Bitwise access control

core/Application/Account/Commons/Gateways/AccountRepositoryInterface.php

@@ -6,6 +6,8 @@
 
 interface AccountRepositoryInterface
 {
+    public function findByid(int $id): ?AccountEntity;
+
     public function findByUuid(string $uuid): ?AccountEntity;
 
     public function findByAccessCode(string $code): ?AccountEntity;

core/Application/User/Show/ShowUserUseCase.php

@@ -2,6 +2,7 @@
 
 namespace Core\Application\User\Show;
 
+use Core\Application\Account\Commons\Gateways\AccountRepositoryInterface;
 use Core\Application\User\Commons\Exceptions\UserNotFountException;
 use Core\Application\User\Commons\Gateways\UserRepositoryInterface;
 use Core\Domain\Entities\User\UserEntity;
@@ -12,7 +13,8 @@ class ShowUserUseCase
 {
     public function __construct(
         private readonly FrameworkContract $framework,
-        private readonly UserRepositoryInterface $userRepository
+        private readonly UserRepositoryInterface $userRepository,
+        private readonly AccountRepositoryInterface $accountRepository
     ) {
     }
 
@@ -29,6 +31,9 @@ public function execute(string $uuid): UserEntity
             );
         }
 
+        $accountEntity = $this->accountRepository->findByid($userEntity->getAccount()->getId());
+        $userEntity->setAccount($accountEntity);
+
         return $userEntity;
     }
 }

core/Domain/Entities/Account/Traits/Account/AccountEntityBuilder.php

@@ -34,4 +34,13 @@ public static function forDetail(
 
         return $account;
     }
+
+    public static function forIdentify(
+        int $id
+    ): AccountEntity {
+        $account = new AccountEntity();
+        $account->setId($id);
+
+        return $account;
+    }
 }

core/Domain/Entities/User/Traits/HasUserEntityBuilder.php

@@ -23,6 +23,7 @@ public static function forCreate(
         ?AccountEntity $account,
         UuidInterface $uuid = null,
         ?DateTimeInterface $birthday = null,
+        int $role = 0
     ): UserEntity {
         $userEntity = new UserEntity();
         $userEntity->setBirthday($birthday);
@@ -43,14 +44,18 @@ public static function forDetail(
         string $name,
         string $email,
         UuidInterface $uuid,
-        ?DateTimeInterface $birthday = null
+        AccountEntity $account,
+        ?DateTimeInterface $birthday = null,
+        int $role = 0
     ): UserEntity {
         $userEntity = new UserEntity();
         $userEntity->setId($id);
         $userEntity->setName($name);
         $userEntity->setEmail(new EmailValueObject($email, false));
         $userEntity->setBirthday($birthday);
+        $userEntity->setAccount($account);
         $userEntity->setUuid($uuid);
+        $userEntity->setRole($role);
 
         return $userEntity;
     }
@@ -64,30 +69,34 @@ public static function forUpdate(
         string $email,
         #[SensitiveParameter]
         string $password,
-        ?DateTimeInterface $birthday = null
+        ?DateTimeInterface $birthday = null,
+        int $role = 0
     ): UserEntity {
         $userEntity = new UserEntity();
         $userEntity->setBirthday($birthday);
         $userEntity->setId($id);
         $userEntity->setName($name);
         $userEntity->setEmail(new EmailValueObject($email, false));
         $userEntity->setPassword($password);
+        $userEntity->setRole($role);
 
         return $userEntity;
     }
 
-    public static function forDelete(int $id): UserEntity
+    public static function forDelete(int $id, int $role = 0): UserEntity
     {
         $userEntity = new UserEntity();
         $userEntity->setId($id);
+        $userEntity->setRole($role);
 
         return $userEntity;
     }
 
-    public static function forIdentify(int $id): UserEntity
+    public static function forIdentify(int $id, int $role = 0): UserEntity
     {
         $userEntity = new UserEntity();
         $userEntity->setId($id);
+        $userEntity->setRole($role);
 
         return $userEntity;
     }

core/Domain/Entities/User/Traits/UserEntityAcessors.php

@@ -48,7 +48,7 @@ public function getBirthday(): ?DateTimeInterface
         return $this->birthday;
     }
 
