refactor(pages): replace superglobals with request/session abstractions

This commit is contained in:
2026-03-06 11:28:22 +01:00
parent ebf15081e1
commit 205da203cc
87 changed files with 368 additions and 127 deletions

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\AuthorizationService; use MintyPHP\Service\Access\AuthorizationService;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$user = $_SESSION['user'] ?? []; $user = $session['user'] ?? [];
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$uuid = trim((string) ($user['uuid'] ?? '')); $uuid = trim((string) ($user['uuid'] ?? ''));
if ($uuid === '') { if ($uuid === '') {

View File

@@ -1,9 +1,11 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\OperationsAuthorizationPolicy; use MintyPHP\Service\Access\OperationsAuthorizationPolicy;
use MintyPHP\Service\AddressBook\AddressBookServicesFactory; use MintyPHP\Service\AddressBook\AddressBookServicesFactory;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbilityOrForbidden(OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); Guard::requireAbilityOrForbidden(OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
gridRequireGetRequest(); gridRequireGetRequest();
@@ -19,7 +21,7 @@ foreach ($query as $rawKey => $rawValue) {
$filters[$key] = $rawValue; $filters[$key] = $rawValue;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$addressBookService = (app(AddressBookServicesFactory::class))->createAddressBookService(); $addressBookService = (app(AddressBookServicesFactory::class))->createAddressBookService();
$result = $addressBookService->buildGridResult($currentUserId, $filters); $result = $addressBookService->buildGridResult($currentUserId, $filters);
gridJsonDataResult( gridJsonDataResult(

View File

@@ -1,16 +1,18 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\AddressBook\AddressBookServicesFactory; use MintyPHP\Service\AddressBook\AddressBookServicesFactory;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
$filterSchema = require __DIR__ . '/filter-schema.php'; $filterSchema = require __DIR__ . '/filter-schema.php';
$query = requestInput()->queryAll(); $query = requestInput()->queryAll();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$addressBookService = (app(AddressBookServicesFactory::class))->createAddressBookService(); $addressBookService = (app(AddressBookServicesFactory::class))->createAddressBookService();
$context = $addressBookService->buildIndexContext($currentUserId, $query); $context = $addressBookService->buildIndexContext($currentUserId, $query);
$activeTenants = $context['activeTenants'] ?? []; $activeTenants = $context['activeTenants'] ?? [];
@@ -113,7 +115,7 @@ $filterChipMeta = [
]; ];
$csrfKey = Session::$csrfSessionKey; $csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? ''; $csrfToken = $session[$csrfKey] ?? '';
Buffer::set('title', t('Address book')); Buffer::set('title', t('Address book'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));

View File

@@ -1,11 +1,15 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\User\UserServicesFactory; use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
@@ -87,7 +91,7 @@ if (!Session::checkCsrfToken()) {
return; return;
} }
$userId = (int) ($_SESSION['user']['id'] ?? 0); $userId = (int) ($session['user']['id'] ?? 0);
if ($userId <= 0) { if ($userId <= 0) {
Router::redirect('login'); Router::redirect('login');
return; return;
@@ -102,7 +106,7 @@ if ($uuid === '') {
$deleted = $userSavedFilterService->deleteAddressBookFilter($userId, $uuid); $deleted = $userSavedFilterService->deleteAddressBookFilter($userId, $uuid);
if ($deleted) { if ($deleted) {
$_SESSION['address_book_saved_filters'] = $userSavedFilterService->listForAddressBook($userId); $sessionStore->set('address_book_saved_filters', $userSavedFilterService->listForAddressBook($userId));
Flash::success(t('Filter deleted'), 'address-book', 'address_book_saved_filter_deleted'); Flash::success(t('Filter deleted'), 'address-book', 'address_book_saved_filter_deleted');
} }

View File

@@ -1,11 +1,15 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\User\UserServicesFactory; use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
@@ -87,7 +91,7 @@ if (!Session::checkCsrfToken()) {
return; return;
} }
$userId = (int) ($_SESSION['user']['id'] ?? 0); $userId = (int) ($session['user']['id'] ?? 0);
if ($userId <= 0) { if ($userId <= 0) {
Router::redirect('login'); Router::redirect('login');
return; return;
@@ -111,6 +115,6 @@ if (!($result['ok'] ?? false)) {
return; return;
} }
$_SESSION['address_book_saved_filters'] = $userSavedFilterService->listForAddressBook($userId); $sessionStore->set('address_book_saved_filters', $userSavedFilterService->listForAddressBook($userId));
Flash::success(t('Filter saved'), 'address-book', 'address_book_saved_filter_saved'); Flash::success(t('Filter saved'), 'address-book', 'address_book_saved_filter_saved');
Router::redirect($redirect); Router::redirect($redirect);

View File

@@ -1,14 +1,16 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$uuid = trim((string) ($id ?? '')); $uuid = trim((string) ($id ?? ''));
if ($uuid === '') { if ($uuid === '') {
Router::redirect('address-book'); Router::redirect('address-book');

View File

@@ -1,15 +1,17 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Service\Audit\ApiAuditService; use MintyPHP\Service\Audit\ApiAuditService;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_API_AUDIT_VIEW); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_API_AUDIT_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0), (int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_AUDIT_PURGE UiCapabilityMap::PAGE_AUDIT_PURGE
); );

View File

@@ -1,18 +1,20 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy; use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$tenantService = app(\MintyPHP\Service\Tenant\TenantService::class); $tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
$directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class); $directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class); $departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_CREATE, [ $decision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_CREATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,12 +1,14 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy; use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
gridRequireGetRequest(); gridRequireGetRequest();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = Guard::requireAbilityDecisionOrForbidden(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW); $decision = Guard::requireAbilityDecisionOrForbidden(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW);
$capabilities = $decision->attribute('capabilities', []); $capabilities = $decision->attribute('capabilities', []);
$tenantIds = is_array($capabilities) ? array_values(array_unique(array_map('intval', (array) ($capabilities['allowed_tenant_ids'] ?? [])))) : []; $tenantIds = is_array($capabilities) ? array_values(array_unique(array_map('intval', (array) ($capabilities['allowed_tenant_ids'] ?? [])))) : [];

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy; use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
@@ -14,7 +16,7 @@ if ($uuid === '') {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$department = app(\MintyPHP\Service\Org\DepartmentService::class)->findByUuid($uuid); $department = app(\MintyPHP\Service\Org\DepartmentService::class)->findByUuid($uuid);
if (!$department) { if (!$department) {
Flash::error('Department not found', 'admin/departments', 'department_not_found'); Flash::error('Department not found', 'admin/departments', 'department_not_found');

View File

@@ -1,16 +1,18 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy; use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
if ($currentUserId > 0) { if ($currentUserId > 0) {
app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId); app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId);
} }

