Skip to content
docsv0.1.0

InteractionAuthorizerInterface

Decides whether a specific {@see InteractionRequest} is permitted to execute, independent of transport-level concerns ({@see CsrfGuardInterface}, {@see CorsPolicyInterface}). This is the seam where "is this action even declared by the component contract" and "does this principal have the scope for it" are enforced, so a component's {@see \Milpa\Live\Contracts\Component\ComponentDefinitionInterface::handle()} never has to re-implement authorization itself.

InteractionAuthorizerInterface::authorize()

abstract public function authorize(Milpa\Live\ValueObjects\InteractionRequest $request, ?Milpa\Live\ValueObjects\SecurityPrincipal $principal = null): Milpa\Live\ValueObjects\AuthorizationResult

Authorizes the request against the component's declared contract and, when `$principal` is given, the principal's scopes. A `null` `$principal` represents an anonymous/unauthenticated caller — MUST still be denied for actions the component or its state restrict to a specific owning principal.

Parameters

Parameters of authorize()
NameTypeDescription
$requestMilpa\Live\ValueObjects\InteractionRequest
$principal?Milpa\Live\ValueObjects\SecurityPrincipal