refactor(settings): split admin/settings into hub + per-section subpages
Splits the 755-line monolithic settings page into a tile-based landing hub and six focused subpages (general, security, email, api, sso, branding), each with its own form, CSRF scope and POST handler. Each subpage offers Save / Save & close buttons plus a Cancel/back link to the hub. Backend (AdminSettingsService, gateways, policies, DB schema) unchanged. A new settingsSectionMergePost() helper overlays section POSTs onto the current DB values so partial saves don't wipe unrelated fields (the service defaults missing keys to 0/empty). Sub-action files (logo/favicon/tokens/lifecycle) redirect to the matching subpage, and architecture contracts now check the subpage files instead of the removed monolithic index. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
// Load all global helper groups used by templates and page actions.
|
||||
require __DIR__ . '/helpers/admin_settings.php';
|
||||
require __DIR__ . '/helpers/app.php';
|
||||
require __DIR__ . '/helpers/array.php';
|
||||
require __DIR__ . '/helpers/branding.php';
|
||||
|
||||
47
core/Support/helpers/admin_settings.php
Normal file
47
core/Support/helpers/admin_settings.php
Normal file
@@ -0,0 +1,47 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Merge a single-section POST body with current DB values so that
|
||||
* AdminSettingsService::updateFromAdmin() only updates the fields owned
|
||||
* by that section.
|
||||
*
|
||||
* Why this exists:
|
||||
* updateFromAdmin() reads all known keys from the POST array and defaults
|
||||
* missing keys to 0/empty/false (see sanitize* methods). Subpages that post
|
||||
* only their own fields would otherwise wipe unrelated sections. This helper
|
||||
* overlays the section's POST fields onto the current DB values formatted as
|
||||
* POST scalars, preserving checkbox semantics (omitted key = unchecked).
|
||||
*
|
||||
* @param array<string, mixed> $currentValues 'values' map from buildPageData()
|
||||
* @param array<string, mixed> $post user POST body (bodyAll())
|
||||
* @param list<string> $sectionKeys keys owned by this section
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
function settingsSectionMergePost(array $currentValues, array $post, array $sectionKeys): array
|
||||
{
|
||||
$seed = [];
|
||||
foreach ($currentValues as $key => $value) {
|
||||
if (is_bool($value)) {
|
||||
if ($value) {
|
||||
$seed[$key] = '1';
|
||||
}
|
||||
continue;
|
||||
}
|
||||
if (is_array($value)) {
|
||||
$seed[$key] = $value;
|
||||
continue;
|
||||
}
|
||||
if ($value !== null) {
|
||||
$seed[$key] = (string) $value;
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($sectionKeys as $key) {
|
||||
unset($seed[$key]);
|
||||
if (array_key_exists($key, $post)) {
|
||||
$seed[$key] = $post[$key];
|
||||
}
|
||||
}
|
||||
|
||||
return $seed;
|
||||
}
|
||||
2586
i18n/default_de.json
2586
i18n/default_de.json
File diff suppressed because it is too large
Load Diff
2586
i18n/default_en.json
2586
i18n/default_en.json
File diff suppressed because it is too large
Load Diff
86
pages/admin/settings/api().php
Normal file
86
pages/admin/settings/api().php
Normal file
@@ -0,0 +1,86 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\AdminSettingsService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
$request = requestInput();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
$adminSettingsService = app(AdminSettingsService::class);
|
||||
$pageData = $adminSettingsService->buildPageData();
|
||||
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
|
||||
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
|
||||
$activeApiTokens = (int) ($pageData['active_api_tokens'] ?? 0);
|
||||
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/api', 'admin/settings/api', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$updateDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
$sectionKeys = [
|
||||
'api_token_default_ttl_days',
|
||||
'api_token_max_ttl_days',
|
||||
'api_cors_allowed_origins',
|
||||
];
|
||||
$mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys);
|
||||
|
||||
$updateResult = $adminSettingsService->updateFromAdmin($mergedPost);
|
||||
$errorBag = formErrors();
|
||||
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
|
||||
if (is_array($error)) {
|
||||
$message = trim((string) ($error['message'] ?? ''));
|
||||
$field = trim((string) ($error['field'] ?? 'input'));
|
||||
if ($message !== '') {
|
||||
$errorBag->add($field !== '' ? $field : 'input', $message);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
$message = trim((string) $error);
|
||||
if ($message !== '') {
|
||||
$errorBag->addGlobal($message);
|
||||
}
|
||||
}
|
||||
|
||||
if ($errorBag->hasAny()) {
|
||||
flashFormErrors($errorBag, 'admin/settings/api', 'settings_update_error');
|
||||
Router::redirect('admin/settings/api');
|
||||
}
|
||||
|
||||
$redirectTarget = ((string) $request->body('action', 'save') === 'save_close')
|
||||
? 'admin/settings'
|
||||
: 'admin/settings/api';
|
||||
Flash::success('Settings updated', $redirectTarget, 'settings_updated');
|
||||
Router::redirect($redirectTarget);
|
||||
}
|
||||
|
||||
Buffer::set('title', t('API settings'));
|
||||
|
||||
$breadcrumbs = [
|
||||
['label' => t('Home'), 'path' => 'admin'],
|
||||
['label' => t('Settings'), 'path' => 'admin/settings'],
|
||||
['label' => t('API')],
|
||||
];
|
||||
134
pages/admin/settings/api(default).phtml
Normal file
134
pages/admin/settings/api(default).phtml
Normal file
@@ -0,0 +1,134 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @var array $values
|
||||
* @var array $settings
|
||||
* @var int $activeApiTokens
|
||||
* @var bool $canUpdateSettings
|
||||
*/
|
||||
|
||||
use MintyPHP\Session;
|
||||
|
||||
$values = $values ?? [];
|
||||
$settings = $settings ?? [];
|
||||
$apiTokenDefaultTtlDays = (int) ($values['api_token_default_ttl_days'] ?? 90);
|
||||
$apiTokenMaxTtlDays = (int) ($values['api_token_max_ttl_days'] ?? 365);
|
||||
$apiCorsAllowedOrigins = (string) ($values['api_cors_allowed_origins'] ?? '');
|
||||
$apiTokenDefaultTtlDaysDesc = $settings['api_token_default_ttl_days']['description'] ?? 'setting.api_token_default_ttl_days';
|
||||
$apiTokenMaxTtlDaysDesc = $settings['api_token_max_ttl_days']['description'] ?? 'setting.api_token_max_ttl_days';
|
||||
$apiCorsAllowedOriginsDesc = $settings['api_cors_allowed_origins']['description'] ?? 'setting.api_cors_allowed_origins';
|
||||
$activeApiTokens = (int) ($activeApiTokens ?? 0);
|
||||
$canUpdateSettings = (bool) ($canUpdateSettings ?? false);
|
||||
$isReadOnly = !$canUpdateSettings;
|
||||
$readonlyAttr = $isReadOnly ? 'readonly' : '';
|
||||
?>
|
||||
|
||||
<div class="app-details-container">
|
||||
<section>
|
||||
<?php
|
||||
$titlebar = [
|
||||
'title' => t('API settings'),
|
||||
'backHref' => 'admin/settings',
|
||||
'backTitle' => t('Cancel'),
|
||||
'actions' => $canUpdateSettings ? [
|
||||
[
|
||||
'form' => 'settings-api-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save',
|
||||
'class' => 'secondary outline',
|
||||
'label' => t('Save'),
|
||||
],
|
||||
[
|
||||
'form' => 'settings-api-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save_close',
|
||||
'class' => 'primary',
|
||||
'label' => t('Save & close'),
|
||||
],
|
||||
] : [],
|
||||
];
|
||||
require templatePath('partials/app-details-titlebar.phtml');
|
||||
?>
|
||||
|
||||
<form id="settings-api-form" method="post" data-details-storage="settings-api-details-v1" data-standard-detail-form="1">
|
||||
<details class="app-details-card" name="settings-api-token-policy" data-details-key="settings-api-token-policy" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Token lifetime policy')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral">
|
||||
<?php e((string) $apiTokenDefaultTtlDays); ?> / <?php e((string) $apiTokenMaxTtlDays); ?> <?php e(t('days')); ?>
|
||||
</span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('These limits define default and maximum lifetimes for newly issued API tokens.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('API token default lifetime (days)')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<input type="number" name="api_token_default_ttl_days" value="<?php e((string) $apiTokenDefaultTtlDays); ?>"
|
||||
min="1" max="3650" step="1" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($apiTokenDefaultTtlDaysDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('API token maximum lifetime (days)')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<input type="number" name="api_token_max_ttl_days" value="<?php e((string) $apiTokenMaxTtlDays); ?>"
|
||||
min="1" max="3650" step="1" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($apiTokenMaxTtlDaysDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<?php $apiCorsOriginsCount = count(array_values(array_filter(array_map('trim', preg_split('/\R+/', $apiCorsAllowedOrigins) ?: [])))); ?>
|
||||
<details class="app-details-card" name="settings-api-cors" data-details-key="settings-api-cors">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('CORS allowlist')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d origins configured'), $apiCorsOriginsCount)); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Define which origins may call your API from browsers. Use one origin per line.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Allowed CORS origins')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<textarea name="api_cors_allowed_origins" rows="4" placeholder="https://app.example.com https://admin.example.com" <?php e($readonlyAttr); ?>><?php e($apiCorsAllowedOrigins); ?></textarea>
|
||||
<small><?php e(t($apiCorsAllowedOriginsDesc)); ?></small>
|
||||
</label>
|
||||
<small class="muted"><?php e(t('One origin per line, e.g. https://app.example.com')); ?></small>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<details class="app-details-card" name="settings-api-tokens" data-details-key="settings-api-tokens">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Token operations')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d active API tokens'), $activeApiTokens)); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="warning">
|
||||
<small><?php e(t('This action revokes all active API tokens immediately across all users.')); ?></small>
|
||||
</blockquote>
|
||||
<button type="submit" class="danger" formnovalidate
|
||||
formaction="admin/settings/revoke-api-tokens"
|
||||
formmethod="post"
|
||||
data-detail-confirm-message="<?php e(t('Revoke all API tokens?')); ?>"
|
||||
data-detail-action-kind="danger">
|
||||
<?php e(t('Revoke all API tokens')); ?>
|
||||
</button>
|
||||
</div>
|
||||
</details>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
</section>
|
||||
<aside id="app-details-aside-section">
|
||||
<div class="app-details-aside-section"></div>
|
||||
</aside>
|
||||
</div>
|
||||
28
pages/admin/settings/branding().php
Normal file
28
pages/admin/settings/branding().php
Normal file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
Buffer::set('title', t('Branding settings'));
|
||||
|
||||
$breadcrumbs = [
|
||||
['label' => t('Home'), 'path' => 'admin'],
|
||||
['label' => t('Settings'), 'path' => 'admin/settings'],
|
||||
['label' => t('Branding')],
|
||||
];
|
||||
106
pages/admin/settings/branding(default).phtml
Normal file
106
pages/admin/settings/branding(default).phtml
Normal file
@@ -0,0 +1,106 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @var bool $canUpdateSettings
|
||||
*/
|
||||
|
||||
use MintyPHP\Session;
|
||||
|
||||
$canUpdateSettings = (bool) ($canUpdateSettings ?? false);
|
||||
$hasLogo = app(\MintyPHP\Service\Branding\BrandingLogoService::class)->hasLogo();
|
||||
$hasFavicon = app(\MintyPHP\Service\Branding\BrandingFaviconService::class)->hasFavicon();
|
||||
?>
|
||||
|
||||
<div class="app-details-container">
|
||||
<section>
|
||||
<?php
|
||||
$titlebar = [
|
||||
'title' => t('Branding settings'),
|
||||
'backHref' => 'admin/settings',
|
||||
'backTitle' => t('Cancel'),
|
||||
'actions' => [],
|
||||
];
|
||||
require templatePath('partials/app-details-titlebar.phtml');
|
||||
?>
|
||||
|
||||
<details class="app-details-card" name="settings-branding-logo" data-details-key="settings-branding-logo" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('App logo')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($hasLogo ? t('Configured') : t('Default')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<div class="entity-avatar-block avatar-square avatar-ratio-16-9 avatar-borderless">
