Code Coverage for /builds/phexium/framework/app/demo/src/Shared/Application/Middleware/RbacPermissionMiddleware.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	91.67% covered (success)	91.67%	11 / 12	66.67% covered (warning)	66.67%	2 / 3	CRAP	0.00% covered (danger)	0.00%	0 / 1
RbacPermissionMiddleware	91.67% covered (success)	91.67%	11 / 12	66.67% covered (warning)	66.67%	2 / 3	6.02	0.00% covered (danger)	0.00%	0 / 1
__construct	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
process	87.50% covered (warning)	87.50%	7 / 8	0.00% covered (danger)	0.00%	0 / 1	4.03
createForbiddenResponse	100.00% covered (success)	100.00%	3 / 3	100.00% covered (success)	100.00%	1 / 1	1

1	<?php
2
3	// ╔════════════════════════════════════════════════════════════╗
4	// ║ MIT Licence (#Expat) - https://opensource.org/licenses/MIT ║
5	// ║ Copyright 2026 Frederic Poeydomenge <dyno@phexium.com> ║
6	// ╚════════════════════════════════════════════════════════════╝
7
8	declare(strict_types=1);
9
10	namespace AppDemo\Shared\Application\Middleware;
11
12	use AppDemo\Shared\Domain\UserContext;
13	use Override;
14	use Psr\Http\Message\ResponseFactoryInterface;
15	use Psr\Http\Message\ResponseInterface;
16	use Psr\Http\Message\ServerRequestInterface;
17	use Psr\Http\Server\MiddlewareInterface;
18	use Psr\Http\Server\RequestHandlerInterface;
19
20	final readonly class RbacPermissionMiddleware implements MiddlewareInterface
21	{
22	public const int STATUS_FORBIDDEN = 403;
23
24	public function __construct(
25	private ResponseFactoryInterface $responseFactory,
26	private string $requiredPermission
27	) {}
28
29	#[Override]
30	public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
31	{
32	$userContext = $request->getAttribute('user_context');
33
34	if (!$userContext instanceof UserContext) {
35	return $this->createForbiddenResponse('Authentication required.');
36	}
37
38	if (!$userContext->isAuthenticated()) {
39	return $this->createForbiddenResponse('Authentication required.');
40	}
41
42	if ($userContext->can($this->requiredPermission)) {
43	return $handler->handle($request);
44	}
45
46	return $this->createForbiddenResponse('Permission denied.');
47	}
48
49	private function createForbiddenResponse(string $message): ResponseInterface
50	{
51	$response = $this->responseFactory->createResponse(self::STATUS_FORBIDDEN);
52	$response->getBody()->write($message);
53
54	return $response->withHeader('Content-Type', 'text/plain');
55	}
56	}