Flex: Control authorization from the directory

system/src/Grav/Framework/Flex/FlexDirectory.php

@@ -70,6 +70,9 @@ class FlexDirectory implements FlexAuthorizeInterface
     /** @var string */
     protected $indexClassName;
 
+    /** @var string|null */
+    private $_authorize;
+
     /**
      * FlexDirectory constructor.
      * @param string $type
@@ -955,4 +958,23 @@ class FlexDirectory implements FlexAuthorizeInterface
     {
         return isset(Grav::instance()['admin']) ? 'admin' : 'site';
     }
+
+    /**
+     * @param string $scope
+     * @param string $action
+     * @return string
+     */
+    public function getAuthorizeRule(string $scope, string $action): string
+    {
+        if (!$this->_authorize) {
+            $config = $this->getConfig('admin.permissions');
+            if ($config) {
+                $this->_authorize = array_key_first($config) . '.%2$s';
+            } else {
+                $this->_authorize = '%1$s.flex-object.%2$s';
+            }
+        }
+
+        return sprintf($this->_authorize, $scope, $action);
+    }
 }

system/src/Grav/Framework/Flex/Traits/FlexAuthorizeTrait.php

@@ -20,9 +20,6 @@ use Grav\Framework\Flex\Interfaces\FlexObjectInterface;
  */
 trait FlexAuthorizeTrait
 {
-    /** @var string */
-    private $_authorize = '%s.flex-object.%s';
-
     /**
      * Check if user is authorized for the action.
      *
@@ -113,14 +110,6 @@ trait FlexAuthorizeTrait
         return $user->authorize('admin.super');
     }
 
-    /**
-     * @param string $authorize
-     */
-    protected function setAuthorizeRule(string $authorize): void
-    {
-        $this->_authorize = $authorize;
-    }
-
     /**
      * @param string $scope
      * @param string $action
@@ -128,6 +117,6 @@ trait FlexAuthorizeTrait
      */
     protected function getAuthorizeRule(string $scope, string $action): string
     {
-        return sprintf($this->_authorize, $scope, $action);
+        return $this->getFlexDirectory()->getAuthorizeRule($scope, $action);
     }
 }