|
||||
<a data-fslightbox="app-logo" href="<?php e(appLogoUrl(256)); ?>">
|
||||
<img class="entity-avatar-image" src="<?php e(appLogoUrl(256)); ?>" alt="<?php e(t('App logo')); ?>">
|
||||
</a>
|
||||
</div>
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<form class="user-avatar-form" method="post" action="admin/settings/logo" enctype="multipart/form-data">
|
||||
<?php
|
||||
$fileUpload = [
|
||||
'name' => 'logo',
|
||||
'accept' => 'image/svg+xml,image/png,image/jpeg,image/webp',
|
||||
'hint' => t('Allowed file types: SVG, PNG, JPG, WEBP'),
|
||||
'currentSrc' => $hasLogo ? appLogoUrl(128) : '',
|
||||
'deleteAction' => $hasLogo ? 'admin/settings/logo-delete' : '',
|
||||
];
|
||||
require templatePath('partials/app-file-upload.phtml');
|
||||
?>
|
||||
<div class="app-form-actions">
|
||||
<button type="submit" name="action" value="save" class="secondary outline">
|
||||
<?php e(t('Save')); ?>
|
||||
</button>
|
||||
<button type="submit" name="action" value="save_close" class="primary">
|
||||
<?php e(t('Save & close')); ?>
|
||||
</button>
|
||||
</div>
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-branding-favicon" data-details-key="settings-branding-favicon">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Favicon')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($hasFavicon ? t('Configured') : t('Default')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Square images are recommended (icons are center-cropped).')); ?></small>
|
||||
</blockquote>
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<form class="user-avatar-form" method="post" action="admin/settings/favicon" enctype="multipart/form-data">
|
||||
<?php
|
||||
$fileUpload = [
|
||||
'name' => 'favicon',
|
||||
'accept' => 'image/png',
|
||||
'hint' => t('Allowed file types: PNG'),
|
||||
'currentSrc' => $hasFavicon ? asset('favicon/favicon-32x32.png') : '',
|
||||
'currentLabel' => t('Favicon'),
|
||||
'deleteAction' => $hasFavicon ? 'admin/settings/favicon-delete' : '',
|
||||
];
|
||||
require templatePath('partials/app-file-upload.phtml');
|
||||
?>
|
||||
<div class="app-form-actions">
|
||||
<button type="submit" name="action" value="save" class="secondary outline">
|
||||
<?php e(t('Save')); ?>
|
||||
</button>
|
||||
<button type="submit" name="action" value="save_close" class="primary">
|
||||
<?php e(t('Save & close')); ?>
|
||||
</button>
|
||||
</div>
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</details>
|
||||
</section>
|
||||
<aside id="app-details-aside-section">
|
||||
<div class="app-details-aside-section"></div>
|
||||
</aside>
|
||||
</div>
|
||||
89
pages/admin/settings/email().php
Normal file
89
pages/admin/settings/email().php
Normal file
@@ -0,0 +1,89 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\AdminSettingsService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
$request = requestInput();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
$adminSettingsService = app(AdminSettingsService::class);
|
||||
$pageData = $adminSettingsService->buildPageData();
|
||||
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
|
||||
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
|
||||
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/email', 'admin/settings/email', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$updateDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
$sectionKeys = [
|
||||
'smtp_host',
|
||||
'smtp_port',
|
||||
'smtp_user',
|
||||
'smtp_password',
|
||||
'smtp_secure',
|
||||
'smtp_from',
|
||||
'smtp_from_name',
|
||||
];
|
||||
$mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys);
|
||||
|
||||
$updateResult = $adminSettingsService->updateFromAdmin($mergedPost);
|
||||
$errorBag = formErrors();
|
||||
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
|
||||
if (is_array($error)) {
|
||||
$message = trim((string) ($error['message'] ?? ''));
|
||||
$field = trim((string) ($error['field'] ?? 'input'));
|
||||
if ($message !== '') {
|
||||
$errorBag->add($field !== '' ? $field : 'input', $message);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
$message = trim((string) $error);
|
||||
if ($message !== '') {
|
||||
$errorBag->addGlobal($message);
|
||||
}
|
||||
}
|
||||
|
||||
if ($errorBag->hasAny()) {
|
||||
flashFormErrors($errorBag, 'admin/settings/email', 'settings_update_error');
|
||||
Router::redirect('admin/settings/email');
|
||||
}
|
||||
|
||||
$redirectTarget = ((string) $request->body('action', 'save') === 'save_close')
|
||||
? 'admin/settings'
|
||||
: 'admin/settings/email';
|
||||
Flash::success('Settings updated', $redirectTarget, 'settings_updated');
|
||||
Router::redirect($redirectTarget);
|
||||
}
|
||||
|
||||
Buffer::set('title', t('Email settings'));
|
||||
|
||||
$breadcrumbs = [
|
||||
['label' => t('Home'), 'path' => 'admin'],
|
||||
['label' => t('Settings'), 'path' => 'admin/settings'],
|
||||
['label' => t('Email')],
|
||||
];
|
||||
112
pages/admin/settings/email(default).phtml
Normal file
112
pages/admin/settings/email(default).phtml
Normal file
@@ -0,0 +1,112 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @var array $values
|
||||
* @var array $settings
|
||||
* @var bool $canUpdateSettings
|
||||
*/
|
||||
|
||||
use MintyPHP\Session;
|
||||
|
||||
$values = $values ?? [];
|
||||
$settings = $settings ?? [];
|
||||
$smtpHost = (string) ($values['smtp_host'] ?? '');
|
||||
$smtpPort = (string) ($values['smtp_port'] ?? '');
|
||||
$smtpUser = (string) ($values['smtp_user'] ?? '');
|
||||
$smtpSecure = (string) ($values['smtp_secure'] ?? '');
|
||||
$smtpFrom = (string) ($values['smtp_from'] ?? '');
|
||||
$smtpFromName = (string) ($values['smtp_from_name'] ?? '');
|
||||
$smtpHostDesc = $settings['smtp_host']['description'] ?? 'setting.smtp_host';
|
||||
$smtpPortDesc = $settings['smtp_port']['description'] ?? 'setting.smtp_port';
|
||||
$smtpUserDesc = $settings['smtp_user']['description'] ?? 'setting.smtp_user';
|
||||
$smtpPasswordDesc = $settings['smtp_password']['description'] ?? 'setting.smtp_password';
|
||||
$smtpSecureDesc = $settings['smtp_secure']['description'] ?? 'setting.smtp_secure';
|
||||
$smtpFromDesc = $settings['smtp_from']['description'] ?? 'setting.smtp_from';
|
||||
$smtpFromNameDesc = $settings['smtp_from_name']['description'] ?? 'setting.smtp_from_name';
|
||||
$canUpdateSettings = (bool) ($canUpdateSettings ?? false);
|
||||
$isReadOnly = !$canUpdateSettings;
|
||||
$readonlyAttr = $isReadOnly ? 'readonly' : '';
|
||||
$disabledAttr = $isReadOnly ? 'disabled' : '';
|
||||
?>
|
||||
|
||||
<div class="app-details-container">
|
||||
<section>
|
||||
<?php
|
||||
$titlebar = [
|
||||
'title' => t('Email settings'),
|
||||
'backHref' => 'admin/settings',
|
||||
'backTitle' => t('Cancel'),
|
||||
'actions' => $canUpdateSettings ? [
|
||||
[
|
||||
'form' => 'settings-email-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save',
|
||||
'class' => 'secondary outline',
|
||||
'label' => t('Save'),
|
||||
],
|
||||
[
|
||||
'form' => 'settings-email-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save_close',
|
||||
'class' => 'primary',
|
||||
'label' => t('Save & close'),
|
||||
],
|
||||
] : [],
|
||||
];
|
||||
require templatePath('partials/app-details-titlebar.phtml');
|
||||
?>
|
||||
|
||||
<form id="settings-email-form" method="post" data-details-storage="settings-email-details-v1" data-standard-detail-form="1">
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP host')); ?></span>
|
||||
<input type="text" name="smtp_host" value="<?php e($smtpHost); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpHostDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP port')); ?></span>
|
||||
<input type="number" name="smtp_port" value="<?php e($smtpPort); ?>" min="1" max="65535" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpPortDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP user')); ?></span>
|
||||
<input type="text" name="smtp_user" value="<?php e($smtpUser); ?>" autocomplete="username" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpUserDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP password')); ?></span>
|
||||
<input type="password" name="smtp_password" value="" autocomplete="new-password" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpPasswordDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP security')); ?></span>
|
||||
<select name="smtp_secure" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<option value="tls" <?php e($smtpSecure === 'tls' ? 'selected' : ''); ?>>TLS</option>
|
||||
<option value="ssl" <?php e($smtpSecure === 'ssl' ? 'selected' : ''); ?>>SSL</option>
|
||||
</select>
|
||||
<small><?php e(t($smtpSecureDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP from address')); ?></span>
|
||||
<input type="email" name="smtp_from" value="<?php e($smtpFrom); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpFromDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP from name')); ?></span>
|
||||
<input type="text" name="smtp_from_name" value="<?php e($smtpFromName); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpFromNameDesc)); ?></small>
|
||||
</label>
|
||||
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
</section>
|
||||
<aside id="app-details-aside-section">
|
||||
<div class="app-details-aside-section"></div>
|
||||
</aside>
|
||||
</div>
|
||||
@@ -18,15 +18,15 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (!actionRequirePost('admin/settings')) {
|
||||
if (!actionRequirePost('admin/settings/security')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf('admin/settings', 'admin/settings', 'settings_tokens_expire')) {
|
||||
if (!actionRequireCsrf('admin/settings/security', 'admin/settings/security', 'settings_tokens_expire')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$rememberMeService = app(\MintyPHP\Service\Auth\RememberMeService::class);
|
||||
$count = $rememberMeService->expireAllTokensByAdmin();
|
||||
Flash::success(sprintf(t('%d login tokens expired'), $count), 'admin/settings', 'login_tokens_expired');
|
||||
Router::redirect('admin/settings');
|
||||
Flash::success(sprintf(t('%d login tokens expired'), $count), 'admin/settings/security', 'login_tokens_expired');
|
||||
Router::redirect('admin/settings/security');
|
||||
|
||||
@@ -18,11 +18,11 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (!actionRequirePost('admin/settings')) {
|
||||
if (!actionRequirePost('admin/settings/branding')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf('admin/settings', 'admin/settings', 'favicon_upload')) {
|
||||
if (!actionRequireCsrf('admin/settings/branding', 'admin/settings/branding', 'favicon_upload')) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -32,10 +32,13 @@ $result = $faviconService->saveUpload(requestInput()->filesAll()['favicon'] ?? [
|
||||
if (!($result['ok'] ?? false)) {
|
||||
$error = $result['error'] ?? t('Upload failed');
|
||||
$errorBag->addGlobal((string) $error);
|
||||
flashFormErrors($errorBag, 'admin/settings', 'favicon_upload');
|
||||
Router::redirect('admin/settings');
|
||||
flashFormErrors($errorBag, 'admin/settings/branding', 'favicon_upload');
|
||||
Router::redirect('admin/settings/branding');
|
||||
return;
|
||||
}
|
||||
|
||||
Flash::success('Favicon updated', 'admin/settings', 'favicon_updated');
|
||||
Router::redirect('admin/settings');
|
||||
$redirectTarget = ((string) requestInput()->body('action', 'save') === 'save_close')
|
||||
? 'admin/settings'
|
||||
: 'admin/settings/branding';
|
||||
Flash::success('Favicon updated', $redirectTarget, 'favicon_updated');
|
||||
Router::redirect($redirectTarget);
|
||||
|
||||
@@ -18,15 +18,15 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (!actionRequirePost('admin/settings')) {
|
||||
if (!actionRequirePost('admin/settings/branding')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf('admin/settings', 'admin/settings', 'settings_favicon_delete')) {
|
||||
if (!actionRequireCsrf('admin/settings/branding', 'admin/settings/branding', 'settings_favicon_delete')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$faviconService = app(\MintyPHP\Service\Branding\BrandingFaviconService::class);
|
||||
$faviconService->delete();
|
||||
Flash::success('Favicon removed', 'admin/settings', 'favicon_removed');
|
||||
Router::redirect('admin/settings');
|
||||
