Files
breadcrumb-the-shire/pages/api/v1/users/show($id).php
2026-02-23 12:58:19 +01:00

130 lines
4.8 KiB
PHP

<?php
use MintyPHP\Http\ApiAuth;
use MintyPHP\Http\ApiBootstrap;
use MintyPHP\Http\ApiResponse;
use MintyPHP\Service\Access\AccessServicesFactory;
use MintyPHP\Service\Access\PermissionService;
use MintyPHP\Service\CustomField\UserCustomFieldValueService;
use MintyPHP\Service\User\UserServicesFactory;
ApiBootstrap::init();
$userServicesFactory = new UserServicesFactory();
$userAccountService = $userServicesFactory->createUserAccountService();
$userAssignmentService = $userServicesFactory->createUserAssignmentService();
$userRoleRepository = $userServicesFactory->createUserRoleRepository();
$rolePermissionRepository = (new AccessServicesFactory())->createRolePermissionRepository();
$uuid = trim((string) ($id ?? ''));
if ($uuid === '') {
ApiResponse::notFound();
}
$method = strtoupper($_SERVER['REQUEST_METHOD'] ?? 'GET');
if ($method === 'GET') {
ApiResponse::requirePermission(PermissionService::USERS_VIEW);
$user = $userAccountService->findByUuid($uuid);
if (!$user) {
ApiResponse::notFound();
}
$userId = (int) ($user['id'] ?? 0);
ApiAuth::requireResourceAccess('users', $userId);
$assignments = $userAssignmentService->buildAssignmentsForUser($userId);
$primaryTenantId = (int) ($user['primary_tenant_id'] ?? 0);
$primaryTenant = $userAssignmentService->findTenantSummaryInAssignments($assignments, $primaryTenantId);
$publicAssignments = $userAssignmentService->mapAssignmentsToPublic($assignments);
$publicCustomFields = UserCustomFieldValueService::buildPublicValuesByTenant(
$userId,
$assignments['tenants'] ?? [],
ApiAuth::scopedTenantId()
);
$publicPermissions = [];
if (ApiAuth::hasPermission(PermissionService::PERMISSIONS_VIEW)) {
$roleIds = $userRoleRepository->listRoleIdsByUserId($userId);
$publicPermissions = $rolePermissionRepository->listPermissionKeysByRoleIds($roleIds);
}
ApiResponse::success([
'data' => [
'uuid' => $user['uuid'] ?? '',
'first_name' => $user['first_name'] ?? '',
'last_name' => $user['last_name'] ?? '',
'display_name' => $user['display_name'] ?? '',
'email' => $user['email'] ?? '',
'job_title' => $user['job_title'] ?? '',
'phone' => $user['phone'] ?? '',
'mobile' => $user['mobile'] ?? '',
'short_dial' => $user['short_dial'] ?? '',
'address' => $user['address'] ?? '',
'postal_code' => $user['postal_code'] ?? '',
'city' => $user['city'] ?? '',
'country' => $user['country'] ?? '',
'active' => (bool) ($user['active'] ?? 1),
'created' => $user['created'] ?? '',
'modified' => $user['modified'] ?? '',
'primary_tenant' => $primaryTenant,
'permissions' => $publicPermissions,
'assignments' => $publicAssignments,
'custom_fields' => $publicCustomFields,
],
]);
}
if ($method === 'PUT' || $method === 'PATCH') {
ApiResponse::requirePermission(PermissionService::USERS_UPDATE);
$user = $userAccountService->findByUuid($uuid);
if (!$user) {
ApiResponse::notFound();
}
$userId = (int) ($user['id'] ?? 0);
ApiAuth::requireResourceAccess('users', $userId);
$input = ApiResponse::readJsonBody();
$scopedTenantId = ApiAuth::scopedTenantId();
if ($scopedTenantId) {
if (array_key_exists('tenant_ids', $input)) {
$tenantIdsRaw = $input['tenant_ids'];
if (!is_array($tenantIdsRaw)) {
$tenantIdsRaw = [$tenantIdsRaw];
}
$tenantIds = array_values(array_unique(array_filter(array_map(
static fn ($value): int => (int) $value,
$tenantIdsRaw
), static fn (int $value): bool => $value > 0)));
if ($tenantIds && array_diff($tenantIds, [$scopedTenantId])) {
ApiResponse::forbidden('tenant_scoped_token_forbidden');
}
}
if (array_key_exists('primary_tenant_id', $input)) {
$primaryTenantId = (int) ($input['primary_tenant_id'] ?? 0);
if ($primaryTenantId > 0 && $primaryTenantId !== $scopedTenantId) {
ApiResponse::forbidden('tenant_scoped_token_forbidden');
}
}
}
$result = $userAccountService->updateFromAdmin($userId, $input, ApiAuth::userId());
ApiResponse::fromServiceResult($result);
}
if ($method === 'DELETE') {
ApiResponse::requirePermission(PermissionService::USERS_DELETE);
$user = $userAccountService->findByUuid($uuid);
if (!$user) {
ApiResponse::notFound();
}
$userId = (int) ($user['id'] ?? 0);
ApiAuth::requireResourceAccess('users', $userId);
$result = $userAccountService->deleteByUuid($uuid, ApiAuth::userId());
ApiResponse::fromServiceResult($result);
}
ApiResponse::methodNotAllowed();