forked from fa/breadcrumb-the-shire
Move the Swagger UI viewer from core (pages/admin/api-docs/) into modules/api-docs/ as a self-contained module. Create module manifest with routes, permission, sidebar.admin_nav_item slot, asset group, and authorization policy. Remove API docs ability from core OperationsAuthorizationPolicy and UiCapabilityMap. Remove hardcoded sidebar nav item — now contributed via module slot. Add admin-automation group meta to sidebar template for module nav items. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
38 lines
1.1 KiB
PHP
38 lines
1.1 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Module\ApiDocs;
|
|
|
|
use MintyPHP\Service\Access\AuthorizationDecision;
|
|
use MintyPHP\Service\Access\AuthorizationPolicyInterface;
|
|
use MintyPHP\Service\Access\PermissionService;
|
|
|
|
final class ApiDocsAuthorizationPolicy implements AuthorizationPolicyInterface
|
|
{
|
|
public const ABILITY_VIEW = 'api_docs.view';
|
|
public const PERMISSION_KEY = 'api_docs.view';
|
|
|
|
public function __construct(
|
|
private readonly PermissionService $permissionService
|
|
) {
|
|
}
|
|
|
|
public function supports(string $ability): bool
|
|
{
|
|
return $ability === self::ABILITY_VIEW;
|
|
}
|
|
|
|
public function authorize(string $ability, array $context = []): AuthorizationDecision
|
|
{
|
|
$actorUserId = (int) ($context['actor_user_id'] ?? 0);
|
|
if ($actorUserId <= 0) {
|
|
return AuthorizationDecision::deny(403, 'forbidden');
|
|
}
|
|
|
|
if (!$this->permissionService->userHas($actorUserId, self::PERMISSION_KEY)) {
|
|
return AuthorizationDecision::deny(403, 'forbidden');
|
|
}
|
|
|
|
return AuthorizationDecision::allow();
|
|
}
|
|
}
|