Files
breadcrumb-the-shire/pages/admin/settings/general().php
fs 5b972b3633 refactor(settings): declutter account-access, group registration with user defaults
Three related cleanups in the same area:

- Account-access loses 4 info blockquotes that paraphrased their cards,
  4 redundant "allowed range" hints (the input min/max + DB descriptions
  already convey the bounds), and the fieldset wrappers around single
  checkboxes.
- The registration toggle moves out of account-access into general's
  user-creation card (renamed to "User onboarding"), so all "new user"
  settings live together while account-access stays focused on existing
  user sessions.
- Both feature toggles (allow registration, Microsoft auto-remember)
  switch to role="switch" with the description sitting outside the label
  as <small class="muted">, matching the tenant form pattern.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 09:29:01 +02:00

92 lines
3.3 KiB
PHP

<?php
use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Service\Settings\AdminSettingsService;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
$session = app(SessionStoreInterface::class)->all();
Guard::requireLogin();
$request = requestInput();
$currentUserId = (int) ($session['user']['id'] ?? 0);
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$viewDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW, [
'actor_user_id' => $currentUserId,
]);
if (!$viewDecision->isAllowed()) {
Guard::deny();
}
$viewCapabilities = $viewDecision->attribute('capabilities', []);
$canUpdateSettings = is_array($viewCapabilities) ? (bool) ($viewCapabilities['can_update_settings'] ?? false) : false;
$adminSettingsService = app(AdminSettingsService::class);
$pageData = $adminSettingsService->buildPageData();
$tenants = is_array($pageData['tenants'] ?? null) ? $pageData['tenants'] : [];
$roles = is_array($pageData['roles'] ?? null) ? $pageData['roles'] : [];
$departments = is_array($pageData['departments'] ?? null) ? $pageData['departments'] : [];
$values = is_array($pageData['values'] ?? null) ? $pageData['values'] : [];
$settings = is_array($pageData['settings'] ?? null) ? $pageData['settings'] : [];
if ($request->isMethod('POST') && !actionRequireCsrf('admin/settings/general', 'admin/settings/general', 'csrf_expired')) {
return;
}
if ($request->isMethod('POST')) {
$updateDecision = $authorizationService->authorize(SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE, [
'actor_user_id' => $currentUserId,
]);
if (!$updateDecision->isAllowed()) {
Guard::deny();
}
$sectionKeys = [
'default_tenant_id',
'default_role_id',
'default_department_id',
'app_title',
'app_locale',
'app_registration',
];
$mergedPost = settingsSectionMergePost($values, $request->bodyAll(), $sectionKeys);
$updateResult = $adminSettingsService->updateFromAdmin($mergedPost);
$errorBag = formErrors();
foreach ((array) ($updateResult['errors'] ?? []) as $error) {
if (is_array($error)) {
$message = trim((string) ($error['message'] ?? ''));
$field = trim((string) ($error['field'] ?? 'input'));
if ($message !== '') {
$errorBag->add($field !== '' ? $field : 'input', $message);
}
continue;
}
$message = trim((string) $error);
if ($message !== '') {
$errorBag->addGlobal($message);
}
}
if ($errorBag->hasAny()) {
flashFormErrors($errorBag, 'admin/settings/general', 'settings_update_error');
Router::redirect('admin/settings/general');
}
$redirectTarget = ((string) $request->body('action', 'save') === 'save_close')
? 'admin/settings'
: 'admin/settings/general';
Flash::success('Settings updated', $redirectTarget, 'settings_updated');
Router::redirect($redirectTarget);
}
Buffer::set('title', t('General settings'));
$breadcrumbs = [
['label' => t('Home'), 'path' => 'admin'],
['label' => t('Settings'), 'path' => 'admin/settings'],
['label' => t('General')],
];