refactor(arch): enforce gateway compliance and remove service-wrapping gateways
This commit is contained in:
@@ -71,7 +71,7 @@ foreach ($uuids as $uuid) {
|
||||
continue;
|
||||
}
|
||||
// Scope check per user prevents cross-tenant exports in mixed selections.
|
||||
if (!app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->canAccess('users', $userId, $currentUserId)) {
|
||||
if (!app(\MintyPHP\Service\Tenant\TenantScopeService::class)->canAccess('users', $userId, $currentUserId)) {
|
||||
continue;
|
||||
}
|
||||
$users[] = $user;
|
||||
|
||||
@@ -39,7 +39,7 @@ $userCustomFieldValueService = app(UserCustomFieldValueService::class);
|
||||
$passwordMinLength = $userPasswordPolicyService->minLength();
|
||||
$passwordHints = $userPasswordPolicyService->hints();
|
||||
$settingsDefaultsGateway = app(\MintyPHP\Service\Settings\SettingsDefaultsGateway::class);
|
||||
$directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
|
||||
$directoryScopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
|
||||
$tenantService = app(\MintyPHP\Service\Tenant\TenantService::class);
|
||||
$roleService = app(\MintyPHP\Service\Access\RoleService::class);
|
||||
$departmentService = app(\MintyPHP\Service\Org\DepartmentService::class);
|
||||
|
||||
@@ -119,7 +119,7 @@ if ($canViewUserMeta || $canViewUserAudit) {
|
||||
$errorBag = formErrors();
|
||||
$errors = [];
|
||||
$form = $user;
|
||||
$scopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class);
|
||||
$scopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class);
|
||||
$strictTenantScope = $scopeGateway->isStrict();
|
||||
|
||||
$tenants = $tenantService->list();
|
||||
|
||||
@@ -41,7 +41,7 @@ $filterState = gridParseFilters($query, [
|
||||
]);
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$allowedTenantIds = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->getUserTenantIds($currentUserId);
|
||||
$allowedTenantIds = app(\MintyPHP\Service\Tenant\TenantScopeService::class)->getUserTenantIds($currentUserId);
|
||||
$uiAccessService = app(UiAccessService::class);
|
||||
$selfEditDecision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
@@ -70,7 +70,7 @@ if ($allowedTenantIds) {
|
||||
$tenantId = (int) ($tenant['id'] ?? 0);
|
||||
return $tenantId > 0 && in_array($tenantId, $allowedTenantIds, true);
|
||||
}));
|
||||
} elseif (app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->isStrict()) {
|
||||
} elseif (app(\MintyPHP\Service\Tenant\TenantScopeService::class)->isStrict()) {
|
||||
$tenants = [];
|
||||
}
|
||||
sortByDescription($tenants);
|
||||
@@ -79,7 +79,7 @@ $roles = app(\MintyPHP\Service\Access\RoleService::class)->listActive();
|
||||
sortByDescription($roles);
|
||||
|
||||
$departments = $allowedTenantIds ? app(\MintyPHP\Service\Org\DepartmentService::class)->listByTenantIds($allowedTenantIds) : [];
|
||||
if (!$allowedTenantIds && !app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->isStrict()) {
|
||||
if (!$allowedTenantIds && !app(\MintyPHP\Service\Tenant\TenantScopeService::class)->isStrict()) {
|
||||
$departments = app(\MintyPHP\Service\Org\DepartmentService::class)->list();
|
||||
}
|
||||
sortByDescription($departments);
|
||||
|
||||
Reference in New Issue
Block a user