refactor(pages): replace superglobals with request/session abstractions

This commit is contained in:
2026-03-06 11:28:22 +01:00
parent ebf15081e1
commit 205da203cc
87 changed files with 368 additions and 127 deletions

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\AuthorizationService;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$user = $_SESSION['user'] ?? [];
$user = $session['user'] ?? [];
$userId = (int) ($user['id'] ?? 0);
$uuid = trim((string) ($user['uuid'] ?? ''));
if ($uuid === '') {

View File

@@ -1,9 +1,11 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\OperationsAuthorizationPolicy;
use MintyPHP\Service\AddressBook\AddressBookServicesFactory;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbilityOrForbidden(OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
gridRequireGetRequest();
@@ -19,7 +21,7 @@ foreach ($query as $rawKey => $rawValue) {
$filters[$key] = $rawValue;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$addressBookService = (app(AddressBookServicesFactory::class))->createAddressBookService();
$result = $addressBookService->buildGridResult($currentUserId, $filters);
gridJsonDataResult(

View File

@@ -1,16 +1,18 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\AddressBook\AddressBookServicesFactory;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
$filterSchema = require __DIR__ . '/filter-schema.php';
$query = requestInput()->queryAll();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$addressBookService = (app(AddressBookServicesFactory::class))->createAddressBookService();
$context = $addressBookService->buildIndexContext($currentUserId, $query);
$activeTenants = $context['activeTenants'] ?? [];
@@ -113,7 +115,7 @@ $filterChipMeta = [
];
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
$csrfToken = $session[$csrfKey] ?? '';
Buffer::set('title', t('Address book'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));

View File

@@ -1,11 +1,15 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
@@ -87,7 +91,7 @@ if (!Session::checkCsrfToken()) {
return;
}
$userId = (int) ($_SESSION['user']['id'] ?? 0);
$userId = (int) ($session['user']['id'] ?? 0);
if ($userId <= 0) {
Router::redirect('login');
return;
@@ -102,7 +106,7 @@ if ($uuid === '') {
$deleted = $userSavedFilterService->deleteAddressBookFilter($userId, $uuid);
if ($deleted) {
$_SESSION['address_book_saved_filters'] = $userSavedFilterService->listForAddressBook($userId);
$sessionStore->set('address_book_saved_filters', $userSavedFilterService->listForAddressBook($userId));
Flash::success(t('Filter deleted'), 'address-book', 'address_book_saved_filter_deleted');
}

View File

@@ -1,11 +1,15 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
@@ -87,7 +91,7 @@ if (!Session::checkCsrfToken()) {
return;
}
$userId = (int) ($_SESSION['user']['id'] ?? 0);
$userId = (int) ($session['user']['id'] ?? 0);
if ($userId <= 0) {
Router::redirect('login');
return;
@@ -111,6 +115,6 @@ if (!($result['ok'] ?? false)) {
return;
}
$_SESSION['address_book_saved_filters'] = $userSavedFilterService->listForAddressBook($userId);
$sessionStore->set('address_book_saved_filters', $userSavedFilterService->listForAddressBook($userId));
Flash::success(t('Filter saved'), 'address-book', 'address_book_saved_filter_saved');
Router::redirect($redirect);

View File

@@ -1,14 +1,16 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADDRESS_BOOK_VIEW);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$uuid = trim((string) ($id ?? ''));
if ($uuid === '') {
Router::redirect('address-book');

View File

@@ -1,15 +1,17 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Service\Audit\ApiAuditService;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_API_AUDIT_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0),
(int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_AUDIT_PURGE
);

View File

@@ -1,18 +1,20 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
$directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_CREATE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,12 +1,14 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
gridRequireGetRequest();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = Guard::requireAbilityDecisionOrForbidden(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW);
$capabilities = $decision->attribute('capabilities', []);
$tenantIds = is_array($capabilities) ? array_values(array_unique(array_map('intval', (array) ($capabilities['allowed_tenant_ids'] ?? [])))) : [];

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
@@ -14,7 +16,7 @@ if ($uuid === '') {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$department = app(\MintyPHP\Service\Org\DepartmentService::class)->findByUuid($uuid);
if (!$department) {
Flash::error('Department not found', 'admin/departments', 'department_not_found');

View File

@@ -1,16 +1,18 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
if ($currentUserId > 0) {
app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId);
}

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\DepartmentAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_VIEW, [
'actor_user_id' => $currentUserId,
@@ -42,7 +44,7 @@ usort($tenants, static function ($a, $b) {
Buffer::set('title', t('Departments'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
$csrfToken = $session[$csrfKey] ?? '';
Buffer::set(
'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,15 +1,17 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Service\Audit\ImportAuditService;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_AUDIT_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0),
(int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_AUDIT_PURGE
);

