all(); Guard::requireLogin(); $request = requestInput(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $currentUserId = (int) ($session['user']['id'] ?? 0); if ($currentUserId > 0) { app(\MintyPHP\Service\Access\PermissionGateway::class)->getUserPermissions($currentUserId); } $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $departmentService = app(\MintyPHP\Service\Org\DepartmentService::class); $tenantService = app(\MintyPHP\Service\Tenant\TenantService::class); $directoryScopeGateway = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class); $uuid = trim((string) ($id ?? '')); $department = $uuid !== '' ? $departmentService->findByUuid($uuid) : null; if (!$department) { Flash::error('Department not found', 'admin/departments', 'department_not_found'); Router::redirect('admin/departments'); } $departmentId = (int) ($department['id'] ?? 0); $contextDecision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_CONTEXT, [ 'actor_user_id' => $currentUserId, 'target_department_id' => $departmentId, ]); if (!$contextDecision->isAllowed()) { Router::redirect('error/forbidden'); return; } $capabilities = $contextDecision->attribute('capabilities', []); if (!is_array($capabilities)) { $capabilities = []; } $canViewPage = (bool) ($capabilities['can_view_page'] ?? false); $canUpdateDepartment = (bool) ($capabilities['can_update_department'] ?? false); $viewAuth['page'] = [ 'can_update_department' => $canUpdateDepartment, ]; $allowedTenantIdsRaw = $capabilities['allowed_tenant_ids'] ?? []; $allowedTenantIds = is_array($allowedTenantIdsRaw) ? array_values(array_unique(array_filter(array_map('intval', $allowedTenantIdsRaw), static fn (int $tenantId): bool => $tenantId > 0))) : []; if (!$canViewPage) { Router::redirect('error/forbidden'); return; } $creatorId = (int) ($department['created_by'] ?? 0); if ($creatorId > 0) { $creator = $userAccountService->findById($creatorId); if ($creator) { $creatorName = trim(($creator['first_name'] ?? '') . ' ' . ($creator['last_name'] ?? '')); $department['created_by_label'] = $creatorName !== '' ? $creatorName : ($creator['email'] ?? ''); $department['created_by_uuid'] = $creator['uuid'] ?? null; } } $modifierId = (int) ($department['modified_by'] ?? 0); if ($modifierId > 0) { $modifier = $userAccountService->findById($modifierId); if ($modifier) { $modifierName = trim(($modifier['first_name'] ?? '') . ' ' . ($modifier['last_name'] ?? '')); $department['modified_by_label'] = $modifierName !== '' ? $modifierName : ($modifier['email'] ?? ''); $department['modified_by_uuid'] = $modifier['uuid'] ?? null; } } $errorBag = formErrors(); $errors = []; $warnings = []; $form = $department; $tenants = $tenantService->list(); if ($allowedTenantIds) { $tenants = array_values(array_filter($tenants, static function (array $tenant) use ($allowedTenantIds): bool { $tenantId = (int) ($tenant['id'] ?? 0); return $tenantId > 0 && in_array($tenantId, $allowedTenantIds, true); })); if (!in_array((int) ($form['tenant_id'] ?? 0), $allowedTenantIds, true)) { $form['tenant_id'] = 0; } } elseif ($directoryScopeGateway->isStrict()) { $tenants = []; $form['tenant_id'] = 0; } if ($request->isMethod('POST') && !Session::checkCsrfToken()) { Flash::error(t('Form expired, please try again'), "admin/departments/edit/{$uuid}", 'csrf_expired'); Router::redirect("admin/departments/edit/{$uuid}"); return; } if ($request->hasBody('description')) { $submitDecision = $authorizationService->authorize(DepartmentAuthorizationPolicy::ABILITY_ADMIN_DEPARTMENTS_EDIT_SUBMIT, [ 'actor_user_id' => $currentUserId, 'target_department_id' => $departmentId, 'input' => $request->bodyAll(), ]); if (!$submitDecision->isAllowed()) { Router::redirect('error/forbidden'); return; } $submitCapabilities = $submitDecision->attribute('capabilities', []); if (is_array($submitCapabilities)) { $canUpdateDepartment = (bool) ($submitCapabilities['can_update_department'] ?? $canUpdateDepartment); $viewAuth['page'] = [ 'can_update_department' => $canUpdateDepartment, ]; } if (!$canUpdateDepartment) { Router::redirect('error/forbidden'); return; } $selectedTenantId = $request->bodyInt('tenant_id'); if ($allowedTenantIds) { $selectedTenantId = in_array($selectedTenantId, $allowedTenantIds, true) ? $selectedTenantId : 0; } elseif ($directoryScopeGateway->isStrict()) { $selectedTenantId = 0; } $input = $request->bodyAll(); $input['tenant_id'] = $selectedTenantId; $result = $departmentService->updateFromAdmin($departmentId, $input, $currentUserId); $form = $result['form'] ?? $form; $errorBag->merge($result['errors'] ?? []); $warnings = $result['warnings'] ?? []; $form['tenant_id'] = $selectedTenantId; if (($result['ok'] ?? false) && !$errorBag->hasAny()) { $cleaned = $departmentService->cleanupUserAssignments($departmentId); $action = (string) $request->body('action', 'save'); if ($cleaned > 0) { Flash::info(t('Department assignments cleaned: %d', $cleaned), "admin/departments/edit/{$uuid}", 'department_assignments_cleaned'); } if ($action === 'save_close') { if ($warnings) { Flash::info(implode(' ', $warnings), 'admin/departments', 'department_warning'); } Flash::success('Department updated', 'admin/departments', 'department_updated'); Router::redirect('admin/departments'); } else { if ($warnings) { Flash::info(implode(' ', $warnings), "admin/departments/edit/{$uuid}", 'department_warning'); } Flash::success('Department updated', "admin/departments/edit/{$uuid}", 'department_updated'); Router::redirect("admin/departments/edit/{$uuid}"); } } } $validationSummaryErrors = $errorBag->toArray(); $errors = $errorBag->toFlatList(); Buffer::set('title', t('Edit department'));