Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
83.33% |
5 / 6 |
|
50.00% |
1 / 2 |
CRAP | |
0.00% |
0 / 1 |
| ConfigKeyPolicy | |
83.33% |
5 / 6 |
|
50.00% |
1 / 2 |
5.12 | |
0.00% |
0 / 1 |
| canRoleEdit | |
80.00% |
4 / 5 |
|
0.00% |
0 / 1 |
3.07 | |||
| canRoleRead | |
100.00% |
1 / 1 |
|
100.00% |
1 / 1 |
2 | |||
| 1 | <?php |
| 2 | |
| 3 | declare(strict_types=1); |
| 4 | |
| 5 | namespace App\Domain\Configuration; |
| 6 | |
| 7 | use function in_array; |
| 8 | |
| 9 | /** |
| 10 | * Access policy for loan_config keys. |
| 11 | * |
| 12 | * Some keys directly price money or gate eligibility (yield rate, loan APR, |
| 13 | * LTV, loan amount limits, account minimums, origination fee). Those are |
| 14 | * super_admin-only. Operational thresholds (grace period, late fees, default |
| 15 | * counters, behavior toggles) are admin-editable. |
| 16 | */ |
| 17 | final class ConfigKeyPolicy |
| 18 | { |
| 19 | /** |
| 20 | * Keys that only super_admin may edit. All other authenticated admins |
| 21 | * may edit any other known key. |
| 22 | */ |
| 23 | private const SUPER_ADMIN_ONLY_KEYS = [ |
| 24 | 'account_yield_rate', |
| 25 | 'default_interest_rate', |
| 26 | 'ltv_percentage', |
| 27 | 'min_loan_amount', |
| 28 | 'max_loan_amount', |
| 29 | 'min_account_balance', |
| 30 | 'origination_fee_pct', |
| 31 | ]; |
| 32 | |
| 33 | public static function canRoleEdit(string $role, string $configKey): bool |
| 34 | { |
| 35 | if ($role === 'super_admin') { |
| 36 | return true; |
| 37 | } |
| 38 | |
| 39 | if ($role !== 'admin') { |
| 40 | return false; |
| 41 | } |
| 42 | |
| 43 | return !in_array($configKey, self::SUPER_ADMIN_ONLY_KEYS, true); |
| 44 | } |
| 45 | |
| 46 | public static function canRoleRead(string $role): bool |
| 47 | { |
| 48 | return $role === 'admin' || $role === 'super_admin'; |
| 49 | } |
| 50 | } |