core/php-commerce
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
php-commerce/Models/PermissionRequest.php
Snider 8f27fe85c3 refactor: update Tenant module imports after namespace migration 
Updates all references from Core\Mod\Tenant to Core\Tenant following
the monorepo separation. The Tenant module now lives in its own package
with the simplified namespace.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-27 17:39:12 +00:00

181 lines
4.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Core\Mod\Commerce\Models;
use Core\Tenant\Models\User;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
/**
* Permission Request - training data for the Permission Matrix.
*
* In training mode, undefined permissions create entries here
* for approval. This builds a complete map of every action
* in the system through actual usage.
*
* @property int $id
* @property int $entity_id
* @property string $method
* @property string $route
* @property string $action
* @property string|null $scope
* @property array|null $request_data
* @property string|null $user_agent
* @property string|null $ip_address
* @property int|null $user_id
* @property string $status
* @property bool $was_trained
* @property \Carbon\Carbon|null $trained_at
*/
class PermissionRequest extends Model
{
// Status values
public const STATUS_ALLOWED = 'allowed';
public const STATUS_DENIED = 'denied';
public const STATUS_PENDING = 'pending';
protected $table = 'permission_requests';
protected $fillable = [
'entity_id',
'method',
'route',
'action',
'scope',
'request_data',
'user_agent',
'ip_address',
'user_id',
'status',
'was_trained',
'trained_at',
];
protected $casts = [
'request_data' => 'array',
'was_trained' => 'boolean',
'trained_at' => 'datetime',
];
// Relationships
public function entity(): BelongsTo
{
return $this->belongsTo(Entity::class, 'entity_id');
}
public function user(): BelongsTo
{
return $this->belongsTo(User::class);
}
// Status helpers
public function isAllowed(): bool
{
return $this->status === self::STATUS_ALLOWED;
}
public function isDenied(): bool
{
return $this->status === self::STATUS_DENIED;
}
public function isPending(): bool
{
return $this->status === self::STATUS_PENDING;
}
public function wasTrained(): bool
{
return $this->was_trained;
}
// Factory methods
/**
* Create a request log entry from an HTTP request.
*/
public static function fromRequest(
Entity $entity,
string $action,
string $status,
?string $scope = null
): self {
$request = request();
return static::create([
'entity_id' => $entity->id,
'method' => $request->method(),
'route' => $request->path(),
'action' => $action,
'scope' => $scope,
'request_data' => self::sanitiseRequestData($request->all()),
'user_agent' => $request->userAgent(),
'ip_address' => $request->ip(),
'user_id' => auth()->id(),
'status' => $status,
]);
}
/**
* Sanitise request data for storage (remove sensitive fields).
*/
protected static function sanitiseRequestData(array $data): array
{
$sensitiveKeys = [
'password',
'password_confirmation',
'token',
'api_key',
'secret',
'credit_card',
'card_number',
'cvv',
'ssn',
];
foreach ($sensitiveKeys as $key) {
unset($data[$key]);
}
// Limit size
$json = json_encode($data);
if (strlen($json) > 10000) {
return ['_truncated' => true, '_size' => strlen($json)];
}
return $data;
}
// Scopes
public function scopeForEntity($query, int $entityId)
{
return $query->where('entity_id', $entityId);
}
public function scopeForAction($query, string $action)
{
return $query->where('action', $action);
}
public function scopePending($query)
{
return $query->where('status', self::STATUS_PENDING);
}
public function scopeUntrained($query)
{
return $query->where('was_trained', false);
}
public function scopeRecent($query, int $days = 7)
{
return $query->where('created_at', '>=', now()->subDays($days));
}
}
Reference in a new issue View git blame Copy permalink