Splits the 755-line monolithic settings page into a tile-based landing hub and six focused subpages (general, security, email, api, sso, branding), each with its own form, CSRF scope and POST handler. Each subpage offers Save / Save & close buttons plus a Cancel/back link to the hub. Backend (AdminSettingsService, gateways, policies, DB schema) unchanged. A new settingsSectionMergePost() helper overlays section POSTs onto the current DB values so partial saves don't wipe unrelated fields (the service defaults missing keys to 0/empty). Sub-action files (logo/favicon/tokens/lifecycle) redirect to the matching subpage, and architecture contracts now check the subpage files instead of the removed monolithic index. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
33 lines
1.0 KiB
PHP
33 lines
1.0 KiB
PHP
<?php
|
|
|
|
use MintyPHP\Http\SessionStoreInterface;
|
|
use MintyPHP\Router;
|
|
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
|
use MintyPHP\Support\Flash;
|
|
use MintyPHP\Support\Guard;
|
|
|
|
$session = app(SessionStoreInterface::class)->all();
|
|
Guard::requireLogin();
|
|
|
|
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
|
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
|
|
$decision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_BRANDING_UPDATE, [
|
|
'actor_user_id' => $currentUserId,
|
|
]);
|
|
if (!$decision->isAllowed()) {
|
|
Guard::deny();
|
|
}
|
|
|
|
if (!actionRequirePost('admin/settings/branding')) {
|
|
return;
|
|
}
|
|
|
|
if (!actionRequireCsrf('admin/settings/branding', 'admin/settings/branding', 'settings_favicon_delete')) {
|
|
return;
|
|
}
|
|
|
|
$faviconService = app(\MintyPHP\Service\Branding\BrandingFaviconService::class);
|
|
$faviconService->delete();
|
|
Flash::success('Favicon removed', 'admin/settings/branding', 'favicon_removed');
|
|
Router::redirect('admin/settings/branding');
|