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy; use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW, [ $decision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
@@ -42,7 +44,7 @@ usort($tenants, static function ($a, $b) {
Buffer::set('title', t('Departments')); Buffer::set('title', t('Departments'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey; $csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? ''; $csrfToken = $session[$csrfKey] ?? '';
Buffer::set( Buffer::set(
'grid_csrf', 'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,15 +1,17 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Service\Audit\ImportAuditService; use MintyPHP\Service\Audit\ImportAuditService;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_AUDIT_VIEW); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_AUDIT_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0), (int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_AUDIT_PURGE UiCapabilityMap::PAGE_AUDIT_PURGE
); );

View File

@@ -1,15 +1,17 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Import\ImportService; use MintyPHP\Service\Import\ImportService;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_VIEW); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_VIEW);
$request = requestInput(); $request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$importService = app(ImportService::class); $importService = app(ImportService::class);
$profileOptions = []; $profileOptions = [];
@@ -46,7 +48,7 @@ $preview = null;
$result = null; $result = null;
$csrfKey = Session::$csrfSessionKey; $csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? ''; $csrfToken = $session[$csrfKey] ?? '';
$hasImportPermission = static function (string $type) use ($currentUserId, $importService): bool { $hasImportPermission = static function (string $type) use ($currentUserId, $importService): bool {
$permission = $importService->requiredPermissionForType($type); $permission = $importService->requiredPermissionForType($type);

View File

@@ -1,7 +1,9 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true); define('MINTY_ALLOW_OUTPUT', true);
Guard::requireLogin(); Guard::requireLogin();
@@ -16,7 +18,7 @@ if (!$profile) {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$ability = match ($type) { $ability = match ($type) {
'users' => \MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_TYPE_USERS, 'users' => \MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_TYPE_USERS,
'departments' => \MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_TYPE_DEPARTMENTS, 'departments' => \MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_TYPE_DEPARTMENTS,

View File

@@ -1,11 +1,13 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$user = $_SESSION['user'] ?? null; $user = $session['user'] ?? null;
$first_name = $user['first_name'] ?? ''; $first_name = $user['first_name'] ?? '';
Buffer::set('title', t('Admin')); Buffer::set('title', t('Admin'));

View File

@@ -1,9 +1,11 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_MAIL_LOG_VIEW); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_MAIL_LOG_VIEW);
$filterSchema = require __DIR__ . '/filter-schema.php'; $filterSchema = require __DIR__ . '/filter-schema.php';
@@ -41,7 +43,7 @@ $searchConfig = $listFilterContext['searchConfig'];
Buffer::set('title', t('Mail logs')); Buffer::set('title', t('Mail logs'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey; $csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? ''; $csrfToken = $session[$csrfKey] ?? '';
Buffer::set( Buffer::set(
'grid_csrf', 'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,15 +1,17 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\PermissionAuthorizationPolicy; use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_CREATE, [ $decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_CREATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\PermissionAuthorizationPolicy; use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
use MintyPHP\Service\Access\PermissionGateway; use MintyPHP\Service\Access\PermissionGateway;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_DELETE, [ $decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_DELETE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,16 +1,18 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Repository\Access\RoleRepository; use MintyPHP\Repository\Access\RoleRepository;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\PermissionAuthorizationPolicy; use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$id = (int) ($id ?? 0); $id = (int) ($id ?? 0);

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\PermissionAuthorizationPolicy; use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_VIEW, [ $decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_VIEW, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
@@ -49,7 +51,7 @@ $searchConfig = $listFilterContext['searchConfig'];
Buffer::set('title', t('Permissions')); Buffer::set('title', t('Permissions'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey; $csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? ''; $csrfToken = $session[$csrfKey] ?? '';
Buffer::set( Buffer::set(
'grid_csrf', 'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,15 +1,17 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\RoleAuthorizationPolicy; use MintyPHP\Service\Access\RoleAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_CREATE, [ $decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_CREATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\RoleAuthorizationPolicy; use MintyPHP\Service\Access\RoleAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_DELETE, [ $decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_DELETE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,15 +1,17 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\RoleAuthorizationPolicy; use MintyPHP\Service\Access\RoleAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$permissionRepository = app(\MintyPHP\Repository\Access\PermissionRepository::class); $permissionRepository = app(\MintyPHP\Repository\Access\PermissionRepository::class);
$rolePermissionRepository = app(\MintyPHP\Repository\Access\RolePermissionRepository::class); $rolePermissionRepository = app(\MintyPHP\Repository\Access\RolePermissionRepository::class);

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\RoleAuthorizationPolicy; use MintyPHP\Service\Access\RoleAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_VIEW, [ $decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_VIEW, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
@@ -49,7 +51,7 @@ $searchConfig = $listFilterContext['searchConfig'];
Buffer::set('title', t('Roles')); Buffer::set('title', t('Roles'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey; $csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? ''; $csrfToken = $session[$csrfKey] ?? '';
Buffer::set( Buffer::set(
'grid_csrf', 'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,11 +1,13 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW);
@@ -18,7 +20,7 @@ if (!$job) {
Router::redirect('admin/scheduled-jobs'); Router::redirect('admin/scheduled-jobs');
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$canManage = $authorizationService->authorize(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_MANAGE, [ $canManage = $authorizationService->authorize(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_MANAGE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0), (int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_AUDIT_PURGE UiCapabilityMap::PAGE_AUDIT_PURGE
); );
$filterSchema = require __DIR__ . '/filter-schema.php'; $filterSchema = require __DIR__ . '/filter-schema.php';

View File

@@ -2,11 +2,13 @@
use MintyPHP\Domain\Taxonomy\ScheduledJobRunStatus; use MintyPHP\Domain\Taxonomy\ScheduledJobRunStatus;
use MintyPHP\Domain\Taxonomy\SchedulerRuntimeResult; use MintyPHP\Domain\Taxonomy\SchedulerRuntimeResult;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_RUN_NOW); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_RUN_NOW);
@@ -21,7 +23,7 @@ if (!Session::checkCsrfToken()) {
Router::redirect("admin/scheduled-jobs/edit/$jobId"); Router::redirect("admin/scheduled-jobs/edit/$jobId");
} }
$result = app(\MintyPHP\Service\Scheduler\SchedulerRunService::class)->runJobNow($jobId, (int) ($_SESSION['user']['id'] ?? 0)); $result = app(\MintyPHP\Service\Scheduler\SchedulerRunService::class)->runJobNow($jobId, (int) ($session['user']['id'] ?? 0));
if (!($result['ok'] ?? false)) { if (!($result['ok'] ?? false)) {
$error = (string) ($result['error'] ?? ''); $error = (string) ($result['error'] ?? '');
if ($error === SchedulerRuntimeResult::LockNotAcquired->value) { if ($error === SchedulerRuntimeResult::LockNotAcquired->value) {

