instances added god may help
This commit is contained in:
@@ -2,11 +2,10 @@
|
||||
|
||||
namespace MintyPHP\Http;
|
||||
|
||||
use MintyPHP\Repository\Access\RolePermissionRepository;
|
||||
use MintyPHP\Repository\Access\UserRoleRepository;
|
||||
use MintyPHP\Service\Auth\ApiTokenService;
|
||||
use MintyPHP\Service\Tenant\TenantScopeService;
|
||||
use MintyPHP\Service\User\UserService;
|
||||
use MintyPHP\Service\Access\AccessServicesFactory;
|
||||
use MintyPHP\Service\Auth\AuthScopeGateway;
|
||||
use MintyPHP\Service\Auth\AuthServicesFactory;
|
||||
use MintyPHP\Service\User\UserServicesFactory;
|
||||
|
||||
class ApiAuth
|
||||
{
|
||||
@@ -50,29 +49,35 @@ class ApiAuth
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = ApiTokenService::validate($bearerToken);
|
||||
$authServicesFactory = new AuthServicesFactory();
|
||||
$scopeGateway = $authServicesFactory->createAuthScopeGateway();
|
||||
$result = $authServicesFactory->createApiTokenService()->validate($bearerToken);
|
||||
if ($result === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = $result['user'];
|
||||
$userId = (int) ($user['id'] ?? 0);
|
||||
$userServicesFactory = new UserServicesFactory();
|
||||
$userRoleRepository = $userServicesFactory->createUserRoleRepository();
|
||||
$rolePermissionRepository = (new AccessServicesFactory())->createRolePermissionRepository();
|
||||
$userTenantContextService = $userServicesFactory->createUserTenantContextService();
|
||||
|
||||
// Load permissions directly (bypass session cache)
|
||||
$roleIds = UserRoleRepository::listRoleIdsByUserId($userId);
|
||||
$permissions = RolePermissionRepository::listPermissionKeysByRoleIds($roleIds);
|
||||
$roleIds = $userRoleRepository->listRoleIdsByUserId($userId);
|
||||
$permissions = $rolePermissionRepository->listPermissionKeysByRoleIds($roleIds);
|
||||
|
||||
// Resolve tenant context
|
||||
$tokenTenantId = $result['tenant_id'];
|
||||
if ($tokenTenantId !== null) {
|
||||
$userTenantIds = TenantScopeService::getUserTenantIds($userId);
|
||||
$userTenantIds = $scopeGateway->getUserTenantIds($userId);
|
||||
if (!in_array($tokenTenantId, $userTenantIds, true)) {
|
||||
return false;
|
||||
}
|
||||
$currentTenantId = $tokenTenantId;
|
||||
self::$tokenTenantId = $tokenTenantId;
|
||||
} else {
|
||||
$currentTenantId = UserService::getCurrentTenantId($userId);
|
||||
$currentTenantId = $userTenantContextService->getCurrentTenantId($userId);
|
||||
self::$tokenTenantId = null;
|
||||
}
|
||||
|
||||
@@ -141,7 +146,8 @@ class ApiAuth
|
||||
*/
|
||||
public static function requireResourceAccess(string $resource, int $resourceId): void
|
||||
{
|
||||
if (!TenantScopeService::canAccess($resource, $resourceId, self::userId())) {
|
||||
$scopeGateway = (new AuthServicesFactory())->createAuthScopeGateway();
|
||||
if (!$scopeGateway->canAccess($resource, $resourceId, self::userId())) {
|
||||
ApiResponse::notFound();
|
||||
}
|
||||
self::requireTokenTenantAccess($resource, $resourceId);
|
||||
@@ -158,7 +164,8 @@ class ApiAuth
|
||||
ApiResponse::forbidden();
|
||||
}
|
||||
|
||||
if (!TenantScopeService::resourceBelongsToTenant($resource, $resourceId, $tenantId)) {
|
||||
$scopeGateway = (new AuthServicesFactory())->createAuthScopeGateway();
|
||||
if (!$scopeGateway->resourceBelongsToTenant($resource, $resourceId, $tenantId)) {
|
||||
ApiResponse::notFound();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user