refactor(arch): enforce gateway compliance and remove service-wrapping gateways

This commit is contained in:
2026-03-13 11:31:33 +01:00
parent 082fa4c9a5
commit 892da0048d
96 changed files with 1117 additions and 1060 deletions

View File

@@ -8,7 +8,6 @@ use MintyPHP\Service\Audit\AuditServicesFactory;
class AccessGatewayFactory
{
private ?PermissionService $permissionService = null;
private ?PermissionGateway $permissionGateway = null;
public function __construct(
private readonly AccessRepositoryFactory $accessRepositoryFactory,
@@ -28,8 +27,4 @@ class AccessGatewayFactory
);
}
public function createPermissionGateway(): PermissionGateway
{
return $this->permissionGateway ??= new PermissionGateway($this->createPermissionService());
}
}

View File

@@ -2,7 +2,7 @@
namespace MintyPHP\Service\Access;
use MintyPHP\Service\Directory\DirectoryScopeGateway;
use MintyPHP\Service\Tenant\TenantScopeService;
class AccessPolicyFactory
{
@@ -16,52 +16,52 @@ class AccessPolicyFactory
private ?AuthorizationService $authorizationService = null;
public function __construct(
private readonly PermissionGateway $permissionGateway,
private readonly DirectoryScopeGateway $directoryScopeGateway
private readonly PermissionService $permissionService,
private readonly TenantScopeService $tenantScopeService
) {
}
public function createUserAuthorizationPolicy(): UserAuthorizationPolicy
{
return $this->userAuthorizationPolicy ??= new UserAuthorizationPolicy(
$this->permissionGateway,
$this->directoryScopeGateway
$this->permissionService,
$this->tenantScopeService
);
}
public function createRoleAuthorizationPolicy(): RoleAuthorizationPolicy
{
return $this->roleAuthorizationPolicy ??= new RoleAuthorizationPolicy($this->permissionGateway);
return $this->roleAuthorizationPolicy ??= new RoleAuthorizationPolicy($this->permissionService);
}
public function createPermissionAuthorizationPolicy(): PermissionAuthorizationPolicy
{
return $this->permissionAuthorizationPolicy ??= new PermissionAuthorizationPolicy($this->permissionGateway);
return $this->permissionAuthorizationPolicy ??= new PermissionAuthorizationPolicy($this->permissionService);
}
public function createOperationsAuthorizationPolicy(): OperationsAuthorizationPolicy
{
return $this->operationsAuthorizationPolicy ??= new OperationsAuthorizationPolicy($this->permissionGateway);
return $this->operationsAuthorizationPolicy ??= new OperationsAuthorizationPolicy($this->permissionService);
}
public function createSettingsAuthorizationPolicy(): SettingsAuthorizationPolicy
{
return $this->settingsAuthorizationPolicy ??= new SettingsAuthorizationPolicy($this->permissionGateway);
return $this->settingsAuthorizationPolicy ??= new SettingsAuthorizationPolicy($this->permissionService);
}
public function createTenantAuthorizationPolicy(): TenantAuthorizationPolicy
{
return $this->tenantAuthorizationPolicy ??= new TenantAuthorizationPolicy(
$this->permissionGateway,
$this->directoryScopeGateway
$this->permissionService,
$this->tenantScopeService
);
}
public function createDepartmentAuthorizationPolicy(): DepartmentAuthorizationPolicy
{
return $this->departmentAuthorizationPolicy ??= new DepartmentAuthorizationPolicy(
$this->permissionGateway,
$this->directoryScopeGateway
$this->permissionService,
$this->tenantScopeService
);
}

View File

@@ -39,11 +39,6 @@ class AccessServicesFactory
return $this->accessGatewayFactory->createPermissionService();
}
public function createPermissionGateway(): PermissionGateway
{
return $this->accessGatewayFactory->createPermissionGateway();
}
public function createUserAuthorizationPolicy(): UserAuthorizationPolicy
{
return $this->accessPolicyFactory()->createUserAuthorizationPolicy();