Flash::success('Favicon removed', 'admin/settings/branding', 'favicon_removed');
|
||||
Router::redirect('admin/settings/branding');
|
||||
|
||||
90
pages/admin/settings/general().php
Normal file
90
pages/admin/settings/general().php
Normal file
@@ -0,0 +1,90 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\AdminSettingsService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
$request = requestInput();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
$adminSettingsService = app(AdminSettingsService::class);
|
||||
$pageData = $adminSettingsService->buildPageData();
|
||||
$tenants = is_array($pageData['tenants'] ?? null) ? $pageData['tenants'] : [];
|
||||
$roles = is_array($pageData['roles'] ?? null) ? $pageData['roles'] : [];
|
||||
$departments = is_array($pageData['departments'] ?? null) ? $pageData['departments'] : [];
|
||||
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
|
||||
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
|
||||
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/general', 'admin/settings/general', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$updateDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
$sectionKeys = [
|
||||
'default_tenant_id',
|
||||
'default_role_id',
|
||||
'default_department_id',
|
||||
'app_title',
|
||||
'app_locale',
|
||||
];
|
||||
$mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys);
|
||||
|
||||
$updateResult = $adminSettingsService->updateFromAdmin($mergedPost);
|
||||
$errorBag = formErrors();
|
||||
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
|
||||
if (is_array($error)) {
|
||||
$message = trim((string) ($error['message'] ?? ''));
|
||||
$field = trim((string) ($error['field'] ?? 'input'));
|
||||
if ($message !== '') {
|
||||
$errorBag->add($field !== '' ? $field : 'input', $message);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
$message = trim((string) $error);
|
||||
if ($message !== '') {
|
||||
$errorBag->addGlobal($message);
|
||||
}
|
||||
}
|
||||
|
||||
if ($errorBag->hasAny()) {
|
||||
flashFormErrors($errorBag, 'admin/settings/general', 'settings_update_error');
|
||||
Router::redirect('admin/settings/general');
|
||||
}
|
||||
|
||||
$redirectTarget = ((string) $request->body('action', 'save') === 'save_close')
|
||||
? 'admin/settings'
|
||||
: 'admin/settings/general';
|
||||
Flash::success('Settings updated', $redirectTarget, 'settings_updated');
|
||||
Router::redirect($redirectTarget);
|
||||
}
|
||||
|
||||
Buffer::set('title', t('General settings'));
|
||||
|
||||
$breadcrumbs = [
|
||||
['label' => t('Home'), 'path' => 'admin'],
|
||||
['label' => t('Settings'), 'path' => 'admin/settings'],
|
||||
['label' => t('General')],
|
||||
];
|
||||
183
pages/admin/settings/general(default).phtml
Normal file
183
pages/admin/settings/general(default).phtml
Normal file
@@ -0,0 +1,183 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @var array $tenants
|
||||
* @var array $roles
|
||||
* @var array $departments
|
||||
* @var array $values
|
||||
* @var array $settings
|
||||
* @var bool $canUpdateSettings
|
||||
*/
|
||||
|
||||
use MintyPHP\Session;
|
||||
|
||||
$values = $values ?? [];
|
||||
$settings = $settings ?? [];
|
||||
$defaultTenantId = (int) ($values['default_tenant_id'] ?? 0);
|
||||
$defaultRoleId = (int) ($values['default_role_id'] ?? 0);
|
||||
$defaultDepartmentId = (int) ($values['default_department_id'] ?? 0);
|
||||
$appTitle = (string) ($values['app_title'] ?? '');
|
||||
$appLocale = (string) ($values['app_locale'] ?? '');
|
||||
$defaultTenantDesc = $settings['default_tenant']['description'] ?? 'setting.default_tenant';
|
||||
$defaultRoleDesc = $settings['default_role']['description'] ?? 'setting.default_role';
|
||||
$defaultDepartmentDesc = $settings['default_department']['description'] ?? 'setting.default_department';
|
||||
$appTitleDesc = $settings['app_title']['description'] ?? 'setting.app_title';
|
||||
$appLocaleDesc = $settings['app_locale']['description'] ?? 'setting.app_locale';
|
||||
$locales = defined('APP_LOCALES') ? APP_LOCALES : [];
|
||||
$canUpdateSettings = (bool) ($canUpdateSettings ?? false);
|
||||
$isReadOnly = !$canUpdateSettings;
|
||||
$readonlyAttr = $isReadOnly ? 'readonly' : '';
|
||||
$disabledAttr = $isReadOnly ? 'disabled' : '';
|
||||
?>
|
||||
|
||||
<div class="app-details-container">
|
||||
<section>
|
||||
<?php
|
||||
$titlebar = [
|
||||
'title' => t('General settings'),
|
||||
'backHref' => 'admin/settings',
|
||||
'backTitle' => t('Cancel'),
|
||||
'actions' => $canUpdateSettings ? [
|
||||
[
|
||||
'form' => 'settings-general-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save',
|
||||
'class' => 'secondary outline',
|
||||
'label' => t('Save'),
|
||||
],
|
||||
[
|
||||
'form' => 'settings-general-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save_close',
|
||||
'class' => 'primary',
|
||||
'label' => t('Save & close'),
|
||||
],
|
||||
] : [],
|
||||
];
|
||||
require templatePath('partials/app-details-titlebar.phtml');
|
||||
?>
|
||||
|
||||
<form id="settings-general-form" method="post" data-details-storage="settings-general-details-v1" data-standard-detail-form="1">
|
||||
<details class="app-details-card" name="settings-general-app-identity" data-details-key="settings-general-app-identity" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('App identity')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($appTitle !== '' ? t('Configured') : t('Default')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('This setting controls the application name shown across the UI.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('App title')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<input type="text" name="app_title" value="<?php e($appTitle); ?>" placeholder="<?php e(appTitle()); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($appTitleDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Leave empty to use the runtime default title.')); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="internationalization" data-details-key="internationalization">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Internationalization')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($appLocale !== '' ? strtoupper($appLocale) : t('Default')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('This setting controls the default language for users without a personal preference.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Default language')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<select name="app_locale" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<?php foreach ($locales as $locale): ?>
|
||||
<?php
|
||||
$label = strtoupper($locale);
|
||||
if ($locale === 'de') {
|
||||
$label = t('German');
|
||||
} elseif ($locale === 'en') {
|
||||
$label = t('English');
|
||||
}
|
||||
?>
|
||||
<option value="<?php e($locale); ?>" <?php e($appLocale === $locale ? 'selected' : ''); ?>>
|
||||
<?php e($label); ?>
|
||||
</option>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<small><?php e(t($appLocaleDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<?php $configuredDefaultsCount = (int) ($defaultTenantId > 0) + (int) ($defaultDepartmentId > 0) + (int) ($defaultRoleId > 0); ?>
|
||||
<details class="app-details-card" name="user-creation" data-details-key="user-creation">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('User creation rules')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d defaults configured'), $configuredDefaultsCount)); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('These defaults prefill tenant, department and role when new users are created.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Default tenant')); ?></span>
|
||||
<select name="default_tenant_id" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<?php foreach ($tenants ?? [] as $tenant): ?>
|
||||
<?php $tenantId = (int) ($tenant['id'] ?? 0); ?>
|
||||
<?php if ($tenantId > 0): ?>
|
||||
<option value="<?php e((string) $tenantId); ?>" <?php e($tenantId === $defaultTenantId ? 'selected' : ''); ?>>
|
||||
<?php e($tenant['description'] ?? ''); ?>
|
||||
</option>
|
||||
<?php endif; ?>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<small><?php e(t($defaultTenantDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Default department')); ?></span>
|
||||
<select name="default_department_id" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<?php foreach ($departments ?? [] as $department): ?>
|
||||
<?php $departmentId = (int) ($department['id'] ?? 0); ?>
|
||||
<?php if ($departmentId > 0): ?>
|
||||
<option value="<?php e((string) $departmentId); ?>" <?php e($departmentId === $defaultDepartmentId ? 'selected' : ''); ?>>
|
||||
<?php e($department['description'] ?? ''); ?>
|
||||
</option>
|
||||
<?php endif; ?>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<small><?php e(t($defaultDepartmentDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Default role')); ?></span>
|
||||
<select name="default_role_id" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<?php foreach ($roles ?? [] as $role): ?>
|
||||
<?php $roleId = (int) ($role['id'] ?? 0); ?>
|
||||
<?php if ($roleId > 0): ?>
|
||||
<option value="<?php e((string) $roleId); ?>" <?php e($roleId === $defaultRoleId ? 'selected' : ''); ?>>
|
||||
<?php e($role['description'] ?? ''); ?>
|
||||
</option>
|
||||
<?php endif; ?>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<small><?php e(t($defaultRoleDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
</section>
|
||||
<aside id="app-details-aside-section">
|
||||
<div class="app-details-aside-section"></div>
|
||||
</aside>
|
||||
</div>
|
||||
@@ -2,15 +2,11 @@
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\AdminSettingsService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
$request = requestInput();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
@@ -20,62 +16,6 @@ $viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::AB
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
$adminSettingsService = app(AdminSettingsService::class);
|
||||
$pageData = $adminSettingsService->buildPageData();
|
||||
$tenants = is_array($pageData['tenants'] ?? null) ? $pageData['tenants'] : [];
|
||||
$roles = is_array($pageData['roles'] ?? null) ? $pageData['roles'] : [];
|
||||
$departments = is_array($pageData['departments'] ?? null) ? $pageData['departments'] : [];
|
||||
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
|
||||
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
|
||||
$activeLoginTokens = (int) ($pageData['active_login_tokens'] ?? 0);
|
||||
$activeApiTokens = (int) ($pageData['active_api_tokens'] ?? 0);
|
||||
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings', 'admin/settings', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$post = $request->bodyAll();
|
||||
if (!array_key_exists('settings_submit', $post)) {
|
||||
Router::redirect('admin/settings');
|
||||
}
|
||||
|
||||
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$updateDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
$updateResult = $adminSettingsService->updateFromAdmin($post);
|
||||
$errorBag = formErrors();
|
||||
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
|
||||
if (is_array($error)) {
|
||||
$message = trim((string) ($error['message'] ?? ''));
|
||||
$field = trim((string) ($error['field'] ?? 'input'));
|
||||
if ($message !== '') {
|
||||
$errorBag->add($field !== '' ? $field : 'input', $message);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
$message = trim((string) $error);
|
||||
if ($message !== '') {
|
||||
$errorBag->addGlobal($message);
|
||||
}
|
||||
}
|
||||
|
||||
if ($errorBag->hasAny()) {
|
||||
flashFormErrors($errorBag, 'admin/settings', 'settings_update_error');
|
||||
Router::redirect('admin/settings');
|
||||
}
|
||||
|
||||
Flash::success('Settings updated', 'admin/settings', 'settings_updated');
|
||||
Router::redirect('admin/settings');
|
||||
}
|
||||
|
||||
Buffer::set('title', t('Settings'));
|
||||
|
||||
|
||||
@@ -1,755 +1,68 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @var array $tenants
|
||||
* @var array $roles
|
||||
* @var array $departments
|
||||
* @var array $values
|
||||
* @var array $settings
|
||||
* @var bool $canUpdateSettings
|
||||
* Landing hub for admin/settings.
|
||||
*
|
||||
* Each section is a standalone subpage reachable via its own URL
|
||||
* (admin/settings/<section>). This page renders a tile grid of entry points.
