refactor(audit): extract shared page helpers for purge and view actions
Create AuditPageHelper with requirePurgePost() and findOrRedirect() to eliminate duplicated POST/CSRF guard boilerplate across 4 purge pages and find-or-redirect boilerplate across 4 view pages. Each page retains its stream-specific logic (system-audit event recording, user-lifecycle snapshot/restore). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
62
modules/audit/lib/Module/Audit/Support/AuditPageHelper.php
Normal file
62
modules/audit/lib/Module/Audit/Support/AuditPageHelper.php
Normal file
@@ -0,0 +1,62 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Module\Audit\Support;
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
final class AuditPageHelper
|
||||
{
|
||||
/**
|
||||
* Guard a purge action: require login, ability, POST method, and valid CSRF token.
|
||||
* Redirects on any failure (never returns in that case).
|
||||
*/
|
||||
public static function requirePurgePost(string $ability, string $route, string $flashGroup): void
|
||||
{
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility($ability);
|
||||
|
||||
if (strtoupper((string) requestInput()->method()) !== 'POST') {
|
||||
Router::redirect($route);
|
||||
}
|
||||
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, $route, $flashGroup);
|
||||
Router::redirect($route);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Guard a view action: require login + ability, find record by ID, redirect on not-found.
|
||||
*
|
||||
* @return array<string, mixed> The found record
|
||||
*/
|
||||
public static function findOrRedirect(
|
||||
string $ability,
|
||||
string $serviceClass,
|
||||
string $route,
|
||||
string $errorMessage,
|
||||
string $flashGroup,
|
||||
string $title,
|
||||
mixed $id = null
|
||||
): array {
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility($ability);
|
||||
|
||||
$recordId = (int) ($id ?? 0);
|
||||
$record = $recordId > 0 ? app($serviceClass)->find($recordId) : null;
|
||||
if (!$record) {
|
||||
Flash::error(t($errorMessage), $route, $flashGroup);
|
||||
Router::redirect($route);
|
||||
}
|
||||
|
||||
Buffer::set('title', t($title));
|
||||
|
||||
return $record;
|
||||
}
|
||||
}
|
||||
@@ -1,23 +1,17 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
|
||||
use MintyPHP\Module\Audit\Service\ApiAuditService;
|
||||
use MintyPHP\Module\Audit\Support\AuditPageHelper;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(\MintyPHP\Module\Audit\AuditAuthorizationPolicy::ABILITY_API_AUDIT_PURGE);
|
||||
AuditPageHelper::requirePurgePost(
|
||||
AuditAuthorizationPolicy::ABILITY_API_AUDIT_PURGE,
|
||||
'audit/api-audit',
|
||||
'api_audit'
|
||||
);
|
||||
|
||||
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
|
||||
Router::redirect('audit/api-audit');
|
||||
}
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, 'audit/api-audit', 'api_audit');
|
||||
Router::redirect('audit/api-audit');
|
||||
}
|
||||
|
||||
$deleted = app(\MintyPHP\Module\Audit\Service\ApiAuditService::class)->purgeExpired();
|
||||
$deleted = app(ApiAuditService::class)->purgeExpired();
|
||||
Flash::success(sprintf(t('%d API audit entries purged'), $deleted), 'audit/api-audit', 'api_audit_purged');
|
||||
Router::redirect('audit/api-audit');
|
||||
|
||||
@@ -1,18 +1,15 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
|
||||
use MintyPHP\Module\Audit\Service\ApiAuditService;
|
||||
use MintyPHP\Module\Audit\Support\AuditPageHelper;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(\MintyPHP\Module\Audit\AuditAuthorizationPolicy::ABILITY_API_AUDIT_VIEW);
|
||||
|
||||
$auditId = (int) ($id ?? 0);
|
||||
$auditLog = $auditId > 0 ? app(\MintyPHP\Module\Audit\Service\ApiAuditService::class)->find($auditId) : null;
|
||||
if (!$auditLog) {
|
