isMember; } public function isContextMissing(): bool { return in_array($this->denialReason, [ 'context_missing', 'workspace_missing', 'environment_missing', 'tenant_missing', ], true); } /** * Members without capability should receive 403 (forbidden). */ public function shouldDenyAsForbidden(): bool { return $this->isMember && ! $this->hasCapability; } /** * User is authorized to perform the action. */ public function isAuthorized(): bool { return $this->isMember && $this->hasCapability; } }