refactor(arch): enforce gateway compliance and remove service-wrapping gateways
This commit is contained in:
@@ -15,7 +15,7 @@ $returnTarget = requestResolveReturnTarget();
|
||||
$closeTarget = requestResolveReturnTarget('admin/departments');
|
||||
$createTarget = requestPathWithReturnTarget('admin/departments/create', $returnTarget);
|
||||
$tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
|
||||
$directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
|
||||
$directoryScopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
|
||||
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
|
||||
@@ -17,12 +17,12 @@ $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
if ($currentUserId > 0) {
|
||||
app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId);
|
||||
app(\MintyPHP\Service\Access\PermissionService::class)->getUserPermissions($currentUserId);
|
||||
}
|
||||
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
|
||||
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
|
||||
$tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
|
||||
$directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
|
||||
$directoryScopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
|
||||
|
||||
$uuid = trim((string) ($id ?? ''));
|
||||
$editTarget = requestPathWithReturnTarget("admin/departments/edit/{$uuid}", $returnTarget);
|
||||
|
||||
@@ -18,7 +18,7 @@ $profileOptions = [];
|
||||
foreach ($importService->listProfileOptions() as $option) {
|
||||
$key = (string) $option['key'];
|
||||
$permission = $importService->requiredPermissionForType($key);
|
||||
$allowed = $permission !== '' && app(\MintyPHP\Service\Access\PermissionGateway::class)->userHas($currentUserId, $permission);
|
||||
$allowed = $permission !== '' && app(\MintyPHP\Service\Access\PermissionService::class)->userHas($currentUserId, $permission);
|
||||
$profileOptions[] = [
|
||||
'key' => $key,
|
||||
'label' => (string) $option['label'],
|
||||
@@ -52,7 +52,7 @@ $csrfToken = $session[$csrfKey] ?? '';
|
||||
|
||||
$hasImportPermission = static function (string $type) use ($currentUserId, $importService): bool {
|
||||
$permission = $importService->requiredPermissionForType($type);
|
||||
return $permission !== '' && app(\MintyPHP\Service\Access\PermissionGateway::class)->userHas($currentUserId, $permission);
|
||||
return $permission !== '' && app(\MintyPHP\Service\Access\PermissionService::class)->userHas($currentUserId, $permission);
|
||||
};
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
|
||||
@@ -40,7 +40,7 @@ if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
|
||||
}
|
||||
|
||||
if ($request->hasBody('key')) {
|
||||
$result = app(\MintyPHP\Service\Access\PermissionGateway::class)->createFromAdmin($request->bodyAll());
|
||||
$result = app(\MintyPHP\Service\Access\PermissionService::class)->createFromAdmin($request->bodyAll());
|
||||
$form = $result['form'] ?? $form;
|
||||
$errorBag->merge($result['errors'] ?? []);
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ Guard::requireAbilityOrForbidden(PermissionAuthorizationPolicy::ABILITY_ADMIN_PE
|
||||
|
||||
$filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php');
|
||||
|
||||
$result = app(\MintyPHP\Service\Access\PermissionGateway::class)->listPaged([
|
||||
$result = app(\MintyPHP\Service\Access\PermissionService::class)->listPaged([
|
||||
'limit' => $filters['limit'],
|
||||
'offset' => $filters['offset'],
|
||||
'search' => $filters['search'],
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
|
||||
use MintyPHP\Service\Access\PermissionGateway;
|
||||
use MintyPHP\Service\Access\PermissionService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -28,7 +28,7 @@ if ($id <= 0) {
|
||||
$roleIds = app(\MintyPHP\Repository\Access\RolePermissionRepository::class)->listRoleIdsByPermissionId($id);
|
||||
$affectedUserIds = app(\MintyPHP\Repository\Access\UserRoleRepository::class)->listUserIdsByRoleIds($roleIds);
|
||||
|
||||
$result = app(PermissionGateway::class)->deleteById($id);
|
||||
$result = app(PermissionService::class)->deleteById($id);
|
||||
if (!($result['ok'] ?? false)) {
|
||||
$error = (string) ($result['error'] ?? '');
|
||||
if ($error === 'system_permission_protected') {
|
||||
|
||||
@@ -20,7 +20,7 @@ $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class
|
||||
|
||||
$id = (int) ($id ?? 0);
|
||||
$editTarget = requestPathWithReturnTarget("admin/permissions/edit/{$id}", $returnTarget);