View File

@@ -2,7 +2,7 @@
namespace MintyPHP\Service\Access;
use MintyPHP\Service\Directory\DirectoryScopeGateway;
use MintyPHP\Service\Tenant\TenantScopeService;
class DepartmentAuthorizationPolicy implements AuthorizationPolicyInterface
{
@@ -13,8 +13,8 @@ class DepartmentAuthorizationPolicy implements AuthorizationPolicyInterface
public const ABILITY_ADMIN_DEPARTMENTS_DELETE = 'admin.departments.delete';
public function __construct(
private readonly PermissionGateway $permissionGateway,
private readonly DirectoryScopeGateway $scopeGateway
private readonly PermissionService $permissionService,
private readonly TenantScopeService $scopeGateway
) {
}
@@ -150,7 +150,7 @@ class DepartmentAuthorizationPolicy implements AuthorizationPolicyInterface
private function hasPermission(int $userId, string $permissionKey): bool
{
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
}
private function capabilitiesFromDecision(AuthorizationDecision $decision): array

View File

@@ -42,7 +42,7 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
public const ABILITY_API_TOKENS_SELF_MANAGE = 'ops.api.tokens.self_manage';
public function __construct(
private readonly PermissionGateway $permissionGateway
private readonly PermissionService $permissionService
) {
}
@@ -138,10 +138,10 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
private function authorizeUsersCreateCustomFields(int $actorUserId): AuthorizationDecision
{
if (!$this->permissionGateway->userHas($actorUserId, PermissionService::CUSTOM_FIELDS_EDIT_VALUES)) {
if (!$this->permissionService->userHas($actorUserId, PermissionService::CUSTOM_FIELDS_EDIT_VALUES)) {
return AuthorizationDecision::deny(403, 'forbidden');
}
if (!$this->permissionGateway->userHas($actorUserId, PermissionService::USERS_UPDATE_ASSIGNMENTS)) {
if (!$this->permissionService->userHas($actorUserId, PermissionService::USERS_UPDATE_ASSIGNMENTS)) {
return AuthorizationDecision::deny(403, 'forbidden');
}
return AuthorizationDecision::allow();
@@ -149,10 +149,10 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
private function authorizeApiTokensSelfManage(int $actorUserId): AuthorizationDecision
{
if ($this->permissionGateway->userHas($actorUserId, PermissionService::USERS_SELF_UPDATE)) {
if ($this->permissionService->userHas($actorUserId, PermissionService::USERS_SELF_UPDATE)) {
return AuthorizationDecision::allow();
}
if ($this->permissionGateway->userHas($actorUserId, PermissionService::API_TOKENS_MANAGE)) {
if ($this->permissionService->userHas($actorUserId, PermissionService::API_TOKENS_MANAGE)) {
return AuthorizationDecision::allow();
}
return AuthorizationDecision::deny(403, 'forbidden');
@@ -160,7 +160,7 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
private function allowIfHas(int $actorUserId, string $permissionKey): AuthorizationDecision
{
if (!$this->permissionGateway->userHas($actorUserId, $permissionKey)) {
if (!$this->permissionService->userHas($actorUserId, $permissionKey)) {
return AuthorizationDecision::deny(403, 'forbidden');
}
return AuthorizationDecision::allow();

View File

@@ -11,7 +11,7 @@ class PermissionAuthorizationPolicy implements AuthorizationPolicyInterface
public const ABILITY_ADMIN_PERMISSIONS_DELETE = 'admin.permissions.delete';
public function __construct(
private readonly PermissionGateway $permissionGateway
private readonly PermissionService $permissionService
) {
}
@@ -118,7 +118,7 @@ class PermissionAuthorizationPolicy implements AuthorizationPolicyInterface
private function hasPermission(int $userId, string $permissionKey): bool
{
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
}
private function capabilitiesFromDecision(AuthorizationDecision $decision): array