|
||||
*/
|
||||
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Service\Branding\BrandingServicesFactory;
|
||||
|
||||
$values = $values ?? [];
|
||||
$settings = $settings ?? [];
|
||||
$defaultTenantId = (int) ($values['default_tenant_id'] ?? 0);
|
||||
$defaultRoleId = (int) ($values['default_role_id'] ?? 0);
|
||||
$defaultDepartmentId = (int) ($values['default_department_id'] ?? 0);
|
||||
$appTitle = (string) ($values['app_title'] ?? '');
|
||||
$appLocale = (string) ($values['app_locale'] ?? '');
|
||||
$appRegistration = !empty($values['app_registration']);
|
||||
$apiTokenDefaultTtlDays = (int) ($values['api_token_default_ttl_days'] ?? 90);
|
||||
$apiTokenMaxTtlDays = (int) ($values['api_token_max_ttl_days'] ?? 365);
|
||||
$userInactivityDeactivateDays = (int) ($values['user_inactivity_deactivate_days'] ?? 180);
|
||||
$userInactivityDeleteDays = (int) ($values['user_inactivity_delete_days'] ?? 365);
|
||||
$sessionIdleTimeoutMinutes = (int) ($values['session_idle_timeout_minutes'] ?? 30);
|
||||
$sessionAbsoluteTimeoutHours = (int) ($values['session_absolute_timeout_hours'] ?? 8);
|
||||
$microsoftAutoRememberDefault = !empty($values['microsoft_auto_remember_default']);
|
||||
$rememberTokenLifetimeDays = (int) ($values['remember_token_lifetime_days'] ?? 30);
|
||||
$apiCorsAllowedOrigins = (string) ($values['api_cors_allowed_origins'] ?? '');
|
||||
$systemAuditEnabled = !empty($values['system_audit_enabled']);
|
||||
$systemAuditRetentionDays = (int) ($values['system_audit_retention_days'] ?? 365);
|
||||
$frontendTelemetryEnabled = !empty($values['frontend_telemetry_enabled']);
|
||||
$frontendTelemetrySampleRate = (string) ($values['frontend_telemetry_sample_rate'] ?? '0.2');
|
||||
$frontendTelemetrySampleRateOptions = ['0.1', '0.2', '0.5', '1'];
|
||||
if (!in_array($frontendTelemetrySampleRate, $frontendTelemetrySampleRateOptions, true)) {
|
||||
$frontendTelemetrySampleRate = '0.2';
|
||||
}
|
||||
$frontendTelemetryAllowedEvents = $values['frontend_telemetry_allowed_events'] ?? ['warn_once', 'ajax_error'];
|
||||
if (!is_array($frontendTelemetryAllowedEvents)) {
|
||||
$frontendTelemetryAllowedEvents = preg_split('/[\s,]+/', (string) $frontendTelemetryAllowedEvents) ?: [];
|
||||
}
|
||||
$frontendTelemetryAllowedEvents = array_values(array_unique(array_filter(array_map(
|
||||
static fn($entry): string => strtolower(trim((string) $entry)),
|
||||
$frontendTelemetryAllowedEvents
|
||||
))));
|
||||
if ($frontendTelemetryAllowedEvents === []) {
|
||||
$frontendTelemetryAllowedEvents = ['warn_once', 'ajax_error'];
|
||||
}
|
||||
$microsoftSharedClientId = (string) ($values['microsoft_shared_client_id'] ?? '');
|
||||
$microsoftAuthority = (string) ($values['microsoft_authority'] ?? '');
|
||||
$smtpHost = (string) ($values['smtp_host'] ?? '');
|
||||
$smtpPort = (string) ($values['smtp_port'] ?? '');
|
||||
$smtpUser = (string) ($values['smtp_user'] ?? '');
|
||||
$smtpSecure = (string) ($values['smtp_secure'] ?? '');
|
||||
$smtpFrom = (string) ($values['smtp_from'] ?? '');
|
||||
$smtpFromName = (string) ($values['smtp_from_name'] ?? '');
|
||||
$activeLoginTokens = (int) ($activeLoginTokens ?? 0);
|
||||
$activeApiTokens = (int) ($activeApiTokens ?? 0);
|
||||
$defaultTenantDesc = $settings['default_tenant']['description'] ?? 'setting.default_tenant';
|
||||
$defaultRoleDesc = $settings['default_role']['description'] ?? 'setting.default_role';
|
||||
$defaultDepartmentDesc = $settings['default_department']['description'] ?? 'setting.default_department';
|
||||
$appTitleDesc = $settings['app_title']['description'] ?? 'setting.app_title';
|
||||
$appLocaleDesc = $settings['app_locale']['description'] ?? 'setting.app_locale';
|
||||
$appRegistrationDesc = $settings['app_registration']['description'] ?? 'setting.app_registration';
|
||||
$apiTokenDefaultTtlDaysDesc = $settings['api_token_default_ttl_days']['description'] ?? 'setting.api_token_default_ttl_days';
|
||||
$apiTokenMaxTtlDaysDesc = $settings['api_token_max_ttl_days']['description'] ?? 'setting.api_token_max_ttl_days';
|
||||
$userInactivityDeactivateDaysDesc = $settings['user_inactivity_deactivate_days']['description'] ?? 'setting.user_inactivity_deactivate_days';
|
||||
$userInactivityDeleteDaysDesc = $settings['user_inactivity_delete_days']['description'] ?? 'setting.user_inactivity_delete_days';
|
||||
$sessionIdleTimeoutMinutesDesc = $settings['session_idle_timeout_minutes']['description'] ?? 'setting.session_idle_timeout_minutes';
|
||||
$sessionAbsoluteTimeoutHoursDesc = $settings['session_absolute_timeout_hours']['description'] ?? 'setting.session_absolute_timeout_hours';
|
||||
$microsoftAutoRememberDefaultDesc = $settings['microsoft_auto_remember_default']['description'] ?? 'setting.microsoft_auto_remember_default';
|
||||
$rememberTokenLifetimeDaysDesc = $settings['remember_token_lifetime_days']['description'] ?? 'setting.remember_token_lifetime_days';
|
||||
$apiCorsAllowedOriginsDesc = $settings['api_cors_allowed_origins']['description'] ?? 'setting.api_cors_allowed_origins';
|
||||
$systemAuditEnabledDesc = $settings['system_audit_enabled']['description'] ?? 'setting.system_audit_enabled';
|
||||
$systemAuditRetentionDaysDesc = $settings['system_audit_retention_days']['description'] ?? 'setting.system_audit_retention_days';
|
||||
$microsoftSharedClientIdDesc = $settings['microsoft_shared_client_id']['description'] ?? 'setting.microsoft_shared_client_id';
|
||||
$microsoftSharedClientSecretDesc = $settings['microsoft_shared_client_secret_enc']['description'] ?? 'setting.microsoft_shared_client_secret_enc';
|
||||
$microsoftAuthorityDesc = $settings['microsoft_authority']['description'] ?? 'setting.microsoft_authority';
|
||||
$smtpHostDesc = $settings['smtp_host']['description'] ?? 'setting.smtp_host';
|
||||
$smtpPortDesc = $settings['smtp_port']['description'] ?? 'setting.smtp_port';
|
||||
$smtpUserDesc = $settings['smtp_user']['description'] ?? 'setting.smtp_user';
|
||||
$smtpPasswordDesc = $settings['smtp_password']['description'] ?? 'setting.smtp_password';
|
||||
$smtpSecureDesc = $settings['smtp_secure']['description'] ?? 'setting.smtp_secure';
|
||||
$smtpFromDesc = $settings['smtp_from']['description'] ?? 'setting.smtp_from';
|
||||
$smtpFromNameDesc = $settings['smtp_from_name']['description'] ?? 'setting.smtp_from_name';
|
||||
$locales = defined('APP_LOCALES') ? APP_LOCALES : [];
|
||||
$hasLogo = app(\MintyPHP\Service\Branding\BrandingLogoService::class)->hasLogo();
|
||||
$hasFavicon = app(\MintyPHP\Service\Branding\BrandingFaviconService::class)->hasFavicon();
|
||||
$canUpdateSettings = (bool) ($canUpdateSettings ?? false);
|
||||
$isReadOnly = !$canUpdateSettings;
|
||||
$readonlyAttr = $isReadOnly ? 'readonly' : '';
|
||||
$disabledAttr = $isReadOnly ? 'disabled' : '';
|
||||
?>
|
||||
|
||||
<div class="app-details-container">
|
||||
<section>
|
||||
<?php
|
||||
$titlebar = [
|
||||
'title' => t('Settings'),
|
||||
'actions' => $canUpdateSettings ? [
|
||||
[
|
||||
'type' => 'submit',
|
||||
'form' => 'settings-form',
|
||||
'class' => 'primary',
|
||||
'label' => t('Save'),
|
||||
'detailSavePrimary' => true,
|
||||
'detailActionKind' => 'save',
|
||||
],
|
||||
] : [],
|
||||
];
|
||||
require templatePath('partials/app-details-titlebar.phtml');
|
||||
?>
|
||||
|
||||
<form id="settings-form" method="post" data-details-storage="settings-main-details-v1" data-standard-detail-form="1">
|
||||
<input type="hidden" name="settings_submit" value="1">
|
||||
|
||||
<div class="app-tabs" data-tabs data-app-component="tabs" data-tabs-param="tab" data-tabs-storage-key="admin-settings-tabs-v1">
|
||||
<div class="app-tabs-nav">
|
||||
<button type="button" data-tab="master-data" data-tab-default><?php e(t('Master data')); ?></button>
|
||||
<button type="button" data-tab="security"><?php e(t('Security')); ?></button>
|
||||
<button type="button" data-tab="email"><?php e(t('Email')); ?></button>
|
||||
<button type="button" data-tab="api"><?php e(t('API')); ?></button>
|
||||
<button type="button" data-tab="integrations"><?php e(t('Microsoft SSO')); ?></button>
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<button type="button" data-tab="danger"><?php e(t('Danger zone')); ?></button>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<div data-tab-panel="master-data">
|
||||
<details class="app-details-card" name="settings-master-app-identity" data-details-key="settings-master-app-identity" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('App identity')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($appTitle !== '' ? t('Configured') : t('Default')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('This setting controls the application name shown across the UI.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('App title')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<input type="text" name="app_title" value="<?php e($appTitle); ?>" placeholder="<?php e(appTitle()); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($appTitleDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Leave empty to use the runtime default title.')); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="internationalization" data-details-key="internationalization">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Internationalization')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($appLocale !== '' ? strtoupper($appLocale) : t('Default')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('This setting controls the default language for users without a personal preference.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Default language')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<select name="app_locale" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<?php foreach ($locales as $locale): ?>
|
||||
<?php
|
||||
$label = strtoupper($locale);
|
||||
if ($locale === 'de') {
|
||||
$label = t('German');
|
||||
} elseif ($locale === 'en') {
|
||||
$label = t('English');
|
||||
}
|
||||
?>
|
||||
<option value="<?php e($locale); ?>" <?php e($appLocale === $locale ? 'selected' : ''); ?>>
|
||||
<?php e($label); ?>
|
||||
</option>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<small><?php e(t($appLocaleDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<?php $configuredDefaultsCount = (int) ($defaultTenantId > 0) + (int) ($defaultDepartmentId > 0) + (int) ($defaultRoleId > 0); ?>
|
||||
<details class="app-details-card" name="user-creation" data-details-key="user-creation">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('User creation rules')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d defaults configured'), $configuredDefaultsCount)); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('These defaults prefill tenant, department and role when new users are created.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Default tenant')); ?></span>
|
||||
<select name="default_tenant_id" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<?php foreach ($tenants ?? [] as $tenant): ?>
|
||||
<?php $tenantId = (int) ($tenant['id'] ?? 0); ?>
|
||||
<?php if ($tenantId > 0): ?>
|
||||
<option value="<?php e((string) $tenantId); ?>" <?php e($tenantId === $defaultTenantId ? 'selected' : ''); ?>>
|
||||
<?php e($tenant['description'] ?? ''); ?>
|
||||
</option>
|
||||
<?php endif; ?>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<small><?php e(t($defaultTenantDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Default department')); ?></span>
|
||||
<select name="default_department_id" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<?php foreach ($departments ?? [] as $department): ?>
|
||||
<?php $departmentId = (int) ($department['id'] ?? 0); ?>
|
||||
<?php if ($departmentId > 0): ?>
|
||||
<option value="<?php e((string) $departmentId); ?>" <?php e($departmentId === $defaultDepartmentId ? 'selected' : ''); ?>>
|
||||
<?php e($department['description'] ?? ''); ?>
|
||||
</option>
|
||||
<?php endif; ?>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<small><?php e(t($defaultDepartmentDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Default role')); ?></span>
|
||||
<select name="default_role_id" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<?php foreach ($roles ?? [] as $role): ?>
|
||||
<?php $roleId = (int) ($role['id'] ?? 0); ?>
|
||||
<?php if ($roleId > 0): ?>
|
||||
<option value="<?php e((string) $roleId); ?>" <?php e($roleId === $defaultRoleId ? 'selected' : ''); ?>>
|
||||
<?php e($role['description'] ?? ''); ?>
|
||||
</option>
|
||||
<?php endif; ?>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<small><?php e(t($defaultRoleDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
|
||||
<div data-tab-panel="security">
|
||||
<details class="app-details-card" name="settings-security-registration" data-details-key="settings-security-registration">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Allow registration')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($appRegistration ? t('Enabled') : t('Disabled')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Registration controls whether new users can create an account.')); ?></small>
|
||||
</blockquote>
|
||||
<fieldset>
|
||||
<legend>
|
||||
<small>
|
||||
<?php e(t($appRegistrationDesc)); ?>
|
||||
</small>
|
||||
</legend>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="app_registration" value="1" <?php e($appRegistration ? 'checked' : ''); ?>
|
||||
<?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('Allow registration')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
</label>
|
||||
