From e20157a162945e2dd8cfae5b09b6a5ad585662ff Mon Sep 17 00:00:00 2001
From: Dave Mc Nicoll <dave.mcnicoll@cslsj.qc.ca>
Date: Tue, 1 Apr 2025 19:16:30 +0000
Subject: [PATCH] - Unauthorize response now allows ResponseInterface as type

---
 src/Security/SecurityHandler.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/Security/SecurityHandler.php b/src/Security/SecurityHandler.php
index b41d182..437cac2 100644
--- a/src/Security/SecurityHandler.php
+++ b/src/Security/SecurityHandler.php
@@ -14,11 +14,11 @@ class SecurityHandler {
 
     protected ResponseInterface $redirectResponse;
 
-    protected ? \Closure $unauthorizeResponse;
+    protected \Closure|ResponseInterface|null $unauthorizeResponse;
 
     protected ? Taxus $taxus;
 
-    public function __construct(ResponseInterface $redirectResponse, ? \Closure $unauthorizeResponse = null, ? Taxus $taxus = null) {
+    public function __construct(ResponseInterface $redirectResponse, \Closure|ResponseInterface|null $unauthorizeResponse = null, ? Taxus $taxus = null) {
         $this->redirectResponse = $redirectResponse;
         $this->unauthorizeResponse = $unauthorizeResponse;
         $this->taxus = $taxus;
@@ -51,6 +51,10 @@ class SecurityHandler {
             }
 
             if ($this->unauthorizeResponse) {
+                if ($this->unauthorizeResponse instanceof ResponseInterface) {
+                    return $this->unauthorizeResponse;
+                }
+
                 return call_user_func_array($this->unauthorizeResponse, [ $user, ['method' => $fromMethod, 'object' => $fromObject ], $className, $methodName ]);
             }
             else {