolicy implements AuthorizationPolicyInterface
|
||||
|
||||
private function hasPermission(int $userId, string $permissionKey): bool
|
||||
{
|
||||
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
|
||||
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
|
||||
}
|
||||
|
||||
private function canEditUserForTarget(int $actorUserId, int $targetUserId): bool
|
||||
|
||||
Reference in New Issue
Block a user