AuthorizationResult
The outcome of an {@see \Milpa\Live\Contracts\Security\InteractionAuthorizerInterface::authorize()} decision. `$allowed` is the single source of truth for whether the caller may proceed — `$errors` is only present to explain a denial and MUST be empty when `$allowed` is `true`; construct via {@see allow()}/ {@see deny()} rather than the constructor directly to keep that invariant.
AuthorizationResult::__construct()
public function __construct(bool $allowed, array $errors = [], array $meta = []):Parameters
| Name | Type | Description |
|---|---|---|
| $allowed | bool | |
| $errors | array<string, string> | Field/reason => human-readable message. MUST be empty when `$allowed` is `true`. |
| $meta | array<string, mixed> | Non-authoritative context about the decision (e.g. matched scope), for logging/debugging — callers MUST NOT branch on it. |
AuthorizationResult::allow()
public static function allow(array $meta = []): selfBuilds an allowed result.
Parameters
| Name | Type | Description |
|---|---|---|
| $meta | array<string, mixed> |
AuthorizationResult::deny()
public static function deny(array $errors, array $meta = []): selfBuilds a denied result carrying the reason(s) for the denial.
Parameters
| Name | Type | Description |
|---|---|---|
| $errors | array<string, string> | |
| $meta | array<string, mixed> |