View File

@@ -1,15 +1,17 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Import\ImportService;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_VIEW);
$request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$importService = app(ImportService::class);
$profileOptions = [];
@@ -46,7 +48,7 @@ $preview = null;
$result = null;
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
$csrfToken = $session[$csrfKey] ?? '';
$hasImportPermission = static function (string $type) use ($currentUserId, $importService): bool {
$permission = $importService->requiredPermissionForType($type);

View File

@@ -1,7 +1,9 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true);
Guard::requireLogin();
@@ -16,7 +18,7 @@ if (!$profile) {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$ability = match ($type) {
'users' => \MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_TYPE_USERS,
'departments' => \MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_IMPORTS_TYPE_DEPARTMENTS,

View File

@@ -1,11 +1,13 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$user = $_SESSION['user'] ?? null;
$user = $session['user'] ?? null;
$first_name = $user['first_name'] ?? '';
Buffer::set('title', t('Admin'));

View File

@@ -1,9 +1,11 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_MAIL_LOG_VIEW);
$filterSchema = require __DIR__ . '/filter-schema.php';
@@ -41,7 +43,7 @@ $searchConfig = $listFilterContext['searchConfig'];
Buffer::set('title', t('Mail logs'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
$csrfToken = $session[$csrfKey] ?? '';
Buffer::set(
'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,15 +1,17 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_CREATE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
use MintyPHP\Service\Access\PermissionGateway;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_DELETE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,16 +1,18 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Repository\Access\RoleRepository;
use MintyPHP\Router;
use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$id = (int) ($id ?? 0);

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(PermissionAuthorizationPolicy::ABILITY_ADMIN_PERMISSIONS_VIEW, [
'actor_user_id' => $currentUserId,
@@ -49,7 +51,7 @@ $searchConfig = $listFilterContext['searchConfig'];
Buffer::set('title', t('Permissions'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
$csrfToken = $session[$csrfKey] ?? '';
Buffer::set(
'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,15 +1,17 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\RoleAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_CREATE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\RoleAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_DELETE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,15 +1,17 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\RoleAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$permissionRepository = app(\MintyPHP\Repository\Access\PermissionRepository::class);
$rolePermissionRepository = app(\MintyPHP\Repository\Access\RolePermissionRepository::class);

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\RoleAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(RoleAuthorizationPolicy::ABILITY_ADMIN_ROLES_VIEW, [
'actor_user_id' => $currentUserId,
@@ -49,7 +51,7 @@ $searchConfig = $listFilterContext['searchConfig'];
Buffer::set('title', t('Roles'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
$csrfToken = $session[$csrfKey] ?? '';
Buffer::set(
'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,11 +1,13 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW);
@@ -18,7 +20,7 @@ if (!$job) {
Router::redirect('admin/scheduled-jobs');
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$canManage = $authorizationService->authorize(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_MANAGE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0),
(int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_AUDIT_PURGE
);
$filterSchema = require __DIR__ . '/filter-schema.php';

View File

@@ -2,11 +2,13 @@
use MintyPHP\Domain\Taxonomy\ScheduledJobRunStatus;
use MintyPHP\Domain\Taxonomy\SchedulerRuntimeResult;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_JOBS_RUN_NOW);
@@ -21,7 +23,7 @@ if (!Session::checkCsrfToken()) {
Router::redirect("admin/scheduled-jobs/edit/$jobId");
}
$result = app(\MintyPHP\Service\Scheduler\SchedulerRunService::class)->runJobNow($jobId, (int) ($_SESSION['user']['id'] ?? 0));
$result = app(\MintyPHP\Service\Scheduler\SchedulerRunService::class)->runJobNow($jobId, (int) ($session['user']['id'] ?? 0));
if (!($result['ok'] ?? false)) {
$error = (string) ($result['error'] ?? '');
if ($error === SchedulerRuntimeResult::LockNotAcquired->value) {

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n;
use MintyPHP\Router;
use MintyPHP\Service\Search\SearchDataService;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
gridRequireGetRequest();
@@ -14,7 +16,7 @@ if ($filters['q'] === '') {
Router::json([]);
}
$userId = (int) ($_SESSION['user']['id'] ?? 0);
$userId = (int) ($session['user']['id'] ?? 0);
$locale = I18n::$locale ?? (I18n::$defaultLocale ?? 'de');
$result = app(SearchDataService::class)->buildPreviewData($userId, $filters['q'], $locale, 5);

View File

@@ -1,14 +1,16 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,16 +1,18 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Service\Settings\AdminSettingsService;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
'actor_user_id' => $currentUserId,

