- Introduced `KekaAccessGuard`, `KekaConfigResolver`, `KekaIntegrationService`, `KekaTokenService`, and `KekaUrlBuilder` to streamline Keka HR functionality. - Refactored `KekaController` to delegate key operations to modular services, improving maintainability. - Updated dashboard UI to ensure alignment with the new service-based architecture. - Enhanced error handling, logging, and code reusability for Keka integration workflows.
38 lines
834 B
PHP
38 lines
834 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Services\Keka;
|
|
|
|
use App\Models\User;
|
|
use App\Services\UserAppAccessService;
|
|
|
|
class KekaAccessGuard
|
|
{
|
|
private const PROVIDER_SLUG = 'keka-hr';
|
|
|
|
public function __construct(
|
|
private readonly UserAppAccessService $userAppAccessService,
|
|
) {}
|
|
|
|
public function authorize(): User
|
|
{
|
|
$user = auth()->user();
|
|
|
|
if (! $user) {
|
|
abort(403, 'Unauthorized');
|
|
}
|
|
|
|
$activeServices = $this->userAppAccessService->getActiveServices($user);
|
|
$hasAccess = $activeServices->contains(
|
|
fn ($service) => self::PROVIDER_SLUG === $service->provider_slug
|
|
);
|
|
|
|
if (! $hasAccess) {
|
|
abort(403, 'You do not have permission to access the required application.');
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
}
|