38 lines
1.0 KiB
PHP
38 lines
1.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Netig\Netslim\Identity\Application;
|
|
|
|
use Netig\Netslim\Identity\Domain\Entity\User;
|
|
use Netig\Netslim\Identity\Domain\Policy\RolePermissionMatrix;
|
|
|
|
/**
|
|
* Façade applicative de l'autorisation fine.
|
|
*
|
|
* Le service encapsule la matrice rôle -> permissions partagée par le core et
|
|
* constitue le point d'entrée recommandé pour les applications consommatrices.
|
|
*/
|
|
final class AuthorizationApplicationService implements AuthorizationServiceInterface
|
|
{
|
|
public function __construct(private readonly RolePermissionMatrix $permissions) {}
|
|
|
|
public function canRole(string $role, string $permission): bool
|
|
{
|
|
return $this->permissions->allows($role, $permission);
|
|
}
|
|
|
|
public function canUser(User $user, string $permission): bool
|
|
{
|
|
return $this->permissions->allows($user->getRole(), $permission);
|
|
}
|
|
|
|
/**
|
|
* @return list<string>
|
|
*/
|
|
public function permissionsForRole(string $role): array
|
|
{
|
|
return $this->permissions->permissionsForRole($role);
|
|
}
|
|
}
|