52 lines
1.3 KiB
PHP
52 lines
1.3 KiB
PHP
<?php
|
|
|
|
namespace App\Support;
|
|
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
|
|
class SupportApiAuthorizer
|
|
{
|
|
public static function authorizeResource(Request $request, string $resource, string $action): ?JsonResponse
|
|
{
|
|
$abilities = SupportApiRegistry::abilitiesFor($resource, $action);
|
|
|
|
return self::authorizeAbilities($request, $abilities, $action);
|
|
}
|
|
|
|
/**
|
|
* @param array<int, string> $abilities
|
|
*/
|
|
public static function authorizeAbilities(Request $request, array $abilities, string $actionLabel = 'resource'): ?JsonResponse
|
|
{
|
|
if ($abilities === []) {
|
|
return null;
|
|
}
|
|
|
|
$token = $request->user()?->currentAccessToken();
|
|
|
|
if (! $token) {
|
|
return ApiError::response(
|
|
'unauthenticated',
|
|
'Unauthenticated',
|
|
'Missing access token for support request.',
|
|
401
|
|
);
|
|
}
|
|
|
|
foreach ($abilities as $ability) {
|
|
if (! $token->can($ability)) {
|
|
return ApiError::response(
|
|
'forbidden',
|
|
'Forbidden',
|
|
"Missing required ability for support {$actionLabel}.",
|
|
403,
|
|
['required' => $abilities]
|
|
);
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
}
|