weitere updates für instanzierbarkeit und sauberes testing
This commit is contained in:
@@ -1,14 +1,15 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\PermissionService;
|
||||
use MintyPHP\Service\Access\AccessServicesFactory;
|
||||
use MintyPHP\Service\Access\UserAuthorizationPolicy;
|
||||
use MintyPHP\Service\Auth\AuthServicesFactory;
|
||||
use MintyPHP\Service\User\UserServicesFactory;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requirePermissionOrForbidden(PermissionService::API_TOKENS_MANAGE);
|
||||
$authorizationService = (new AccessServicesFactory())->createAuthorizationService();
|
||||
$userAccountService = (new UserServicesFactory())->createUserAccountService();
|
||||
$apiTokenService = (new AuthServicesFactory())->createApiTokenService();
|
||||
|
||||
@@ -20,6 +21,15 @@ if (!$user) {
|
||||
|
||||
$userId = (int) ($user['id'] ?? 0);
|
||||
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
|
||||
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
'target_user_id' => $userId,
|
||||
]);
|
||||
if (!$decision->isAllowed()) {
|
||||
Router::redirect('error/forbidden');
|
||||
return;
|
||||
}
|
||||
|
||||
$name = trim((string) ($_POST['token_name'] ?? ''));
|
||||
|
||||
if ($name === '') {
|
||||
|
||||
Reference in New Issue
Block a user