49 lines
1.5 KiB
PHP
49 lines
1.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Module\Permissions\Middleware;
|
|
|
|
use App\Module\Permissions\Service\PermissionService;
|
|
use App\Shared\Http\JsonResponder;
|
|
use Psr\Http\Message\ResponseInterface;
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
use Psr\Http\Server\MiddlewareInterface;
|
|
use Psr\Http\Server\RequestHandlerInterface;
|
|
use Slim\Psr7\Response;
|
|
|
|
final class RequirePermission implements MiddlewareInterface
|
|
{
|
|
public function __construct(
|
|
private PermissionService $permissions,
|
|
private string $permissionKey
|
|
) {
|
|
}
|
|
|
|
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
|
{
|
|
$user = $request->getAttribute('user');
|
|
if (!is_array($user) || !isset($user['id'])) {
|
|
return JsonResponder::withJson(new Response(), [
|
|
'error' => 'auth_required',
|
|
'message' => 'Authentifizierung erforderlich.'
|
|
], 401);
|
|
}
|
|
|
|
if (!$this->permissions->can((int)$user['id'], $this->permissionKey)) {
|
|
return JsonResponder::withJson(new Response(), [
|
|
'error' => 'forbidden',
|
|
'message' => 'Keine Berechtigung für diese Aktion.',
|
|
'permission' => $this->permissionKey,
|
|
], 403);
|
|
}
|
|
|
|
return $handler->handle($request);
|
|
}
|
|
|
|
public static function for(PermissionService $permissions, string $permissionKey): self
|
|
{
|
|
return new self($permissions, $permissionKey);
|
|
}
|
|
}
|