refactor(arch): enforce gateway compliance and remove service-wrapping gateways

This commit is contained in:
2026-03-13 11:31:33 +01:00
parent 082fa4c9a5
commit 892da0048d
96 changed files with 1117 additions and 1060 deletions

View File

@@ -15,7 +15,7 @@ $returnTarget = requestResolveReturnTarget();
$closeTarget = requestResolveReturnTarget('admin/departments');
$createTarget = requestPathWithReturnTarget('admin/departments/create', $returnTarget);
$tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
$directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
$directoryScopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
$currentUserId = (int) ($session['user']['id'] ?? 0);

View File

@@ -17,12 +17,12 @@ $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class
$currentUserId = (int) ($session['user']['id'] ?? 0);
if ($currentUserId > 0) {
app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId);
app(\MintyPHP\Service\Access\PermissionService::class)->getUserPermissions($currentUserId);
}
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
$tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
$directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
$directoryScopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
$uuid = trim((string) ($id ?? ''));
$editTarget = requestPathWithReturnTarget("admin/departments/edit/{$uuid}", $returnTarget);

View File

@@ -18,7 +18,7 @@ $profileOptions = [];
foreach ($importService->listProfileOptions() as $option) {
$key = (string) $option['key'];
$permission = $importService->requiredPermissionForType($key);
$allowed = $permission !== '' && app(\MintyPHP\Service\Access\PermissionGateway::class)->userHas($currentUserId, $permission);
$allowed = $permission !== '' && app(\MintyPHP\Service\Access\PermissionService::class)->userHas($currentUserId, $permission);
$profileOptions[] = [
'key' => $key,
'label' => (string) $option['label'],
@@ -52,7 +52,7 @@ $csrfToken = $session[$csrfKey] ?? '';
$hasImportPermission = static function (string $type) use ($currentUserId, $importService): bool {
$permission = $importService->requiredPermissionForType($type);
return $permission !== '' && app(\MintyPHP\Service\Access\PermissionGateway::class)->userHas($currentUserId, $permission);
return $permission !== '' && app(\MintyPHP\Service\Access\PermissionService::class)->userHas($currentUserId, $permission);
};
if ($request->isMethod('POST')) {

View File

@@ -40,7 +40,7 @@ if ($request->isMethod('POST') && !Session::checkCsrfToken()) {
}
if ($request->hasBody('key')) {
$result = app(\MintyPHP\Service\Access\PermissionGateway::class)->createFromAdmin($request->bodyAll());
$result = app(\MintyPHP\Service\Access\PermissionService::class)->createFromAdmin($request->bodyAll());
$form = $result['form'] ?? $form;
$errorBag->merge($result['errors'] ?? []);

View File

@@ -10,7 +10,7 @@ Guard::requireAbilityOrForbidden(PermissionAuthorizationPolicy::ABILITY_ADMIN_PE
$filters = gridParseFiltersFromSchemaFile(__DIR__ . '/filter-schema.php');
$result = app(\MintyPHP\Service\Access\PermissionGateway::class)->listPaged([
$result = app(\MintyPHP\Service\Access\PermissionService::class)->listPaged([
'limit' => $filters['limit'],
'offset' => $filters['offset'],
'search' => $filters['search'],

View File

@@ -3,7 +3,7 @@
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\PermissionAuthorizationPolicy;
use MintyPHP\Service\Access\PermissionGateway;
use MintyPHP\Service\Access\PermissionService;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
@@ -28,7 +28,7 @@ if ($id <= 0) {
$roleIds = app(\MintyPHP\Repository\Access\RolePermissionRepository::class)->listRoleIdsByPermissionId($id);
$affectedUserIds = app(\MintyPHP\Repository\Access\UserRoleRepository::class)->listUserIdsByRoleIds($roleIds);
$result = app(PermissionGateway::class)->deleteById($id);
$result = app(PermissionService::class)->deleteById($id);
if (!($result['ok'] ?? false)) {
$error = (string) ($result['error'] ?? '');
if ($error === 'system_permission_protected') {

