refactor(settings): split admin/settings into hub + per-section subpages
Splits the 755-line monolithic settings page into a tile-based landing hub
and six focused subpages (general, security, email, api, sso, branding),
each with its own form, CSRF scope and POST handler. Each subpage offers
Save / Save & close buttons plus a Cancel/back link to the hub.
Backend (AdminSettingsService, gateways, policies, DB schema) unchanged.
A new settingsSectionMergePost() helper overlays section POSTs onto the
current DB values so partial saves don't wipe unrelated fields (the
service defaults missing keys to 0/empty).
Sub-action files (logo/favicon/tokens/lifecycle) redirect to the matching
subpage, and architecture contracts now check the subpage files instead
of the removed monolithic index.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 22:43:12 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
use MintyPHP\Buffer;
|
|
|
|
|
use MintyPHP\Http\SessionStoreInterface;
|
|
|
|
|
use MintyPHP\Router;
|
|
|
|
|
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
|
|
|
|
use MintyPHP\Service\Settings\AdminSettingsService;
|
|
|
|
|
use MintyPHP\Support\Flash;
|
|
|
|
|
use MintyPHP\Support\Guard;
|
|
|
|
|
|
|
|
|
|
$session = app(SessionStoreInterface::class)->all();
|
|
|
|
|
Guard::requireLogin();
|
|
|
|
|
$request = requestInput();
|
|
|
|
|
|
|
|
|
|
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
|
|
|
|
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
|
|
|
|
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
|
|
|
|
'actor_user_id' => $currentUserId,
|
|
|
|
|
]);
|
|
|
|
|
if (!$viewDecision->isAllowed()) {
|
|
|
|
|
Guard::deny();
|
|
|
|
|
}
|
|
|
|
|
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
|
|
|
|
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
|
|
|
|
|
|
|
|
|
$adminSettingsService = app(AdminSettingsService::class);
|
|
|
|
|
$pageData = $adminSettingsService->buildPageData();
|
|
|
|
|
$tenants = is_array($pageData['tenants'] ?? null) ? $pageData['tenants'] : [];
|
|
|
|
|
$roles = is_array($pageData['roles'] ?? null) ? $pageData['roles'] : [];
|
|
|
|
|
$departments = is_array($pageData['departments'] ?? null) ? $pageData['departments'] : [];
|
|
|
|
|
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
|
|
|
|
|
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
|
|
|
|
|
|
|
|
|
|
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/general', 'admin/settings/general', 'csrf_expired')) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($request->isMethod('POST')) {
|
|
|
|
|
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
|
|
|
|
'actor_user_id' => $currentUserId,
|
|
|
|
|
]);
|
|
|
|
|
if (!$updateDecision->isAllowed()) {
|
|
|
|
|
Guard::deny();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$sectionKeys = [
|
|
|
|
|
'default_tenant_id',
|
|
|
|
|
'default_role_id',
|
|
|
|
|
'default_department_id',
|
|
|
|
|
'app_title',
|
|
|
|
|
'app_locale',
|
2026-04-25 09:29:01 +02:00
|
|
|
'app_registration',
|
refactor(settings): split admin/settings into hub + per-section subpages
Splits the 755-line monolithic settings page into a tile-based landing hub
and six focused subpages (general, security, email, api, sso, branding),
each with its own form, CSRF scope and POST handler. Each subpage offers
Save / Save & close buttons plus a Cancel/back link to the hub.
Backend (AdminSettingsService, gateways, policies, DB schema) unchanged.
A new settingsSectionMergePost() helper overlays section POSTs onto the
current DB values so partial saves don't wipe unrelated fields (the
service defaults missing keys to 0/empty).
Sub-action files (logo/favicon/tokens/lifecycle) redirect to the matching
subpage, and architecture contracts now check the subpage files instead
of the removed monolithic index.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-24 22:43:12 +02:00
|
|
|
];
|
|
|
|
|
$mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys);
|
|
|
|
|
|
|
|
|
|
$updateResult = $adminSettingsService->updateFromAdmin($mergedPost);
|
|
|
|
|
$errorBag = formErrors();
|
|
|
|
|
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
|
|
|
|
|
if (is_array($error)) {
|
|
|
|
|
$message = trim((string) ($error['message'] ?? ''));
|
|
|
|
|
$field = trim((string) ($error['field'] ?? 'input'));
|
|
|
|
|
if ($message !== '') {
|
|
|
|
|
$errorBag->add($field !== '' ? $field : 'input', $message);
|
|
|
|
|
}
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
$message = trim((string) $error);
|
|
|
|
|
if ($message !== '') {
|
|
|
|
|
$errorBag->addGlobal($message);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($errorBag->hasAny()) {
|
|
|
|
|
flashFormErrors($errorBag, 'admin/settings/general', 'settings_update_error');
|
|
|
|
|
Router::redirect('admin/settings/general');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$redirectTarget = ((string) $request->body('action', 'save') === 'save_close')
|
|
|
|
|
? 'admin/settings'
|
|
|
|
|
: 'admin/settings/general';
|
|
|
|
|
Flash::success('Settings updated', $redirectTarget, 'settings_updated');
|
|
|
|
|
Router::redirect($redirectTarget);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Buffer::set('title', t('General settings'));
|
|
|
|
|
|
|
|
|
|
$breadcrumbs = [
|
|
|
|
|
['label' => t('Home'), 'path' => 'admin'],
|
|
|
|
|
['label' => t('Settings'), 'path' => 'admin/settings'],
|
|
|
|
|
['label' => t('General')],
|
|
|
|
|
];
|