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,14 +1,16 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_USER_LIFECYCLE_RUN, [
'actor_user_id' => $currentUserId,

View File

@@ -1,17 +1,19 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireAbilityOrForbidden(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_STATS_VIEW);
$viewData = app(\MintyPHP\Service\Stats\AdminStatsViewDataService::class)->build();
if ($viewData) {
extract($viewData, EXTR_SKIP);
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities($currentUserId, UiCapabilityMap::PAGE_STATS_INDEX);
Buffer::set('title', t('Statistics'));

View File

@@ -1,17 +1,19 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\OperationsAuthorizationPolicy;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Service\Audit\SystemAuditService;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(OperationsAuthorizationPolicy::ABILITY_ADMIN_SYSTEM_AUDIT_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0),
(int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_SYSTEM_AUDIT
);

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantAvatarService = app(\MintyPHP\Service\Tenant\TenantAvatarService::class);
@@ -25,7 +27,7 @@ if (!$tenantAvatarService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [
'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId,

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantAvatarService = app(\MintyPHP\Service\Tenant\TenantAvatarService::class);
@@ -25,7 +27,7 @@ if (!$tenantAvatarService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [
'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId,

View File

@@ -1,8 +1,10 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true);
Guard::requireLogin();
@@ -18,7 +20,7 @@ if (!$tenantAvatarService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
if ($tenantId <= 0) {
http_response_code(404);
return;

View File

@@ -1,15 +1,17 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CREATE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,5 +1,6 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Service\CustomField\TenantCustomFieldService;
@@ -7,6 +8,7 @@ use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
@@ -21,7 +23,7 @@ if (!$tenant) {
}
$tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [
'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId,

View File

@@ -1,5 +1,6 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Service\CustomField\TenantCustomFieldService;
@@ -7,6 +8,7 @@ use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantCustomFieldService = app(TenantCustomFieldService::class);
@@ -21,7 +23,7 @@ if ($tenantId <= 0) {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [
'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId,

View File

@@ -1,5 +1,6 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Service\CustomField\TenantCustomFieldService;
@@ -7,6 +8,7 @@ use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
@@ -20,7 +22,7 @@ if ($tenantId <= 0) {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_CUSTOM_FIELDS_MANAGE, [
'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId,

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
@@ -21,7 +23,7 @@ if (!$tenant) {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$tenantId = (int) ($tenant['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_DELETE, [
'actor_user_id' => $currentUserId,

View File

@@ -1,16 +1,18 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Service\CustomField\TenantCustomFieldService;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
if ($currentUserId > 0) {
app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId);
}

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantFaviconService = app(\MintyPHP\Service\Tenant\TenantFaviconService::class);
@@ -25,7 +27,7 @@ if (!$tenantFaviconService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [
'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId,

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$tenantFaviconService = app(\MintyPHP\Service\Tenant\TenantFaviconService::class);
@@ -25,7 +27,7 @@ if (!$tenantFaviconService->isValidUuid($uuid)) {
$tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid);
$tenantId = (int) ($tenant['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [
'actor_user_id' => $currentUserId,
'target_tenant_id' => $tenantId,

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_VIEW, [
'actor_user_id' => $currentUserId,
@@ -46,7 +48,7 @@ $searchConfig = $listFilterContext['searchConfig'];
Buffer::set('title', t('Tenants'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
$csrfToken = $session[$csrfKey] ?? '';
Buffer::set(
'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -4,15 +4,17 @@ use MintyPHP\Buffer;
use MintyPHP\Domain\Taxonomy\UserLifecycleAction;
use MintyPHP\Domain\Taxonomy\UserLifecycleStatus;
use MintyPHP\Domain\Taxonomy\UserLifecycleTriggerType;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Service\Audit\UserLifecycleAuditService;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USER_LIFECYCLE_AUDIT_VIEW);
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0),
(int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_AUDIT_PURGE
);

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USERS_LIFECYCLE_RESTORE);
@@ -22,7 +24,7 @@ if (!Session::checkCsrfToken()) {
$result = app(\MintyPHP\Service\User\UserLifecycleRestoreService::class)->restoreFromLifecycleAudit(
$auditId,
(int) ($_SESSION['user']['id'] ?? 0)
(int) ($session['user']['id'] ?? 0)
);
if (!($result['ok'] ?? false)) {

