Fix support API audit logging

2026-01-28 21:02:25 +01:00
parent 19f5e60870
commit dd2997808b
6 changed files with 308 additions and 143 deletions
--- a/app/Support/SupportApiAuthorizer.php
+++ b/app/Support/SupportApiAuthorizer.php
@@ -48,4 +48,39 @@ class SupportApiAuthorizer

        return null;
    }
+
+    /**
+     * @param  array<int, string>  $abilities
+     */
+    public static function authorizeAnyAbility(Request $request, array $abilities, string $actionLabel = 'resource'): ?JsonResponse
+    {
+        if ($abilities === []) {
+            return null;
+        }
+
+        $token = $request->user()?->currentAccessToken();
+
+        if (! $token) {
+            return ApiError::response(
+                'unauthenticated',
+                'Unauthenticated',
+                'Missing access token for support request.',
+                401
+            );
+        }
+
+        foreach ($abilities as $ability) {
+            if ($token->can($ability)) {
+                return null;
+            }
+        }
+
+        return ApiError::response(
+            'forbidden',
+            'Forbidden',
+            "Missing required ability for support {$actionLabel}.",
+            403,
+            ['required' => $abilities]
+        );
+    }
 }