chore: snapshot notifications hardening and css/docs alignment
This commit is contained in:
@@ -1,12 +1,14 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Module\Notifications\NotificationsAuthorizationPolicy;
|
||||
use MintyPHP\Module\Notifications\Service\NotificationService;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbilityOrForbidden(NotificationsAuthorizationPolicy::ABILITY_VIEW);
|
||||
|
||||
if (requestInput()->method() !== 'POST') {
|
||||
http_response_code(405);
|
||||
@@ -22,6 +24,7 @@ if (!Session::checkCsrfToken()) {
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
$userId = (int) ($session['user']['id'] ?? 0);
|
||||
$tenantId = (int) (($session['current_tenant']['id'] ?? 0));
|
||||
if ($userId <= 0) {
|
||||
http_response_code(401);
|
||||
Router::json(['ok' => false, 'error' => 'unauthorized']);
|
||||
@@ -33,16 +36,16 @@ $all = requestInput()->body('all');
|
||||
$id = (int) requestInput()->body('id');
|
||||
|
||||
if ($all) {
|
||||
$service->markAllAsRead($userId);
|
||||
$service->markAllAsRead($userId, $tenantId > 0 ? $tenantId : null);
|
||||
} elseif ($id > 0) {
|
||||
$service->markAsRead($userId, $id);
|
||||
$service->markAsRead($userId, $id, $tenantId > 0 ? $tenantId : null);
|
||||
} else {
|
||||
http_response_code(400);
|
||||
Router::json(['ok' => false, 'error' => 'invalid_request']);
|
||||
return;
|
||||
}
|
||||
|
||||
$unreadCount = $service->unreadCount($userId);
|
||||
$unreadCount = $service->unreadCount($userId, $tenantId > 0 ? $tenantId : null);
|
||||
app(SessionStoreInterface::class)->set('module.notifications.unread_count', $unreadCount);
|
||||
|
||||
Router::json(['ok' => true, 'unread_count' => $unreadCount]);
|
||||
|
||||
Reference in New Issue
Block a user