user token permission configurable

app/Models/Setting.php

@@ -19,6 +19,7 @@ class Setting extends NexusModel
     const ROLE_PERMISSION_CACHE_KEY_PREFIX = 'nexus_role_permissions_';
 
     const TORRENT_GLOBAL_STATE_CACHE_KEY = 'global_promotion_state';
+    const USER_TOKEN_PERMISSION_ALLOWED_CACHE_KRY = 'user_token_permission_allowed';
 
     /**
      * get setting autoload = yes with cache
@@ -100,6 +101,18 @@ class Setting extends NexusModel
         return $value;
     }
 
+    public static function updateUserTokenPermissionAllowedCache(): void
+    {
+        $redis = NexusDB::redis();
+        $key = self::USER_TOKEN_PERMISSION_ALLOWED_CACHE_KRY;
+        $redis->del($key);
+        //must not use cache
+        $allowed = self::getFromDb("permission.user_token_allowed");
+        if (!empty($allowed)) {
+            $redis->sAdd($key, ...$allowed);
+        }
+    }
+
     public static function getDefaultLang(): string
     {
         return self::get("main.defaultlang");
@@ -223,4 +236,10 @@ class Setting extends NexusModel
         return self::get("smtp.smtptype");
     }
 
+    public static function getPermissionUserTokenAllowed(): array
+    {
+        return self::get("permission.user_token_allowed");
+    }
+
+
 }

app/Models/User.php

@@ -615,6 +615,13 @@ class User extends Authenticatable implements FilamentUser, HasName
         return is_null($this->original['notifs']) || str_contains($this->notifs, "[{$name}]");
     }
 
+    public function tokenCan(string $ability)
+    {
+        $redis = NexusDB::redis();
+        return $redis->sismember(Setting::USER_TOKEN_PERMISSION_ALLOWED_CACHE_KRY, $ability)
+            && $this->accessToken && $this->accessToken->can($ability);
+    }
+