</fieldset>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-security-session" data-details-key="settings-security-session" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Session policy')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $sessionIdleTimeoutMinutes); ?></span>
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $sessionAbsoluteTimeoutHours); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
|
||||
<blockquote data-variant="info">
|
||||
<small>
|
||||
<?php e(t('Session limits define how long logged-in users stay signed in.')); ?>
|
||||
</small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Session idle timeout (minutes)')); ?></span>
|
||||
<input type="number" name="session_idle_timeout_minutes"
|
||||
value="<?php e((string) $sessionIdleTimeoutMinutes); ?>" min="5" max="1440" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($sessionIdleTimeoutMinutesDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Allowed range: 5-1440 minutes (default: 30)')); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Session absolute timeout (hours)')); ?></span>
|
||||
<input type="number" name="session_absolute_timeout_hours"
|
||||
value="<?php e((string) $sessionAbsoluteTimeoutHours); ?>" min="1" max="72" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($sessionAbsoluteTimeoutHoursDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Allowed range: 1-72 hours (default: 8)')); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-security-login-persistence" data-details-key="settings-security-login-persistence">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Login persistence')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $rememberTokenLifetimeDays); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Controls remember-me token lifetime and Microsoft auto-remember behavior.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Remember token lifetime (days)')); ?></span>
|
||||
<input type="number" name="remember_token_lifetime_days"
|
||||
value="<?php e((string) $rememberTokenLifetimeDays); ?>" min="1" max="365" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($rememberTokenLifetimeDaysDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Allowed range: 1-365 days (default: 30)')); ?></small>
|
||||
</label>
|
||||
<fieldset>
|
||||
<legend>
|
||||
<small><?php e(t($microsoftAutoRememberDefaultDesc)); ?></small>
|
||||
</legend>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="microsoft_auto_remember_default" value="1"
|
||||
<?php e($microsoftAutoRememberDefault ? 'checked' : ''); ?>
|
||||
<?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('Microsoft Auto-Remember default')); ?></span>
|
||||
</label>
|
||||
<small class="muted"><?php e(t('When enabled, successful Microsoft logins automatically persist a remember-me token (unless overridden per tenant).')); ?></small>
|
||||
</fieldset>
|
||||
</div>
|
||||
</div>
|
||||
</details>
|
||||
<details class="app-details-card" name="settings-security-user-lifecycle" data-details-key="settings-security-user-lifecycle">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('User lifecycle policy')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $userInactivityDeactivateDays); ?></span>
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $userInactivityDeleteDays); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('User lifecycle defines when inactive users are deactivated or deleted.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Deactivate users after inactivity (days)')); ?></span>
|
||||
<input type="number" name="user_inactivity_deactivate_days"
|
||||
value="<?php e((string) $userInactivityDeactivateDays); ?>" min="0" max="3650" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($userInactivityDeactivateDaysDesc)); ?> - <?php e(t('0 disables this rule')); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Delete inactive users after (days)')); ?></span>
|
||||
<input type="number" name="user_inactivity_delete_days"
|
||||
value="<?php e((string) $userInactivityDeleteDays); ?>" min="0" max="3650" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($userInactivityDeleteDaysDesc)); ?> - <?php e(t('0 disables this rule')); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<button type="submit" class="danger" formnovalidate
|
||||
formaction="admin/settings/run-user-lifecycle"
|
||||
formmethod="post"
|
||||
data-detail-confirm-message="<?php e(t('Run user lifecycle now?')); ?>"
|
||||
data-detail-action-kind="danger">
|
||||
<?php e(t('Run user lifecycle now')); ?>
|
||||
</button>
|
||||
<?php endif; ?>
|
||||
|
||||
</div>
|
||||
</details>
|
||||
<details class="app-details-card" name="settings-security-system-audit" data-details-key="settings-security-system-audit">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('System audit')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($systemAuditEnabled ? t('Enabled') : t('Disabled')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('System audit controls whether security events are logged and how long they are kept.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="system_audit_enabled" value="1" <?php e($systemAuditEnabled ? 'checked' : ''); ?> <?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('Enable system audit log')); ?></span>
|
||||
</label>
|
||||
<hr>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Retention (days)')); ?></span>
|
||||
<input
|
||||
type="number"
|
||||
name="system_audit_retention_days"
|
||||
value="<?php e((string) $systemAuditRetentionDays); ?>"
|
||||
min="30"
|
||||
max="1095"
|
||||
step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($systemAuditRetentionDaysDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-telemetry-core" data-details-key="settings-telemetry-core" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Frontend telemetry')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($frontendTelemetryEnabled ? t('Enabled') : t('Disabled')); ?></span>
|
||||
<span class="badge" data-variant="neutral"><?php e($frontendTelemetrySampleRate); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Telemetry helps detect recurring UI issues and failed requests in production.')); ?></small>
|
||||
</blockquote>
|
||||
<fieldset>
|
||||
<legend><small><?php e(t('Frontend telemetry')); ?></small></legend>
|
||||
<label class="app-field">
|
||||
<input
|
||||
type="checkbox"
|
||||
role="switch"
|
||||
name="frontend_telemetry_enabled"
|
||||
value="1"
|
||||
data-telemetry-enabled-toggle
|
||||
<?php e($frontendTelemetryEnabled ? 'checked' : ''); ?>
|
||||
<?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('Enable frontend telemetry')); ?></span>
|
||||
</label>
|
||||
</fieldset>
|
||||
<fieldset data-telemetry-sampling-fieldset <?php e($frontendTelemetryEnabled ? '' : 'hidden'); ?>>
|
||||
<legend><small><?php e(t('Sampling rate')); ?></small></legend>
|
||||
<label class="app-field" data-telemetry-sampling-row>
|
||||
<span><?php e(t('Sampling rate')); ?></span>
|
||||
<select name="frontend_telemetry_sample_rate" data-telemetry-sampling-select <?php e($disabledAttr); ?>>
|
||||
<option value="0.1" <?php e($frontendTelemetrySampleRate === '0.1' ? 'selected' : ''); ?>>10%</option>
|
||||
<option value="0.2" <?php e($frontendTelemetrySampleRate === '0.2' ? 'selected' : ''); ?>>20%</option>
|
||||
<option value="0.5" <?php e($frontendTelemetrySampleRate === '0.5' ? 'selected' : ''); ?>>50%</option>
|
||||
<option value="1" <?php e($frontendTelemetrySampleRate === '1' ? 'selected' : ''); ?>>100%</option>
|
||||
</select>
|
||||
<small><?php e(t('The percentage of users who will have telemetry enabled.')); ?></small>
|
||||
</label>
|
||||
</fieldset>
|
||||
</div>
|
||||
</details>
|
||||
<details class="app-details-card" name="telemetry-advanced" data-details-key="telemetry-advanced">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Advanced telemetry options')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d events enabled'), count($frontendTelemetryAllowedEvents))); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Limit which event types are collected to match your privacy and operations requirements.')); ?></small>
|
||||
</blockquote>
|
||||
<fieldset>
|
||||
<legend><small><?php e(t('Allowed telemetry events')); ?></small></legend>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="frontend_telemetry_allowed_events[]" value="warn_once" <?php e(in_array('warn_once', $frontendTelemetryAllowedEvents, true) ? 'checked' : ''); ?> <?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('warnOnce warnings')); ?></span>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="frontend_telemetry_allowed_events[]" value="ajax_error" <?php e(in_array('ajax_error', $frontendTelemetryAllowedEvents, true) ? 'checked' : ''); ?> <?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('AJAX errors')); ?></span>
|
||||
</label>
|
||||
</fieldset>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
|
||||
<div data-tab-panel="email">
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP host')); ?></span>
|
||||
<input type="text" name="smtp_host" value="<?php e($smtpHost); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpHostDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP port')); ?></span>
|
||||
<input type="number" name="smtp_port" value="<?php e($smtpPort); ?>" min="1" max="65535" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpPortDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP user')); ?></span>
|
||||
<input type="text" name="smtp_user" value="<?php e($smtpUser); ?>" autocomplete="username" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpUserDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP password')); ?></span>
|
||||
<input type="password" name="smtp_password" value="" autocomplete="new-password" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpPasswordDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP security')); ?></span>
|
||||
<select name="smtp_secure" <?php e($disabledAttr); ?>>
|
||||
<option value=""><?php e(t('None')); ?></option>
|
||||
<option value="tls" <?php e($smtpSecure === 'tls' ? 'selected' : ''); ?>>TLS</option>
|
||||
<option value="ssl" <?php e($smtpSecure === 'ssl' ? 'selected' : ''); ?>>SSL</option>
|
||||
</select>
|
||||
<small><?php e(t($smtpSecureDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP from address')); ?></span>
|
||||
<input type="email" name="smtp_from" value="<?php e($smtpFrom); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpFromDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('SMTP from name')); ?></span>
|
||||
<input type="text" name="smtp_from_name" value="<?php e($smtpFromName); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($smtpFromNameDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<div data-tab-panel="api">
|
||||
<details class="app-details-card" name="settings-api-token-policy" data-details-key="settings-api-token-policy" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Token lifetime policy')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral">
|
||||
<?php e((string) $apiTokenDefaultTtlDays); ?> / <?php e((string) $apiTokenMaxTtlDays); ?> <?php e(t('days')); ?>
|
||||
</span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('These limits define default and maximum lifetimes for newly issued API tokens.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('API token default lifetime (days)')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<input type="number" name="api_token_default_ttl_days" value="<?php e((string) $apiTokenDefaultTtlDays); ?>"
|
||||
min="1" max="3650" step="1" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($apiTokenDefaultTtlDaysDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('API token maximum lifetime (days)')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<input type="number" name="api_token_max_ttl_days" value="<?php e((string) $apiTokenMaxTtlDays); ?>"
|
||||
min="1" max="3650" step="1" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($apiTokenMaxTtlDaysDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<?php $apiCorsOriginsCount = count(array_values(array_filter(array_map('trim', preg_split('/\R+/', $apiCorsAllowedOrigins) ?: [])))); ?>
|
||||
<details class="app-details-card" name="settings-api-cors" data-details-key="settings-api-cors">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('CORS allowlist')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d origins configured'), $apiCorsOriginsCount)); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Define which origins may call your API from browsers. Use one origin per line.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Allowed CORS origins')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
<textarea name="api_cors_allowed_origins" rows="4" placeholder="https://app.example.com https://admin.example.com" <?php e($readonlyAttr); ?>><?php e($apiCorsAllowedOrigins); ?></textarea>
|
||||
<small><?php e(t($apiCorsAllowedOriginsDesc)); ?></small>
|
||||
</label>
|
||||
<small class="muted"><?php e(t('One origin per line, e.g. https://app.example.com')); ?></small>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<details class="app-details-card" name="settings-api-tokens" data-details-key="settings-api-tokens">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Token operations')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d active API tokens'), $activeApiTokens)); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="warning">
|
||||
<small><?php e(t('This action revokes all active API tokens immediately across all users.')); ?></small>
|
||||
</blockquote>
|
||||
<button type="submit" class="danger" formnovalidate
|
||||
formaction="admin/settings/revoke-api-tokens"
|
||||
formmethod="post"