View File

@@ -2,12 +2,14 @@
use MintyPHP\Buffer;
use MintyPHP\Domain\Taxonomy\UserLifecycleAction;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\OperationsAuthorizationPolicy::ABILITY_ADMIN_USER_LIFECYCLE_AUDIT_VIEW);
@@ -24,7 +26,7 @@ if ((string) ($auditLog['action'] ?? '') === UserLifecycleAction::Delete->value)
$snapshot = $auditService->decryptSnapshot($auditLog);
}
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($_SESSION['user']['id'] ?? 0),
(int) ($session['user']['id'] ?? 0),
UiCapabilityMap::PAGE_USER_LIFECYCLE_VIEW
);

View File

@@ -1,11 +1,13 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Service\User\UserAccessPdfService;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true);
// Hard gate: user must be logged in and explicitly allowed to generate access PDFs.
@@ -38,7 +40,7 @@ if (!$user) {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF, [
'actor_user_id' => $currentUserId,

View File

@@ -1,17 +1,19 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Service\User\UserAccessPdfService;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true);
// Hard gate: user must be logged in and explicitly allowed to generate access PDFs.
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACCESS_PDF_BULK, [
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0),
'actor_user_id' => (int) ($session['user']['id'] ?? 0),
]);
if (!$decision->isAllowed()) {
Router::redirect('error/forbidden');
@@ -49,7 +51,7 @@ if (count($uuids) > 100) {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$users = [];
foreach ($uuids as $uuid) {
$user = $userAccountService->findByUuid($uuid);

View File

@@ -1,11 +1,13 @@
<?php
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -29,7 +31,7 @@ if (!Session::checkCsrfToken()) {
}
$uuid = trim((string) ($id ?? ''));
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_ACTIVATE, [

View File

@@ -1,10 +1,14 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -17,7 +21,7 @@ if (!$user) {
}
$userId = (int) ($user['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [
'actor_user_id' => $currentUserId,
'target_user_id' => $userId,
@@ -37,7 +41,7 @@ if ($name === '') {
$result = $apiTokenService->create($userId, $name, null, null, $currentUserId);
if ($result['ok'] ?? false) {
$_SESSION['api_token_created'] = ['token' => $result['token'], 'uuid' => $uuid];
$sessionStore->set('api_token_created', ['token' => $result['token'], 'uuid' => $uuid]);
Flash::success(t('API token created. Copy it now — it will not be shown again.'), "admin/users/edit/{$uuid}", 'api_token_created');
} else {
$error = $result['error'] ?? 'create_failed';

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -17,7 +19,7 @@ if (!$user) {
}
$userId = (int) ($user['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [
'actor_user_id' => $currentUserId,
'target_user_id' => $userId,

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -24,7 +26,7 @@ if (!$userAvatarService->isValidUuid($uuid)) {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_UPLOAD, [

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -24,7 +26,7 @@ if (!$userAvatarService->isValidUuid($uuid)) {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_DELETE, [

View File

@@ -1,8 +1,10 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
define('MINTY_ALLOW_OUTPUT', true);
Guard::requireLogin();
@@ -17,7 +19,7 @@ if (!$userAvatarService->isValidUuid($uuid)) {
return;
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_AVATAR_VIEW, [

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Service\User\UserAccessTemplateService;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$action = strtolower(trim((string) ($action ?? '')));
@@ -25,7 +27,7 @@ if (!$uuids) {
Router::json(['ok' => false, 'error' => 'no_selection']);
}
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_BULK, [
'actor_user_id' => $currentUserId,

View File

@@ -2,6 +2,7 @@
use MintyPHP\Buffer;
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n;
use MintyPHP\Router;
use MintyPHP\Service\Access\UiAccessService;
@@ -11,11 +12,12 @@ use MintyPHP\Service\CustomField\UserCustomFieldValueService;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_CREATE, [
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0),
'actor_user_id' => (int) ($session['user']['id'] ?? 0),
]);
if (!$decision->isAllowed()) {
if (Request::wantsJson()) {
@@ -38,7 +40,7 @@ $tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
$roleService = app(\MintyPHP\Service\Access\RoleService::class);
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$uiAccessService = app(UiAccessService::class);
$viewAuth['page'] = $uiAccessService->pageCapabilities($currentUserId, UiCapabilityMap::PAGE_USERS_CREATE);
$pageAuth = is_array($viewAuth['page'] ?? null) ? $viewAuth['page'] : [];

View File

@@ -1,8 +1,10 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbilityOrForbidden(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW);
@@ -11,7 +13,7 @@ gridRequireGetRequest();
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
$userAvatarService = app(\MintyPHP\Service\User\UserAvatarService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php');

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -15,7 +17,7 @@ if ((requestInput()->method()) !== 'POST') {
}
$uuid = trim((string) ($id ?? ''));
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0);
$errorBag = formErrors();