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n; use MintyPHP\I18n;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Search\SearchDataService; use MintyPHP\Service\Search\SearchDataService;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
gridRequireGetRequest(); gridRequireGetRequest();
@@ -14,7 +16,7 @@ if ($filters['q'] === '') {
Router::json([]); Router::json([]);
} }
$userId = (int) ($_SESSION['user']['id'] ?? 0); $userId = (int) ($session['user']['id'] ?? 0);
$locale = I18n::$locale ?? (I18n::$defaultLocale ?? 'de'); $locale = I18n::$locale ?? (I18n::$defaultLocale ?? 'de');
$result = app(SearchDataService::class)->buildPreviewData($userId, $filters['q'], $locale, 5); $result = app(SearchDataService::class)->buildPreviewData($userId, $filters['q'], $locale, 5);

View File

@@ -1,14 +1,16 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy; use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE, [ $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy; use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [ $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy; use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [ $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,16 +1,18 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy; use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Service\Settings\AdminSettingsService; use MintyPHP\Service\Settings\AdminSettingsService;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [ $viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy; use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [ $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy; use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [ $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy; use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE, [ $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy; use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_USER_LIFECYCLE_RUN, [ $decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_USER_LIFECYCLE_RUN, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,17 +1,19 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_STATS_VIEW); Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_STATS_VIEW);
$viewData = app(\MintyPHP\Service\Stats\AdminStatsViewDataService::class)->build(); $viewData = app(\MintyPHP\Service\Stats\AdminStatsViewDataService::class)->build();
if ($viewData) { if ($viewData) {
extract($viewData, EXTR_SKIP); extract($viewData, EXTR_SKIP);
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities($currentUserId, UiCapabilityMap::PAGE_STATS_INDEX); $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities($currentUserId, UiCapabilityMap::PAGE_STATS_INDEX);
Buffer::set('title', t('Statistics')); Buffer::set('title', t('Statistics'));

View File

@@ -1,17 +1,19 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\OperationsAuthorizationPolicy; use MintyPHP\Service\Access\OperationsAuthorizationPolicy;
use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Service\Audit\SystemAuditService; use MintyPHP\Service\Audit\SystemAuditService;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(OperationsAuthorizationPolicy::ABILITY_ADMIN_SYSTEM_AUDIT_VIEW); Guard::requireAbility(OperationsAuthorizationPolicy::ABILITY_ADMIN_SYSTEM_AUDIT_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0), (int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_SYSTEM_AUDIT UiCapabilityMap::PAGE_SYSTEM_AUDIT
); );

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantAvatarService = app(\MintyPHP\Service\Tenant\TenantAvatarService::class); $tenantAvatarService = app(\MintyPHP\Service\Tenant\TenantAvatarService::class);
@@ -25,7 +27,7 @@ if (!$tenantAvatarService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0); $tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId, 'target_tenant_id' => $tenantId,

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantAvatarService = app(\MintyPHP\Service\Tenant\TenantAvatarService::class); $tenantAvatarService = app(\MintyPHP\Service\Tenant\TenantAvatarService::class);
@@ -25,7 +27,7 @@ if (!$tenantAvatarService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0); $tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId, 'target_tenant_id' => $tenantId,

View File

@@ -1,8 +1,10 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true); define('MINTY_ALLOW_OUTPUT', true);
Guard::requireLogin(); Guard::requireLogin();
@@ -18,7 +20,7 @@ if (!$tenantAvatarService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0); $tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
if ($tenantId <= 0) { if ($tenantId <= 0) {
http_response_code(404); http_response_code(404);
return; return;

View File

@@ -1,15 +1,17 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CREATE, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CREATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,5 +1,6 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Service\CustomField\TenantCustomFieldService; use MintyPHP\Service\CustomField\TenantCustomFieldService;
@@ -7,6 +8,7 @@ use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
@@ -21,7 +23,7 @@ if (!$tenant) {
} }
$tenantId = (int) ($tenant['id'] ?? 0); $tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId, 'target_tenant_id' => $tenantId,

View File

@@ -1,5 +1,6 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Service\CustomField\TenantCustomFieldService; use MintyPHP\Service\CustomField\TenantCustomFieldService;
@@ -7,6 +8,7 @@ use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantCustomFieldService = app(TenantCustomFieldService::class); $tenantCustomFieldService = app(TenantCustomFieldService::class);
@@ -21,7 +23,7 @@ if ($tenantId <= 0) {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId, 'target_tenant_id' => $tenantId,

View File

@@ -1,5 +1,6 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Service\CustomField\TenantCustomFieldService; use MintyPHP\Service\CustomField\TenantCustomFieldService;
@@ -7,6 +8,7 @@ use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
@@ -20,7 +22,7 @@ if ($tenantId <= 0) {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId, 'target_tenant_id' => $tenantId,

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
@@ -21,7 +23,7 @@ if (!$tenant) {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$tenantId = (int) ($tenant['id'] ?? 0); $tenantId = (int) ($tenant['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_DELETE, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_DELETE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,16 +1,18 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Service\CustomField\TenantCustomFieldService; use MintyPHP\Service\CustomField\TenantCustomFieldService;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
if ($currentUserId > 0) { if ($currentUserId > 0) {
app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId); app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId);
} }

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantFaviconService = app(\MintyPHP\Service\Tenant\TenantFaviconService::class); $tenantFaviconService = app(\MintyPHP\Service\Tenant\TenantFaviconService::class);
@@ -25,7 +27,7 @@ if (!$tenantFaviconService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0); $tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId, 'target_tenant_id' => $tenantId,

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantFaviconService = app(\MintyPHP\Service\Tenant\TenantFaviconService::class); $tenantFaviconService = app(\MintyPHP\Service\Tenant\TenantFaviconService::class);
@@ -25,7 +27,7 @@ if (!$tenantFaviconService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0); $tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId, 'target_tenant_id' => $tenantId,

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\TenantAuthorizationPolicy; use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_VIEW, [ $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_VIEW, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
@@ -46,7 +48,7 @@ $searchConfig = $listFilterContext['searchConfig'];
Buffer::set('title', t('Tenants')); Buffer::set('title', t('Tenants'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey; $csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? ''; $csrfToken = $session[$csrfKey] ?? '';
Buffer::set( Buffer::set(
'grid_csrf', 'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -4,15 +4,17 @@ use MintyPHP\Buffer;
use MintyPHP\Domain\Taxonomy\UserLifecycleAction; use MintyPHP\Domain\Taxonomy\UserLifecycleAction;
use MintyPHP\Domain\Taxonomy\UserLifecycleStatus; use MintyPHP\Domain\Taxonomy\UserLifecycleStatus;
use MintyPHP\Domain\Taxonomy\UserLifecycleTriggerType; use MintyPHP\Domain\Taxonomy\UserLifecycleTriggerType;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Service\Audit\UserLifecycleAuditService; use MintyPHP\Service\Audit\UserLifecycleAuditService;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USER_LIFECYCLE_AUDIT_VIEW); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USER_LIFECYCLE_AUDIT_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0), (int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_AUDIT_PURGE UiCapabilityMap::PAGE_AUDIT_PURGE
); );

