agent foundation
This commit is contained in:
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace MintyPHP\Service\Access;
|
||||
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Repository\Access\PermissionRepositoryInterface;
|
||||
use MintyPHP\Repository\Access\RolePermissionRepositoryInterface;
|
||||
use MintyPHP\Repository\Access\UserRoleRepositoryInterface;
|
||||
@@ -15,7 +16,8 @@ class PermissionService
|
||||
private readonly PermissionRepositoryInterface $permissionRepository,
|
||||
private readonly RolePermissionRepositoryInterface $rolePermissionRepository,
|
||||
private readonly UserRoleRepositoryInterface $userRoleRepository,
|
||||
private readonly SystemAuditService $systemAuditService
|
||||
private readonly SystemAuditService $systemAuditService,
|
||||
private readonly SessionStoreInterface $sessionStore
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -86,6 +88,8 @@ class PermissionService
|
||||
return [];
|
||||
}
|
||||
|
||||
// Two-tier cache: API requests (stateless) use an in-memory array per-request;
|
||||
// web requests use the session store so permissions survive across the page lifecycle.
|
||||
if ($this->isApiRequest()) {
|
||||
if (!$refresh && isset($this->apiPermissionCache[$userId])) {
|
||||
return $this->apiPermissionCache[$userId];
|
||||
@@ -97,7 +101,7 @@ class PermissionService
|
||||
return $keys;
|
||||
}
|
||||
|
||||
$cache = $_SESSION['permissions'] ?? null;
|
||||
$cache = $this->sessionStore->get('permissions');
|
||||
if ($refresh) {
|
||||
$cache = null;
|
||||
}
|
||||
@@ -109,10 +113,10 @@ class PermissionService
|
||||
}
|
||||
$roleIds = $this->userRoleRepository->listRoleIdsByUserId($userId);
|
||||
$keys = $this->rolePermissionRepository->listPermissionKeysByRoleIds($roleIds);
|
||||
$_SESSION['permissions'] = [
|
||||
$this->sessionStore->set('permissions', [
|
||||
'user_id' => $userId,
|
||||
'keys' => $keys,
|
||||
];
|
||||
]);
|
||||
return $keys;
|
||||
}
|
||||
|
||||
@@ -126,7 +130,7 @@ class PermissionService
|
||||
return $this->apiPermissionCache[$userId] ?? [];
|
||||
}
|
||||
|
||||
$cache = $_SESSION['permissions'] ?? null;
|
||||
$cache = $this->sessionStore->get('permissions');
|
||||
if (is_array($cache) && (int) ($cache['user_id'] ?? 0) === $userId) {
|
||||
$keys = $cache['keys'] ?? [];
|
||||
return is_array($keys) ? $keys : [];
|
||||
@@ -141,12 +145,13 @@ class PermissionService
|
||||
return;
|
||||
}
|
||||
|
||||
$cache = $_SESSION['permissions'] ?? null;
|
||||
$cache = $this->sessionStore->get('permissions');
|
||||
if (is_array($cache) && (int) ($cache['user_id'] ?? 0) === $userId) {
|
||||
unset($_SESSION['permissions']);
|
||||
$this->sessionStore->remove('permissions');
|
||||
}
|
||||
}
|
||||
|
||||
// MINTY_API_REQUEST is defined in the API entry point to distinguish context at runtime.
|
||||
private function isApiRequest(): bool
|
||||
{
|
||||
return defined('MINTY_API_REQUEST');
|
||||
|
||||
Reference in New Issue
Block a user