-    public function setBirthday(DateTimeInterface $birthday): self
+    public function setBirthday(?DateTimeInterface $birthday): self
     {
         $this->birthday = $birthday;
         return $this;

core/Domain/Entities/User/UserEntity.php

@@ -6,6 +6,7 @@
 use Core\Domain\Entities\User\Traits\HasUserEntityBuilder;
 use Core\Domain\Entities\User\Traits\UserEntityAcessors;
 use Core\Domain\ValueObjects\EmailValueObject;
+use Core\Support\Permissions\HasUserRoleTrait;
 use DateTime;
 use DateTimeInterface;
 use Ramsey\Uuid\UuidInterface;
@@ -14,6 +15,7 @@ class UserEntity
 {
     use HasUserEntityBuilder;
     use UserEntityAcessors;
+    use HasUserRoleTrait;
 
     private ?int $id = null;
     private string $name;

core/Support/Exceptions/InvalidRoleException.php

@@ -0,0 +1,8 @@
+<?php
+
+namespace Core\Support\Exceptions;
+
+class InvalidRoleException extends OutputErrorException
+{
+
+}

core/Support/Permissions/Access/GeneralPermissions.php

@@ -0,0 +1,11 @@
+<?php
+
+namespace Core\Support\Permissions\Access;
+
+class GeneralPermissions
+{
+    public const int READ = 1 << 0;  // 0001
+    public const int WRITE = 1 << 1; // 0010
+    public const int DELETE = 1 << 2; // 0100
+    public const int EXECUTE = 1 << 3; // 1000
+}

core/Support/Permissions/Access/UserRoles.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace Core\Support\Permissions\Access;
+
+class UserRoles
+{
+    public const int ADMIN = GeneralPermissions::READ | GeneralPermissions::WRITE | GeneralPermissions::DELETE | GeneralPermissions::EXECUTE;
+    public const int EDITOR = GeneralPermissions::READ | GeneralPermissions::WRITE;
+    public const int VIEWER = GeneralPermissions::READ;
+}

core/Support/Permissions/HasUserRoleTrait.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace Core\Support\Permissions;
+
+use Core\Support\Exceptions\InvalidRoleException;
+use Core\Support\Http\ResponseStatusCodeEnum;
+use Core\Support\Permissions\Access\UserRoles;
+
+trait HasUserRoleTrait
+{
+    private int $permissions = 0;
+    private int $role = 0;
+
+    public function hasPermission(int $permission): bool
+    {
+        return ($this->permissions & $permission) === $permission;
+    }
+
+    public function getPermissions(): int
+    {
+        return $this->permissions;
+    }
+
+    public function setPermissions(int $permissions): void
+    {
+        $this->permissions = $permissions;
+    }
+
+    public function getRole(): int
+    {
+        return $this->role;
+    }
+
+    public function setRole(int $role): void
+    {
+        $this->role = $role;
+        $this->permissions = $role;
+    }
+
+    public function hasRolePermission(int $permission): bool
+    {
+        return ($this->role & $permission) === $permission;
+    }
+
+    /**
+     * @throws InvalidRoleException
+     */
+    public function getRoleName(): string
+    {
+        return match ($this->role) {
+            UserRoles::ADMIN => 'ADMIN',
+            UserRoles::EDITOR => 'EDITOR',
+            UserRoles::VIEWER => 'VIEWER',
+            default => throw new InvalidRoleException("Invalid role", ResponseStatusCodeEnum::FORBIDDEN->value),
+        };
+    }
+}

database/migrations/0001_01_01_000000_create_users_table.php

@@ -17,6 +17,7 @@ public function up(): void
                 ->default(null)
                 ->constrained()
                 ->onDelete('cascade');
+            $table->integer('role')->default(0);
             $table->string('name');
             $table->string('email')->unique();
             $table->date('birthday')->nullable();

