getUserPermissions($userId); return in_array($permissionKey, $keys, true); } public function getUserPermissions(int $userId, bool $refresh = false): array { if ($userId <= 0) { return []; } if ($this->isApiRequest()) { if (!$refresh && isset($this->apiPermissionCache[$userId])) { return $this->apiPermissionCache[$userId]; } $roleIds = $this->userRoleRepository->listRoleIdsByUserId($userId); $keys = $this->rolePermissionRepository->listPermissionKeysByRoleIds($roleIds); $this->apiPermissionCache[$userId] = $keys; return $keys; } $cache = $_SESSION['permissions'] ?? null; if ($refresh) { $cache = null; } if (is_array($cache) && (int) ($cache['user_id'] ?? 0) === $userId) { $keys = $cache['keys'] ?? []; if (is_array($keys)) { return $keys; } } $roleIds = $this->userRoleRepository->listRoleIdsByUserId($userId); $keys = $this->rolePermissionRepository->listPermissionKeysByRoleIds($roleIds); $_SESSION['permissions'] = [ 'user_id' => $userId, 'keys' => $keys, ]; return $keys; } public function getCachedPermissions(int $userId): array { if ($userId <= 0) { return []; } if ($this->isApiRequest()) { return $this->apiPermissionCache[$userId] ?? []; } $cache = $_SESSION['permissions'] ?? null; if (is_array($cache) && (int) ($cache['user_id'] ?? 0) === $userId) { $keys = $cache['keys'] ?? []; return is_array($keys) ? $keys : []; } return []; } public function clearUserCache(int $userId): void { if ($this->isApiRequest()) { unset($this->apiPermissionCache[$userId]); return; } $cache = $_SESSION['permissions'] ?? null; if (is_array($cache) && (int) ($cache['user_id'] ?? 0) === $userId) { unset($_SESSION['permissions']); } } private function isApiRequest(): bool { return defined('MINTY_API_REQUEST'); } public function list(): array { return $this->permissionRepository->list(); } public function listActive(): array { return $this->permissionRepository->listActive(); } public function listPaged(array $options): array { return $this->permissionRepository->listPaged($options); } public function find(int $id): ?array { return $this->permissionRepository->find($id); } public function findByKey(string $key): ?array { return $this->permissionRepository->findByKey($key); } public function createFromAdmin(array $input): array { $form = $this->sanitizeBase($input); $errors = $this->validateBase($form); if ($errors) { return ['ok' => false, 'errors' => $errors, 'form' => $form]; } if ($this->permissionRepository->findByKey($form['key'])) { return ['ok' => false, 'errors' => [t('Permission key already exists')], 'form' => $form]; } $createdId = $this->permissionRepository->create($form); if (!$createdId) { return ['ok' => false, 'errors' => [t('Permission can not be created')], 'form' => $form]; } return ['ok' => true, 'form' => $form, 'id' => (int) $createdId]; } public function updateFromAdmin(int $id, array $input): array { $form = $this->sanitizeBase($input); $errors = $this->validateBase($form); if ($errors) { return ['ok' => false, 'errors' => $errors, 'form' => $form]; } $existing = $this->permissionRepository->findByKey($form['key']); if ($existing && (int) ($existing['id'] ?? 0) !== $id) { return ['ok' => false, 'errors' => [t('Permission key already exists')], 'form' => $form]; } $updated = $this->permissionRepository->update($id, $form); if (!$updated) { return ['ok' => false, 'errors' => [t('Permission can not be updated')], 'form' => $form]; } return ['ok' => true, 'form' => $form]; } public function deleteById(int $id): array { $permission = $this->permissionRepository->find($id); if (!$permission) { return ['ok' => false, 'status' => 404, 'error' => 'not_found']; } if ((int) ($permission['is_system'] ?? 0) === 1) { return ['ok' => false, 'status' => 403, 'error' => 'system_permission_protected']; } $deleted = $this->permissionRepository->delete($id); if (!$deleted) { return ['ok' => false, 'status' => 500, 'error' => 'delete_failed']; } return ['ok' => true, 'permission' => $permission]; } private function sanitizeBase(array $input): array { return [ 'key' => trim((string) ($input['key'] ?? '')), 'description' => trim((string) ($input['description'] ?? '')), 'active' => $this->normalizeActive($input['active'] ?? 1), 'is_system' => $this->normalizeFlag($input['is_system'] ?? 0), ]; } private function validateBase(array $form): array { $errors = []; if ($form['key'] === '') { $errors[] = t('Permission key cannot be empty'); } elseif (!preg_match('/^[a-z0-9._-]+$/i', $form['key'])) { $errors[] = t('Permission key is invalid'); } return $errors; } private function normalizeActive($value): int { $value = strtolower(trim((string) $value)); if (in_array($value, ['0', 'false', 'inactive'], true)) { return 0; } return 1; } private function normalizeFlag($value): int { if (is_bool($value)) { return $value ? 1 : 0; } $value = strtolower(trim((string) $value)); if (in_array($value, ['1', 'true', 'yes', 'on'], true)) { return 1; } return 0; } }