Skip to content
docsv0.1.0

AuthorizationResult

The outcome of an {@see \Milpa\Live\Contracts\Security\InteractionAuthorizerInterface::authorize()} decision. `$allowed` is the single source of truth for whether the caller may proceed — `$errors` is only present to explain a denial and MUST be empty when `$allowed` is `true`; construct via {@see allow()}/ {@see deny()} rather than the constructor directly to keep that invariant.

AuthorizationResult::__construct()

public function __construct(bool $allowed, array $errors = [], array $meta = []):

Parameters

Parameters of __construct()
NameTypeDescription
$allowedbool
$errorsarray<string, string>Field/reason => human-readable message. MUST be empty when `$allowed` is `true`.
$metaarray<string, mixed>Non-authoritative context about the decision (e.g. matched scope), for logging/debugging — callers MUST NOT branch on it.

AuthorizationResult::allow()

public static function allow(array $meta = []): self

Builds an allowed result.

Parameters

Parameters of allow()
NameTypeDescription
$metaarray<string, mixed>

AuthorizationResult::deny()

public static function deny(array $errors, array $meta = []): self

Builds a denied result carrying the reason(s) for the denial.

Parameters

Parameters of deny()
NameTypeDescription
$errorsarray<string, string>
$metaarray<string, mixed>