Fix support API audit logging
This commit is contained in:
Codex Agent
@@ -48,4 +48,39 @@ class SupportApiAuthorizer
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, string> $abilities
|
||||
*/
|
||||
public static function authorizeAnyAbility(Request $request, array $abilities, string $actionLabel = 'resource'): ?JsonResponse
|
||||
{
|
||||
if ($abilities === []) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$token = $request->user()?->currentAccessToken();
|
||||
|
||||
if (! $token) {
|
||||
return ApiError::response(
|
||||
'unauthenticated',
|
||||
'Unauthenticated',
|
||||
'Missing access token for support request.',
|
||||
401
|
||||
);
|
||||
}
|
||||
|
||||
foreach ($abilities as $ability) {
|
||||
if ($token->can($ability)) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
return ApiError::response(
|
||||
'forbidden',
|
||||
'Forbidden',
|
||||
"Missing required ability for support {$actionLabel}.",
|
||||
403,
|
||||
['required' => $abilities]
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -88,6 +88,23 @@ class SupportApiRegistry
|
||||
return (bool) ($config['read_only'] ?? false);
|
||||
}
|
||||
|
||||
public static function auditAction(string $resource, string $operation): string
|
||||
{
|
||||
$config = self::get($resource);
|
||||
|
||||
$action = null;
|
||||
|
||||
if ($config && is_array($config['audit'] ?? null)) {
|
||||
$action = $config['audit'][$operation] ?? null;
|
||||
}
|
||||
|
||||
if (is_string($action) && $action !== '') {
|
||||
return $action;
|
||||
}
|
||||
|
||||
return $resource.'.'.$operation;
|
||||
}
|
||||
|
||||
public static function allowsMutation(string $resource, string $action): bool
|
||||
{
|
||||
if (self::isReadOnly($resource)) {
|
||||
|
||||
Reference in New Issue
Block a user