View File

@@ -1,11 +1,13 @@
<?php
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -16,7 +18,7 @@ if ((requestInput()->method()) !== 'POST') {
}
$uuid = trim((string) ($id ?? ''));
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
$userId = (int) ($user['id'] ?? 0);
$errorBag = formErrors();

View File

@@ -1,6 +1,7 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n;
use MintyPHP\Repository\Auth\PasswordResetRepository;
use MintyPHP\Repository\Auth\RememberTokenRepository;
@@ -10,6 +11,9 @@ use MintyPHP\Service\CustomField\UserCustomFieldValueService;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin();
$request = requestInput();
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -31,7 +35,7 @@ $departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
$passwordMinLength = $userPasswordPolicyService->minLength();
$passwordHints = $userPasswordPolicyService->hints();
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$uuid = trim((string) ($id ?? ''));
$user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null;
if (!$user) {
@@ -269,10 +273,18 @@ if ($request->hasBody('email')) {
if ($currentUserId === $userId && isset($form['theme'])) {
$themes = appThemes();
$themeValue = strtolower(trim((string) ($form['theme'] ?? '')));
$_SESSION['user']['theme'] = isset($themes[$themeValue]) ? $themeValue : appDefaultTheme();
$userSession = $sessionStore->get('user', []);
if (is_array($userSession)) {
$userSession['theme'] = isset($themes[$themeValue]) ? $themeValue : appDefaultTheme();
$sessionStore->set('user', $userSession);
}
}
if ($currentUserId === $userId && isset($form['locale'])) {
$_SESSION['user']['locale'] = $form['locale'];
$userSession = $sessionStore->get('user', []);
if (is_array($userSession)) {
$userSession['locale'] = $form['locale'];
$sessionStore->set('user', $userSession);
}
I18n::$locale = $form['locale'];
}
if (!$errorBag->hasAny()) {

View File

@@ -1,14 +1,16 @@
<?php
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0),
'actor_user_id' => (int) ($session['user']['id'] ?? 0),
]);
if (!$decision->isAllowed()) {
if (Request::wantsJson()) {
@@ -21,7 +23,7 @@ if (!$decision->isAllowed()) {
}
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$search = trim((string) (requestInput()->queryAll()['search'] ?? ''));
$order = (string) (requestInput()->queryAll()['order'] ?? 'id');

View File

@@ -1,10 +1,12 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -18,7 +20,7 @@ if (!$user) {
}
$userId = (int) ($user['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_FORGET_TOKENS, [
'actor_user_id' => $currentUserId,
'target_user_id' => $userId,

View File

@@ -2,6 +2,7 @@
use MintyPHP\Buffer;
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap;
@@ -9,10 +10,11 @@ use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0),
'actor_user_id' => (int) ($session['user']['id'] ?? 0),
]);
if (!$decision->isAllowed()) {
if (Request::wantsJson()) {
@@ -38,7 +40,7 @@ $filterState = gridParseFilters($query, [
'search' => ['type' => 'string'],
]);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$allowedTenantIds = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->getUserTenantIds($currentUserId);
$uiAccessService = app(UiAccessService::class);
$selfEditDecision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT, [
@@ -56,7 +58,7 @@ $viewAuth['page'] = [
Buffer::set('title', t('Users'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
$csrfToken = $session[$csrfKey] ?? '';
Buffer::set(
'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)

View File

@@ -1,11 +1,13 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Service\User\UserAccessTemplateService;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
@@ -20,7 +22,7 @@ if (!$user) {
}
$userId = (int) ($user['id'] ?? 0);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_SEND_ACCESS, [
'actor_user_id' => $currentUserId,
'target_user_id' => $userId,

View File

@@ -1,10 +1,14 @@
<?php
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin();
$userTenantContextService = app(\MintyPHP\Service\User\UserTenantContextService::class);
$errorBag = formErrors();
@@ -26,7 +30,7 @@ if (!Session::checkCsrfToken()) {
return;
}
$userId = (int) ($_SESSION['user']['id'] ?? 0);
$userId = (int) ($session['user']['id'] ?? 0);
if ($userId <= 0) {
http_response_code(401);
if (Request::wantsJson()) {
@@ -67,16 +71,18 @@ if (!($result['ok'] ?? false)) {
}
// Update session with new current tenant
if (isset($_SESSION['user'])) {
$_SESSION['user']['current_tenant_id'] = $tenantId;
if (isset($session['user']) && is_array($session['user'])) {
$userSession = $session['user'];
$userSession['current_tenant_id'] = $tenantId;
$sessionStore->set('user', $userSession);
}
// Update session with full tenant data
$_SESSION['current_tenant'] = $result['tenant'] ?? null;
$sessionStore->set('current_tenant', $result['tenant'] ?? null);
// Reload available tenants and departments
$_SESSION['available_tenants'] = $userTenantContextService->getAvailableTenants($userId);
$_SESSION['available_departments_by_tenant'] = $userTenantContextService->getAvailableDepartmentsByTenant($userId);
$sessionStore->set('available_tenants', $userTenantContextService->getAvailableTenants($userId));
$sessionStore->set('available_departments_by_tenant', $userTenantContextService->getAvailableDepartmentsByTenant($userId));
if (Request::wantsJson()) {
Router::json([

