first commit

src/Identity/Application/AuthorizationApplicationService.php

@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Netig\Netslim\Identity\Application;
+
+use Netig\Netslim\Identity\Domain\Entity\User;
+use Netig\Netslim\Identity\Domain\Policy\RolePermissionMatrix;
+
+/**
+ * Façade applicative de l'autorisation fine.
+ *
+ * Le service encapsule la matrice rôle -> permissions partagée par le core et
+ * constitue le point d'entrée recommandé pour les applications consommatrices.
+ */
+final class AuthorizationApplicationService implements AuthorizationServiceInterface
+{
+    public function __construct(private readonly RolePermissionMatrix $permissions) {}
+
+    public function canRole(string $role, string $permission): bool
+    {
+        return $this->permissions->allows($role, $permission);
+    }
+
+    public function canUser(User $user, string $permission): bool
+    {
+        return $this->permissions->allows($user->getRole(), $permission);
+    }
+
+    /**
+     * @return list<string>
+     */
+    public function permissionsForRole(string $role): array
+    {
+        return $this->permissions->permissionsForRole($role);
+    }
+}