weitere updates für instanzierbarkeit und sauberes testing

This commit is contained in:
2026-02-24 08:49:40 +01:00
parent 7b53faca37
commit 16759a2732
119 changed files with 6371 additions and 745 deletions

View File

@@ -4,14 +4,25 @@ use MintyPHP\Buffer;
use MintyPHP\Repository\Auth\ApiTokenRepository;
use MintyPHP\Repository\Auth\RememberTokenRepository;
use MintyPHP\Router;
use MintyPHP\Service\Access\PermissionService;
use MintyPHP\Service\Access\AccessServicesFactory;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Service\Settings\SettingService;
use MintyPHP\Service\Settings\SettingServicesFactory;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
Guard::requireLogin();
Guard::requirePermission(PermissionService::SETTINGS_VIEW);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$authorizationService = (new AccessServicesFactory())->createAuthorizationService();
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
'actor_user_id' => $currentUserId,
]);
if (!$viewDecision->isAllowed()) {
Guard::deny();
}
$viewCapabilities = $viewDecision->attribute('capabilities', []);
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
$rememberTokenRepository = new RememberTokenRepository();
$apiTokenRepository = new ApiTokenRepository();
@@ -88,7 +99,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!isset($_POST['settings_submit'])) {
Router::redirect('admin/settings');
}
Guard::requirePermission(PermissionService::SETTINGS_UPDATE);
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
'actor_user_id' => $currentUserId,
]);
if (!$updateDecision->isAllowed()) {
Guard::deny();
}
$defaultTenantId = (int) ($_POST['default_tenant_id'] ?? 0);
$defaultRoleId = (int) ($_POST['default_role_id'] ?? 0);
$defaultDepartmentId = (int) ($_POST['default_department_id'] ?? 0);