server/core/lib/SessionIdentity.php

<?php

namespace KTXC;

use KTXC\Models\Identity\User;

class SessionIdentity
{
    private bool $identityLock = false;
    private ?User $identityData = null;

    public function initialize(User $identity, bool $lock = true): void
    {
        if ($this->identityLock) {
            throw new \RuntimeException('Identity is already locked and cannot be changed.');
        }

        $this->identityData = $identity;
        $this->identityLock = $lock;
    }

    public function identity(): ?User
    {
        return $this->identityData;
    }

    public function identifier(): ?string
    {
        return $this->identityData?->getId();
    }

    public function label(): ?string
    {
        return $this->identityData?->getLabel();
    }

    public function mailAddress(): ?string
    {
        return $this->identityData?->getIdentity();
    }

    public function nameFirst(): ?string
    {
        return null;
    }
    
    public function nameLast(): ?string
    {
        return null;
    }

    public function permissions(): array
    {
        return $this->identityData?->getPermissions() ?? [];
    }

    public function roles(): array
    {
        return $this->identityData?->getRoles() ?? [];
    }

    public function hasPermission(string $permission): bool
    {
        $permissions = $this->permissions();
        
        // Exact match
        if (in_array($permission, $permissions)) {
            return true;
        }
        
        // Wildcard match
        foreach ($permissions as $userPerm) {
            if (str_ends_with($userPerm, '.*')) {
                $prefix = substr($userPerm, 0, -2);
                if (str_starts_with($permission, $prefix . '.')) {
                    return true;
                }
            }
        }
        
        // Full wildcard
        if (in_array('*', $permissions)) {
            return true;
        }
        
        return false;
    }

    public function hasRole(string $role): bool
    {
        return in_array($role, $this->roles());
    }

}