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USERS_LIFECYCLE_RESTORE); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USERS_LIFECYCLE_RESTORE);
@@ -22,7 +24,7 @@ if (!Session::checkCsrfToken()) {
$result = app(\MintyPHP\Service\User\UserLifecycleRestoreService::class)->restoreFromLifecycleAudit( $result = app(\MintyPHP\Service\User\UserLifecycleRestoreService::class)->restoreFromLifecycleAudit(
$auditId, $auditId,
(int) ($_SESSION['user']['id'] ?? 0) (int) ($session['user']['id'] ?? 0)
); );
if (!($result['ok'] ?? false)) { if (!($result['ok'] ?? false)) {

View File

@@ -2,12 +2,14 @@
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Domain\Taxonomy\UserLifecycleAction; use MintyPHP\Domain\Taxonomy\UserLifecycleAction;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USER_LIFECYCLE_AUDIT_VIEW); Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USER_LIFECYCLE_AUDIT_VIEW);
@@ -24,7 +26,7 @@ if ((string) ($auditLog['action'] ?? '') === UserLifecycleAction::Delete->value)
$snapshot = $auditService->decryptSnapshot($auditLog); $snapshot = $auditService->decryptSnapshot($auditLog);
} }
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities( $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0), (int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_USER_LIFECYCLE_VIEW UiCapabilityMap::PAGE_USER_LIFECYCLE_VIEW
); );

View File

@@ -1,11 +1,13 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Service\User\UserAccessPdfService; use MintyPHP\Service\User\UserAccessPdfService;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true); define('MINTY_ALLOW_OUTPUT', true);
// Hard gate: user must be logged in and explicitly allowed to generate access PDFs. // Hard gate: user must be logged in and explicitly allowed to generate access PDFs.
@@ -38,7 +40,7 @@ if (!$user) {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -1,17 +1,19 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Service\User\UserAccessPdfService; use MintyPHP\Service\User\UserAccessPdfService;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true); define('MINTY_ALLOW_OUTPUT', true);
// Hard gate: user must be logged in and explicitly allowed to generate access PDFs. // Hard gate: user must be logged in and explicitly allowed to generate access PDFs.
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF_BULK, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF_BULK, [
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0), 'actor_user_id' => (int) ($session['user']['id'] ?? 0),
]); ]);
if (!$decision->isAllowed()) { if (!$decision->isAllowed()) {
Router::redirect('error/forbidden'); Router::redirect('error/forbidden');
@@ -49,7 +51,7 @@ if (count($uuids) > 100) {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$users = []; $users = [];
foreach ($uuids as $uuid) { foreach ($uuids as $uuid) {
$user = $userAccountService->findByUuid($uuid); $user = $userAccountService->findByUuid($uuid);

View File

@@ -1,11 +1,13 @@
<?php <?php
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -29,7 +31,7 @@ if (!Session::checkCsrfToken()) {
} }
$uuid = trim((string) ($id ?? '')); $uuid = trim((string) ($id ?? ''));
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACTIVATE, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACTIVATE, [

View File

@@ -1,10 +1,14 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -17,7 +21,7 @@ if (!$user) {
} }
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_user_id' => $userId, 'target_user_id' => $userId,
@@ -37,7 +41,7 @@ if ($name === '') {
$result = $apiTokenService->create($userId, $name, null, null, $currentUserId); $result = $apiTokenService->create($userId, $name, null, null, $currentUserId);
if ($result['ok'] ?? false) { if ($result['ok'] ?? false) {
$_SESSION['api_token_created'] = ['token' => $result['token'], 'uuid' => $uuid]; $sessionStore->set('api_token_created', ['token' => $result['token'], 'uuid' => $uuid]);
Flash::success(t('API token created. Copy it now — it will not be shown again.'), "admin/users/edit/{$uuid}", 'api_token_created'); Flash::success(t('API token created. Copy it now — it will not be shown again.'), "admin/users/edit/{$uuid}", 'api_token_created');
} else { } else {
$error = $result['error'] ?? 'create_failed'; $error = $result['error'] ?? 'create_failed';

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -17,7 +19,7 @@ if (!$user) {
} }
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_user_id' => $userId, 'target_user_id' => $userId,

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -24,7 +26,7 @@ if (!$userAvatarService->isValidUuid($uuid)) {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_UPLOAD, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_UPLOAD, [

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -24,7 +26,7 @@ if (!$userAvatarService->isValidUuid($uuid)) {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_DELETE, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_DELETE, [

View File

@@ -1,8 +1,10 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true); define('MINTY_ALLOW_OUTPUT', true);
Guard::requireLogin(); Guard::requireLogin();
@@ -17,7 +19,7 @@ if (!$userAvatarService->isValidUuid($uuid)) {
return; return;
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_VIEW, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_VIEW, [

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Service\User\UserAccessTemplateService; use MintyPHP\Service\User\UserAccessTemplateService;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$action = strtolower(trim((string) ($action ?? ''))); $action = strtolower(trim((string) ($action ?? '')));
@@ -25,7 +27,7 @@ if (!$uuids) {
Router::json(['ok' => false, 'error' => 'no_selection']); Router::json(['ok' => false, 'error' => 'no_selection']);
} }
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_BULK, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_BULK, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,

View File

@@ -2,6 +2,7 @@
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n; use MintyPHP\I18n;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiAccessService;
@@ -11,11 +12,12 @@ use MintyPHP\Service\CustomField\UserCustomFieldValueService;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_CREATE, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_CREATE, [
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0), 'actor_user_id' => (int) ($session['user']['id'] ?? 0),
]); ]);
if (!$decision->isAllowed()) { if (!$decision->isAllowed()) {
if (Request::wantsJson()) { if (Request::wantsJson()) {
@@ -38,7 +40,7 @@ $tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
$roleService = app(\MintyPHP\Service\Access\RoleService::class); $roleService = app(\MintyPHP\Service\Access\RoleService::class);
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class); $departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$uiAccessService = app(UiAccessService::class); $uiAccessService = app(UiAccessService::class);
$viewAuth['page'] = $uiAccessService->pageCapabilities($currentUserId, UiCapabilityMap::PAGE_USERS_CREATE); $viewAuth['page'] = $uiAccessService->pageCapabilities($currentUserId, UiCapabilityMap::PAGE_USERS_CREATE);
$pageAuth = is_array($viewAuth['page'] ?? null) ? $viewAuth['page'] : []; $pageAuth = is_array($viewAuth['page'] ?? null) ? $viewAuth['page'] : [];

