|null */ private static ?array $all = null; // Workspaces public const WORKSPACE_VIEW = 'workspace.view'; public const WORKSPACE_MANAGE = 'workspace.manage'; public const WORKSPACE_ARCHIVE = 'workspace.archive'; // Workspace memberships public const WORKSPACE_MEMBERSHIP_VIEW = 'workspace_membership.view'; public const WORKSPACE_MEMBERSHIP_MANAGE = 'workspace_membership.manage'; // Tenants public const TENANT_VIEW = 'tenant.view'; public const TENANT_MANAGE = 'tenant.manage'; public const TENANT_DELETE = 'tenant.delete'; public const TENANT_SYNC = 'tenant.sync'; // Inventory public const TENANT_INVENTORY_SYNC_RUN = 'tenant_inventory_sync.run'; // Findings public const TENANT_FINDINGS_ACKNOWLEDGE = 'tenant_findings.acknowledge'; // Tenant memberships public const TENANT_MEMBERSHIP_VIEW = 'tenant_membership.view'; public const TENANT_MEMBERSHIP_MANAGE = 'tenant_membership.manage'; // Optional mappings (no Graph resolution in v1) public const TENANT_ROLE_MAPPING_VIEW = 'tenant_role_mapping.view'; public const TENANT_ROLE_MAPPING_MANAGE = 'tenant_role_mapping.manage'; // Backup schedules public const TENANT_BACKUP_SCHEDULES_MANAGE = 'tenant_backup_schedules.manage'; public const TENANT_BACKUP_SCHEDULES_RUN = 'tenant_backup_schedules.run'; // Providers (existing gate names used throughout the app) public const PROVIDER_VIEW = 'provider.view'; public const PROVIDER_MANAGE = 'provider.manage'; public const PROVIDER_RUN = 'provider.run'; // Audit public const AUDIT_VIEW = 'audit.view'; /** * Get all capability constants * * @return array */ public static function all(): array { if (self::$all !== null) { return self::$all; } $reflection = new \ReflectionClass(self::class); return self::$all = array_values($reflection->getConstants()); } public static function isKnown(string $capability): bool { return in_array($capability, self::all(), true); } }