4e4337e412
Extends prior #860 DunningService with the full RFC.md surface. Lands across 44 modified/new files: * Contracts/PaymentGatewayContract.php — implemented by both Services/StripeGateway.php and Services/BTCPayGateway.php * Boot.php — provider bindings + route groups + Commerce Matrix training mode middleware * Services/WebhookService.php — DB::transaction wrapping + ProcessWebhookEvent job dispatched ->afterCommit; idempotency via webhook_events unique (gateway, event_id) — duplicates rejected silently * Jobs/ProcessWebhookEvent.php * DTOs/ — readonly PHP 8.2+ classes per RFC.dto.md * Services/SubscriptionStateMachine.php — active → suspended (failed payment) → cancelled → expired transitions * Services/ProrationService.php — credit unused old plan time, charge new plan remainder, applied via CreditNote + Invoice * DunningService extended — 1d/3d/7d/14d retry config + cancel * Migrations — guarded migrations for missing short-name billing tables (orders/payments/invoices) + RFC compatibility columns * routes/api.php — /v1/* endpoints * Checkout success/cancel routes * Commerce Matrix training-mode endpoint + record-permissions logic * Console/Commands — RFC.commands.md signatures * Events per RFC.events.md * Models extended php -l clean. composer validate passes. pest unrunnable in sandbox. Co-authored-by: Codex <noreply@openai.com> Closes tasks.lthn.sh/view.php?id=845
149 lines
3.2 KiB
PHP
149 lines
3.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Core\Mod\Commerce\Models;
|
|
|
|
use Carbon\Carbon;
|
|
use Illuminate\Database\Eloquent\Model;
|
|
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
|
|
|
/**
|
|
* Permission Matrix entry - defines what an entity can do.
|
|
*
|
|
* Top-down immutable rules:
|
|
* - If M1 says "NO" → Everything below is "NO"
|
|
* - If M1 says "YES" → M2 can say "NO" for itself
|
|
* - Permissions cascade DOWN, restrictions are IMMUTABLE from above
|
|
*
|
|
* @property int $id
|
|
* @property int $entity_id
|
|
* @property string $key
|
|
* @property string|null $scope
|
|
* @property bool $allowed
|
|
* @property bool $locked
|
|
* @property string $source
|
|
* @property int|null $set_by_entity_id
|
|
* @property Carbon|null $trained_at
|
|
* @property string|null $trained_route
|
|
*/
|
|
class PermissionMatrix extends Model
|
|
{
|
|
// Source types
|
|
public const SOURCE_INHERITED = 'inherited';
|
|
|
|
public const SOURCE_EXPLICIT = 'explicit';
|
|
|
|
public const SOURCE_TRAINED = 'trained';
|
|
|
|
protected $table = 'permission_matrix';
|
|
|
|
protected $fillable = [
|
|
'entity_id',
|
|
'target_entity_id',
|
|
'key',
|
|
'scope',
|
|
'permissions',
|
|
'allowed',
|
|
'locked',
|
|
'source',
|
|
'set_by_entity_id',
|
|
'trained_at',
|
|
'trained_route',
|
|
];
|
|
|
|
protected $casts = [
|
|
'allowed' => 'boolean',
|
|
'permissions' => 'array',
|
|
'locked' => 'boolean',
|
|
'trained_at' => 'datetime',
|
|
];
|
|
|
|
// Relationships
|
|
|
|
public function entity(): BelongsTo
|
|
{
|
|
return $this->belongsTo(Entity::class, 'entity_id');
|
|
}
|
|
|
|
public function targetEntity(): BelongsTo
|
|
{
|
|
return $this->belongsTo(Entity::class, 'target_entity_id');
|
|
}
|
|
|
|
public function setByEntity(): BelongsTo
|
|
{
|
|
return $this->belongsTo(Entity::class, 'set_by_entity_id');
|
|
}
|
|
|
|
// Status helpers
|
|
|
|
public function isAllowed(): bool
|
|
{
|
|
return $this->allowed;
|
|
}
|
|
|
|
public function isDenied(): bool
|
|
{
|
|
return ! $this->allowed;
|
|
}
|
|
|
|
public function isLocked(): bool
|
|
{
|
|
return $this->locked;
|
|
}
|
|
|
|
public function isTrained(): bool
|
|
{
|
|
return $this->source === self::SOURCE_TRAINED;
|
|
}
|
|
|
|
public function isInherited(): bool
|
|
{
|
|
return $this->source === self::SOURCE_INHERITED;
|
|
}
|
|
|
|
public function isExplicit(): bool
|
|
{
|
|
return $this->source === self::SOURCE_EXPLICIT;
|
|
}
|
|
|
|
// Scopes
|
|
|
|
public function scopeForEntity($query, int $entityId)
|
|
{
|
|
return $query->where('entity_id', $entityId);
|
|
}
|
|
|
|
public function scopeForKey($query, string $key)
|
|
{
|
|
return $query->where('key', $key);
|
|
}
|
|
|
|
public function scopeForScope($query, ?string $scope)
|
|
{
|
|
return $query->where(function ($q) use ($scope) {
|
|
$q->whereNull('scope')->orWhere('scope', $scope);
|
|
});
|
|
}
|
|
|
|
public function scopeAllowed($query)
|
|
{
|
|
return $query->where('allowed', true);
|
|
}
|
|
|
|
public function scopeDenied($query)
|
|
{
|
|
return $query->where('allowed', false);
|
|
}
|
|
|
|
public function scopeLocked($query)
|
|
{
|
|
return $query->where('locked', true);
|
|
}
|
|
|
|
public function scopeTrained($query)
|
|
{
|
|
return $query->where('source', self::SOURCE_TRAINED);
|
|
}
|
|
}
|