feat(core): UserProfileViewService + admin/users detail drawer
Extracts the user profile read-view into a core service + shared partial so
modules no longer duplicate the assignment/scope logic, and migrates the
admin/users list as the drawer's second consumer.
Consolidation:
- `core/Service/User/UserProfileViewService` owns the single read-path that
resolves tenants/departments/roles for a user UUID, enforces scope-aware
department visibility, and returns a consistent `{status, user}` shape.
- `templates/partials/app-user-profile.phtml` is the shared render template;
takes `$profileKey` for storage namespace + lightbox grouping.
- `AddressBookService::buildViewContext()` shrinks to a one-line delegation
and drops its `UserAssignmentService` dependency. The old
`modules/addressbook/templates/address-book-profile.phtml` is removed.
admin/users migration:
- `pages/admin/users/view-fragment($id).php` + `(none).phtml` use the core
service and enforce `ABILITY_ADMIN_USERS_VIEW`.
- `admin-users-index.js` replaces the grid-native `linkColumn` on the first
name with a formatter that emits `data-drawer-trigger`; `linkColumn` is
disabled so the drawer click handler wins. `fullUrl` points at the edit
form — drawer → edit is one click.
- Drawer labels wired via page config.
The new `DetailDrawerFragmentContractTest` validated the users fragment
endpoint automatically — no manual test additions were needed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -141,6 +141,12 @@ $pageConfig = [
|
||||
'bulkSendAccessConfirm' => t('Send access emails to selected users?'),
|
||||
'bulkAccessPdfConfirm' => t('Generate access PDFs for selected users?'),
|
||||
'primaryTenant' => t('Primary tenant'),
|
||||
'drawerClose' => t('Close'),
|
||||
'drawerPrev' => t('Previous'),
|
||||
'drawerNext' => t('Next'),
|
||||
'drawerOpenFull' => t('Open full page'),
|
||||
'drawerLoading' => t('Loading'),
|
||||
'drawerError' => t('Failed to load'),
|
||||
'bulkMessages' => [
|
||||
'activate' => [
|
||||
'success' => t('%d users activated'),
|
||||
|
||||
45
pages/admin/users/view-fragment($id).php
Normal file
45
pages/admin/users/view-fragment($id).php
Normal file
@@ -0,0 +1,45 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Http\SessionStoreInterface;
|
||||
use MintyPHP\Service\Access\AuthorizationService;
|
||||
use MintyPHP\Service\Access\UserAuthorizationPolicy;
|
||||
use MintyPHP\Service\User\UserProfileViewService;
|
||||
use MintyPHP\Support\Guard;
|
||||
|
||||
$session = app(SessionStoreInterface::class)->all();
|
||||
Guard::requireLogin();
|
||||
|
||||
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
||||
$uuid = trim((string) ($id ?? ''));
|
||||
if ($uuid === '') {
|
||||
http_response_code(400);
|
||||
return;
|
||||
}
|
||||
|
||||
$decision = app(AuthorizationService::class)->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [
|
||||
'actor_user_id' => $currentUserId,
|
||||
]);
|
||||
if (!$decision->isAllowed()) {
|
||||
http_response_code(403);
|
||||
$user = null;
|
||||
return;
|
||||
}
|
||||
|
||||
$profile = app(UserProfileViewService::class)->buildProfile($currentUserId, $uuid);
|
||||
$status = (string) ($profile['status'] ?? '');
|
||||
if ($status === 'not_found' || $status === 'invalid_uuid') {
|
||||
http_response_code(404);
|
||||
$user = null;
|
||||
return;
|
||||
}
|
||||
if ($status === 'forbidden') {
|
||||
http_response_code(403);
|
||||
$user = null;
|
||||
return;
|
||||
}
|
||||
$user = $profile['user'] ?? null;
|
||||
if (!is_array($user)) {
|
||||
http_response_code(404);
|
||||
$user = null;
|
||||
return;
|
||||
}
|
||||
6
pages/admin/users/view-fragment(none).phtml
Normal file
6
pages/admin/users/view-fragment(none).phtml
Normal file
@@ -0,0 +1,6 @@
|
||||
<?php
|
||||
if (!isset($user) || !is_array($user)) {
|
||||
return;
|
||||
}
|
||||
$profileKey = 'admin-users-profile';
|
||||
require templatePath('partials/app-user-profile.phtml');
|
||||
Reference in New Issue
Block a user