46 lines
963 B
PHP
46 lines
963 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Support\Rbac;
|
|
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
|
|
/**
|
|
* DTO representing the access context for a workspace-scoped UI action.
|
|
*/
|
|
final readonly class WorkspaceAccessContext
|
|
{
|
|
public function __construct(
|
|
public ?User $user,
|
|
public ?Workspace $workspace,
|
|
public bool $isMember,
|
|
public bool $hasCapability,
|
|
) {}
|
|
|
|
/**
|
|
* Non-members should receive 404 (deny-as-not-found).
|
|
*/
|
|
public function shouldDenyAsNotFound(): bool
|
|
{
|
|
return ! $this->isMember;
|
|
}
|
|
|
|
/**
|
|
* Members without capability should receive 403 (forbidden).
|
|
*/
|
|
public function shouldDenyAsForbidden(): bool
|
|
{
|
|
return $this->isMember && ! $this->hasCapability;
|
|
}
|
|
|
|
/**
|
|
* User is authorized to perform the action.
|
|
*/
|
|
public function isAuthorized(): bool
|
|
{
|
|
return $this->isMember && $this->hasCapability;
|
|
}
|
|
}
|