refactor(audit): extract shared page helpers for purge and view actions

Create AuditPageHelper with requirePurgePost() and findOrRedirect()
to eliminate duplicated POST/CSRF guard boilerplate across 4 purge
pages and find-or-redirect boilerplate across 4 view pages. Each page
retains its stream-specific logic (system-audit event recording,
user-lifecycle snapshot/restore).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-03-26 12:57:54 +01:00
parent 77badcde67
commit c0843b1fca
9 changed files with 139 additions and 119 deletions

View File

@@ -0,0 +1,62 @@
<?php
namespace MintyPHP\Module\Audit\Support;
use MintyPHP\Buffer;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
final class AuditPageHelper
{
/**
* Guard a purge action: require login, ability, POST method, and valid CSRF token.
* Redirects on any failure (never returns in that case).
*/
public static function requirePurgePost(string $ability, string $route, string $flashGroup): void
{
Guard::requireLogin();
Guard::requireAbility($ability);
if (strtoupper((string) requestInput()->method()) !== 'POST') {
Router::redirect($route);
}
$errorBag = formErrors();
if (!Session::checkCsrfToken()) {
$errorBag->addGlobal(t('Form expired, please try again'));
flashFormErrors($errorBag, $route, $flashGroup);
Router::redirect($route);
}
}
/**
* Guard a view action: require login + ability, find record by ID, redirect on not-found.
*
* @return array<string, mixed> The found record
*/
public static function findOrRedirect(
string $ability,
string $serviceClass,
string $route,
string $errorMessage,
string $flashGroup,
string $title,
mixed $id = null
): array {
Guard::requireLogin();
Guard::requireAbility($ability);
$recordId = (int) ($id ?? 0);
$record = $recordId > 0 ? app($serviceClass)->find($recordId) : null;
if (!$record) {
Flash::error(t($errorMessage), $route, $flashGroup);
Router::redirect($route);
}
Buffer::set('title', t($title));
return $record;
}
}

View File

@@ -1,23 +1,17 @@
<?php
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
use MintyPHP\Module\Audit\Service\ApiAuditService;
use MintyPHP\Module\Audit\Support\AuditPageHelper;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Module\Audit\AuditAuthorizationPolicy::ABILITY_API_AUDIT_PURGE);
AuditPageHelper::requirePurgePost(
AuditAuthorizationPolicy::ABILITY_API_AUDIT_PURGE,
'audit/api-audit',
'api_audit'
);
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
Router::redirect('audit/api-audit');
}
$errorBag = formErrors();
if (!Session::checkCsrfToken()) {
$errorBag->addGlobal(t('Form expired, please try again'));
flashFormErrors($errorBag, 'audit/api-audit', 'api_audit');
Router::redirect('audit/api-audit');
}
$deleted = app(\MintyPHP\Module\Audit\Service\ApiAuditService::class)->purgeExpired();
$deleted = app(ApiAuditService::class)->purgeExpired();
Flash::success(sprintf(t('%d API audit entries purged'), $deleted), 'audit/api-audit', 'api_audit_purged');
Router::redirect('audit/api-audit');

View File

@@ -1,18 +1,15 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Router;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
use MintyPHP\Module\Audit\Service\ApiAuditService;
use MintyPHP\Module\Audit\Support\AuditPageHelper;
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Module\Audit\AuditAuthorizationPolicy::ABILITY_API_AUDIT_VIEW);
$auditId = (int) ($id ?? 0);
$auditLog = $auditId > 0 ? app(\MintyPHP\Module\Audit\Service\ApiAuditService::class)->find($auditId) : null;
if (!$auditLog) {
Flash::error(t('API audit entry not found'), 'audit/api-audit', 'api_audit_not_found');
Router::redirect('audit/api-audit');
}
Buffer::set('title', t('View API audit entry'));
$auditLog = AuditPageHelper::findOrRedirect(
AuditAuthorizationPolicy::ABILITY_API_AUDIT_VIEW,
ApiAuditService::class,
'audit/api-audit',
'API audit entry not found',
'api_audit_not_found',
'View API audit entry',
$id ?? null
);

View File

@@ -1,23 +1,16 @@
<?php
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
use MintyPHP\Module\Audit\Service\ImportAuditService;
use MintyPHP\Module\Audit\Support\AuditPageHelper;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Module\Audit\AuditAuthorizationPolicy::ABILITY_IMPORTS_AUDIT_PURGE);
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
Router::redirect('audit/import-audit');
}
$errorBag = formErrors();
if (!Session::checkCsrfToken()) {
$errorBag->addGlobal(t('Form expired, please try again'));
flashFormErrors($errorBag, 'audit/import-audit', 'import_audit');
Router::redirect('audit/import-audit');
}
AuditPageHelper::requirePurgePost(
AuditAuthorizationPolicy::ABILITY_IMPORTS_AUDIT_PURGE,
'audit/import-audit',
'import_audit'
);
$deleted = app(ImportAuditService::class)->purgeExpired();
Flash::success(sprintf(t('%d import audit entries purged'), $deleted), 'audit/import-audit', 'import_audit_purged');

