Code Coverage for /builds/phexium/framework/app/demo/Shared/Application/Middleware/RbacPermissionMiddleware.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	100.00% covered (success)	100.00%	11 / 11	100.00% covered (success)	100.00%	3 / 3	CRAP	100.00% covered (success)	100.00%	1 / 1
RbacPermissionMiddleware	100.00% covered (success)	100.00%	11 / 11	100.00% covered (success)	100.00%	3 / 3	5	100.00% covered (success)	100.00%	1 / 1
__construct	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
process	100.00% covered (success)	100.00%	7 / 7	100.00% covered (success)	100.00%	1 / 1	3
createForbiddenResponse	100.00% covered (success)	100.00%	3 / 3	100.00% covered (success)	100.00%	1 / 1	1

1	<?php
2
3	// ╔════════════════════════════════════════════════════════════╗
4	// ║ MIT Licence (#Expat) - https://opensource.org/licenses/MIT ║
5	// ║ Copyright 2026 Frederic Poeydomenge <dyno@phexium.com> ║
6	// ╚════════════════════════════════════════════════════════════╝
7
8	declare(strict_types=1);
9
10	namespace AppDemo\Shared\Application\Middleware;
11
12	use AppDemo\Shared\Domain\Interface\RbacPermissionServiceInterface;
13	use Override;
14	use Psr\Http\Message\ResponseFactoryInterface;
15	use Psr\Http\Message\ResponseInterface;
16	use Psr\Http\Message\ServerRequestInterface;
17	use Psr\Http\Server\MiddlewareInterface;
18	use Psr\Http\Server\RequestHandlerInterface;
19
20	final readonly class RbacPermissionMiddleware implements MiddlewareInterface
21	{
22	public const int STATUS_FORBIDDEN = 403;
23
24	public function __construct(
25	private RbacPermissionServiceInterface $rbacPermissionService,
26	private ResponseFactoryInterface $responseFactory,
27	private string $requiredPermission
28	) {}
29
30	#[Override]
31	public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
32	{
33	$userContext = $request->getAttribute('user_context');
34
35	if (!$userContext->isAuthenticated()) {
36	return $this->createForbiddenResponse('Authentication required.');
37	}
38
39	$user = $userContext->getUser();
40
41	if ($this->rbacPermissionService->can($user->getGroup(), $this->requiredPermission)) {
42	return $handler->handle($request);
43	}
44
45	return $this->createForbiddenResponse('Permission denied.');
46	}
47
48	private function createForbiddenResponse(string $message): ResponseInterface
49	{
50	$response = $this->responseFactory->createResponse(self::STATUS_FORBIDDEN);
51	$response->getBody()->write($message);
52
53	return $response->withHeader('Content-Type', 'text/plain');
54	}
55	}