View File

@@ -1,10 +1,14 @@
<?php
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
Guard::requireLogin();
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
$errorBag = formErrors();
@@ -24,7 +28,7 @@ if (!Session::checkCsrfToken()) {
return;
}
$userId = (int) ($_SESSION['user']['id'] ?? 0);
$userId = (int) ($session['user']['id'] ?? 0);
if ($userId <= 0) {
http_response_code(401);
if (Request::wantsJson()) {
@@ -70,7 +74,11 @@ if (!$updated) {
return;
}
$_SESSION['user']['theme'] = $theme;
$userSession = $sessionStore->get('user', []);
if (is_array($userSession)) {
$userSession['theme'] = $theme;
$sessionStore->set('user', $userSession);
}
if (Request::wantsJson()) {
Router::json(['ok' => true, 'theme' => $theme]);

View File

@@ -2,11 +2,14 @@
use MintyPHP\Http\ApiBootstrap;
use MintyPHP\Http\ApiResponse;
use MintyPHP\Http\RequestRuntimeInterface;
use MintyPHP\Service\Auth\ApiTokenEndpointService;
use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Service\Security\SecurityServicesFactory;
use MintyPHP\Service\User\UserServicesFactory;
$requestRuntime = app(RequestRuntimeInterface::class);
ApiBootstrap::init(false);
ApiResponse::requireMethod('POST');
@@ -16,7 +19,7 @@ $apiTokenEndpointService = app(ApiTokenEndpointService::class);
// ---- Login-specific rate limits (stricter than the general API rate limit in ApiBootstrap) ----
$rateLimiter = (app(SecurityServicesFactory::class))->createRateLimiterService();
$ip = $_SERVER['REMOTE_ADDR'] ?? '';
$ip = $requestRuntime->ip();
$ipResult = $rateLimiter->isBlocked('api.auth.login.ip', $ip);
if (!($ipResult['allowed'] ?? true)) {

View File

@@ -1,11 +1,14 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$request = requestInput();
$errorBag = formErrors();
$errors = [];
@@ -19,7 +22,7 @@ if ($request->isMethod('POST')) {
$errorBag->addGlobal(t('Please enter a valid email address'));
} else {
$passwordResetService->requestReset($email);
$_SESSION['password_reset_email'] = $email;
$sessionStore->set('password_reset_email', $email);
Flash::success(
t('If the email exists, a verification code has been sent.'),
'password/verify',

View File

@@ -1,5 +1,7 @@
<?php
use MintyPHP\Http\RequestRuntimeInterface;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Service\Security\SecurityServicesFactory;
@@ -8,7 +10,11 @@ use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
if (!empty($_SESSION['user']['id'])) {
$requestRuntime = app(RequestRuntimeInterface::class);
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
if (!empty($session['user']['id'])) {
if (Flash::has()) {
Flash::keep();
}
@@ -146,7 +152,7 @@ if (requestInput()->method() === 'POST') {
} else {
$postedStage = trim((string) (requestInput()->bodyAll()['stage'] ?? 'resolve_email'));
$email = trim((string) (requestInput()->bodyAll()['email'] ?? ''));
$clientIp = trim((string) ($_SERVER['REMOTE_ADDR'] ?? ''));
$clientIp = trim((string) ($requestRuntime->ip()));
if ($clientIp === '') {
$clientIp = 'unknown';
}
@@ -253,7 +259,7 @@ if (requestInput()->method() === 'POST') {
$result = $authService->login($email, $password);
if (!($result['ok'] ?? false)) {
if (!empty($result['needs_verification'])) {
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
$sessionStore->set('email_verification_email', $result['email'] ?? $email);
Flash::error(t('Please verify your email first'), 'verify-email', 'login_not_verified');
Router::redirect('verify-email');
return;
@@ -270,7 +276,8 @@ if (requestInput()->method() === 'POST') {
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
}
} else {
$userId = (int) ($_SESSION['user']['id'] ?? 0);
$authenticatedUser = $sessionStore->get('user', []);
$userId = (int) (is_array($authenticatedUser) ? ($authenticatedUser['id'] ?? 0) : 0);
if ($userId <= 0 || !$authService->canLoginToTenant($userId, $selectedTenantId)) {
$authService->logout();
$setLoginWarning(t('No access to this tenant'));

