Files
breadcrumb-the-shire/pages/account/profile().php
2026-03-05 11:17:42 +01:00

28 lines
833 B
PHP

<?php
use MintyPHP\Router;
use MintyPHP\Service\Access\AuthorizationService;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Support\Guard;
Guard::requireLogin();
$user = $_SESSION['user'] ?? [];
$userId = (int) ($user['id'] ?? 0);
$uuid = trim((string) ($user['uuid'] ?? ''));
if ($uuid === '') {
Router::redirect('login');
}
$decision = app(AuthorizationService::class)->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT, [
'actor_user_id' => $userId,
'target_user_id' => $userId,
]);
$capabilities = $decision->attribute('capabilities', []);
$canViewPage = is_array($capabilities) && (bool) ($capabilities['can_view_page'] ?? false);
if (!$decision->isAllowed() || !$canViewPage) {
Router::redirect('error/forbidden');
}
Router::redirect(lurl("admin/users/edit/{$uuid}"));