|
||||
data-detail-confirm-message="<?php e(t('Revoke all API tokens?')); ?>"
|
||||
data-detail-action-kind="danger">
|
||||
<?php e(t('Revoke all API tokens')); ?>
|
||||
</button>
|
||||
</div>
|
||||
</details>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<div data-tab-panel="integrations">
|
||||
<details class="app-details-card" name="settings-integrations-microsoft-auth" data-details-key="settings-integrations-microsoft-auth" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Shared Microsoft credentials')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($microsoftSharedClientId !== '' ? t('Configured') : t('Not configured')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Shared Microsoft app credentials are used by tenants that enable "Use shared app credentials".')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Shared client ID')); ?></span>
|
||||
<input type="text" name="microsoft_shared_client_id" value="<?php e($microsoftSharedClientId); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($microsoftSharedClientIdDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Shared client secret')); ?></span>
|
||||
<input type="password" name="microsoft_shared_client_secret" value="" autocomplete="new-password" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($microsoftSharedClientSecretDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Leave empty to keep the currently stored client secret.')); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-integrations-microsoft-authority" data-details-key="settings-integrations-microsoft-authority">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Authority endpoint')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($microsoftAuthority !== '' ? t('Configured') : t('Not configured')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('The authority URL defines the Microsoft identity tenant endpoint used for sign-in.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Authority URL')); ?></span>
|
||||
<input type="url" name="microsoft_authority" value="<?php e($microsoftAuthority); ?>" placeholder="https://login.microsoftonline.com/common/v2.0" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($microsoftAuthorityDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<div data-tab-panel="danger">
|
||||
<details class="app-details-card" name="settings-danger-login-tokens" data-details-key="settings-danger-login-tokens" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Login tokens')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d active login tokens'), $activeLoginTokens)); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="warning">
|
||||
<small><?php e(t('This will expire all remember-me tokens immediately and force users to sign in again.')); ?></small>
|
||||
</blockquote>
|
||||
<button type="submit" class="danger" formnovalidate
|
||||
formaction="admin/settings/expire-remember-tokens"
|
||||
formmethod="post"
|
||||
data-detail-confirm-message="<?php e(t('Expire all login tokens?')); ?>"
|
||||
data-detail-action-kind="danger">
|
||||
<?php e(t('Expire all login tokens')); ?>
|
||||
</button>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
</section>
|
||||
<aside id="app-details-aside-section">
|
||||
<div class="app-details-aside-section">
|
||||
<div class="entity-avatar-block avatar-square avatar-ratio-16-9 avatar-borderless">
|
||||
<a data-fslightbox="app-logo" href="<?php e(appLogoUrl(256)); ?>">
|
||||
<img class="entity-avatar-image" src="<?php e(appLogoUrl(256)); ?>" alt="<?php e(t('App logo')); ?>">
|
||||
</a>
|
||||
</div>
|
||||
<hgroup>
|
||||
<h2><?php e(appTitle()); ?></h2>
|
||||
<p><?php e(t('Settings')); ?></p>
|
||||
</hgroup>
|
||||
<hr>
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<details name="app-logo">
|
||||
<summary>
|
||||
<?php e(t('Upload logo')); ?>
|
||||
</summary>
|
||||
<hr>
|
||||
<form class="user-avatar-form" method="post" action="admin/settings/logo" enctype="multipart/form-data">
|
||||
<?php
|
||||
$fileUpload = [
|
||||
'name' => 'logo',
|
||||
'accept' => 'image/svg+xml,image/png,image/jpeg,image/webp',
|
||||
'hint' => t('Allowed file types: SVG, PNG, JPG, WEBP'),
|
||||
'currentSrc' => $hasLogo ? appLogoUrl(128) : '',
|
||||
'deleteAction' => $hasLogo ? 'admin/settings/logo-delete' : '',
|
||||
];
|
||||
require templatePath('partials/app-file-upload.phtml');
|
||||
?>
|
||||
<button type="submit" class="primary">
|
||||
<?php e(t('Save')); ?>
|
||||
</button>
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
</details>
|
||||
<?php endif; ?>
|
||||
<hr>
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<details name="app-favicon">
|
||||
<summary>
|
||||
<?php e(t('Upload favicon')); ?>
|
||||
</summary>
|
||||
<hr>
|
||||
<small><?php e(t('Square images are recommended (icons are center-cropped).')); ?></small>
|
||||
<hr>
|
||||
<form class="user-avatar-form" method="post" action="admin/settings/favicon" enctype="multipart/form-data">
|
||||
<?php
|
||||
$fileUpload = [
|
||||
'name' => 'favicon',
|
||||
'accept' => 'image/png',
|
||||
'hint' => t('Allowed file types: PNG'),
|
||||
'currentSrc' => $hasFavicon ? asset('favicon/favicon-32x32.png') : '',
|
||||
'currentLabel' => t('Favicon'),
|
||||
'deleteAction' => $hasFavicon ? 'admin/settings/favicon-delete' : '',
|
||||
];
|
||||
require templatePath('partials/app-file-upload.phtml');
|
||||
?>
|
||||
<button type="submit" class="primary">
|
||||
<?php e(t('Save')); ?>
|
||||
</button>
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
</details>
|
||||
<?php endif; ?>
|
||||
<hr>
|
||||
<blockquote data-variant="info">
|
||||
<?php e(t('Global settings are stored in the database. storage/runtime/settings.php is only a runtime cache for selected app settings.')); ?>
|
||||
</blockquote>
|
||||
</div>
|
||||
</aside>
|
||||
<div class="app-dashboard-titlebar">
|
||||
<h1><?php e(t('Settings')); ?></h1>
|
||||
</div>
|
||||
<hr>
|
||||
<div class="app-dashboard">
|
||||
<div class="app-tiles">
|
||||
<?php
|
||||
appTile([
|
||||
'href' => 'admin/settings/general',
|
||||
'label' => t('General'),
|
||||
'icon' => 'bi bi-sliders',
|
||||
'iconBg' => '#e0ecff',
|
||||
'iconColor' => '#2563eb',
|
||||
'tooltip' => t('App title, language, user creation defaults'),
|
||||
]);
|
||||
appTile([
|
||||
'href' => 'admin/settings/security',
|
||||
'label' => t('Security'),
|
||||
'icon' => 'bi bi-shield-lock',
|
||||
'iconBg' => '#ede9fe',
|
||||
'iconColor' => '#7c3aed',
|
||||
'tooltip' => t('Sessions, registration, lifecycle, audit, telemetry'),
|
||||
]);
|
||||
appTile([
|
||||
'href' => 'admin/settings/email',
|
||||
'label' => t('Email'),
|
||||
'icon' => 'bi bi-envelope',
|
||||
'iconBg' => '#fef3c7',
|
||||
'iconColor' => '#d97706',
|
||||
'tooltip' => t('SMTP connection and sender details'),
|
||||
]);
|
||||
appTile([
|
||||
'href' => 'admin/settings/api',
|
||||
'label' => t('API'),
|
||||
'icon' => 'bi bi-key',
|
||||
'iconBg' => '#d1fae5',
|
||||
'iconColor' => '#059669',
|
||||
'tooltip' => t('API token policy and CORS allowlist'),
|
||||
]);
|
||||
appTile([
|
||||
'href' => 'admin/settings/sso',
|
||||
'label' => t('Microsoft SSO'),
|
||||
'icon' => 'bi bi-microsoft',
|
||||
'iconBg' => '#dbeafe',
|
||||
'iconColor' => '#0891b2',
|
||||
'tooltip' => t('Shared Microsoft Entra ID credentials'),
|
||||
]);
|
||||
appTile([
|
||||
'href' => 'admin/settings/branding',
|
||||
'label' => t('Branding'),
|
||||
'icon' => 'bi bi-palette',
|
||||
'iconBg' => '#fce7f3',
|
||||
'iconColor' => '#be185d',
|
||||
'tooltip' => t('App logo and favicon'),
|
||||
]);
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -18,11 +18,11 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (!actionRequirePost('admin/settings')) {
|
||||
if (!actionRequirePost('admin/settings/branding')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf('admin/settings', 'admin/settings', 'logo_upload')) {
|
||||
if (!actionRequireCsrf('admin/settings/branding', 'admin/settings/branding', 'logo_upload')) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -32,10 +32,13 @@ $result = $logoService->saveUpload(requestInput()->filesAll()['logo'] ?? []);
|
||||
if (!($result['ok'] ?? false)) {
|
||||
$error = $result['error'] ?? t('Upload failed');
|
||||
$errorBag->addGlobal((string) $error);
|
||||
flashFormErrors($errorBag, 'admin/settings', 'logo_upload');
|
||||
Router::redirect('admin/settings');
|
||||
flashFormErrors($errorBag, 'admin/settings/branding', 'logo_upload');
|
||||
Router::redirect('admin/settings/branding');
|
||||
return;
|
||||
}
|
||||
|
||||
Flash::success('Logo updated', 'admin/settings', 'logo_updated');
|
||||
Router::redirect('admin/settings');
|
||||
$redirectTarget = ((string) requestInput()->body('action', 'save') === 'save_close')
|
||||
? 'admin/settings'
|
||||
: 'admin/settings/branding';
|
||||
Flash::success('Logo updated', $redirectTarget, 'logo_updated');
|
||||
Router::redirect($redirectTarget);
|
||||
|
||||
@@ -18,15 +18,15 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (!actionRequirePost('admin/settings')) {
|
||||
if (!actionRequirePost('admin/settings/branding')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf('admin/settings', 'admin/settings', 'settings_logo_delete')) {
|
||||
if (!actionRequireCsrf('admin/settings/branding', 'admin/settings/branding', 'settings_logo_delete')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$logoService = app(\MintyPHP\Service\Branding\BrandingLogoService::class);
|
||||
$logoService->delete();
|
||||
Flash::success('Logo removed', 'admin/settings', 'logo_removed');
|
||||
Router::redirect('admin/settings');
|
||||
Flash::success('Logo removed', 'admin/settings/branding', 'logo_removed');
|
||||
Router::redirect('admin/settings/branding');
|
||||
|
||||
@@ -18,15 +18,15 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (!actionRequirePost('admin/settings')) {
|
||||
if (!actionRequirePost('admin/settings/api')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf('admin/settings', 'admin/settings', 'settings_tokens_revoke')) {
|
||||
if (!actionRequireCsrf('admin/settings/api', 'admin/settings/api', 'settings_tokens_revoke')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$apiTokenService = app(\MintyPHP\Service\Auth\ApiTokenService::class);
|
||||
$count = $apiTokenService->revokeAllByAdmin();
|
||||
Flash::success(sprintf(t('%d API tokens revoked'), $count), 'admin/settings', 'api_tokens_revoked');
|
||||
Router::redirect('admin/settings');
|
||||
Flash::success(sprintf(t('%d API tokens revoked'), $count), 'admin/settings/api', 'api_tokens_revoked');
|
||||
Router::redirect('admin/settings/api');
|
||||
|
||||
@@ -18,11 +18,11 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if (!actionRequirePost('admin/settings')) {
|
||||
if (!actionRequirePost('admin/settings/security')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf('admin/settings', 'admin/settings', 'user_lifecycle_run')) {
|
||||
if (!actionRequireCsrf('admin/settings/security', 'admin/settings/security', 'user_lifecycle_run')) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -35,8 +35,8 @@ if (!($result['ok'] ?? false)) {
|
||||
} else {
|
||||
$errorBag->addGlobal('User lifecycle failed');
|
||||
}
|
||||
flashFormErrors($errorBag, 'admin/settings', 'user_lifecycle_run');
|
||||
Router::redirect('admin/settings');
|
||||
flashFormErrors($errorBag, 'admin/settings/security', 'user_lifecycle_run');
|
||||
Router::redirect('admin/settings/security');
|
||||
}
|
||||
|
||||
Flash::success(
|
||||
@@ -45,7 +45,7 @@ Flash::success(
|
||||
(int) ($result['deactivated_count'] ?? 0),
|
||||
(int) ($result['deleted_count'] ?? 0)
|
||||
),
|
||||
'admin/settings',
|
||||
'admin/settings/security',
|
||||
'user_lifecycle_completed'
|
||||
);
|
||||
Router::redirect('admin/settings');
|
||||
Router::redirect('admin/settings/security');
|
||||
|
||||
95
pages/admin/settings/security().php
Normal file
95
pages/admin/settings/security().php
Normal file
@@ -0,0 +1,95 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\AdminSettingsService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
$request = requestInput();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
$adminSettingsService = app(AdminSettingsService::class);
|
||||
$pageData = $adminSettingsService->buildPageData();
|
||||
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
|
||||
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
|
||||
$activeLoginTokens = (int) ($pageData['active_login_tokens'] ?? 0);
|
||||
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/security', 'admin/settings/security', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$updateDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
$sectionKeys = [
|
||||
'app_registration',
|
||||
'session_idle_timeout_minutes',
|
||||
'session_absolute_timeout_hours',
|
||||
'remember_token_lifetime_days',
|
||||
'microsoft_auto_remember_default',
|
||||
'user_inactivity_deactivate_days',
|
||||
'user_inactivity_delete_days',
|
||||
'system_audit_enabled',
|
||||
'system_audit_retention_days',
|
||||
'frontend_telemetry_enabled',
|
||||
'frontend_telemetry_sample_rate',
|
||||
'frontend_telemetry_allowed_events',
|
||||
];
|
||||
$mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys);
|
||||
|
||||
$updateResult = $adminSettingsService->updateFromAdmin($mergedPost);
|
||||
$errorBag = formErrors();
|
||||
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
|
||||
if (is_array($error)) {
|
||||
$message = trim((string) ($error['message'] ?? ''));
|
||||
$field = trim((string) ($error['field'] ?? 'input'));
|
||||
if ($message !== '') {
|
||||
