pelican-panel-mirror/app/Services/Acl/Api/AdminAcl.php

<?php

namespace App\Services\Acl\Api;

use App\Models\ApiKey;

class AdminAcl
{
    /**
     * The different types of permissions available for API keys. This
     * implements a read/write/none permissions scheme for all endpoints.
     */
    public const NONE = 0;

    public const READ = 1;

    public const WRITE = 2;

    /**
     * Determine if an API key has permission to perform a specific read/write operation.
     */
    public static function can(int $permission, int $action = self::READ): bool
    {
        if ($permission & $action) {
            return true;
        }

        return false;
    }

    /**
     * Determine if an API Key model has permission to access a given resource
     * at a specific action level.
     */
    public static function check(ApiKey $key, string $resource, int $action = self::READ): bool
    {
        return self::can($key->getPermission($resource), $action);
    }
}