implemented operation based permissions

2025-12-24 19:22:20 -05:00
parent a9afa7ce13
commit 3d6aa856b4
18 changed files with 578 additions and 17 deletions
--- a/core/lib/SessionIdentity.php
+++ b/core/lib/SessionIdentity.php
@@ -51,14 +51,44 @@ class SessionIdentity

    public function permissions(): array
    {
-        $permissions = $this->identityData?->getPermissions() ?? [];
-        $permissions[] = 'ROLE_USER';
-        return array_unique($permissions);
+        return $this->identityData?->getPermissions() ?? [];
+    }
+
+    public function roles(): array
+    {
+        return $this->identityData?->getRoles() ?? [];
    }

    public function hasPermission(string $permission): bool
    {
-        return in_array($permission, $this->permissions());
+        $permissions = $this->permissions();
+        
+        // Exact match
+        if (in_array($permission, $permissions)) {
+            return true;
+        }
+        
+        // Wildcard match
+        foreach ($permissions as $userPerm) {
+            if (str_ends_with($userPerm, '.*')) {
+                $prefix = substr($userPerm, 0, -2);
+                if (str_starts_with($permission, $prefix . '.')) {
+                    return true;
+                }
+            }
+        }
+        
+        // Full wildcard
+        if (in_array('*', $permissions)) {
+            return true;
+        }
+        
+        return false;
+    }
+
+    public function hasRole(string $role): bool
+    {
+        return in_array($role, $this->roles());
    }

 }