$errorBag->add($field !== '' ? $field : 'input', $message);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
$message = trim((string) $error);
|
||||
if ($message !== '') {
|
||||
$errorBag->addGlobal($message);
|
||||
}
|
||||
}
|
||||
|
||||
if ($errorBag->hasAny()) {
|
||||
flashFormErrors($errorBag, 'admin/settings/security', 'settings_update_error');
|
||||
Router::redirect('admin/settings/security');
|
||||
}
|
||||
|
||||
$redirectTarget = ((string) $request->body('action', 'save') === 'save_close')
|
||||
? 'admin/settings'
|
||||
: 'admin/settings/security';
|
||||
Flash::success('Settings updated', $redirectTarget, 'settings_updated');
|
||||
Router::redirect($redirectTarget);
|
||||
}
|
||||
|
||||
Buffer::set('title', t('Security settings'));
|
||||
|
||||
$breadcrumbs = [
|
||||
['label' => t('Home'), 'path' => 'admin'],
|
||||
['label' => t('Settings'), 'path' => 'admin/settings'],
|
||||
['label' => t('Security')],
|
||||
];
|
||||
344
pages/admin/settings/security(default).phtml
Normal file
344
pages/admin/settings/security(default).phtml
Normal file
@@ -0,0 +1,344 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @var array $values
|
||||
* @var array $settings
|
||||
* @var int $activeLoginTokens
|
||||
* @var bool $canUpdateSettings
|
||||
*/
|
||||
|
||||
use MintyPHP\Session;
|
||||
|
||||
$values = $values ?? [];
|
||||
$settings = $settings ?? [];
|
||||
$appRegistration = !empty($values['app_registration']);
|
||||
$sessionIdleTimeoutMinutes = (int) ($values['session_idle_timeout_minutes'] ?? 30);
|
||||
$sessionAbsoluteTimeoutHours = (int) ($values['session_absolute_timeout_hours'] ?? 8);
|
||||
$rememberTokenLifetimeDays = (int) ($values['remember_token_lifetime_days'] ?? 30);
|
||||
$microsoftAutoRememberDefault = !empty($values['microsoft_auto_remember_default']);
|
||||
$userInactivityDeactivateDays = (int) ($values['user_inactivity_deactivate_days'] ?? 180);
|
||||
$userInactivityDeleteDays = (int) ($values['user_inactivity_delete_days'] ?? 365);
|
||||
$systemAuditEnabled = !empty($values['system_audit_enabled']);
|
||||
$systemAuditRetentionDays = (int) ($values['system_audit_retention_days'] ?? 365);
|
||||
$frontendTelemetryEnabled = !empty($values['frontend_telemetry_enabled']);
|
||||
$frontendTelemetrySampleRate = (string) ($values['frontend_telemetry_sample_rate'] ?? '0.2');
|
||||
$frontendTelemetrySampleRateOptions = ['0.1', '0.2', '0.5', '1'];
|
||||
if (!in_array($frontendTelemetrySampleRate, $frontendTelemetrySampleRateOptions, true)) {
|
||||
$frontendTelemetrySampleRate = '0.2';
|
||||
}
|
||||
$frontendTelemetryAllowedEvents = $values['frontend_telemetry_allowed_events'] ?? ['warn_once', 'ajax_error'];
|
||||
if (!is_array($frontendTelemetryAllowedEvents)) {
|
||||
$frontendTelemetryAllowedEvents = preg_split('/[\s,]+/', (string) $frontendTelemetryAllowedEvents) ?: [];
|
||||
}
|
||||
$frontendTelemetryAllowedEvents = array_values(array_unique(array_filter(array_map(
|
||||
static fn($entry): string => strtolower(trim((string) $entry)),
|
||||
$frontendTelemetryAllowedEvents
|
||||
))));
|
||||
if ($frontendTelemetryAllowedEvents === []) {
|
||||
$frontendTelemetryAllowedEvents = ['warn_once', 'ajax_error'];
|
||||
}
|
||||
$appRegistrationDesc = $settings['app_registration']['description'] ?? 'setting.app_registration';
|
||||
$sessionIdleTimeoutMinutesDesc = $settings['session_idle_timeout_minutes']['description'] ?? 'setting.session_idle_timeout_minutes';
|
||||
$sessionAbsoluteTimeoutHoursDesc = $settings['session_absolute_timeout_hours']['description'] ?? 'setting.session_absolute_timeout_hours';
|
||||
$rememberTokenLifetimeDaysDesc = $settings['remember_token_lifetime_days']['description'] ?? 'setting.remember_token_lifetime_days';
|
||||
$microsoftAutoRememberDefaultDesc = $settings['microsoft_auto_remember_default']['description'] ?? 'setting.microsoft_auto_remember_default';
|
||||
$userInactivityDeactivateDaysDesc = $settings['user_inactivity_deactivate_days']['description'] ?? 'setting.user_inactivity_deactivate_days';
|
||||
$userInactivityDeleteDaysDesc = $settings['user_inactivity_delete_days']['description'] ?? 'setting.user_inactivity_delete_days';
|
||||
$systemAuditRetentionDaysDesc = $settings['system_audit_retention_days']['description'] ?? 'setting.system_audit_retention_days';
|
||||
$activeLoginTokens = (int) ($activeLoginTokens ?? 0);
|
||||
$canUpdateSettings = (bool) ($canUpdateSettings ?? false);
|
||||
$isReadOnly = !$canUpdateSettings;
|
||||
$readonlyAttr = $isReadOnly ? 'readonly' : '';
|
||||
$disabledAttr = $isReadOnly ? 'disabled' : '';
|
||||
?>
|
||||
|
||||
<div class="app-details-container">
|
||||
<section>
|
||||
<?php
|
||||
$titlebar = [
|
||||
'title' => t('Security settings'),
|
||||
'backHref' => 'admin/settings',
|
||||
'backTitle' => t('Cancel'),
|
||||
'actions' => $canUpdateSettings ? [
|
||||
[
|
||||
'form' => 'settings-security-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save',
|
||||
'class' => 'secondary outline',
|
||||
'label' => t('Save'),
|
||||
],
|
||||
[
|
||||
'form' => 'settings-security-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save_close',
|
||||
'class' => 'primary',
|
||||
'label' => t('Save & close'),
|
||||
],
|
||||
] : [],
|
||||
];
|
||||
require templatePath('partials/app-details-titlebar.phtml');
|
||||
?>
|
||||
|
||||
<form id="settings-security-form" method="post" data-details-storage="settings-security-details-v1" data-standard-detail-form="1">
|
||||
<details class="app-details-card" name="settings-security-registration" data-details-key="settings-security-registration">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Allow registration')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($appRegistration ? t('Enabled') : t('Disabled')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Registration controls whether new users can create an account.')); ?></small>
|
||||
</blockquote>
|
||||
<fieldset>
|
||||
<legend>
|
||||
<small><?php e(t($appRegistrationDesc)); ?></small>
|
||||
</legend>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="app_registration" value="1" <?php e($appRegistration ? 'checked' : ''); ?>
|
||||
<?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('Allow registration')); ?> <span class="badge" data-variant="info"><?php e(t('Cached')); ?></span></span>
|
||||
</label>
|
||||
</fieldset>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-security-session" data-details-key="settings-security-session" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Session policy')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $sessionIdleTimeoutMinutes); ?></span>
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $sessionAbsoluteTimeoutHours); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Session limits define how long logged-in users stay signed in.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Session idle timeout (minutes)')); ?></span>
|
||||
<input type="number" name="session_idle_timeout_minutes"
|
||||
value="<?php e((string) $sessionIdleTimeoutMinutes); ?>" min="5" max="1440" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($sessionIdleTimeoutMinutesDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Allowed range: 5-1440 minutes (default: 30)')); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Session absolute timeout (hours)')); ?></span>
|
||||
<input type="number" name="session_absolute_timeout_hours"
|
||||
value="<?php e((string) $sessionAbsoluteTimeoutHours); ?>" min="1" max="72" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($sessionAbsoluteTimeoutHoursDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Allowed range: 1-72 hours (default: 8)')); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-security-login-persistence" data-details-key="settings-security-login-persistence">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Login persistence')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $rememberTokenLifetimeDays); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Controls remember-me token lifetime and Microsoft auto-remember behavior.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Remember token lifetime (days)')); ?></span>
|
||||
<input type="number" name="remember_token_lifetime_days"
|
||||
value="<?php e((string) $rememberTokenLifetimeDays); ?>" min="1" max="365" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($rememberTokenLifetimeDaysDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Allowed range: 1-365 days (default: 30)')); ?></small>
|
||||
</label>
|
||||
<fieldset>
|
||||
<legend>
|
||||
<small><?php e(t($microsoftAutoRememberDefaultDesc)); ?></small>
|
||||
</legend>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="microsoft_auto_remember_default" value="1"
|
||||
<?php e($microsoftAutoRememberDefault ? 'checked' : ''); ?>
|
||||
<?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('Microsoft Auto-Remember default')); ?></span>
|
||||
</label>
|
||||
<small class="muted"><?php e(t('When enabled, successful Microsoft logins automatically persist a remember-me token (unless overridden per tenant).')); ?></small>
|
||||
</fieldset>
|
||||
</div>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-security-user-lifecycle" data-details-key="settings-security-user-lifecycle">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('User lifecycle policy')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $userInactivityDeactivateDays); ?></span>
|
||||
<span class="badge" data-variant="neutral"><?php e((string) $userInactivityDeleteDays); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('User lifecycle defines when inactive users are deactivated or deleted.')); ?></small>
|
||||
</blockquote>
|
||||
<div class="grid">
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Deactivate users after inactivity (days)')); ?></span>
|
||||
<input type="number" name="user_inactivity_deactivate_days"
|
||||
value="<?php e((string) $userInactivityDeactivateDays); ?>" min="0" max="3650" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($userInactivityDeactivateDaysDesc)); ?> - <?php e(t('0 disables this rule')); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Delete inactive users after (days)')); ?></span>
|
||||
<input type="number" name="user_inactivity_delete_days"
|
||||
value="<?php e((string) $userInactivityDeleteDays); ?>" min="0" max="3650" step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($userInactivityDeleteDaysDesc)); ?> - <?php e(t('0 disables this rule')); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<button type="submit" class="danger" formnovalidate
|
||||
formaction="admin/settings/run-user-lifecycle"
|
||||
formmethod="post"
|
||||
data-detail-confirm-message="<?php e(t('Run user lifecycle now?')); ?>"
|
||||
data-detail-action-kind="danger">
|
||||
<?php e(t('Run user lifecycle now')); ?>
|
||||
</button>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-security-system-audit" data-details-key="settings-security-system-audit">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('System audit')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($systemAuditEnabled ? t('Enabled') : t('Disabled')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('System audit controls whether security events are logged and how long they are kept.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="system_audit_enabled" value="1" <?php e($systemAuditEnabled ? 'checked' : ''); ?> <?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('Enable system audit log')); ?></span>
|
||||
</label>
|
||||
<hr>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Retention (days)')); ?></span>
|
||||
<input
|
||||
type="number"
|
||||
name="system_audit_retention_days"
|
||||
value="<?php e((string) $systemAuditRetentionDays); ?>"
|
||||
min="30"
|
||||
max="1095"
|
||||
step="1"
|
||||
<?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($systemAuditRetentionDaysDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-telemetry-core" data-details-key="settings-telemetry-core" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Frontend telemetry')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($frontendTelemetryEnabled ? t('Enabled') : t('Disabled')); ?></span>
|
||||
<span class="badge" data-variant="neutral"><?php e($frontendTelemetrySampleRate); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Telemetry helps detect recurring UI issues and failed requests in production.')); ?></small>
|
||||
</blockquote>
|
||||
<fieldset>
|
||||
<legend><small><?php e(t('Frontend telemetry')); ?></small></legend>
|
||||
<label class="app-field">
|
||||
<input
|
||||
type="checkbox"
|
||||
role="switch"
|
||||
name="frontend_telemetry_enabled"
|
||||
value="1"
|
||||
data-telemetry-enabled-toggle
|
||||
<?php e($frontendTelemetryEnabled ? 'checked' : ''); ?>
|
||||
<?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('Enable frontend telemetry')); ?></span>
|
||||
</label>
|
||||
</fieldset>
|
||||
<fieldset data-telemetry-sampling-fieldset <?php e($frontendTelemetryEnabled ? '' : 'hidden'); ?>>
|
||||
<legend><small><?php e(t('Sampling rate')); ?></small></legend>
|
||||
<label class="app-field" data-telemetry-sampling-row>
|
||||
<span><?php e(t('Sampling rate')); ?></span>
|
||||
<select name="frontend_telemetry_sample_rate" data-telemetry-sampling-select <?php e($disabledAttr); ?>>
|
||||
<option value="0.1" <?php e($frontendTelemetrySampleRate === '0.1' ? 'selected' : ''); ?>>10%</option>
|
||||
<option value="0.2" <?php e($frontendTelemetrySampleRate === '0.2' ? 'selected' : ''); ?>>20%</option>
|
||||
<option value="0.5" <?php e($frontendTelemetrySampleRate === '0.5' ? 'selected' : ''); ?>>50%</option>
|
||||
