refactor(actions): introduce action-context helpers (step 1)
Six orthogonal building blocks plus three cluster aggregators in
core/Support/helpers/action_context.php, preparing consolidation of the
~40-60 line vorspiel duplicated across edit/create/view-fragment actions.
Step 1 of a planned 3-step rollout: no production call sites yet —
pages/ and modules/ are untouched. Architecture tests freeze the
building-block signatures and verify drawer-fragment AuthZ parity.
GR-SEC-009 is structurally enforced via the actionDeriveTenantScope
return shape (PHPStan array{scope: 'all'|'list', ids: list<int>});
'all' is unreachable without an explicit can_manage_all_tenants flag.
Aggregator docblocks carry a mandatory CSRF-pairing warning per
GR-SEC-001; actionBuildViewAuth flags the e()-escape obligation per
GR-SEC-010.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,4 +1,7 @@
|
||||
{
|
||||
"action.context.forbidden": "Zugriff verweigert",
|
||||
"action.context.model_not_found": "Datensatz nicht gefunden",
|
||||
"action.context.tenant_scope_violation": "Zugriff außerhalb des erlaubten Mandantenbereichs",
|
||||
"%d active API tokens": "%d aktive API-Tokens",
|
||||
"%d active login tokens": "%d aktive Login-Tokens",
|
||||
"%d API audit entries purged": "%d API-Protokoll-Einträge bereinigt",
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
{
|
||||
"action.context.forbidden": "Access denied",
|
||||
"action.context.model_not_found": "Record not found",
|
||||
"action.context.tenant_scope_violation": "Access outside allowed tenant scope",
|
||||
"%d active API tokens": "%d active API tokens",
|
||||
"%d active login tokens": "%d active login tokens",
|
||||
"%d API audit entries purged": "%d API log entries purged",
|
||||
|
||||
Reference in New Issue
Block a user