View File

@@ -1,18 +1,15 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Router;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
use MintyPHP\Module\Audit\Service\ImportAuditService;
use MintyPHP\Module\Audit\Support\AuditPageHelper;
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Module\Audit\AuditAuthorizationPolicy::ABILITY_IMPORTS_AUDIT_VIEW);
$runId = (int) ($id ?? 0);
$auditRun = $runId > 0 ? app(\MintyPHP\Module\Audit\Service\ImportAuditService::class)->find($runId) : null;
if (!$auditRun) {
Flash::error(t('Import audit entry not found'), 'audit/import-audit', 'import_audit_not_found');
Router::redirect('audit/import-audit');
}
Buffer::set('title', t('View import audit entry'));
$auditRun = AuditPageHelper::findOrRedirect(
AuditAuthorizationPolicy::ABILITY_IMPORTS_AUDIT_VIEW,
ImportAuditService::class,
'audit/import-audit',
'Import audit entry not found',
'import_audit_not_found',
'View import audit entry',
$id ?? null
);

View File

@@ -3,24 +3,15 @@
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
use MintyPHP\Module\Audit\Domain\SystemAuditOutcome;
use MintyPHP\Module\Audit\Service\SystemAuditService;
use MintyPHP\Module\Audit\Support\AuditPageHelper;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
Guard::requireLogin();
Guard::requireAbility(AuditAuthorizationPolicy::ABILITY_SYSTEM_AUDIT_PURGE);
if (strtoupper((string) requestInput()->method()) !== 'POST') {
Router::redirect('audit/system-audit');
}
$errorBag = formErrors();
if (!Session::checkCsrfToken()) {
$errorBag->addGlobal(t('Form expired, please try again'));
flashFormErrors($errorBag, 'audit/system-audit', 'system_audit');
Router::redirect('audit/system-audit');
}
AuditPageHelper::requirePurgePost(
AuditAuthorizationPolicy::ABILITY_SYSTEM_AUDIT_PURGE,
'audit/system-audit',
'system_audit'
);
$service = app(SystemAuditService::class);
$deleted = $service->purgeExpired();

View File

@@ -1,20 +1,15 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
use MintyPHP\Module\Audit\Service\SystemAuditService;
use MintyPHP\Router;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
use MintyPHP\Module\Audit\Support\AuditPageHelper;
Guard::requireLogin();
Guard::requireAbility(AuditAuthorizationPolicy::ABILITY_SYSTEM_AUDIT_VIEW);
$auditId = (int) ($id ?? 0);
$auditLog = $auditId > 0 ? app(SystemAuditService::class)->find($auditId) : null;
if (!$auditLog) {
Flash::error(t('System audit entry not found'), 'audit/system-audit', 'system_audit_not_found');
Router::redirect('audit/system-audit');
}
Buffer::set('title', t('View system audit entry'));
$auditLog = AuditPageHelper::findOrRedirect(
AuditAuthorizationPolicy::ABILITY_SYSTEM_AUDIT_VIEW,
SystemAuditService::class,
'audit/system-audit',
'System audit entry not found',
'system_audit_not_found',
'View system audit entry',
$id ?? null
);

View File

@@ -1,24 +1,18 @@
<?php
use MintyPHP\Module\Audit\Service\UserLifecycleAuditService;
use MintyPHP\Module\Audit\Support\AuditPageHelper;
use MintyPHP\Router;
use MintyPHP\Session;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
Guard::requireLogin();
Guard::requireAbility(\MintyPHP\Service\Access\SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE);
AuditPageHelper::requirePurgePost(
SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE,
'audit/user-lifecycle-audit',
'user_lifecycle_audit'
);
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
Router::redirect('audit/user-lifecycle-audit');
}
$errorBag = formErrors();
if (!Session::checkCsrfToken()) {
$errorBag->addGlobal(t('Form expired, please try again'));
flashFormErrors($errorBag, 'audit/user-lifecycle-audit', 'user_lifecycle_audit');
Router::redirect('audit/user-lifecycle-audit');
}
$deleted = app(\MintyPHP\Module\Audit\Service\UserLifecycleAuditService::class)->purgeExpired();
$deleted = app(UserLifecycleAuditService::class)->purgeExpired();
Flash::success(
sprintf(t('%d user lifecycle audit entries purged'), $deleted),
'audit/user-lifecycle-audit',

View File

@@ -1,26 +1,25 @@
<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
use MintyPHP\Module\Audit\Domain\UserLifecycleAction;
use MintyPHP\Router;
use MintyPHP\Module\Audit\Service\UserLifecycleAuditService;
use MintyPHP\Module\Audit\Support\AuditPageHelper;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
Guard::requireAbility(AuditAuthorizationPolicy::ABILITY_USER_LIFECYCLE_VIEW);
$auditId = (int) ($id ?? 0);
$auditService = app(\MintyPHP\Module\Audit\Service\UserLifecycleAuditService::class);
$auditLog = $auditId > 0 ? $auditService->find($auditId) : null;
if (!$auditLog) {
Flash::error(t('Lifecycle audit entry not found'), 'audit/user-lifecycle-audit', 'user_lifecycle_audit_not_found');
Router::redirect('audit/user-lifecycle-audit');
}
$auditLog = AuditPageHelper::findOrRedirect(
AuditAuthorizationPolicy::ABILITY_USER_LIFECYCLE_VIEW,
UserLifecycleAuditService::class,
'audit/user-lifecycle-audit',
'Lifecycle audit entry not found',
'user_lifecycle_audit_not_found',
'View user lifecycle audit entry',
$id ?? null
);
$auditService = app(UserLifecycleAuditService::class);
$snapshot = null;
if ((string) ($auditLog['action'] ?? '') === UserLifecycleAction::Delete->value) {
$snapshot = $auditService->decryptSnapshot($auditLog);
@@ -29,5 +28,3 @@ $viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
(int) ($session['user']['id'] ?? 0),
['can_restore' => AuditAuthorizationPolicy::ABILITY_USER_LIFECYCLE_RESTORE]
);
Buffer::set('title', t('View user lifecycle audit entry'));