infra/Database/Account/Repository/AccountRepository.php

@@ -10,6 +10,19 @@
 
 class AccountRepository implements AccountRepositoryInterface
 {
+    public function findByid(int $id): ?AccountEntity
+    {
+        $accountModel = Account::query()->where('id', $id)->first();
+        if (!$accountModel) {
+            return null;
+        }
+
+        return AccountEntity::forDetail(
+            id: $accountModel->id,
+            name: $accountModel->name,
+            uuid: $accountModel->uuid
+        );
+    }
 
     public function findByUuid(string $uuid): ?AccountEntity
     {

infra/Database/User/Repository/UserRepository.php

@@ -4,12 +4,17 @@
 
 use App\Models\User;
 use Core\Application\User\Commons\Gateways\UserRepositoryInterface;
+use Core\Domain\Entities\Account\AccountEntity;
 use Core\Domain\Entities\User\UserEntity;
+use Core\Support\Exceptions\InvalidEmailException;
 use DateTime;
 use Infra\Services\Framework\FrameworkService;
 
 class UserRepository implements UserRepositoryInterface
 {
+    /**
+     * @throws InvalidEmailException
+     */
     public function findById(int $id): ?UserEntity
     {
         $userModel = User::query()
@@ -24,14 +29,15 @@ public function findById(int $id): ?UserEntity
             name: $userModel->name,
             email: $userModel->email,
             uuid: FrameworkService::getInstance()->uuid()->uuidFromString($userModel->uuid),
+            account: AccountEntity::forIdentify($userModel->account_id),
             birthday: new DateTime($userModel->birthday)
         );
     }
 
     public function findByUuid(string $uuid): ?UserEntity
     {
         $userModel = User::query()
-            ->select(['id', 'name', 'email', 'birthday', 'uuid'])
+            ->select(['id', 'name', 'email', 'birthday', 'uuid', 'account_id'])
             ->where('uuid', '=', $uuid)
             ->first();
         if (!$userModel) {
@@ -43,6 +49,7 @@ public function findByUuid(string $uuid): ?UserEntity
             name: $userModel->name,
             email: $userModel->email,
             uuid: FrameworkService::getInstance()->uuid()->uuidFromString($userModel->uuid),
+            account: AccountEntity::forIdentify($userModel->account_id),
             birthday: new DateTime($userModel->birthday),
         );
     }
@@ -62,6 +69,7 @@ public function findByEmail(string $email): ?UserEntity
             name: $userModel->name,
             email: $userModel->email,
             uuid: FrameworkService::getInstance()->uuid()->uuidFromString($userModel->uuid),
+            account: AccountEntity::forIdentify($userModel->account_id),
             birthday: new DateTime($userModel->birthday)
         );
     }

infra/Handlers/UseCases/User/Create/CreateUserHandler.php

@@ -42,8 +42,8 @@ public function handle(CreateUserInput $createUserInput, AccountInput $accountIn
             accountRepository: $this->accountRepositoryInterface
         );
 
-        $accountInput->setUserNane($userEntity->getName());
-        $accountInput->setUserId($userEntity->getId());
+        $accountInput->setUserNane(userNane: $userEntity->getName());
+        $accountInput->setUserId(userId: $userEntity->getId());
 
         $accountEntity = $createAccountUseCase->execute(input: $accountInput);
 

infra/Handlers/UseCases/User/Update/UpdateUserHandler.php

@@ -9,12 +9,12 @@
 use Core\Services\Framework\FrameworkContract;
 use Core\Support\Exceptions\OutputErrorException;
 
-class UpdateUserHandler
+readonly class UpdateUserHandler
 {
     public function __construct(
-        private readonly UserCommandInterface $userCommand,
-        private readonly UserRepositoryInterface $userRepository,
-        private readonly FrameworkContract $frameworkService
+        private UserCommandInterface $userCommand,
+        private UserRepositoryInterface $userRepository,
+        private FrameworkContract $frameworkService
     ) {
     }
 
@@ -29,6 +29,8 @@ public function handle(UpdateUserInput $input): UpdateUserOutput
             $this->userRepository,
             $this->userCommand
         );
-        return new UpdateUserOutput($useCase->execute($input));
+        $userEntity = $useCase->execute($input);
+
+        return new UpdateUserOutput($userEntity);
     }
 }