Resolve all non-false-positive PHPStan 2 findings, reducing the baseline from 486 to 382 entries (only unused-public false positives remain). Categories fixed: - Remove 39 redundant type checks (is_string, is_array, is_object, method_exists) - Remove 12 no-op array_values() on already-sequential lists - Simplify 13 null-coalesce on guaranteed offsets - Remove 8 always-true instanceof checks - Replace 12 redundant test assertions (assertTrue(true) → addToAssertionCount) - Simplify 6 unnecessary nullsafe operators (?-> → ->) - Fix 6 always-true !== '' comparisons - Fix remaining: unset.offset, return.unusedType, staticMethod narrowing 53 files changed across core/, modules/, pages/, and tests/. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
45 lines
1.2 KiB
PHP
45 lines
1.2 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Service\Access;
|
|
|
|
use Throwable;
|
|
|
|
class AuthorizationService
|
|
{
|
|
/** @var array<int, AuthorizationPolicyInterface> */
|
|
private array $policies = [];
|
|
|
|
/**
|
|
* @param array<int, AuthorizationPolicyInterface> $policies
|
|
*/
|
|
public function __construct(array $policies)
|
|
{
|
|
foreach ($policies as $policy) {
|
|
$this->policies[] = $policy;
|
|
}
|
|
}
|
|
|
|
public function authorize(string $ability, array $context = []): AuthorizationDecision
|
|
{
|
|
// First matching policy wins. No match → 500 (misconfiguration, not a user error).
|
|
foreach ($this->policies as $policy) {
|
|
if (!$policy->supports($ability)) {
|
|
continue;
|
|
}
|
|
|
|
try {
|
|
return $policy->authorize($ability, $context);
|
|
} catch (Throwable) {
|
|
return AuthorizationDecision::deny(500, 'authorization_failed');
|
|
}
|
|
}
|
|
|
|
return AuthorizationDecision::deny(500, 'authorization_policy_missing');
|
|
}
|
|
|
|
public function allow(string $ability, array $context = []): bool
|
|
{
|
|
return $this->authorize($ability, $context)->isAllowed();
|
|
}
|
|
}
|