major update
This commit is contained in:
@@ -1,16 +1,15 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\AccessServicesFactory;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Auth\AuthServicesFactory;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
|
||||
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
|
||||
$authorizationService = (new AccessServicesFactory())->createAuthorizationService();
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_TOKENS_REVOKE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
@@ -18,11 +17,18 @@ if (!$decision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
if (requestInput()->method() !== 'POST') {
|
||||
Router::redirect('admin/settings');
|
||||
}
|
||||
|
||||
$apiTokenService = (new AuthServicesFactory())->createApiTokenService();
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, 'admin/settings', 'settings_tokens_revoke');
|
||||
Router::redirect('admin/settings');
|
||||
}
|
||||
|
||||
$apiTokenService = app(\MintyPHP\Service\Auth\ApiTokenService::class);
|
||||
$count = $apiTokenService->revokeAllByAdmin();
|
||||
Flash::success(sprintf(t('%d API tokens revoked'), $count), 'admin/settings', 'api_tokens_revoked');
|
||||
Router::redirect('admin/settings');
|
||||
|
||||
Reference in New Issue
Block a user