49 lines
1.1 KiB
PHP
49 lines
1.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Support\Rbac;
|
|
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
|
|
/**
|
|
* DTO representing the access context for a tenant-scoped UI action.
|
|
*
|
|
* Captures the current user, tenant, membership status, and capability check result
|
|
* for use by the UiEnforcement helper.
|
|
*/
|
|
final readonly class TenantAccessContext
|
|
{
|
|
public function __construct(
|
|
public ?User $user,
|
|
public ?Tenant $tenant,
|
|
public bool $isMember,
|
|
public bool $hasCapability,
|
|
) {}
|
|
|
|
/**
|
|
* Non-members should receive 404 (deny-as-not-found).
|
|
*/
|
|
public function shouldDenyAsNotFound(): bool
|
|
{
|
|
return ! $this->isMember;
|
|
}
|
|
|
|
/**
|
|
* Members without capability should receive 403 (forbidden).
|
|
*/
|
|
public function shouldDenyAsForbidden(): bool
|
|
{
|
|
return $this->isMember && ! $this->hasCapability;
|
|
}
|
|
|
|
/**
|
|
* User is authorized to perform the action.
|
|
*/
|
|
public function isAuthorized(): bool
|
|
{
|
|
return $this->isMember && $this->hasCapability;
|
|
}
|
|
}
|