||||
Flash::error(t('API audit entry not found'), 'audit/api-audit', 'api_audit_not_found');
|
||||
Router::redirect('audit/api-audit');
|
||||
}
|
||||
|
||||
Buffer::set('title', t('View API audit entry'));
|
||||
$auditLog = AuditPageHelper::findOrRedirect(
|
||||
AuditAuthorizationPolicy::ABILITY_API_AUDIT_VIEW,
|
||||
ApiAuditService::class,
|
||||
'audit/api-audit',
|
||||
'API audit entry not found',
|
||||
'api_audit_not_found',
|
||||
'View API audit entry',
|
||||
$id ?? null
|
||||
);
|
||||
|
||||
@@ -1,23 +1,16 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
|
||||
use MintyPHP\Module\Audit\Service\ImportAuditService;
|
||||
use MintyPHP\Module\Audit\Support\AuditPageHelper;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(\MintyPHP\Module\Audit\AuditAuthorizationPolicy::ABILITY_IMPORTS_AUDIT_PURGE);
|
||||
|
||||
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
|
||||
Router::redirect('audit/import-audit');
|
||||
}
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, 'audit/import-audit', 'import_audit');
|
||||
Router::redirect('audit/import-audit');
|
||||
}
|
||||
AuditPageHelper::requirePurgePost(
|
||||
AuditAuthorizationPolicy::ABILITY_IMPORTS_AUDIT_PURGE,
|
||||
'audit/import-audit',
|
||||
'import_audit'
|
||||
);
|
||||
|
||||
$deleted = app(ImportAuditService::class)->purgeExpired();
|
||||
Flash::success(sprintf(t('%d import audit entries purged'), $deleted), 'audit/import-audit', 'import_audit_purged');
|
||||
|
||||
@@ -1,18 +1,15 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
|
||||
use MintyPHP\Module\Audit\Service\ImportAuditService;
|
||||
use MintyPHP\Module\Audit\Support\AuditPageHelper;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(\MintyPHP\Module\Audit\AuditAuthorizationPolicy::ABILITY_IMPORTS_AUDIT_VIEW);
|
||||
|
||||
$runId = (int) ($id ?? 0);
|
||||
$auditRun = $runId > 0 ? app(\MintyPHP\Module\Audit\Service\ImportAuditService::class)->find($runId) : null;
|
||||
if (!$auditRun) {
|
||||
Flash::error(t('Import audit entry not found'), 'audit/import-audit', 'import_audit_not_found');
|
||||
Router::redirect('audit/import-audit');
|
||||
}
|
||||
|
||||
Buffer::set('title', t('View import audit entry'));
|
||||
$auditRun = AuditPageHelper::findOrRedirect(
|
||||
AuditAuthorizationPolicy::ABILITY_IMPORTS_AUDIT_VIEW,
|
||||
ImportAuditService::class,
|
||||
'audit/import-audit',
|
||||
'Import audit entry not found',
|
||||
'import_audit_not_found',
|
||||
'View import audit entry',
|
||||
$id ?? null
|
||||
);
|
||||
|
||||
@@ -3,24 +3,15 @@
|
||||
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
|
||||
use MintyPHP\Module\Audit\Domain\SystemAuditOutcome;
|
||||
use MintyPHP\Module\Audit\Service\SystemAuditService;
|
||||
use MintyPHP\Module\Audit\Support\AuditPageHelper;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(AuditAuthorizationPolicy::ABILITY_SYSTEM_AUDIT_PURGE);
|
||||
|
||||
if (strtoupper((string) requestInput()->method()) !== 'POST') {
|
||||
Router::redirect('audit/system-audit');
|
||||
}
|
||||
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, 'audit/system-audit', 'system_audit');
|
||||
Router::redirect('audit/system-audit');
|
||||
}
|
||||
AuditPageHelper::requirePurgePost(
|
||||
AuditAuthorizationPolicy::ABILITY_SYSTEM_AUDIT_PURGE,
|
||||
'audit/system-audit',
|
||||
'system_audit'
|
||||
);
|
||||
|
||||
$service = app(SystemAuditService::class);
|
||||
$deleted = $service->purgeExpired();
|
||||
|
||||
@@ -1,20 +1,15 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
|
||||
use MintyPHP\Module\Audit\Service\SystemAuditService;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
use MintyPHP\Module\Audit\Support\AuditPageHelper;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(AuditAuthorizationPolicy::ABILITY_SYSTEM_AUDIT_VIEW);
