ContractInteractionAuthorizer
The `#[Action]`-style {@see InteractionAuthorizerInterface}: an interaction is allowed only if its component is registered, the envelope's component id/name agree with the request, the requested `action` is declared in that component's own contract, the state's owning principal (if any) matches the caller, and the caller holds the derived `milpa:component:{name}:{action}` scope (or its `:*` wildcard). This is the contract-based allowlist {@see \Milpa\Live\Http\LiveEndpoint} defers to — nothing here inspects the CSRF token or state signature, those are separate gates that already ran before authorization.
ContractInteractionAuthorizer::__construct()
public function __construct(Milpa\Live\Contracts\Component\ComponentRegistryInterface $components):Parameters
| Name | Type | Description |
|---|---|---|
| $components | Milpa\Live\Contracts\Component\ComponentRegistryInterface |
ContractInteractionAuthorizer::authorize()
public function authorize(Milpa\Live\ValueObjects\InteractionRequest $request, ?Milpa\Live\ValueObjects\SecurityPrincipal $principal = null): Milpa\Live\ValueObjects\AuthorizationResultAuthorizes one interaction request. Every denial path returns a keyed error explaining which check failed (`component`, `componentId`, `componentName`, `action`, `principal`, or `scope`) rather than a bare boolean — never throws for an ordinary unauthorized request.
Parameters
| Name | Type | Description |
|---|---|---|
| $request | Milpa\Live\ValueObjects\InteractionRequest | |
| $principal | ?Milpa\Live\ValueObjects\SecurityPrincipal |