View File

@@ -1,8 +1,10 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
Guard::requireAbilityOrForbidden(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW); Guard::requireAbilityOrForbidden(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW);
@@ -11,7 +13,7 @@ gridRequireGetRequest();
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
$userAvatarService = app(\MintyPHP\Service\User\UserAvatarService::class); $userAvatarService = app(\MintyPHP\Service\User\UserAvatarService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php'); $filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php');

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -15,7 +17,7 @@ if ((requestInput()->method()) !== 'POST') {
} }
$uuid = trim((string) ($id ?? '')); $uuid = trim((string) ($id ?? ''));
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$errorBag = formErrors(); $errorBag = formErrors();

View File

@@ -1,11 +1,13 @@
<?php <?php
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -16,7 +18,7 @@ if ((requestInput()->method()) !== 'POST') {
} }
$uuid = trim((string) ($id ?? '')); $uuid = trim((string) ($id ?? ''));
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$errorBag = formErrors(); $errorBag = formErrors();

View File

@@ -1,6 +1,7 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n; use MintyPHP\I18n;
use MintyPHP\Repository\Auth\PasswordResetRepository; use MintyPHP\Repository\Auth\PasswordResetRepository;
use MintyPHP\Repository\Auth\RememberTokenRepository; use MintyPHP\Repository\Auth\RememberTokenRepository;
@@ -10,6 +11,9 @@ use MintyPHP\Service\CustomField\UserCustomFieldValueService;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin(); Guard::requireLogin();
$request = requestInput(); $request = requestInput();
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -31,7 +35,7 @@ $departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
$passwordMinLength = $userPasswordPolicyService->minLength(); $passwordMinLength = $userPasswordPolicyService->minLength();
$passwordHints = $userPasswordPolicyService->hints(); $passwordHints = $userPasswordPolicyService->hints();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$uuid = trim((string) ($id ?? '')); $uuid = trim((string) ($id ?? ''));
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
if (!$user) { if (!$user) {
@@ -269,10 +273,18 @@ if ($request->hasBody('email')) {
if ($currentUserId === $userId && isset($form['theme'])) { if ($currentUserId === $userId && isset($form['theme'])) {
$themes = appThemes(); $themes = appThemes();
$themeValue = strtolower(trim((string) ($form['theme'] ?? ''))); $themeValue = strtolower(trim((string) ($form['theme'] ?? '')));
$_SESSION['user']['theme'] = isset($themes[$themeValue]) ? $themeValue : appDefaultTheme(); $userSession = $sessionStore->get('user', []);
if (is_array($userSession)) {
$userSession['theme'] = isset($themes[$themeValue]) ? $themeValue : appDefaultTheme();
$sessionStore->set('user', $userSession);
}
} }
if ($currentUserId === $userId && isset($form['locale'])) { if ($currentUserId === $userId && isset($form['locale'])) {
$_SESSION['user']['locale'] = $form['locale']; $userSession = $sessionStore->get('user', []);
if (is_array($userSession)) {
$userSession['locale'] = $form['locale'];
$sessionStore->set('user', $userSession);
}
I18n::$locale = $form['locale']; I18n::$locale = $form['locale'];
} }
if (!$errorBag->hasAny()) { if (!$errorBag->hasAny()) {

View File

@@ -1,14 +1,16 @@
<?php <?php
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0), 'actor_user_id' => (int) ($session['user']['id'] ?? 0),
]); ]);
if (!$decision->isAllowed()) { if (!$decision->isAllowed()) {
if (Request::wantsJson()) { if (Request::wantsJson()) {
@@ -21,7 +23,7 @@ if (!$decision->isAllowed()) {
} }
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$search = trim((string) (requestInput()->queryAll()['search'] ?? '')); $search = trim((string) (requestInput()->queryAll()['search'] ?? ''));
$order = (string) (requestInput()->queryAll()['order'] ?? 'id'); $order = (string) (requestInput()->queryAll()['order'] ?? 'id');

View File

@@ -1,10 +1,12 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -18,7 +20,7 @@ if (!$user) {
} }
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_FORGET_TOKENS, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_FORGET_TOKENS, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_user_id' => $userId, 'target_user_id' => $userId,

View File

@@ -2,6 +2,7 @@
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UiAccessService; use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap; use MintyPHP\Service\Access\UiCapabilityMap;
@@ -9,10 +10,11 @@ use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0), 'actor_user_id' => (int) ($session['user']['id'] ?? 0),
]); ]);
if (!$decision->isAllowed()) { if (!$decision->isAllowed()) {
if (Request::wantsJson()) { if (Request::wantsJson()) {
@@ -38,7 +40,7 @@ $filterState = gridParseFilters($query, [
'search' => ['type' => 'string'], 'search' => ['type' => 'string'],
]); ]);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$allowedTenantIds = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->getUserTenantIds($currentUserId); $allowedTenantIds = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->getUserTenantIds($currentUserId);
$uiAccessService = app(UiAccessService::class); $uiAccessService = app(UiAccessService::class);
$selfEditDecision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT, [ $selfEditDecision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT, [
@@ -56,7 +58,7 @@ $viewAuth['page'] = [
Buffer::set('title', t('Users')); Buffer::set('title', t('Users'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey; $csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? ''; $csrfToken = $session[$csrfKey] ?? '';
Buffer::set( Buffer::set(
'grid_csrf', 'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,11 +1,13 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy; use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Service\User\UserAccessTemplateService; use MintyPHP\Service\User\UserAccessTemplateService;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -20,7 +22,7 @@ if (!$user) {
} }
$userId = (int) ($user['id'] ?? 0); $userId = (int) ($user['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_SEND_ACCESS, [ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_SEND_ACCESS, [
'actor_user_id' => $currentUserId, 'actor_user_id' => $currentUserId,
'target_user_id' => $userId, 'target_user_id' => $userId,

