refactor(actions): centralize POST/CSRF guard flow
This commit is contained in:
@@ -12,8 +12,16 @@ Guard::requireLogin();
|
||||
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
||||
$userAccountService = app(\MintyPHP\Service\User\UserAccountService::class);
|
||||
|
||||
if ((requestInput()->method()) !== 'POST') {
|
||||
Router::redirect('admin/users');
|
||||
if (!actionRequirePost('admin/users')) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!actionRequireCsrf(
|
||||
'admin/users',
|
||||
'admin/users',
|
||||
'user_delete',
|
||||
jsonAware: true
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -26,13 +34,7 @@ $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_AD
|
||||
'actor_user_id' => $currentUserId,
|
||||
'target_user_id' => $userId,
|
||||
]);
|
||||
if (!$decision->isAllowed()) {
|
||||
if (Request::wantsJson()) {
|
||||
http_response_code($decision->status());
|
||||
Router::json(['error' => $decision->error()]);
|
||||
return;
|
||||
}
|
||||
Router::redirect('error/forbidden?url=' . urlencode(Request::pathWithQuery()));
|
||||
if (!actionAllowOrDeny($decision)) {
|
||||
return;
|
||||
}
|
||||
$result = $userAccountService->deleteByUuid($uuid, $currentUserId);
|
||||
|
||||
Reference in New Issue
Block a user