View File

@@ -1,55 +0,0 @@
<?php
namespace MintyPHP\Service\Access;
class PermissionGateway
{
public function __construct(private readonly PermissionService $permissionService)
{
}
public function userHas(int $userId, string $permissionKey): bool
{
return $this->permissionService->userHas($userId, $permissionKey);
}
public function getUserPermissions(int $userId, bool $refresh = false): array
{
return $this->permissionService->getUserPermissions($userId, $refresh);
}
public function getCachedPermissions(int $userId): array
{
return $this->permissionService->getCachedPermissions($userId);
}
public function clearUserCache(int $userId): void
{
$this->permissionService->clearUserCache($userId);
}
public function listPaged(array $options): array
{
return $this->permissionService->listPaged($options);
}
public function find(int $id): ?array
{
return $this->permissionService->find($id);
}
public function createFromAdmin(array $input): array
{
return $this->permissionService->createFromAdmin($input);
}
public function updateFromAdmin(int $id, array $input): array
{
return $this->permissionService->updateFromAdmin($id, $input);
}
public function deleteById(int $id): array
{
return $this->permissionService->deleteById($id);
}
}

View File

@@ -11,7 +11,7 @@ class RoleAuthorizationPolicy implements AuthorizationPolicyInterface
public const ABILITY_ADMIN_ROLES_DELETE = 'admin.roles.delete';
public function __construct(
private readonly PermissionGateway $permissionGateway
private readonly PermissionService $permissionService
) {
}
@@ -116,7 +116,7 @@ class RoleAuthorizationPolicy implements AuthorizationPolicyInterface
private function hasPermission(int $userId, string $permissionKey): bool
{
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
}
private function capabilitiesFromDecision(AuthorizationDecision $decision): array

View File

@@ -11,7 +11,7 @@ class SettingsAuthorizationPolicy implements AuthorizationPolicyInterface
public const ABILITY_ADMIN_SETTINGS_USER_LIFECYCLE_RUN = 'admin.settings.user_lifecycle.run';
public function __construct(
private readonly PermissionGateway $permissionGateway
private readonly PermissionService $permissionService
) {
}
@@ -70,6 +70,6 @@ class SettingsAuthorizationPolicy implements AuthorizationPolicyInterface
private function hasPermission(int $userId, string $permissionKey): bool
{
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
}
}

View File

@@ -2,7 +2,7 @@
namespace MintyPHP\Service\Access;
use MintyPHP\Service\Directory\DirectoryScopeGateway;
use MintyPHP\Service\Tenant\TenantScopeService;
class TenantAuthorizationPolicy implements AuthorizationPolicyInterface
{
@@ -16,8 +16,8 @@ class TenantAuthorizationPolicy implements AuthorizationPolicyInterface
public const ABILITY_ADMIN_TENANTS_MEDIA_UPDATE = 'admin.tenants.media.update';
public function __construct(
private readonly PermissionGateway $permissionGateway,
private readonly DirectoryScopeGateway $scopeGateway
private readonly PermissionService $permissionService,
private readonly TenantScopeService $scopeGateway
) {
}
@@ -223,7 +223,7 @@ class TenantAuthorizationPolicy implements AuthorizationPolicyInterface
private function hasPermission(int $userId, string $permissionKey): bool
{
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
}
private function capabilitiesFromDecision(AuthorizationDecision $decision): array

View File

@@ -2,7 +2,7 @@
namespace MintyPHP\Service\Access;
use MintyPHP\Service\Directory\DirectoryScopeGateway;
use MintyPHP\Service\Tenant\TenantScopeService;
class UserAuthorizationPolicy implements AuthorizationPolicyInterface
{
@@ -29,8 +29,8 @@ class UserAuthorizationPolicy implements AuthorizationPolicyInterface
public const ABILITY_API_USERS_SHOW_DELETE = 'api.users.show.delete';
public function __construct(
private readonly PermissionGateway $permissionGateway,
private readonly DirectoryScopeGateway $scopeGateway
private readonly PermissionService $permissionService,
private readonly TenantScopeService $scopeGateway
) {
}
@@ -357,7 +357,7 @@ class UserAuthorizationPolicy implements AuthorizationPolicyInterface
private function hasPermission(int $userId, string $permissionKey): bool
{
return $userId > 0 && $this->permissionGateway->userHas($userId, $permissionKey);
return $userId > 0 && $this->permissionService->userHas($userId, $permissionKey);
}
private function canEditUserForTarget(int $actorUserId, int $targetUserId): bool