View File

@@ -1,10 +1,14 @@
<?php <?php
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin(); Guard::requireLogin();
$userTenantContextService = app(\MintyPHP\Service\User\UserTenantContextService::class); $userTenantContextService = app(\MintyPHP\Service\User\UserTenantContextService::class);
$errorBag = formErrors(); $errorBag = formErrors();
@@ -26,7 +30,7 @@ if (!Session::checkCsrfToken()) {
return; return;
} }
$userId = (int) ($_SESSION['user']['id'] ?? 0); $userId = (int) ($session['user']['id'] ?? 0);
if ($userId <= 0) { if ($userId <= 0) {
http_response_code(401); http_response_code(401);
if (Request::wantsJson()) { if (Request::wantsJson()) {
@@ -67,16 +71,18 @@ if (!($result['ok'] ?? false)) {
} }
// Update session with new current tenant // Update session with new current tenant
if (isset($_SESSION['user'])) { if (isset($session['user']) && is_array($session['user'])) {
$_SESSION['user']['current_tenant_id'] = $tenantId; $userSession = $session['user'];
$userSession['current_tenant_id'] = $tenantId;
$sessionStore->set('user', $userSession);
} }
// Update session with full tenant data // Update session with full tenant data
$_SESSION['current_tenant'] = $result['tenant'] ?? null; $sessionStore->set('current_tenant', $result['tenant'] ?? null);
// Reload available tenants and departments // Reload available tenants and departments
$_SESSION['available_tenants'] = $userTenantContextService->getAvailableTenants($userId); $sessionStore->set('available_tenants', $userTenantContextService->getAvailableTenants($userId));
$_SESSION['available_departments_by_tenant'] = $userTenantContextService->getAvailableDepartmentsByTenant($userId); $sessionStore->set('available_departments_by_tenant', $userTenantContextService->getAvailableDepartmentsByTenant($userId));
if (Request::wantsJson()) { if (Request::wantsJson()) {
Router::json([ Router::json([

View File

@@ -1,10 +1,14 @@
<?php <?php
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin(); Guard::requireLogin();
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
$errorBag = formErrors(); $errorBag = formErrors();
@@ -24,7 +28,7 @@ if (!Session::checkCsrfToken()) {
return; return;
} }
$userId = (int) ($_SESSION['user']['id'] ?? 0); $userId = (int) ($session['user']['id'] ?? 0);
if ($userId <= 0) { if ($userId <= 0) {
http_response_code(401); http_response_code(401);
if (Request::wantsJson()) { if (Request::wantsJson()) {
@@ -70,7 +74,11 @@ if (!$updated) {
return; return;
} }
$_SESSION['user']['theme'] = $theme; $userSession = $sessionStore->get('user', []);
if (is_array($userSession)) {
$userSession['theme'] = $theme;
$sessionStore->set('user', $userSession);
}
if (Request::wantsJson()) { if (Request::wantsJson()) {
Router::json(['ok' => true, 'theme' => $theme]); Router::json(['ok' => true, 'theme' => $theme]);

View File

@@ -2,11 +2,14 @@
use MintyPHP\Http\ApiBootstrap; use MintyPHP\Http\ApiBootstrap;
use MintyPHP\Http\ApiResponse; use MintyPHP\Http\ApiResponse;
use MintyPHP\Http\RequestRuntimeInterface;
use MintyPHP\Service\Auth\ApiTokenEndpointService; use MintyPHP\Service\Auth\ApiTokenEndpointService;
use MintyPHP\Service\Auth\AuthServicesFactory; use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Service\Security\SecurityServicesFactory; use MintyPHP\Service\Security\SecurityServicesFactory;
use MintyPHP\Service\User\UserServicesFactory; use MintyPHP\Service\User\UserServicesFactory;
$requestRuntime = app(RequestRuntimeInterface::class);
ApiBootstrap::init(false); ApiBootstrap::init(false);
ApiResponse::requireMethod('POST'); ApiResponse::requireMethod('POST');
@@ -16,7 +19,7 @@ $apiTokenEndpointService = app(ApiTokenEndpointService::class);
// ---- Login-specific rate limits (stricter than the general API rate limit in ApiBootstrap) ---- // ---- Login-specific rate limits (stricter than the general API rate limit in ApiBootstrap) ----
$rateLimiter = (app(SecurityServicesFactory::class))->createRateLimiterService(); $rateLimiter = (app(SecurityServicesFactory::class))->createRateLimiterService();
$ip = $_SERVER['REMOTE_ADDR'] ?? ''; $ip = $requestRuntime->ip();
$ipResult = $rateLimiter->isBlocked('api.auth.login.ip', $ip); $ipResult = $rateLimiter->isBlocked('api.auth.login.ip', $ip);
if (!($ipResult['allowed'] ?? true)) { if (!($ipResult['allowed'] ?? true)) {

View File

@@ -1,11 +1,14 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory; use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$request = requestInput(); $request = requestInput();
$errorBag = formErrors(); $errorBag = formErrors();
$errors = []; $errors = [];
@@ -19,7 +22,7 @@ if ($request->isMethod('POST')) {
$errorBag->addGlobal(t('Please enter a valid email address')); $errorBag->addGlobal(t('Please enter a valid email address'));
} else { } else {
$passwordResetService->requestReset($email); $passwordResetService->requestReset($email);
$_SESSION['password_reset_email'] = $email; $sessionStore->set('password_reset_email', $email);
Flash::success( Flash::success(
t('If the email exists, a verification code has been sent.'), t('If the email exists, a verification code has been sent.'),
'password/verify', 'password/verify',

View File

@@ -1,5 +1,7 @@
<?php <?php
use MintyPHP\Http\RequestRuntimeInterface;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory; use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Service\Security\SecurityServicesFactory; use MintyPHP\Service\Security\SecurityServicesFactory;
@@ -8,7 +10,11 @@ use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
if (!empty($_SESSION['user']['id'])) { $requestRuntime = app(RequestRuntimeInterface::class);
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
if (!empty($session['user']['id'])) {
if (Flash::has()) { if (Flash::has()) {
Flash::keep(); Flash::keep();
} }
@@ -146,7 +152,7 @@ if (requestInput()->method() === 'POST') {
} else { } else {
$postedStage = trim((string) (requestInput()->bodyAll()['stage'] ?? 'resolve_email')); $postedStage = trim((string) (requestInput()->bodyAll()['stage'] ?? 'resolve_email'));
$email = trim((string) (requestInput()->bodyAll()['email'] ?? '')); $email = trim((string) (requestInput()->bodyAll()['email'] ?? ''));
$clientIp = trim((string) ($_SERVER['REMOTE_ADDR'] ?? '')); $clientIp = trim((string) ($requestRuntime->ip()));
if ($clientIp === '') { if ($clientIp === '') {
$clientIp = 'unknown'; $clientIp = 'unknown';
} }
@@ -253,7 +259,7 @@ if (requestInput()->method() === 'POST') {
$result = $authService->login($email, $password); $result = $authService->login($email, $password);
if (!($result['ok'] ?? false)) { if (!($result['ok'] ?? false)) {
if (!empty($result['needs_verification'])) { if (!empty($result['needs_verification'])) {
$_SESSION['email_verification_email'] = $result['email'] ?? $email; $sessionStore->set('email_verification_email', $result['email'] ?? $email);
Flash::error(t('Please verify your email first'), 'verify-email', 'login_not_verified'); Flash::error(t('Please verify your email first'), 'verify-email', 'login_not_verified');
Router::redirect('verify-email'); Router::redirect('verify-email');
return; return;
@@ -270,7 +276,8 @@ if (requestInput()->method() === 'POST') {
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock)); $setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
} }
} else { } else {
$userId = (int) ($_SESSION['user']['id'] ?? 0); $authenticatedUser = $sessionStore->get('user', []);
$userId = (int) (is_array($authenticatedUser) ? ($authenticatedUser['id'] ?? 0) : 0);
if ($userId <= 0 || !$authService->canLoginToTenant($userId, $selectedTenantId)) { if ($userId <= 0 || !$authService->canLoginToTenant($userId, $selectedTenantId)) {
$authService->logout(); $authService->logout();
$setLoginWarning(t('No access to this tenant')); $setLoginWarning(t('No access to this tenant'));

