refactor(settings): split admin/settings into hub + per-section subpages
Splits the 755-line monolithic settings page into a tile-based landing hub and six focused subpages (general, security, email, api, sso, branding), each with its own form, CSRF scope and POST handler. Each subpage offers Save / Save & close buttons plus a Cancel/back link to the hub. Backend (AdminSettingsService, gateways, policies, DB schema) unchanged. A new settingsSectionMergePost() helper overlays section POSTs onto the current DB values so partial saves don't wipe unrelated fields (the service defaults missing keys to 0/empty). Sub-action files (logo/favicon/tokens/lifecycle) redirect to the matching subpage, and architecture contracts now check the subpage files instead of the removed monolithic index. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
86
pages/admin/settings/api().php
Normal file
86
pages/admin/settings/api().php
Normal file
@@ -0,0 +1,86 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\AdminSettingsService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
$request = requestInput();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
$adminSettingsService = app(AdminSettingsService::class);
|
||||
$pageData = $adminSettingsService->buildPageData();
|
||||
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
|
||||
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
|
||||
$activeApiTokens = (int) ($pageData['active_api_tokens'] ?? 0);
|
||||
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/api', 'admin/settings/api', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$updateDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
$sectionKeys = [
|
||||
'api_token_default_ttl_days',
|
||||
'api_token_max_ttl_days',
|
||||
'api_cors_allowed_origins',
|
||||
];
|
||||
$mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys);
|
||||
|
||||
$updateResult = $adminSettingsService->updateFromAdmin($mergedPost);
|
||||
$errorBag = formErrors();
|
||||
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
|
||||
if (is_array($error)) {
|
||||
$message = trim((string) ($error['message'] ?? ''));
|
||||
$field = trim((string) ($error['field'] ?? 'input'));
|
||||
if ($message !== '') {
|
||||
$errorBag->add($field !== '' ? $field : 'input', $message);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
$message = trim((string) $error);
|
||||
if ($message !== '') {
|
||||
$errorBag->addGlobal($message);
|
||||
}
|
||||
}
|
||||
|
||||
if ($errorBag->hasAny()) {
|
||||
flashFormErrors($errorBag, 'admin/settings/api', 'settings_update_error');
|
||||
Router::redirect('admin/settings/api');
|
||||
}
|
||||
|
||||
$redirectTarget = ((string) $request->body('action', 'save') === 'save_close')
|
||||
? 'admin/settings'
|
||||
: 'admin/settings/api';
|
||||
Flash::success('Settings updated', $redirectTarget, 'settings_updated');
|
||||
Router::redirect($redirectTarget);
|
||||
}
|
||||
|
||||
Buffer::set('title', t('API settings'));
|
||||
|
||||
$breadcrumbs = [
|
||||
['label' => t('Home'), 'path' => 'admin'],
|
||||
['label' => t('Settings'), 'path' => 'admin/settings'],
|
||||
['label' => t('API')],
|
||||
];
|
||||
Reference in New Issue
Block a user