|null */ private static ?array $all = null; // Tenants public const TENANT_VIEW = 'tenant.view'; public const TENANT_MANAGE = 'tenant.manage'; public const TENANT_DELETE = 'tenant.delete'; public const TENANT_SYNC = 'tenant.sync'; // Tenant memberships public const TENANT_MEMBERSHIP_VIEW = 'tenant_membership.view'; public const TENANT_MEMBERSHIP_MANAGE = 'tenant_membership.manage'; // Optional mappings (no Graph resolution in v1) public const TENANT_ROLE_MAPPING_VIEW = 'tenant_role_mapping.view'; public const TENANT_ROLE_MAPPING_MANAGE = 'tenant_role_mapping.manage'; // Backup schedules public const TENANT_BACKUP_SCHEDULES_MANAGE = 'tenant_backup_schedules.manage'; public const TENANT_BACKUP_SCHEDULES_RUN = 'tenant_backup_schedules.run'; // Providers (existing gate names used throughout the app) public const PROVIDER_VIEW = 'provider.view'; public const PROVIDER_MANAGE = 'provider.manage'; public const PROVIDER_RUN = 'provider.run'; // Audit public const AUDIT_VIEW = 'audit.view'; /** * Get all capability constants * * @return array */ public static function all(): array { if (self::$all !== null) { return self::$all; } $reflection = new \ReflectionClass(self::class); return self::$all = array_values($reflection->getConstants()); } public static function isKnown(string $capability): bool { return in_array($capability, self::all(), true); } }