page update

This commit is contained in:
2026-03-12 14:09:06 +01:00
parent 17a72af5f2
commit 0b9014dcbf
17 changed files with 634 additions and 196 deletions

View File

@@ -4,6 +4,8 @@ use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Content\PageService;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
@@ -18,8 +20,18 @@ if ($currentUserId <= 0) {
Router::redirect('login');
}
$return = Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? ''));
$canEdit = app(UiAccessService::class)->allow(
$currentUserId,
SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE
);
if (!$canEdit) {
http_response_code(403);
Flash::error(t('You are not allowed to edit this page'), $return, 'page_forbidden');
Router::redirect($return !== '' ? $return : '');
}
if (!Session::checkCsrfToken()) {
$return = Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? ''));
Flash::error(t('Form expired, please try again'), $return, 'page_csrf');
Router::redirect($return !== '' ? $return : '');
}
@@ -28,7 +40,6 @@ $slug = trim((string) (requestInput()->bodyAll()['slug'] ?? ''));
$fromLocale = trim((string) (requestInput()->bodyAll()['from_locale'] ?? (I18n::$locale ?? '')));
$toLocale = trim((string) (requestInput()->bodyAll()['to_locale'] ?? ''));
$return = Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? ''));
if ($return === '' && $slug !== '') {
$return = 'page/' . $slug;
}

View File

@@ -5,6 +5,8 @@ use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Content\PageService;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
@@ -28,7 +30,10 @@ if ($notFound) {
$user = $session['user'] ?? [];
$currentUserId = (int) ($user['id'] ?? 0);
$canEdit = $currentUserId > 0;
$canEdit = app(UiAccessService::class)->allow(
$currentUserId,
SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE
);
$returnPath = Request::path();
if ($returnPath === '') {
$returnPath = 'page/' . $slug;

View File

@@ -45,7 +45,7 @@
</section>
<?php if ($canEdit): ?>
<aside id="app-details-aside-section">
<div class="app-details-aside-section">
<div class="app-details-aside-section app-page-action-card">
<div class="grid">
<button type="button" class="secondary outline" data-tooltip-pos="top"