|
- <?php
-
- declare(strict_types=1);
-
- namespace Core\Auth;
-
- class PermissionService
- {
- /**
- * Maps Keycloak roles to application permissions.
- * Edit this to match your access-control requirements.
- *
- * @var array<string, list<string>>
- */
- private array $rolePermissions = [
- 'admin' => [
- 'users.view',
- 'users.create',
- 'users.edit',
- 'users.delete',
- 'settings.manage',
- ],
- 'manager' => [
- 'users.view',
- 'reports.view',
- 'projects.manage',
- ],
- 'user' => [
- 'dashboard.view',
- 'profile.view',
- 'profile.edit',
- ],
- ];
-
- /**
- * @param list<string> $roles
- * @return list<string>
- */
- public function permissionsForRoles(array $roles): array
- {
- $permissions = [];
-
- foreach ($roles as $role) {
- $permissions = array_merge($permissions, $this->rolePermissions[$role] ?? []);
- }
-
- return array_values(array_unique($permissions));
- }
-
- public function hasPermission(array $roles, string $permission): bool
- {
- return in_array($permission, $this->permissionsForRoles($roles), true);
- }
- }
|
