all(); Guard::requireLogin(); $request = requestInput(); $currentUserId = (int) ($session['user']['id'] ?? 0); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [ 'actor_user_id' => $currentUserId, ]); if (!$viewDecision->isAllowed()) { Guard::deny(); } $viewCapabilities = $viewDecision->attribute('capabilities', []); $canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false; $adminSettingsService = app(AdminSettingsService::class); $pageData = $adminSettingsService->buildPageData(); $values = is_array($pageData['values'] ?? null) ? $pageData['values'] : []; $settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : []; $activeApiTokens = (int) ($pageData['active_api_tokens'] ?? 0); if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/api', 'admin/settings/api', 'csrf_expired')) { return; } if ($request->isMethod('POST')) { $updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [ 'actor_user_id' => $currentUserId, ]); if (!$updateDecision->isAllowed()) { Guard::deny(); } $sectionKeys = [ 'api_token_default_ttl_days', 'api_token_max_ttl_days', 'api_cors_allowed_origins', ]; $mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys); $updateResult = $adminSettingsService->updateFromAdmin($mergedPost); $errorBag = formErrors(); foreach ((array) ($updateResult['errors'] ?? []) as $error) { if (is_array($error)) { $message = trim((string) ($error['message'] ?? '')); $field = trim((string) ($error['field'] ?? 'input')); if ($message !== '') { $errorBag->add($field !== '' ? $field : 'input', $message); } continue; } $message = trim((string) $error); if ($message !== '') { $errorBag->addGlobal($message); } } if ($errorBag->hasAny()) { flashFormErrors($errorBag, 'admin/settings/api', 'settings_update_error'); Router::redirect('admin/settings/api'); } $redirectTarget = ((string) $request->body('action', 'save') === 'save_close') ? 'admin/settings' : 'admin/settings/api'; Flash::success('Settings updated', $redirectTarget, 'settings_updated'); Router::redirect($redirectTarget); } Buffer::set('title', t('API settings')); $breadcrumbs = [ ['label' => t('Home'), 'path' => 'admin'], ['label' => t('Settings'), 'path' => 'admin/settings'], ['label' => t('API')], ];