ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
5c02afcae8
TenantAtlas/apps/platform/app/Support/ReviewPublicationResolution/ReviewPublicationResolutionStepAuthorizer.php
Ahmed Darrazi 5c02afcae8
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 6m16s
Details
feat: implement ReviewPublicationResolutionWorkflow (Spec 386)
2026-06-18 22:57:10 +02:00

70 lines
2.5 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Support\ReviewPublicationResolution;
use App\Models\ManagedEnvironment;
use App\Models\ReviewPublicationResolutionCase;
use App\Models\ReviewPublicationResolutionStep;
use App\Models\User;
use App\Services\Auth\CapabilityResolver;
use App\Support\Auth\Capabilities;
final class ReviewPublicationResolutionStepAuthorizer
{
public function __construct(
private readonly CapabilityResolver $capabilities,
) {}
public function canExecuteCurrentStep(User $user, ReviewPublicationResolutionCase $case): bool
{
$case->loadMissing(['tenant', 'steps.operationRun']);
$tenant = $case->tenant;
$step = $case->currentStep();
if (! $tenant instanceof ManagedEnvironment || ! $step instanceof ReviewPublicationResolutionStep) {
return false;
}
return $this->canExecuteStep($user, $tenant, $step);
}
public function canExecuteStep(User $user, ManagedEnvironment $tenant, ReviewPublicationResolutionStep $step): bool
{
$capability = $this->requiredCapability($step);
return is_string($capability) && $this->capabilities->can($user, $tenant, $capability);
}
public function requiredCapability(ReviewPublicationResolutionStep $step): ?string
{
$stepKey = $step->stepKeyEnum();
return match ($stepKey) {
ReviewPublicationResolutionStepKey::CompleteRequiredReports => $this->requiredReportCapability($step),
ReviewPublicationResolutionStepKey::CollectEvidenceSnapshot => Capabilities::EVIDENCE_MANAGE,
ReviewPublicationResolutionStepKey::RefreshReviewComposition,
ReviewPublicationResolutionStepKey::GenerateReviewPack,
ReviewPublicationResolutionStepKey::ReturnToPublication => Capabilities::ENVIRONMENT_REVIEW_MANAGE,
ReviewPublicationResolutionStepKey::ValidateReviewReadiness,
null => null,
};
}
private function requiredReportCapability(ReviewPublicationResolutionStep $step): ?string
{
$missingDimensions = array_values(array_filter(
(array) data_get($step->summary, 'missing_report_dimensions', []),
static fn (mixed $dimension): bool => is_string($dimension) && trim($dimension) !== '',
));
return match ((string) ($missingDimensions[0] ?? '')) {
'permission_posture' => Capabilities::PROVIDER_RUN,
'entra_admin_roles' => Capabilities::ENTRA_ROLES_MANAGE,
default => null,
};
}
}
Reference in New Issue View Git Blame Copy Permalink