View File

@@ -1,10 +1,13 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory; use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Service\User\UserServicesFactory; use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$request = requestInput(); $request = requestInput();
$error = false; $error = false;
if (!allowRegistration()) { if (!allowRegistration()) {
@@ -32,7 +35,7 @@ if ($request->hasBody('email')) {
$error = $result['error'] ?? t('User can not be registered'); $error = $result['error'] ?? t('User can not be registered');
} else { } else {
// Store email in session for verify-email page // Store email in session for verify-email page
$_SESSION['email_verification_email'] = $result['email'] ?? $email; $sessionStore->set('email_verification_email', $result['email'] ?? $email);
Flash::success(t('Registration successful! Please check your email for the verification code.'), 'verify-email', 'registration_success'); Flash::success(t('Registration successful! Please check your email for the verification code.'), 'verify-email', 'registration_success');
Router::redirect('verify-email'); Router::redirect('verify-email');
} }

View File

@@ -1,12 +1,16 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory; use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Service\User\UserServicesFactory; use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$request = requestInput(); $request = requestInput();
$errorBag = formErrors(); $errorBag = formErrors();
$errors = []; $errors = [];
@@ -14,7 +18,7 @@ $password = (string) $request->body('password', '');
$password2 = (string) $request->body('password2', ''); $password2 = (string) $request->body('password2', '');
$passwordResetService = (app(AuthServicesFactory::class))->createPasswordResetService(); $passwordResetService = (app(AuthServicesFactory::class))->createPasswordResetService();
$resetId = (int) ($_SESSION['password_reset_id'] ?? 0); $resetId = (int) ($session['password_reset_id'] ?? 0);
if ($resetId <= 0) { if ($resetId <= 0) {
Router::redirect('password/forgot'); Router::redirect('password/forgot');
} }
@@ -25,8 +29,8 @@ if ($request->isMethod('POST')) {
} else { } else {
$result = $passwordResetService->resetPassword($resetId, $password, $password2); $result = $passwordResetService->resetPassword($resetId, $password, $password2);
if ($result['ok'] ?? false) { if ($result['ok'] ?? false) {
unset($_SESSION['password_reset_id']); $sessionStore->remove('password_reset_id');
unset($_SESSION['password_reset_email']); $sessionStore->remove('password_reset_email');
Flash::success(t('Password updated'), 'login', 'password_updated'); Flash::success(t('Password updated'), 'login', 'password_updated');
Router::redirect('login'); Router::redirect('login');
} else { } else {

View File

@@ -1,15 +1,19 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory; use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$request = requestInput(); $request = requestInput();
$errorBag = formErrors(); $errorBag = formErrors();
$errors = []; $errors = [];
$email = trim((string) $request->body('email', $_SESSION['password_reset_email'] ?? '')); $email = trim((string) $request->body('email', $session['password_reset_email'] ?? ''));
$code = trim((string) $request->body('code', '')); $code = trim((string) $request->body('code', ''));
$passwordResetService = (app(AuthServicesFactory::class))->createPasswordResetService(); $passwordResetService = (app(AuthServicesFactory::class))->createPasswordResetService();
@@ -23,8 +27,8 @@ if ($request->isMethod('POST')) {
} else { } else {
$result = $passwordResetService->verifyCode($email, $code); $result = $passwordResetService->verifyCode($email, $code);
if ($result['ok'] ?? false) { if ($result['ok'] ?? false) {
$_SESSION['password_reset_id'] = (int) $result['reset_id']; $sessionStore->set('password_reset_id', (int) $result['reset_id']);
unset($_SESSION['password_reset_email']); $sessionStore->remove('password_reset_email');
Flash::success(t('Code verified'), 'password/reset', 'reset_verified'); Flash::success(t('Code verified'), 'password/reset', 'reset_verified');
Router::redirect('password/reset'); Router::redirect('password/reset');
} else { } else {

View File

@@ -1,15 +1,19 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory; use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$request = requestInput(); $request = requestInput();
$errorBag = formErrors(); $errorBag = formErrors();
$errors = []; $errors = [];
$email = trim((string) $request->body('email', $_SESSION['email_verification_email'] ?? '')); $email = trim((string) $request->body('email', $session['email_verification_email'] ?? ''));
$code = trim((string) $request->body('code', '')); $code = trim((string) $request->body('code', ''));
$emailVerificationService = (app(AuthServicesFactory::class))->createEmailVerificationService(); $emailVerificationService = (app(AuthServicesFactory::class))->createEmailVerificationService();
@@ -42,7 +46,7 @@ if ($request->isMethod('POST')) {
} else { } else {
$result = $emailVerificationService->verifyCode($email, $code); $result = $emailVerificationService->verifyCode($email, $code);
if ($result['ok'] ?? false) { if ($result['ok'] ?? false) {
unset($_SESSION['email_verification_email']); $sessionStore->remove('email_verification_email');
Flash::success(t('Email verified successfully! Please login.'), 'login', 'email_verified'); Flash::success(t('Email verified successfully! Please login.'), 'login', 'email_verified');
Router::redirect('login'); Router::redirect('login');

View File

@@ -1,8 +1,10 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router; use MintyPHP\Router;
if (isset($_SESSION['user'])) { $session = app(SessionStoreInterface::class)->all();
if (isset($session['user'])) {
Router::redirect('admin'); Router::redirect('admin');
} else { } else {
Router::redirect('login'); Router::redirect('login');

View File

@@ -1,11 +1,15 @@
<?php <?php
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n; use MintyPHP\I18n;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\User\UserServicesFactory; use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$request = requestInput(); $request = requestInput();
$rawLocale = (string) $request->body( $rawLocale = (string) $request->body(
'locale', 'locale',
@@ -23,11 +27,15 @@ if ($locale === '' || !in_array($locale, $locales, true)) {
} }
I18n::$locale = $locale; I18n::$locale = $locale;
if (isset($_SESSION['user']['id'])) { if (isset($session['user']['id'])) {
$userId = (int) ($_SESSION['user']['id'] ?? 0); $userId = (int) ($session['user']['id'] ?? 0);
if ($userId) { if ($userId) {
(app(UserServicesFactory::class))->createUserAccountService()->setLocale($userId, $locale); (app(UserServicesFactory::class))->createUserAccountService()->setLocale($userId, $locale);
$_SESSION['user']['locale'] = $locale; $userSession = $sessionStore->get('user', []);
if (is_array($userSession)) {
$userSession['locale'] = $locale;
$sessionStore->set('user', $userSession);
}
} }
} else { } else {
setcookie('locale', $locale, time() + 31536000, '/', '', false, true); setcookie('locale', $locale, time() + 31536000, '/', '', false, true);

