You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 11, 2026. It is now read-only.
Implement the most common conditional access pattern: a subject may only act on resources they own. This rule compares AuthorizableResource::ownerId() against AuthorizationSubject::subjectId(). If the resource has no owner concept (ownerId() returns null) the rule passes unconditionally — it is not this rule's responsibility to enforce ownership where no ownership model exists. This built-in rule ships with the framework so extension developers do not need to rewrite it.
Goal
Implement the most common conditional access pattern: a subject may only act on resources they own. This rule compares
AuthorizableResource::ownerId()againstAuthorizationSubject::subjectId(). If the resource has no owner concept (ownerId()returnsnull) the rule passes unconditionally — it is not this rule's responsibility to enforce ownership where no ownership model exists. This built-in rule ships with the framework so extension developers do not need to rewrite it.Methods
isSatisfied(AuthorizationSubject $subject, AuthorizableResource $resource): boolAcceptance criteria
src/Authorization/Infrastructure/Rules/OwnershipRule.phpRuleinterfacetruewhenownerId()isnull(no ownership concept on this resource)truewhenownerId() === subjectId()falsewhenownerId()is set and does not matchsubjectId()