all(); Guard::requireLogin(); $request = requestInput(); $currentUserId = (int) ($session['user']['id'] ?? 0); if ($currentUserId > 0) { app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId); } $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $uuid = trim((string) ($id ?? '')); $tenant = $uuid !== '' ? app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid) : null; if (!$tenant) { Flash::error('Tenant not found', 'admin/tenants', 'tenant_not_found'); Router::redirect('admin/tenants'); } $tenantId = (int) ($tenant['id'] ?? 0); $tenantSsoService = app(\MintyPHP\Service\Auth\TenantSsoService::class); $authService = app(\MintyPHP\Service\Auth\AuthService::class); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $contextDecision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_EDIT_CONTEXT, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, ]); if (!$contextDecision->isAllowed()) { Router::redirect('error/forbidden'); return; } $capabilities = $contextDecision->attribute('capabilities', []); if (!is_array($capabilities)) { $capabilities = []; } $canViewPage = (bool) ($capabilities['can_view_page'] ?? false); $canUpdateTenant = (bool) ($capabilities['can_update_tenant'] ?? false); $canManageCustomFields = (bool) ($capabilities['can_manage_custom_fields'] ?? false); $canManageSso = (bool) ($capabilities['can_manage_sso'] ?? false); $viewAuth['page'] = [ 'can_update_tenant' => $canUpdateTenant, 'can_manage_custom_fields' => $canManageCustomFields, 'can_manage_sso' => $canManageSso, ]; if (!$canViewPage) { Router::redirect('error/forbidden'); return; } $tenantCustomFieldService = app(TenantCustomFieldService::class); $customFieldDefinitions = $canManageCustomFields ? $tenantCustomFieldService->listForTenant($tenantId) : []; $ssoConfig = $canManageSso ? $tenantSsoService->getTenantMicrosoftAuth($tenantId) : []; $ssoUiState = $canManageSso ? $tenantSsoService->buildMicrosoftUiState($tenantId, $ssoConfig) : []; $creatorId = (int) ($tenant['created_by'] ?? 0); if ($creatorId > 0) { $creator = $userAccountService->findById($creatorId); if ($creator) { $creatorName = trim(($creator['first_name'] ?? '') . ' ' . ($creator['last_name'] ?? '')); $tenant['created_by_label'] = $creatorName !== '' ? $creatorName : ($creator['email'] ?? ''); $tenant['created_by_uuid'] = $creator['uuid'] ?? null; } } $modifierId = (int) ($tenant['modified_by'] ?? 0); if ($modifierId > 0) { $modifier = $userAccountService->findById($modifierId); if ($modifier) { $modifierName = trim(($modifier['first_name'] ?? '') . ' ' . ($modifier['last_name'] ?? '')); $tenant['modified_by_label'] = $modifierName !== '' ? $modifierName : ($modifier['email'] ?? ''); $tenant['modified_by_uuid'] = $modifier['uuid'] ?? null; } } $statusChangedById = (int) ($tenant['status_changed_by'] ?? 0); if ($statusChangedById > 0) { $statusChanger = $userAccountService->findById($statusChangedById); if ($statusChanger) { $statusChangerName = trim(($statusChanger['first_name'] ?? '') . ' ' . ($statusChanger['last_name'] ?? '')); $tenant['status_changed_by_label'] = $statusChangerName !== '' ? $statusChangerName : ($statusChanger['email'] ?? ''); $tenant['status_changed_by_uuid'] = $statusChanger['uuid'] ?? null; } } $errorBag = formErrors(); $errors = []; $form = array_merge($tenant, $ssoConfig); if ($request->hasBody('description')) { $post = $request->bodyAll(); $submitDecision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_EDIT_SUBMIT, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, 'input' => $post, ]); if (!$submitDecision->isAllowed()) { Router::redirect('error/forbidden'); return; } $submitCapabilities = $submitDecision->attribute('capabilities', []); if (is_array($submitCapabilities)) { $canUpdateTenant = (bool) ($submitCapabilities['can_update_tenant'] ?? $canUpdateTenant); $canManageCustomFields = (bool) ($submitCapabilities['can_manage_custom_fields'] ?? $canManageCustomFields); $canManageSso = (bool) ($submitCapabilities['can_manage_sso'] ?? $canManageSso); $viewAuth['page'] = [ 'can_update_tenant' => $canUpdateTenant, 'can_manage_custom_fields' => $canManageCustomFields, 'can_manage_sso' => $canManageSso, ]; } if (!$canUpdateTenant) { Router::redirect('error/forbidden'); return; } $result = app(\MintyPHP\Service\Tenant\TenantService::class)->updateFromAdmin($tenantId, $post, $currentUserId); $form = $result['form'] ?? $form; $errorBag->merge($result['errors'] ?? []); if (($result['ok'] ?? false) && !$errorBag->hasAny()) { if ($canManageSso) { $ssoSaveResult = $tenantSsoService->saveTenantMicrosoftAuth($tenantId, $post); if (!($ssoSaveResult['ok'] ?? false)) { $errorBag->merge($ssoSaveResult['errors'] ?? [t('Tenant SSO settings could not be saved')]); } } } if (($result['ok'] ?? false) && !$errorBag->hasAny()) { if ($currentUserId > 0) { $authService->loadTenantDataIntoSession($currentUserId); } $action = (string) ($post['action'] ?? 'save'); if ($action === 'save_close') { Flash::success('Tenant updated', 'admin/tenants', 'tenant_updated'); Router::redirect('admin/tenants'); } else { Flash::success('Tenant updated', "admin/tenants/edit/{$uuid}", 'tenant_updated'); Router::redirect("admin/tenants/edit/{$uuid}"); } } if ($canManageSso) { $form = array_merge($form, [ 'microsoft_enabled' => !empty($post['microsoft_enabled']) ? '1' : '0', 'enforce_microsoft_login' => !empty($post['enforce_microsoft_login']) ? '1' : '0', 'sync_profile_on_login' => !empty($post['sync_profile_on_login']) ? '1' : '0', 'sync_profile_fields_list' => $tenantSsoService->normalizeProfileSyncFields($post['sync_profile_fields'] ?? []), 'entra_tenant_id' => trim((string) ($post['entra_tenant_id'] ?? '')), 'allowed_domains' => trim((string) ($post['allowed_domains'] ?? '')), 'use_shared_app' => !empty($post['use_shared_app']) ? '1' : '0', 'client_id_override' => trim((string) ($post['client_id_override'] ?? '')), ]); $ssoUiState = $tenantSsoService->buildMicrosoftUiState($tenantId, $post); } } if ($canManageSso && empty($ssoUiState)) { $ssoUiState = $tenantSsoService->buildMicrosoftUiState($tenantId, $form); } $validationSummaryErrors = $errorBag->toArray(); $errors = $errorBag->toFlatList(); Buffer::set('title', t('Edit tenant'));