View File

@@ -1,13 +1,17 @@
<?php <?php
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n; use MintyPHP\I18n;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Content\PageService; use MintyPHP\Service\Content\PageService;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
$user = $_SESSION['user'] ?? []; $sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$user = $session['user'] ?? [];
$currentUserId = (int) ($user['id'] ?? 0); $currentUserId = (int) ($user['id'] ?? 0);
if ($currentUserId <= 0) { if ($currentUserId <= 0) {
Flash::error(t('Login required'), Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? '')), 'login_required'); Flash::error(t('Login required'), Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? '')), 'login_required');
@@ -37,6 +41,12 @@ if (!($result['ok'] ?? false)) {
Router::redirect($return); Router::redirect($return);
} }
$_SESSION['page_edit_mode'][$slug] = 1; $pageEditMode = $sessionStore->get('page_edit_mode', []);
if (!is_array($pageEditMode)) {
$pageEditMode = [];
}
$pageEditMode[$slug] = 1;
$sessionStore->set('page_edit_mode', $pageEditMode);
Flash::success(t('Content copied'), $return, 'page_copy_ok'); Flash::success(t('Content copied'), $return, 'page_copy_ok');
Router::redirect($return); Router::redirect($return);

View File

@@ -2,12 +2,16 @@
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\Request; use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n; use MintyPHP\I18n;
use MintyPHP\Router; use MintyPHP\Router;
use MintyPHP\Service\Content\PageService; use MintyPHP\Service\Content\PageService;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Flash; use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$slug = trim((string) ($slug ?? '')); $slug = trim((string) ($slug ?? ''));
if ($slug === '') { if ($slug === '') {
Router::redirect(''); Router::redirect('');
@@ -22,7 +26,7 @@ if ($notFound) {
Buffer::set('title', t('Page not found')); Buffer::set('title', t('Page not found'));
} }
$user = $_SESSION['user'] ?? []; $user = $session['user'] ?? [];
$currentUserId = (int) ($user['id'] ?? 0); $currentUserId = (int) ($user['id'] ?? 0);
$canEdit = $currentUserId > 0; $canEdit = $currentUserId > 0;
$returnPath = Request::path(); $returnPath = Request::path();
@@ -35,11 +39,22 @@ if ($requestedReturn !== '') {
} }
$formAction = '/' . ltrim($returnPath, '/'); $formAction = '/' . ltrim($returnPath, '/');
$wantsJson = Request::wantsJson(); $wantsJson = Request::wantsJson();
$markEditMode = static function (string $pageSlug) use ($sessionStore): void {
$pageEditMode = $sessionStore->get('page_edit_mode', []);
if (!is_array($pageEditMode)) {
$pageEditMode = [];
}
$pageEditMode[$pageSlug] = 1;
$sessionStore->set('page_edit_mode', $pageEditMode);
};
$sessionEdit = false; $sessionEdit = false;
if (!empty($_SESSION['page_edit_mode']) && is_array($_SESSION['page_edit_mode'])) { if (!empty($session['page_edit_mode']) && is_array($session['page_edit_mode'])) {
$sessionEdit = !empty($_SESSION['page_edit_mode'][$slug]); $sessionEdit = !empty($session['page_edit_mode'][$slug]);
unset($_SESSION['page_edit_mode'][$slug]); $pageEditMode = $session['page_edit_mode'];
unset($pageEditMode[$slug]);
$sessionStore->set('page_edit_mode', $pageEditMode);
} }
if (requestInput()->method() === 'POST') { if (requestInput()->method() === 'POST') {
@@ -68,19 +83,19 @@ if (requestInput()->method() === 'POST') {
$firstError = (string) ($errors[0] ?? t('Page can not be updated')); $firstError = (string) ($errors[0] ?? t('Page can not be updated'));
Flash::error($firstError, $returnPath, 'page_update_failed'); Flash::error($firstError, $returnPath, 'page_update_failed');
if ($wantsJson) { if ($wantsJson) {
$_SESSION['page_edit_mode'][$slug] = 1; $markEditMode($slug);
Router::json(['ok' => false, 'error' => 'invalid', 'redirect' => $returnPath]); Router::json(['ok' => false, 'error' => 'invalid', 'redirect' => $returnPath]);
} }
$_SESSION['page_edit_mode'][$slug] = 1; $markEditMode($slug);
Router::redirect($returnPath); Router::redirect($returnPath);
} }
Flash::success(t('Page updated'), $returnPath, 'page_updated'); Flash::success(t('Page updated'), $returnPath, 'page_updated');
if ($wantsJson) { if ($wantsJson) {
$_SESSION['page_edit_mode'][$slug] = 1; $markEditMode($slug);
Router::json(['ok' => true, 'redirect' => $returnPath]); Router::json(['ok' => true, 'redirect' => $returnPath]);
} }
$_SESSION['page_edit_mode'][$slug] = 1; $markEditMode($slug);
Router::redirect($returnPath); Router::redirect($returnPath);
} }

View File

@@ -1,13 +1,15 @@
<?php <?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n; use MintyPHP\I18n;
use MintyPHP\Service\Search\SearchDataService; use MintyPHP\Service\Search\SearchDataService;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
gridRequireGetRequest(); gridRequireGetRequest();
$userId = (int) ($_SESSION['user']['id'] ?? 0); $userId = (int) ($session['user']['id'] ?? 0);
$filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php'); $filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php');
if ($filters['search'] === '') { if ($filters['search'] === '') {

View File

@@ -1,9 +1,11 @@
<?php <?php
use MintyPHP\Buffer; use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Session; use MintyPHP\Session;
use MintyPHP\Support\Guard; use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin(); Guard::requireLogin();
$filterSchema = require __DIR__ . '/filter-schema.php'; $filterSchema = require __DIR__ . '/filter-schema.php';
@@ -24,7 +26,7 @@ $clientFilterSchema = $listFilterContext['clientFilterSchema'];
$searchConfig = $listFilterContext['searchConfig']; $searchConfig = $listFilterContext['searchConfig'];
$csrfKey = Session::$csrfSessionKey; $csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? ''; $csrfToken = $session[$csrfKey] ?? '';
Buffer::set('title', t('Search results')); Buffer::set('title', t('Search results'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)); Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));