all(); Guard::requireLogin(); $authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class); $userAccountService = app(\MintyPHP\Service\User\UserAccountService::class); $apiTokenService = app(\MintyPHP\Service\Auth\ApiTokenService::class); $uuid = trim((string) ($id ?? '')); $user = $uuid !== '' ? $userAccountService->findByUuid($uuid) : null; if (!$user) { Router::redirect('admin/users'); } $userId = (int) ($user['id'] ?? 0); $currentUserId = (int) ($session['user']['id'] ?? 0); $decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_API_TOKENS_MANAGE, [ 'actor_user_id' => $currentUserId, 'target_user_id' => $userId, ]); if (!$decision->isAllowed()) { Router::redirect('error/forbidden'); return; } if (!Session::checkCsrfToken()) { Flash::error(t('Form expired, please try again'), "admin/users/edit/{$uuid}", 'csrf_expired'); Router::redirect("admin/users/edit/{$uuid}"); return; } $name = trim((string) (requestInput()->bodyAll()['token_name'] ?? '')); if ($name === '') { Flash::error(t('Token name is required'), "admin/users/edit/{$uuid}", 'api_token_error'); Router::redirect("admin/users/edit/{$uuid}"); } $result = $apiTokenService->create($userId, $name, null, null, $currentUserId); if ($result['ok'] ?? false) { $sessionStore->set('api_token_created', ['token' => $result['token'], 'uuid' => $uuid]); Flash::success(t('API token created. Copy it now — it will not be shown again.'), "admin/users/edit/{$uuid}", 'api_token_created'); } else { $error = $result['error'] ?? 'create_failed'; Flash::error(t('Could not create API token: %s', $error), "admin/users/edit/{$uuid}", 'api_token_error'); } Router::redirect("admin/users/edit/{$uuid}");