fix: DockerSecretsResolver - don't normalize absolute paths like /var/www/html/...
Some checks failed
Deploy Application / deploy (push) Has been cancelled
Some checks failed
Deploy Application / deploy (push) Has been cancelled
This commit is contained in:
77
src/Framework/Attributes/Guard.php
Normal file
77
src/Framework/Attributes/Guard.php
Normal file
@@ -0,0 +1,77 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Framework\Attributes;
|
||||
|
||||
use App\Framework\Attributes\Execution\AttributeExecutionContext;
|
||||
use App\Framework\Attributes\Execution\CallbackExecutor;
|
||||
use App\Framework\Attributes\Execution\CallbackMetadata;
|
||||
use App\Framework\Attributes\Execution\CallbackMetadataExtractor;
|
||||
use App\Framework\Attributes\Execution\ExecutableAttribute;
|
||||
use Attribute;
|
||||
use Closure;
|
||||
|
||||
/**
|
||||
* Guard Attribute - Schützt Methoden/Klassen mit Guards
|
||||
*
|
||||
* Unterstützt alle drei Patterns:
|
||||
* - Pattern A: Handler-Klasse: #[Guard(PermissionGuard::class, ['edit_post'])]
|
||||
* - Pattern B: First-Class Callable: #[Guard(UserPolicies::isAdmin(...))]
|
||||
* - Pattern C: Closure-Factory: #[Guard(Policies::requirePermission('edit_post'))]
|
||||
*
|
||||
* Der Guard wird zur Laufzeit ausgeführt und sollte true zurückgeben wenn Zugriff erlaubt ist.
|
||||
*/
|
||||
#[Attribute(Attribute::TARGET_METHOD | Attribute::TARGET_CLASS)]
|
||||
final readonly class Guard implements ExecutableAttribute
|
||||
{
|
||||
private ?CallbackMetadata $callbackMetadata;
|
||||
|
||||
public function __construct(
|
||||
private Closure $guard
|
||||
) {
|
||||
// Extrahiere Metadata für Cache-Kompatibilität
|
||||
$extractor = new CallbackMetadataExtractor();
|
||||
try {
|
||||
$this->callbackMetadata = $extractor->extract($guard);
|
||||
} catch (\InvalidArgumentException) {
|
||||
// Fallback: Closure (nicht cachebar)
|
||||
$this->callbackMetadata = null;
|
||||
}
|
||||
}
|
||||
|
||||
public function execute(AttributeExecutionContext $context): mixed
|
||||
{
|
||||
$callbackExecutor = $context->container->get(CallbackExecutor::class);
|
||||
|
||||
// Wenn Metadata vorhanden, nutze sie für Ausführung
|
||||
if ($this->callbackMetadata !== null) {
|
||||
$result = $callbackExecutor->execute($this->callbackMetadata, $context);
|
||||
|
||||
// Wenn Factory-Pattern, führe Closure aus
|
||||
if ($result instanceof Closure) {
|
||||
return $result($context);
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
// Fallback: Direkte Closure-Ausführung (nicht empfohlen)
|
||||
if ($this->guard instanceof Closure) {
|
||||
return ($this->guard)($context);
|
||||
}
|
||||
|
||||
throw new \RuntimeException(
|
||||
'Guard callback must be a Handler class, First-Class Callable, or Factory. Direct closures are not supported.'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gibt die Callback-Metadata zurück (für Cache-Serialisierung)
|
||||
*/
|
||||
public function getCallbackMetadata(): ?CallbackMetadata
|
||||
{
|
||||
return $this->callbackMetadata;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user