all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $tenantAvatarService = app(\MintyPHP\Service\Tenant\TenantAvatarService::class); if ((requestInput()->method()) !== 'POST') { Router::redirect('admin/tenants'); return; } $errorBag = formErrors(); $uuid = trim((string) ($id ?? '')); if (!$tenantAvatarService->isValidUuid($uuid)) { $errorBag->addGlobal('Tenant not found'); flashFormErrors($errorBag, 'admin/tenants', 'tenant_avatar'); Router::redirect('admin/tenants'); return; } $tenant = app(\MintyPHP\Service\Tenant\TenantService::class)->findByUuid($uuid); $tenantId = (int) ($tenant['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE, [ 'actor_user_id' => $currentUserId, 'target_tenant_id' => $tenantId, ]); if (!$decision->isAllowed()) { Router::redirect('error/forbidden'); return; } $result = $tenantAvatarService->saveUpload($uuid, requestInput()->filesAll()['avatar'] ?? []); if (!($result['ok'] ?? false)) { $error = $result['error'] ?? t('Upload failed'); $errorBag->addGlobal((string) $error); flashFormErrors($errorBag, "admin/tenants/edit/{$uuid}", 'tenant_avatar_upload'); Router::redirect("admin/tenants/edit/{$uuid}"); return; } Flash::success('Avatar updated', "admin/tenants/edit/{$uuid}", 'tenant_avatar_updated'); Router::redirect("admin/tenants/edit/{$uuid}");