instances added god may help
This commit is contained in:
@@ -2,9 +2,8 @@
|
||||
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\PermissionService;
|
||||
use MintyPHP\Service\Tenant\TenantScopeService;
|
||||
use MintyPHP\Service\User\UserAccessPdfService;
|
||||
use MintyPHP\Service\User\UserService;
|
||||
use MintyPHP\Service\User\UserServicesFactory;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
@@ -13,6 +12,7 @@ define('MINTY_ALLOW_OUTPUT', true);
|
||||
// Hard gate: user must be logged in and explicitly allowed to generate access PDFs.
|
||||
Guard::requireLogin();
|
||||
Guard::requirePermissionOrForbidden(PermissionService::USERS_ACCESS_PDF);
|
||||
$userAccountService = (new UserServicesFactory())->createUserAccountService();
|
||||
|
||||
if (strtoupper((string) ($_SERVER['REQUEST_METHOD'] ?? 'GET')) !== 'POST') {
|
||||
Router::redirect('admin/users');
|
||||
@@ -43,7 +43,7 @@ if (count($uuids) > 100) {
|
||||
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
|
||||
$users = [];
|
||||
foreach ($uuids as $uuid) {
|
||||
$user = UserService::findByUuid($uuid);
|
||||
$user = $userAccountService->findByUuid($uuid);
|
||||
if (!$user) {
|
||||
continue;
|
||||
}
|
||||
@@ -52,7 +52,7 @@ foreach ($uuids as $uuid) {
|
||||
continue;
|
||||
}
|
||||
// Scope check per user prevents cross-tenant exports in mixed selections.
|
||||
if (!TenantScopeService::canAccess('users', $userId, $currentUserId)) {
|
||||
if (!directoryServicesFactory()->createDirectoryScopeGateway()->canAccess('users', $userId, $currentUserId)) {
|
||||
continue;
|
||||
}
|
||||
$users[] = $user;
|
||||
|
||||
Reference in New Issue
Block a user