refactor(actions): complete admin request/csrf guard centralization

This commit is contained in:
2026-04-24 19:00:13 +02:00
parent 5e705f780d
commit d7b73fcefe
18 changed files with 464 additions and 67 deletions

View File

@@ -1,22 +1,32 @@
<?php
use MintyPHP\Service\Access\TenantAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
Guard::requireLogin();
header('Content-Type: application/json; charset=utf-8');
if (requestInput()->method() !== 'POST') {
http_response_code(405);
echo json_encode(['ok' => false, 'error' => 'Method not allowed']);
if (!actionRequirePost(
'admin/tenants',
jsonAware: true,
jsonError: 'Method not allowed',
jsonPayload: ['ok' => false, 'error' => 'Method not allowed'],
forceJson: true
)) {
return;
}
if (!Session::checkCsrfToken()) {
http_response_code(403);
echo json_encode(['ok' => false, 'error' => 'CSRF token invalid']);
if (!actionRequireCsrf(
'admin/tenants',
jsonAware: true,
jsonError: 'CSRF token invalid',
jsonStatusCode: 403,
jsonPayload: ['ok' => false, 'error' => 'CSRF token invalid'],
flashOnFailure: false,
redirectOnFailure: false,
forceJson: true
)) {
return;
}