|
||||
$permission = $id > 0 ? app(\MintyPHP\Service\Access\PermissionGateway::class)->find($id) : null;
|
||||
$permission = $id > 0 ? app(\MintyPHP\Service\Access\PermissionService::class)->find($id) : null;
|
||||
if (!$permission) {
|
||||
Flash::error('Permission not found', $closeTarget, 'permission_not_found');
|
||||
Router::redirect($closeTarget);
|
||||
@@ -63,7 +63,7 @@ if ($request->hasBody('key')) {
|
||||
if (!$submitDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$result = app(\MintyPHP\Service\Access\PermissionGateway::class)->updateFromAdmin($id, $request->bodyAll());
|
||||
$result = app(\MintyPHP\Service\Access\PermissionService::class)->updateFromAdmin($id, $request->bodyAll());
|
||||
$form = $result['form'] ?? $form;
|
||||
$errorBag->merge($result['errors'] ?? []);
|
||||
$selectedRoleIds = $request->body('role_ids', $selectedRoleIds);
|
||||
|
||||
@@ -17,7 +17,7 @@ $closeTarget = requestResolveReturnTarget('admin/tenants');
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
if ($currentUserId > 0) {
|
||||
app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId);
|
||||
app(\MintyPHP\Service\Access\PermissionService::class)->getUserPermissions($currentUserId);
|
||||
}
|
||||
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
|
||||
|
||||
|
||||
@@ -71,7 +71,7 @@ foreach ($uuids as $uuid) {
|
||||
continue;
|
||||
}
|
||||
// Scope check per user prevents cross-tenant exports in mixed selections.
|
||||
if (!app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->canAccess('users', $userId, $currentUserId)) {
|
||||
if (!app(\MintyPHP\Service\Tenant\TenantScopeService::class)->canAccess('users', $userId, $currentUserId)) {
|
||||
continue;
|
||||
}
|
||||
$users[] = $user;
|
||||
|
||||
@@ -39,7 +39,7 @@ $userCustomFieldValueService = app(UserCustomFieldValueService::class);
|
||||
$passwordMinLength = $userPasswordPolicyService->minLength();
|
||||
$passwordHints = $userPasswordPolicyService->hints();
|
||||
$settingsDefaultsGateway = app(\MintyPHP\Service\Settings\SettingsDefaultsGateway::class);
|
||||
$directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
|
||||
$directoryScopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
|
||||
$tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
|
||||
$roleService = app(\MintyPHP\Service\Access\RoleService::class);
|
||||
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
|
||||
|
||||
@@ -119,7 +119,7 @@ if ($canViewUserMeta || $canViewUserAudit) {
|
||||
$errorBag = formErrors();
|
||||
$errors = [];
|
||||
$form = $user;
|
||||
$scopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
|
||||
$scopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
|
||||
$strictTenantScope = $scopeGateway->isStrict();
|
||||
|
||||
$tenants = $tenantService->list();
|
||||
|
||||
@@ -41,7 +41,7 @@ $filterState = gridParseFilters($query, [
|
||||
]);
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$allowedTenantIds = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->getUserTenantIds($currentUserId);
|
||||
$allowedTenantIds = app(\MintyPHP\Service\Tenant\TenantScopeService::class)->getUserTenantIds($currentUserId);
|
||||
$uiAccessService = app(UiAccessService::class);
|
||||
$selfEditDecision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
@@ -70,7 +70,7 @@ if ($allowedTenantIds) {
|
||||
$tenantId = (int) ($tenant['id'] ?? 0);
|
||||
return $tenantId > 0 && in_array($tenantId, $allowedTenantIds, true);
|
||||
}));
|
||||
} elseif (app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->isStrict()) {
|
||||
} elseif (app(\MintyPHP\Service\Tenant\TenantScopeService::class)->isStrict()) {
|
||||
$tenants = [];
|
||||
}
|
||||
sortByDescription($tenants);
|
||||
@@ -79,7 +79,7 @@ $roles = app(\MintyPHP\Service\Access\RoleService::class)->listActive();
|
||||
sortByDescription($roles);
|
||||
|
||||
$departments = $allowedTenantIds ? app(\MintyPHP\Service\Org\DepartmentService::class)->listByTenantIds($allowedTenantIds) : [];
|
||||
if (!$allowedTenantIds && !app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->isStrict()) {
|
||||
if (!$allowedTenantIds && !app(\MintyPHP\Service\Tenant\TenantScopeService::class)->isStrict()) {
|
||||
$departments = app(\MintyPHP\Service\Org\DepartmentService::class)->list();
|
||||
}
|
||||
sortByDescription($departments);
|
||||
|
||||
Reference in New Issue
Block a user