weitere updates für instanzierbarkeit und sauberes testing
This commit is contained in:
@@ -1,12 +1,27 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Service\Access\PermissionService;
|
||||
use MintyPHP\Http\Request;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\AccessServicesFactory;
|
||||
use MintyPHP\Service\Access\UserAuthorizationPolicy;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requirePermissionOrForbidden(PermissionService::USERS_VIEW);
|
||||
$authorizationService = (new AccessServicesFactory())->createAuthorizationService();
|
||||
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [
|
||||
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0),
|
||||
]);
|
||||
if (!$decision->isAllowed()) {
|
||||
if (Request::wantsJson()) {
|
||||
http_response_code($decision->status());
|
||||
Router::json(['error' => $decision->error()]);
|
||||
return;
|
||||
}
|
||||
Router::redirect('error/forbidden?url=' . urlencode(Request::pathWithQuery()));
|
||||
return;
|
||||
}
|
||||
|
||||
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
|
||||
if ($currentUserId > 0) {
|
||||
|
||||
Reference in New Issue
Block a user