View File

@@ -1,10 +1,13 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$request = requestInput();
$error = false;
if (!allowRegistration()) {
@@ -32,7 +35,7 @@ if ($request->hasBody('email')) {
$error = $result['error'] ?? t('User can not be registered');
} else {
// Store email in session for verify-email page
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
$sessionStore->set('email_verification_email', $result['email'] ?? $email);
Flash::success(t('Registration successful! Please check your email for the verification code.'), 'verify-email', 'registration_success');
Router::redirect('verify-email');
}

View File

@@ -1,12 +1,16 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$request = requestInput();
$errorBag = formErrors();
$errors = [];
@@ -14,7 +18,7 @@ $password = (string) $request->body('password', '');
$password2 = (string) $request->body('password2', '');
$passwordResetService = (app(AuthServicesFactory::class))->createPasswordResetService();
$resetId = (int) ($_SESSION['password_reset_id'] ?? 0);
$resetId = (int) ($session['password_reset_id'] ?? 0);
if ($resetId <= 0) {
Router::redirect('password/forgot');
}
@@ -25,8 +29,8 @@ if ($request->isMethod('POST')) {
} else {
$result = $passwordResetService->resetPassword($resetId, $password, $password2);
if ($result['ok'] ?? false) {
unset($_SESSION['password_reset_id']);
unset($_SESSION['password_reset_email']);
$sessionStore->remove('password_reset_id');
$sessionStore->remove('password_reset_email');
Flash::success(t('Password updated'), 'login', 'password_updated');
Router::redirect('login');
} else {

View File

@@ -1,15 +1,19 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$request = requestInput();
$errorBag = formErrors();
$errors = [];
$email = trim((string) $request->body('email', $_SESSION['password_reset_email'] ?? ''));
$email = trim((string) $request->body('email', $session['password_reset_email'] ?? ''));
$code = trim((string) $request->body('code', ''));
$passwordResetService = (app(AuthServicesFactory::class))->createPasswordResetService();
@@ -23,8 +27,8 @@ if ($request->isMethod('POST')) {
} else {
$result = $passwordResetService->verifyCode($email, $code);
if ($result['ok'] ?? false) {
$_SESSION['password_reset_id'] = (int) $result['reset_id'];
unset($_SESSION['password_reset_email']);
$sessionStore->set('password_reset_id', (int) $result['reset_id']);
$sessionStore->remove('password_reset_email');
Flash::success(t('Code verified'), 'password/reset', 'reset_verified');
Router::redirect('password/reset');
} else {

View File

@@ -1,15 +1,19 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Auth\AuthServicesFactory;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$request = requestInput();
$errorBag = formErrors();
$errors = [];
$email = trim((string) $request->body('email', $_SESSION['email_verification_email'] ?? ''));
$email = trim((string) $request->body('email', $session['email_verification_email'] ?? ''));
$code = trim((string) $request->body('code', ''));
$emailVerificationService = (app(AuthServicesFactory::class))->createEmailVerificationService();
@@ -42,7 +46,7 @@ if ($request->isMethod('POST')) {
} else {
$result = $emailVerificationService->verifyCode($email, $code);
if ($result['ok'] ?? false) {
unset($_SESSION['email_verification_email']);
$sessionStore->remove('email_verification_email');
Flash::success(t('Email verified successfully! Please login.'), 'login', 'email_verified');
Router::redirect('login');

View File

@@ -1,8 +1,10 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
if (isset($_SESSION['user'])) {
$session = app(SessionStoreInterface::class)->all();
if (isset($session['user'])) {
Router::redirect('admin');
} else {
Router::redirect('login');

View File

@@ -1,11 +1,15 @@
<?php
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n;
use MintyPHP\Router;
use MintyPHP\Service\User\UserServicesFactory;
use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$request = requestInput();
$rawLocale = (string) $request->body(
'locale',
@@ -23,11 +27,15 @@ if ($locale === '' || !in_array($locale, $locales, true)) {
}
I18n::$locale = $locale;
if (isset($_SESSION['user']['id'])) {
$userId = (int) ($_SESSION['user']['id'] ?? 0);
if (isset($session['user']['id'])) {
$userId = (int) ($session['user']['id'] ?? 0);
if ($userId) {
(app(UserServicesFactory::class))->createUserAccountService()->setLocale($userId, $locale);
$_SESSION['user']['locale'] = $locale;
$userSession = $sessionStore->get('user', []);
if (is_array($userSession)) {
$userSession['locale'] = $locale;
$sessionStore->set('user', $userSession);
}
}
} else {
setcookie('locale', $locale, time() + 31536000, '/', '', false, true);

