File tree Expand file tree Collapse file tree 5 files changed +84
-0
lines changed
Expand file tree Collapse file tree 5 files changed +84
-0
lines changed Original file line number Diff line number Diff line change 1+ <?php
2+
3+ declare (strict_types=1 );
4+
5+ namespace Contexts \Authorization \Domain \Gateway ;
6+
7+ interface AuthorizationGateway
8+ {
9+ public function canPerformAction (string $ action ): bool ;
10+ }
Original file line number Diff line number Diff line change 1+ <?php
2+
3+ declare (strict_types=1 );
4+
5+ namespace Contexts \Authorization \Domain \Policies ;
6+
7+ use App \Exceptions \BizException ;
8+ use Contexts \Authorization \Domain \Gateway \AuthorizationGateway ;
9+ use Contexts \Shared \Contracts \BaseAuthorizationPolicy ;
10+
11+ class GlobalPermissionPolicy implements BaseAuthorizationPolicy
12+ {
13+ public function __construct (private string $ action ) {}
14+
15+ public static function canPerform (string $ action )
16+ {
17+ return new self ($ action );
18+ }
19+
20+ public function check (): void
21+ {
22+ $ authorizationGateway = app (AuthorizationGateway::class);
23+
24+ if (! $ authorizationGateway ->canPerformAction ($ this ->action )) {
25+ throw BizException::make ('You are not authorized to perform this action ' )->code (403 );
26+ }
27+ }
28+ }
Original file line number Diff line number Diff line change 1+ <?php
2+
3+ declare (strict_types=1 );
4+
5+ namespace Contexts \Authorization \Infrastructure \Adapters ;
6+
7+ use Contexts \Authorization \Contracts \V1 \Services \GlobalPermissionService ;
8+ use Contexts \Authorization \Domain \Gateway \AuthorizationGateway ;
9+
10+ class AuthorizationAdapter implements AuthorizationGateway
11+ {
12+ public function __construct (
13+ private GlobalPermissionService $ globalPermissionService ,
14+ ) {}
15+
16+ public function canPerformAction (string $ action ): bool
17+ {
18+ return $ this ->globalPermissionService ->checkPermission ('authorization ' , $ action );
19+ }
20+ }
Original file line number Diff line number Diff line change 1+ <?php
2+
3+ declare (strict_types=1 );
4+
5+ use Contexts \Authorization \Domain \Policies \RolePolicy ;
6+
7+ return [
8+ 'context_default ' => [
9+ 'handler ' => RolePolicy::class,
10+ 'rules ' => [
11+ 'roles ' => ['admin ' ],
12+ ],
13+ ],
14+
15+ 'actions ' => [
16+ 'publish ' => [
17+ 'handler ' => RolePolicy::class,
18+ 'rules ' => [
19+ 'roles ' => ['admin ' ],
20+ ],
21+ ],
22+ ],
23+ ];
Original file line number Diff line number Diff line change 88use Contexts \Authorization \Application \Coordinators \GlobalPermissionServiceCoordinator ;
99use Contexts \Authorization \Contracts \V1 \Services \CurrentUserService ;
1010use Contexts \Authorization \Contracts \V1 \Services \GlobalPermissionService ;
11+ use Contexts \Authorization \Domain \Gateway \AuthorizationGateway ;
1112use Contexts \Authorization \Domain \Repositories \RoleRepository ;
1213use Contexts \Authorization \Domain \Repositories \UserRepository ;
14+ use Contexts \Authorization \Infrastructure \Adapters \AuthorizationAdapter ;
1315use Contexts \Authorization \Infrastructure \Persistence \RolePersistence ;
1416use Contexts \Authorization \Infrastructure \Persistence \UserPersistence ;
1517use Illuminate \Foundation \Support \Providers \RouteServiceProvider ;
@@ -48,6 +50,7 @@ public function map(): void
4850 $ this ->app ->bind (UserRepository::class, UserPersistence::class);
4951 $ this ->app ->bind (CurrentUserService::class, CurrentUserServiceCoordinator::class);
5052 $ this ->app ->bind (GlobalPermissionService::class, GlobalPermissionServiceCoordinator::class);
53+ $ this ->app ->bind (AuthorizationGateway::class, AuthorizationAdapter::class);
5154 }
5255
5356 public function provides (): array
You can’t perform that action at this time.
0 commit comments