refactor(settings): split security into 4 focused tiles
Extracts user-lifecycle, audit and telemetry from the security subpage into their own tiles, and renames the slimmed-down security subpage to account-access for a clearer scope. Each subpage now has at most three detail cards instead of the eight previously crowded into security. Hub gains four tiles, sub-action redirects (expire-remember-tokens, run-user-lifecycle) move to their new sections, architecture tests track the new section list and i18n adds the new labels in de + en. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
84
pages/admin/settings/user-lifecycle().php
Normal file
84
pages/admin/settings/user-lifecycle().php
Normal file
@@ -0,0 +1,84 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Buffer;
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
||||
use MintyPHP\Service\Settings\AdminSettingsService;
|
||||
use MintyPHP\Support\Flash;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
$request = requestInput();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$viewDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
$viewCapabilities = $viewDecision->attribute('capabilities', []);
|
||||
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
|
||||
|
||||
$adminSettingsService = app(AdminSettingsService::class);
|
||||
$pageData = $adminSettingsService->buildPageData();
|
||||
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
|
||||
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
|
||||
|
||||
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/user-lifecycle', 'admin/settings/user-lifecycle', 'csrf_expired')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($request->isMethod('POST')) {
|
||||
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$updateDecision->isAllowed()) {
|
||||
Guard::deny();
|
||||
}
|
||||
|
||||
$sectionKeys = [
|
||||
'user_inactivity_deactivate_days',
|
||||
'user_inactivity_delete_days',
|
||||
];
|
||||
$mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys);
|
||||
|
||||
$updateResult = $adminSettingsService->updateFromAdmin($mergedPost);
|
||||
$errorBag = formErrors();
|
||||
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
|
||||
if (is_array($error)) {
|
||||
$message = trim((string) ($error['message'] ?? ''));
|
||||
$field = trim((string) ($error['field'] ?? 'input'));
|
||||
if ($message !== '') {
|
||||
$errorBag->add($field !== '' ? $field : 'input', $message);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
$message = trim((string) $error);
|
||||
if ($message !== '') {
|
||||
$errorBag->addGlobal($message);
|
||||
}
|
||||
}
|
||||
|
||||
if ($errorBag->hasAny()) {
|
||||
flashFormErrors($errorBag, 'admin/settings/user-lifecycle', 'settings_update_error');
|
||||
Router::redirect('admin/settings/user-lifecycle');
|
||||
}
|
||||
|
||||
$redirectTarget = ((string) $request->body('action', 'save') === 'save_close')
|
||||
? 'admin/settings'
|
||||
: 'admin/settings/user-lifecycle';
|
||||
Flash::success('Settings updated', $redirectTarget, 'settings_updated');
|
||||
Router::redirect($redirectTarget);
|
||||
}
|
||||
|
||||
Buffer::set('title', t('User lifecycle settings'));
|
||||
|
||||
$breadcrumbs = [
|
||||
['label' => t('Home'), 'path' => 'admin'],
|
||||
['label' => t('Settings'), 'path' => 'admin/settings'],
|
||||
['label' => t('User lifecycle')],
|
||||
];
|
||||
Reference in New Issue
Block a user