View File

@@ -1,13 +1,17 @@
<?php
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n;
use MintyPHP\Router;
use MintyPHP\Service\Content\PageService;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
$user = $_SESSION['user'] ?? [];
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$user = $session['user'] ?? [];
$currentUserId = (int) ($user['id'] ?? 0);
if ($currentUserId <= 0) {
Flash::error(t('Login required'), Request::safeReturnTarget((string) (requestInput()->bodyAll()['return'] ?? '')), 'login_required');
@@ -37,6 +41,12 @@ if (!($result['ok'] ?? false)) {
Router::redirect($return);
}
$_SESSION['page_edit_mode'][$slug] = 1;
$pageEditMode = $sessionStore->get('page_edit_mode', []);
if (!is_array($pageEditMode)) {
$pageEditMode = [];
}
$pageEditMode[$slug] = 1;
$sessionStore->set('page_edit_mode', $pageEditMode);
Flash::success(t('Content copied'), $return, 'page_copy_ok');
Router::redirect($return);

View File

@@ -2,12 +2,16 @@
use MintyPHP\Buffer;
use MintyPHP\Http\Request;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n;
use MintyPHP\Router;
use MintyPHP\Service\Content\PageService;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
$sessionStore = app(SessionStoreInterface::class);
$session = $sessionStore->all();
$slug = trim((string) ($slug ?? ''));
if ($slug === '') {
Router::redirect('');
@@ -22,7 +26,7 @@ if ($notFound) {
Buffer::set('title', t('Page not found'));
}
$user = $_SESSION['user'] ?? [];
$user = $session['user'] ?? [];
$currentUserId = (int) ($user['id'] ?? 0);
$canEdit = $currentUserId > 0;
$returnPath = Request::path();
@@ -35,11 +39,22 @@ if ($requestedReturn !== '') {
}
$formAction = '/' . ltrim($returnPath, '/');
$wantsJson = Request::wantsJson();
$markEditMode = static function (string $pageSlug) use ($sessionStore): void {
$pageEditMode = $sessionStore->get('page_edit_mode', []);
if (!is_array($pageEditMode)) {
$pageEditMode = [];
}
$pageEditMode[$pageSlug] = 1;
$sessionStore->set('page_edit_mode', $pageEditMode);
};
$sessionEdit = false;
if (!empty($_SESSION['page_edit_mode']) && is_array($_SESSION['page_edit_mode'])) {
$sessionEdit = !empty($_SESSION['page_edit_mode'][$slug]);
unset($_SESSION['page_edit_mode'][$slug]);
if (!empty($session['page_edit_mode']) && is_array($session['page_edit_mode'])) {
$sessionEdit = !empty($session['page_edit_mode'][$slug]);
$pageEditMode = $session['page_edit_mode'];
unset($pageEditMode[$slug]);
$sessionStore->set('page_edit_mode', $pageEditMode);
}
if (requestInput()->method() === 'POST') {
@@ -68,19 +83,19 @@ if (requestInput()->method() === 'POST') {
$firstError = (string) ($errors[0] ?? t('Page can not be updated'));
Flash::error($firstError, $returnPath, 'page_update_failed');
if ($wantsJson) {
$_SESSION['page_edit_mode'][$slug] = 1;
$markEditMode($slug);
Router::json(['ok' => false, 'error' => 'invalid', 'redirect' => $returnPath]);
}
$_SESSION['page_edit_mode'][$slug] = 1;
$markEditMode($slug);
Router::redirect($returnPath);
}
Flash::success(t('Page updated'), $returnPath, 'page_updated');
if ($wantsJson) {
$_SESSION['page_edit_mode'][$slug] = 1;
$markEditMode($slug);
Router::json(['ok' => true, 'redirect' => $returnPath]);
}
$_SESSION['page_edit_mode'][$slug] = 1;
$markEditMode($slug);
Router::redirect($returnPath);
}

View File

@@ -1,13 +1,15 @@
<?php
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\I18n;
use MintyPHP\Service\Search\SearchDataService;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
gridRequireGetRequest();
$userId = (int) ($_SESSION['user']['id'] ?? 0);
$userId = (int) ($session['user']['id'] ?? 0);
$filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php');
if ($filters['search'] === '') {

View File

@@ -1,9 +1,11 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$filterSchema = require __DIR__ . '/filter-schema.php';
@@ -24,7 +26,7 @@ $clientFilterSchema = $listFilterContext['clientFilterSchema'];
$searchConfig = $listFilterContext['searchConfig'];
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
$csrfToken = $session[$csrfKey] ?? '';
Buffer::set('title', t('Search results'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));