new changes

panel-api/app/Modules/Rbac/RbacController.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Modules\Rbac;
+
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Routing\Controller;
+
+class RbacController extends Controller
+{
+    public function __construct(private readonly ScopeEvaluator $evaluator)
+    {
+    }
+
+    public function roles(): JsonResponse
+    {
+        return response()->json(['data' => []]);
+    }
+
+    public function createRole(Request $request): JsonResponse
+    {
+        return response()->json(['data' => ['status' => 'created']], 201);
+    }
+
+    public function attachPermissions(Request $request, string $role): JsonResponse
+    {
+        return response()->json(['data' => ['role_id' => $role, 'status' => 'updated']]);
+    }
+
+    public function assignRoles(Request $request, string $user): JsonResponse
+    {
+        return response()->json(['data' => ['user_id' => $user, 'status' => 'updated']]);
+    }
+
+    public function checkAccess(Request $request): JsonResponse
+    {
+        $payload = $request->all();
+        $allowed = $this->evaluator->isAllowed(
+            $payload['grants'] ?? [],
+            (string) ($payload['action'] ?? ''),
+            (string) ($payload['resource_type'] ?? ''),
+            isset($payload['resource_id']) ? (string) $payload['resource_id'] : null
+        );
+
+        return response()->json([
+            'data' => ['allowed' => $allowed],
+        ]);
+    }
+}

panel-api/app/Modules/Rbac/ScopeEvaluator.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Modules\Rbac;
+
+class ScopeEvaluator
+{
+    public function isAllowed(array $grants, string $action, string $resourceType, ?string $resourceId = null): bool
+    {
+        foreach ($grants as $grant) {
+            $grantAction = $grant['action'] ?? null;
+            $grantResourceType = $grant['resource_type'] ?? null;
+            $grantResourceId = $grant['resource_id'] ?? null;
+            $effect = $grant['effect'] ?? 'allow';
+
+            $matches = ($grantAction === '*' || $grantAction === $action)
+                && ($grantResourceType === '*' || $grantResourceType === $resourceType)
+                && ($grantResourceId === null || $grantResourceId === $resourceId);
+
+            if ($matches && $effect === 'deny') {
+                return false;
+            }
+
+            if ($matches && $effect === 'allow') {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}