ahmido
ba7622a158
## Summary\n- Implements the ReviewPublicationResolutionWorkflow for Spec 386.\n- Adds resolution case/step persistence, policies, services, audit action IDs, and Filament integration.\n- Updates specs, UI/UX documentation, screenshots, and Pest coverage.\n\n## Tests\n- Not run during this handoff; branch was already clean and pushed.\n\n## Target\n- Base: platform-dev\n- Head/topic: 386-review-publication-resolution-workflow-v1 Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #457
91 lines
2.8 KiB
PHP
91 lines
2.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\EnvironmentReview;
|
|
use App\Models\ManagedEnvironment;
|
|
use App\Models\ReviewPublicationResolutionCase;
|
|
use App\Models\User;
|
|
use App\Services\Auth\CapabilityResolver;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\ReviewPublicationResolution\ReviewPublicationResolutionStepAuthorizer;
|
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
|
use Illuminate\Auth\Access\Response;
|
|
|
|
class ReviewPublicationResolutionCasePolicy
|
|
{
|
|
use HandlesAuthorization;
|
|
|
|
public function view(User $user, ReviewPublicationResolutionCase $case): Response|bool
|
|
{
|
|
$tenant = $this->authorizedTenantOrNull($user, $case);
|
|
|
|
if (! $tenant instanceof ManagedEnvironment) {
|
|
return Response::denyAsNotFound();
|
|
}
|
|
|
|
return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::ENVIRONMENT_REVIEW_VIEW)
|
|
? true
|
|
: Response::deny();
|
|
}
|
|
|
|
public function executeStep(User $user, ReviewPublicationResolutionCase $case): Response|bool
|
|
{
|
|
$tenant = $this->authorizedTenantOrNull($user, $case);
|
|
|
|
if (! $tenant instanceof ManagedEnvironment) {
|
|
return Response::denyAsNotFound();
|
|
}
|
|
|
|
return app(ReviewPublicationResolutionStepAuthorizer::class)->canExecuteCurrentStep($user, $case)
|
|
? true
|
|
: Response::deny();
|
|
}
|
|
|
|
public function cancel(User $user, ReviewPublicationResolutionCase $case): Response|bool
|
|
{
|
|
return $this->authorizeManageAction($user, $case);
|
|
}
|
|
|
|
private function authorizeManageAction(User $user, ReviewPublicationResolutionCase $case): Response|bool
|
|
{
|
|
$tenant = $this->authorizedTenantOrNull($user, $case);
|
|
|
|
if (! $tenant instanceof ManagedEnvironment) {
|
|
return Response::denyAsNotFound();
|
|
}
|
|
|
|
return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::ENVIRONMENT_REVIEW_MANAGE)
|
|
? true
|
|
: Response::deny();
|
|
}
|
|
|
|
private function authorizedTenantOrNull(User $user, ReviewPublicationResolutionCase $case): ?ManagedEnvironment
|
|
{
|
|
$case->loadMissing(['tenant', 'environmentReview']);
|
|
|
|
$tenant = $case->tenant;
|
|
$review = $case->environmentReview;
|
|
|
|
if (! $tenant instanceof ManagedEnvironment || ! $review instanceof EnvironmentReview) {
|
|
return null;
|
|
}
|
|
|
|
if (! $user->canAccessTenant($tenant)) {
|
|
return null;
|
|
}
|
|
|
|
if ((int) $case->workspace_id !== (int) $tenant->workspace_id) {
|
|
return null;
|
|
}
|
|
|
|
if ((int) $review->workspace_id !== (int) $case->workspace_id || (int) $review->managed_environment_id !== (int) $tenant->getKey()) {
|
|
return null;
|
|
}
|
|
|
|
return $tenant;
|
|
}
|
|
}
|