|
||||
|
||||
$auditId = (int) ($id ?? 0);
|
||||
$auditLog = $auditId > 0 ? app(SystemAuditService::class)->find($auditId) : null;
|
||||
if (!$auditLog) {
|
||||
Flash::error(t('System audit entry not found'), 'audit/system-audit', 'system_audit_not_found');
|
||||
Router::redirect('audit/system-audit');
|
||||
}
|
||||
|
||||
Buffer::set('title', t('View system audit entry'));
|
||||
$auditLog = AuditPageHelper::findOrRedirect(
|
||||
AuditAuthorizationPolicy::ABILITY_SYSTEM_AUDIT_VIEW,
|
||||
SystemAuditService::class,
|
||||
'audit/system-audit',
|
||||
'System audit entry not found',
|
||||
'system_audit_not_found',
|
||||
'View system audit entry',
|
||||
$id ?? null
|
||||
);
|
||||
|
||||
@@ -1,24 +1,18 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Module\Audit\Service\UserLifecycleAuditService;
|
||||
use MintyPHP\Module\Audit\Support\AuditPageHelper;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(\MintyPHP\Service\Access\SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE);
|
||||
AuditPageHelper::requirePurgePost(
|
||||
SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE,
|
||||
'audit/user-lifecycle-audit',
|
||||
'user_lifecycle_audit'
|
||||
);
|
||||
|
||||
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
|
||||
Router::redirect('audit/user-lifecycle-audit');
|
||||
}
|
||||
$errorBag = formErrors();
|
||||
if (!Session::checkCsrfToken()) {
|
||||
$errorBag->addGlobal(t('Form expired, please try again'));
|
||||
flashFormErrors($errorBag, 'audit/user-lifecycle-audit', 'user_lifecycle_audit');
|
||||
Router::redirect('audit/user-lifecycle-audit');
|
||||
}
|
||||
|
||||
$deleted = app(\MintyPHP\Module\Audit\Service\UserLifecycleAuditService::class)->purgeExpired();
|
||||
$deleted = app(UserLifecycleAuditService::class)->purgeExpired();
|
||||
Flash::success(
|
||||
sprintf(t('%d user lifecycle audit entries purged'), $deleted),
|
||||
'audit/user-lifecycle-audit',
|
||||
|
||||
@@ -1,26 +1,25 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
|
||||
use MintyPHP\Module\Audit\Domain\UserLifecycleAction;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Module\Audit\Service\UserLifecycleAuditService;
|
||||
use MintyPHP\Module\Audit\Support\AuditPageHelper;
|
||||
use MintyPHP\Service\Access\UiAccessService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
Guard::requireAbility(AuditAuthorizationPolicy::ABILITY_USER_LIFECYCLE_VIEW);
|
||||
|
||||
$auditId = (int) ($id ?? 0);
|
||||
$auditService = app(\MintyPHP\Module\Audit\Service\UserLifecycleAuditService::class);
|
||||
$auditLog = $auditId > 0 ? $auditService->find($auditId) : null;
|
||||
if (!$auditLog) {
|
||||
Flash::error(t('Lifecycle audit entry not found'), 'audit/user-lifecycle-audit', 'user_lifecycle_audit_not_found');
|
||||
Router::redirect('audit/user-lifecycle-audit');
|
||||
}
|
||||
$auditLog = AuditPageHelper::findOrRedirect(
|
||||
AuditAuthorizationPolicy::ABILITY_USER_LIFECYCLE_VIEW,
|
||||
UserLifecycleAuditService::class,
|
||||
'audit/user-lifecycle-audit',
|
||||
'Lifecycle audit entry not found',
|
||||
'user_lifecycle_audit_not_found',
|
||||
'View user lifecycle audit entry',
|
||||
$id ?? null
|
||||
);
|
||||
|
||||
$auditService = app(UserLifecycleAuditService::class);
|
||||
$snapshot = null;
|
||||
if ((string) ($auditLog['action'] ?? '') === UserLifecycleAction::Delete->value) {
|
||||
$snapshot = $auditService->decryptSnapshot($auditLog);
|
||||
@@ -29,5 +28,3 @@ $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
|
||||
(int) ($session['user']['id'] ?? 0),
|
||||
['can_restore' => AuditAuthorizationPolicy::ABILITY_USER_LIFECYCLE_RESTORE]
|
||||
);
|
||||
|
||||
Buffer::set('title', t('View user lifecycle audit entry'));
|
||||
|
||||
Reference in New Issue
Block a user