weitere updates für instanzierbarkeit und sauberes testing
This commit is contained in:
@@ -4,14 +4,25 @@ use MintyPHP\Buffer;
|
||||
use MintyPHP\Repository\Auth\ApiTokenRepository;
|
||||
use MintyPHP\Repository\Auth\RememberTokenRepository;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\PermissionService;
|
||||
use MintyPHP\Service\Access\AccessServicesFactory;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\SettingService;
|
||||
use MintyPHP\Service\Settings\SettingServicesFactory;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requirePermission(PermissionService::SETTINGS_VIEW);
|
||||
|
||||
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
|
||||
$authorizationService = (new AccessServicesFactory())->createAuthorizationService();
|
||||
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
$rememberTokenRepository = new RememberTokenRepository();
|
||||
$apiTokenRepository = new ApiTokenRepository();
|
||||
@@ -88,7 +99,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if (!isset($_POST['settings_submit'])) {
|
||||
Router::redirect('admin/settings');
|
||||
}
|
||||
Guard::requirePermission(PermissionService::SETTINGS_UPDATE);
|
||||
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$updateDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$defaultTenantId = (int) ($_POST['default_tenant_id'] ?? 0);
|
||||
$defaultRoleId = (int) ($_POST['default_role_id'] ?? 0);
|
||||
$defaultDepartmentId = (int) ($_POST['default_department_id'] ?? 0);
|
||||
|
||||
Reference in New Issue
Block a user