View File

@@ -20,7 +20,7 @@ $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class
$id = (int) ($id ?? 0);
$editTarget = requestPathWithReturnTarget("admin/permissions/edit/{$id}", $returnTarget);
$permission = $id > 0 ? app(\MintyPHP\Service\Access\PermissionGateway::class)->find($id) : null;
$permission = $id > 0 ? app(\MintyPHP\Service\Access\PermissionService::class)->find($id) : null;
if (!$permission) {
Flash::error('Permission not found', $closeTarget, 'permission_not_found');
Router::redirect($closeTarget);
@@ -63,7 +63,7 @@ if ($request->hasBody('key')) {
if (!$submitDecision->isAllowed()) {
Guard::deny();
}
$result = app(\MintyPHP\Service\Access\PermissionGateway::class)->updateFromAdmin($id, $request->bodyAll());
$result = app(\MintyPHP\Service\Access\PermissionService::class)->updateFromAdmin($id, $request->bodyAll());
$form = $result['form'] ?? $form;
$errorBag->merge($result['errors'] ?? []);
$selectedRoleIds = $request->body('role_ids', $selectedRoleIds);

View File

@@ -17,7 +17,7 @@ $closeTarget = requestResolveReturnTarget('admin/tenants');
$currentUserId = (int) ($session['user']['id'] ?? 0);
if ($currentUserId > 0) {
app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId);
app(\MintyPHP\Service\Access\PermissionService::class)->getUserPermissions($currentUserId);
}
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);

View File

@@ -71,7 +71,7 @@ foreach ($uuids as $uuid) {
continue;
}
// Scope check per user prevents cross-tenant exports in mixed selections.
if (!app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->canAccess('users', $userId, $currentUserId)) {
if (!app(\MintyPHP\Service\Tenant\TenantScopeService::class)->canAccess('users', $userId, $currentUserId)) {
continue;
}
$users[] = $user;

View File

@@ -39,7 +39,7 @@ $userCustomFieldValueService = app(UserCustomFieldValueService::class);
$passwordMinLength = $userPasswordPolicyService->minLength();
$passwordHints = $userPasswordPolicyService->hints();
$settingsDefaultsGateway = app(\MintyPHP\Service\Settings\SettingsDefaultsGateway::class);
$directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
$directoryScopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
$tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
$roleService = app(\MintyPHP\Service\Access\RoleService::class);
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);

View File

@@ -119,7 +119,7 @@ if ($canViewUserMeta || $canViewUserAudit) {
$errorBag = formErrors();
$errors = [];
$form = $user;
$scopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
$scopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
$strictTenantScope = $scopeGateway->isStrict();
$tenants = $tenantService->list();

View File

@@ -41,7 +41,7 @@ $filterState = gridParseFilters($query, [
]);
$currentUserId = (int) ($session['user']['id'] ?? 0);
$allowedTenantIds = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->getUserTenantIds($currentUserId);
$allowedTenantIds = app(\MintyPHP\Service\Tenant\TenantScopeService::class)->getUserTenantIds($currentUserId);
$uiAccessService = app(UiAccessService::class);
$selfEditDecision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT, [
'actor_user_id' => $currentUserId,
@@ -70,7 +70,7 @@ if ($allowedTenantIds) {
$tenantId = (int) ($tenant['id'] ?? 0);
return $tenantId > 0 && in_array($tenantId, $allowedTenantIds, true);
}));
} elseif (app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->isStrict()) {
} elseif (app(\MintyPHP\Service\Tenant\TenantScopeService::class)->isStrict()) {
$tenants = [];
}
sortByDescription($tenants);
@@ -79,7 +79,7 @@ $roles = app(\MintyPHP\Service\Access\RoleService::class)->listActive();
sortByDescription($roles);
$departments = $allowedTenantIds ? app(\MintyPHP\Service\Org\DepartmentService::class)->listByTenantIds($allowedTenantIds) : [];
if (!$allowedTenantIds && !app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->isStrict()) {
if (!$allowedTenantIds && !app(\MintyPHP\Service\Tenant\TenantScopeService::class)->isStrict()) {
$departments = app(\MintyPHP\Service\Org\DepartmentService::class)->list();
}
sortByDescription($departments);