all(); Guard::requireLogin(); $request = requestInput(); $returnTarget = requestResolveReturnTarget(); $closeTarget = requestResolveReturnTarget('admin/departments'); $createTarget = requestPathWithReturnTarget('admin/departments/create', $returnTarget); $tenantService = app(\MintyPHP\Service\Tenant\TenantService::class); $directoryScopeGateway = app(\MintyPHP\Service\Tenant\TenantScopeService::class); $departmentService = app(\MintyPHP\Service\Org\DepartmentService::class); $currentUserId = (int) ($session['user']['id'] ?? 0); $context = actionCreateContext([ 'abilityKey' => DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_CREATE, 'context' => ['actor_user_id' => $currentUserId], 'viewAuthFlags' => [], 'forbiddenStrategy' => 'deny', ]); $capabilities = $context['capabilities']; $tenantScope = $context['tenantScope']; $viewAuth = $context['viewAuth']; $canManageAllTenants = $tenantScope['scope'] === 'all'; $allowedTenantIds = toIntIds($capabilities['allowed_tenant_ids'] ?? []); $isStrictScope = (bool) ($capabilities['is_strict_scope'] ?? false); $errorBag = formErrors(); $errors = []; $warnings = []; $form = [ 'description' => '', 'tenant_id' => 0, 'code' => '', 'cost_center' => '', 'active' => '1', ]; $tenants = $tenantService->list(); if ($canManageAllTenants) { // No filtering — actor may pick any tenant. } elseif ($allowedTenantIds) { $tenants = array_values(array_filter($tenants, static function (array $tenant) use ($allowedTenantIds): bool { $tenantId = (int) ($tenant['id'] ?? 0); return $tenantId > 0 && in_array($tenantId, $allowedTenantIds, true); })); } elseif ($isStrictScope) { $tenants = []; } if ($request->isMethod('POST') && !actionRequireCsrf($createTarget, $createTarget, 'csrf_expired')) { return; } if ($request->isMethod('POST')) { $selectedTenantId = $request->bodyInt('tenant_id'); $selectedTenantIds = $directoryScopeGateway->filterTenantIdsForUser([$selectedTenantId], $currentUserId); $selectedTenantId = (int) ($selectedTenantIds[0] ?? 0); $input = $request->bodyAll(); $input['tenant_id'] = $selectedTenantId; $result = $departmentService->createFromAdmin($input, $currentUserId); $form = $result['form'] ?? $form; $errorBag->merge($result['errors'] ?? []); $warnings = $result['warnings'] ?? []; $form['tenant_id'] = $selectedTenantId; if (($result['ok'] ?? false) && !$errorBag->hasAny()) { $action = (string) $request->body('action', 'create'); if ($action === 'create_close') { if ($warnings) { Flash::info(implode(' ', $warnings), $closeTarget, 'department_warning'); } Flash::success(t('Department created'), $closeTarget, 'department_created'); Router::redirect($closeTarget); } else { $uuid = (string) ($result['uuid'] ?? ''); if ($uuid !== '') { $target = requestPathWithReturnTarget("admin/departments/edit/{$uuid}", $returnTarget); if ($warnings) { Flash::info(implode(' ', $warnings), $target, 'department_warning'); } Flash::success(t('Department created'), $target, 'department_created'); Router::redirect($target); } else { if ($warnings) { Flash::info(implode(' ', $warnings), $closeTarget, 'department_warning'); } Flash::success(t('Department created'), $closeTarget, 'department_created'); Router::redirect($closeTarget); } } } } $validationSummaryErrors = $errorBag->toArray(); $errors = $errorBag->toFlatList(); Buffer::set('title', t('Create department')); $breadcrumbs = [ ['label' => t('Home'), 'path' => 'admin'], ['label' => t('Departments'), 'path' => 'admin/departments'], ['label' => t('Create department')], ];