<option value="1" <?php e($frontendTelemetrySampleRate === '1' ? 'selected' : ''); ?>>100%</option>
|
||||
</select>
|
||||
<small><?php e(t('The percentage of users who will have telemetry enabled.')); ?></small>
|
||||
</label>
|
||||
</fieldset>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="telemetry-advanced" data-details-key="telemetry-advanced">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Advanced telemetry options')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d events enabled'), count($frontendTelemetryAllowedEvents))); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Limit which event types are collected to match your privacy and operations requirements.')); ?></small>
|
||||
</blockquote>
|
||||
<fieldset>
|
||||
<legend><small><?php e(t('Allowed telemetry events')); ?></small></legend>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="frontend_telemetry_allowed_events[]" value="warn_once" <?php e(in_array('warn_once', $frontendTelemetryAllowedEvents, true) ? 'checked' : ''); ?> <?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('warnOnce warnings')); ?></span>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<input type="checkbox" name="frontend_telemetry_allowed_events[]" value="ajax_error" <?php e(in_array('ajax_error', $frontendTelemetryAllowedEvents, true) ? 'checked' : ''); ?> <?php e($disabledAttr); ?>>
|
||||
<span><?php e(t('AJAX errors')); ?></span>
|
||||
</label>
|
||||
</fieldset>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<?php if ($canUpdateSettings): ?>
|
||||
<details class="app-details-card" name="settings-security-login-tokens" data-details-key="settings-security-login-tokens">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Login tokens')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e(sprintf(t('%d active login tokens'), $activeLoginTokens)); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="warning">
|
||||
<small><?php e(t('This will expire all remember-me tokens immediately and force users to sign in again.')); ?></small>
|
||||
</blockquote>
|
||||
<button type="submit" class="danger" formnovalidate
|
||||
formaction="admin/settings/expire-remember-tokens"
|
||||
formmethod="post"
|
||||
data-detail-confirm-message="<?php e(t('Expire all login tokens?')); ?>"
|
||||
data-detail-action-kind="danger">
|
||||
<?php e(t('Expire all login tokens')); ?>
|
||||
</button>
|
||||
</div>
|
||||
</details>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
</section>
|
||||
<aside id="app-details-aside-section">
|
||||
<div class="app-details-aside-section"></div>
|
||||
</aside>
|
||||
</div>
|
||||
85
pages/admin/settings/sso().php
Normal file
85
pages/admin/settings/sso().php
Normal file
@@ -0,0 +1,85 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\AdminSettingsService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
$request = requestInput();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
$adminSettingsService = app(AdminSettingsService::class);
|
||||
$pageData = $adminSettingsService->buildPageData();
|
||||
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
|
||||
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
|
||||
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/sso', 'admin/settings/sso', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$updateDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
$sectionKeys = [
|
||||
'microsoft_shared_client_id',
|
||||
'microsoft_shared_client_secret',
|
||||
'microsoft_authority',
|
||||
];
|
||||
$mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys);
|
||||
|
||||
$updateResult = $adminSettingsService->updateFromAdmin($mergedPost);
|
||||
$errorBag = formErrors();
|
||||
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
|
||||
if (is_array($error)) {
|
||||
$message = trim((string) ($error['message'] ?? ''));
|
||||
$field = trim((string) ($error['field'] ?? 'input'));
|
||||
if ($message !== '') {
|
||||
$errorBag->add($field !== '' ? $field : 'input', $message);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
$message = trim((string) $error);
|
||||
if ($message !== '') {
|
||||
$errorBag->addGlobal($message);
|
||||
}
|
||||
}
|
||||
|
||||
if ($errorBag->hasAny()) {
|
||||
flashFormErrors($errorBag, 'admin/settings/sso', 'settings_update_error');
|
||||
Router::redirect('admin/settings/sso');
|
||||
}
|
||||
|
||||
$redirectTarget = ((string) $request->body('action', 'save') === 'save_close')
|
||||
? 'admin/settings'
|
||||
: 'admin/settings/sso';
|
||||
Flash::success('Settings updated', $redirectTarget, 'settings_updated');
|
||||
Router::redirect($redirectTarget);
|
||||
}
|
||||
|
||||
Buffer::set('title', t('Microsoft SSO settings'));
|
||||
|
||||
$breadcrumbs = [
|
||||
['label' => t('Home'), 'path' => 'admin'],
|
||||
['label' => t('Settings'), 'path' => 'admin/settings'],
|
||||
['label' => t('Microsoft SSO')],
|
||||
];
|
||||
101
pages/admin/settings/sso(default).phtml
Normal file
101
pages/admin/settings/sso(default).phtml
Normal file
@@ -0,0 +1,101 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* @var array $values
|
||||
* @var array $settings
|
||||
* @var bool $canUpdateSettings
|
||||
*/
|
||||
|
||||
use MintyPHP\Session;
|
||||
|
||||
$values = $values ?? [];
|
||||
$settings = $settings ?? [];
|
||||
$microsoftSharedClientId = (string) ($values['microsoft_shared_client_id'] ?? '');
|
||||
$microsoftAuthority = (string) ($values['microsoft_authority'] ?? '');
|
||||
$microsoftSharedClientIdDesc = $settings['microsoft_shared_client_id']['description'] ?? 'setting.microsoft_shared_client_id';
|
||||
$microsoftSharedClientSecretDesc = $settings['microsoft_shared_client_secret_enc']['description'] ?? 'setting.microsoft_shared_client_secret_enc';
|
||||
$microsoftAuthorityDesc = $settings['microsoft_authority']['description'] ?? 'setting.microsoft_authority';
|
||||
$canUpdateSettings = (bool) ($canUpdateSettings ?? false);
|
||||
$isReadOnly = !$canUpdateSettings;
|
||||
$readonlyAttr = $isReadOnly ? 'readonly' : '';
|
||||
?>
|
||||
|
||||
<div class="app-details-container">
|
||||
<section>
|
||||
<?php
|
||||
$titlebar = [
|
||||
'title' => t('Microsoft SSO settings'),
|
||||
'backHref' => 'admin/settings',
|
||||
'backTitle' => t('Cancel'),
|
||||
'actions' => $canUpdateSettings ? [
|
||||
[
|
||||
'form' => 'settings-sso-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save',
|
||||
'class' => 'secondary outline',
|
||||
'label' => t('Save'),
|
||||
],
|
||||
[
|
||||
'form' => 'settings-sso-form',
|
||||
'name' => 'action',
|
||||
'value' => 'save_close',
|
||||
'class' => 'primary',
|
||||
'label' => t('Save & close'),
|
||||
],
|
||||
] : [],
|
||||
];
|
||||
require templatePath('partials/app-details-titlebar.phtml');
|
||||
?>
|
||||
|
||||
<form id="settings-sso-form" method="post" data-details-storage="settings-sso-details-v1" data-standard-detail-form="1">
|
||||
<details class="app-details-card" name="settings-integrations-microsoft-auth" data-details-key="settings-integrations-microsoft-auth" open>
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Shared Microsoft credentials')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($microsoftSharedClientId !== '' ? t('Configured') : t('Not configured')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('Shared Microsoft app credentials are used by tenants that enable "Use shared app credentials".')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Shared client ID')); ?></span>
|
||||
<input type="text" name="microsoft_shared_client_id" value="<?php e($microsoftSharedClientId); ?>" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($microsoftSharedClientIdDesc)); ?></small>
|
||||
</label>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Shared client secret')); ?></span>
|
||||
<input type="password" name="microsoft_shared_client_secret" value="" autocomplete="new-password" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($microsoftSharedClientSecretDesc)); ?></small>
|
||||
<small class="muted"><?php e(t('Leave empty to keep the currently stored client secret.')); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<details class="app-details-card" name="settings-integrations-microsoft-authority" data-details-key="settings-integrations-microsoft-authority">
|
||||
<summary>
|
||||
<span class="app-details-card-summary-title"><?php e(t('Authority endpoint')); ?></span>
|
||||
<span class="app-details-card-summary-meta">
|
||||
<span class="badge" data-variant="neutral"><?php e($microsoftAuthority !== '' ? t('Configured') : t('Not configured')); ?></span>
|
||||
</span>
|
||||
</summary>
|
||||
<div class="app-details-card-container">
|
||||
<blockquote data-variant="info">
|
||||
<small><?php e(t('The authority URL defines the Microsoft identity tenant endpoint used for sign-in.')); ?></small>
|
||||
</blockquote>
|
||||
<label class="app-field">
|
||||
<span><?php e(t('Authority URL')); ?></span>
|
||||
<input type="url" name="microsoft_authority" value="<?php e($microsoftAuthority); ?>" placeholder="https://login.microsoftonline.com/common/v2.0" <?php e($readonlyAttr); ?>>
|
||||
<small><?php e(t($microsoftAuthorityDesc)); ?></small>
|
||||
</label>
|
||||
</div>
|
||||
</details>
|
||||
|
||||
<?php Session::getCsrfInput(); ?>
|
||||
</form>
|
||||
</section>
|
||||
<aside id="app-details-aside-section">
|
||||
<div class="app-details-aside-section"></div>
|
||||
</aside>
|
||||
</div>
|
||||
@@ -10,10 +10,22 @@ class AuthzAdminSettingsContractTest extends TestCase
|
||||
|
||||
public function testAdminSettingsActionsUseCentralPolicies(): void
|
||||
{
|
||||
// Landing hub: VIEW only (no POST handler).
|
||||
$indexContent = $this->readProjectFile('pages/admin/settings/index().php');
|
||||
$this->assertStringContainsString('AuthorizationService::class', $indexContent);
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $indexContent);
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE', $indexContent);
|
||||
|
||||
// Subpages that expose a settings form: VIEW + UPDATE.
|
||||
foreach (['general', 'security', 'email', 'api', 'sso'] as $section) {
|
||||
$content = $this->readProjectFile("pages/admin/settings/{$section}().php");
|
||||
$this->assertStringContainsString('AuthorizationService::class', $content, $section);
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $content, $section);
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE', $content, $section);
|
||||
}
|
||||
|
||||
// Branding landing: VIEW only (uploads post to separate action files).
|
||||
$brandingIndex = $this->readProjectFile('pages/admin/settings/branding().php');
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $brandingIndex);
|
||||
|
||||
$logoUpload = $this->readProjectFile('pages/admin/settings/logo().php');
|
||||
$this->assertStringContainsString('AuthorizationService::class', $logoUpload);
|
||||
|
||||
@@ -56,9 +56,14 @@ class AuthzUiTemplateContractTest extends TestCase
|
||||
|
||||
public function testAdminSettingsTemplateUsesServerCapabilities(): void
|
||||
{
|
||||
$templateContent = $this->readProjectFile('pages/admin/settings/index(default).phtml');
|
||||
$this->assertStringNotContainsString("can('settings.update')", $templateContent);
|
||||
$this->assertStringContainsString('$canUpdateSettings', $templateContent);
|
||||
// Settings was split into a landing hub + per-section subpages.
|
||||
// The form-carrying subpages must use the server-side $canUpdateSettings
|
||||
// capability instead of the legacy can() helper.
|
||||
foreach (['general', 'security', 'email', 'api', 'sso', 'branding'] as $section) {
|
||||
$templateContent = $this->readProjectFile("pages/admin/settings/{$section}(default).phtml");
|
||||
$this->assertStringNotContainsString("can('settings.update')", $templateContent, $section);
|
||||
$this->assertStringContainsString('$canUpdateSettings', $templateContent, $section);
|
||||
}
|
||||
}
|
||||
|
||||
public function testAdminUserEditTemplateUsesServerCapabilities(): void
|
||||
|
||||
@@ -17,7 +17,11 @@ final class DetailActionPolicyContractFiles
|
||||
'pages/admin/departments/edit(default).phtml',
|
||||
'pages/admin/roles/edit(default).phtml',
|
||||
'pages/admin/permissions/edit(default).phtml',
|
||||
'pages/admin/settings/index(default).phtml',
|
||||
// Settings subpages that carry danger actions (and therefore need
|
||||
// the data-detail-confirm-message contract) — general/email/sso/branding
|
||||
// have no destructive buttons and are deliberately excluded.
|
||||
'pages/admin/settings/security(default).phtml',
|
||||
'pages/admin/settings/api(default).phtml',
|
||||
'templates/partials/app-details-titlebar.phtml',
|
||||
'templates/partials/app-details-aside-actions.phtml',
|
||||
];
|
||||
|
||||
@@ -16,7 +16,11 @@ final class DetailPageContractFiles
|
||||
'pages/admin/roles/_form.phtml',
|
||||
'pages/admin/permissions/_form.phtml',
|
||||
'pages/admin/scheduled-jobs/edit(default).phtml',
|
||||
'pages/admin/settings/index(default).phtml',
|
||||
'pages/admin/settings/general(default).phtml',
|
||||
'pages/admin/settings/security(default).phtml',
|
||||
'pages/admin/settings/email(default).phtml',
|
||||
'pages/admin/settings/api(default).phtml',
|
||||
'pages/admin/settings/sso(default).phtml',
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,7 +45,6 @@ class FrontendRuntimeHostContractTest extends TestCase
|
||||
'pages/admin/departments/_form.phtml',
|
||||
'pages/admin/permissions/_form.phtml',
|
||||
'pages/admin/roles/_form.phtml',
|
||||
'pages/admin/settings/index(default).phtml',
|
||||
'pages/admin/stats/index(default).phtml',
|
||||
'pages/admin/tenants/_form.phtml',
|
||||
'pages/admin/users/_form.phtml',
|
||||
|
||||
Reference in New Issue
Block a user