Files
breadcrumb-the-shire/pages/admin/settings/index().php
2026-02-23 12:58:19 +01:00

222 lines
12 KiB
PHP

<?php
use MintyPHP\Buffer;
use MintyPHP\Repository\Auth\ApiTokenRepository;
use MintyPHP\Repository\Auth\RememberTokenRepository;
use MintyPHP\Router;
use MintyPHP\Service\Access\PermissionService;
use MintyPHP\Service\Settings\SettingService;
use MintyPHP\Service\Settings\SettingServicesFactory;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
Guard::requireLogin();
Guard::requirePermission(PermissionService::SETTINGS_VIEW);
$rememberTokenRepository = new RememberTokenRepository();
$apiTokenRepository = new ApiTokenRepository();
$settingsFactory = new SettingServicesFactory();
$settingGateway = $settingsFactory->createSettingGateway();
$settingCacheService = $settingsFactory->createSettingCacheService();
$tenants = directoryServicesFactory()->createTenantService()->list();
$roles = directoryServicesFactory()->createRoleService()->listActive();
$departments = directoryServicesFactory()->createDepartmentService()->list();
$sortByDescription = static function ($a, $b) {
return strcmp((string) ($a['description'] ?? ''), (string) ($b['description'] ?? ''));
};
usort($tenants, $sortByDescription);
usort($roles, $sortByDescription);
usort($departments, $sortByDescription);
$values = [
'default_tenant_id' => $settingGateway->getDefaultTenantId(),
'default_role_id' => $settingGateway->getDefaultRoleId(),
'default_department_id' => $settingGateway->getDefaultDepartmentId(),
// Read raw values for form display so existing DB values are always visible.
'app_title' => $settingGateway->getValue(SettingService::APP_TITLE_KEY),
'app_locale' => $settingGateway->getValue(SettingService::APP_LOCALE_KEY),
'app_theme' => $settingGateway->getValue(SettingService::APP_THEME_KEY),
'app_theme_user' => $settingGateway->isUserThemeAllowed(),
'app_registration' => $settingGateway->isRegistrationEnabled(),
'app_primary_color' => $settingGateway->getValue(SettingService::APP_PRIMARY_COLOR_KEY),
'api_token_default_ttl_days' => $settingGateway->getApiTokenDefaultTtlDays(),
'api_token_max_ttl_days' => $settingGateway->getApiTokenMaxTtlDays(),
'user_inactivity_deactivate_days' => $settingGateway->getUserInactivityDeactivateDays(),
'user_inactivity_delete_days' => $settingGateway->getUserInactivityDeleteDays(),
'api_cors_allowed_origins' => $settingGateway->getApiCorsAllowedOriginsText(),
'microsoft_shared_client_id' => $settingGateway->getValue(SettingService::MICROSOFT_SHARED_CLIENT_ID_KEY),
'microsoft_authority' => $settingGateway->getMicrosoftAuthority(),
'smtp_host' => $settingGateway->getValue(SettingService::SMTP_HOST_KEY),
'smtp_port' => $settingGateway->getValue(SettingService::SMTP_PORT_KEY),
'smtp_user' => $settingGateway->getValue(SettingService::SMTP_USER_KEY),
'smtp_secure' => $settingGateway->getSmtpSecure(),
'smtp_from' => $settingGateway->getValue(SettingService::SMTP_FROM_KEY),
'smtp_from_name' => $settingGateway->getValue(SettingService::SMTP_FROM_NAME_KEY),
];
$activeLoginTokens = $rememberTokenRepository->countActive();
$activeApiTokens = $apiTokenRepository->countActive();
$settings = [
'default_tenant' => $settingGateway->get(SettingService::DEFAULT_TENANT_KEY),
'default_role' => $settingGateway->get(SettingService::DEFAULT_ROLE_KEY),
'default_department' => $settingGateway->get(SettingService::DEFAULT_DEPARTMENT_KEY),
'app_title' => $settingGateway->get(SettingService::APP_TITLE_KEY),
'app_locale' => $settingGateway->get(SettingService::APP_LOCALE_KEY),
'app_theme' => $settingGateway->get(SettingService::APP_THEME_KEY),
'app_theme_user' => $settingGateway->get(SettingService::APP_THEME_USER_KEY),
'app_registration' => $settingGateway->get(SettingService::APP_REGISTRATION_KEY),
'app_primary_color' => $settingGateway->get(SettingService::APP_PRIMARY_COLOR_KEY),
'api_token_default_ttl_days' => $settingGateway->get(SettingService::API_TOKEN_DEFAULT_TTL_DAYS_KEY),
'api_token_max_ttl_days' => $settingGateway->get(SettingService::API_TOKEN_MAX_TTL_DAYS_KEY),
'user_inactivity_deactivate_days' => $settingGateway->get(SettingService::USER_INACTIVITY_DEACTIVATE_DAYS_KEY),
'user_inactivity_delete_days' => $settingGateway->get(SettingService::USER_INACTIVITY_DELETE_DAYS_KEY),
'api_cors_allowed_origins' => $settingGateway->get(SettingService::API_CORS_ALLOWED_ORIGINS_KEY),
'microsoft_shared_client_id' => $settingGateway->get(SettingService::MICROSOFT_SHARED_CLIENT_ID_KEY),
'microsoft_shared_client_secret_enc' => $settingGateway->get(SettingService::MICROSOFT_SHARED_CLIENT_SECRET_ENC_KEY),
'microsoft_authority' => $settingGateway->get(SettingService::MICROSOFT_AUTHORITY_KEY),
'smtp_host' => $settingGateway->get(SettingService::SMTP_HOST_KEY),
'smtp_port' => $settingGateway->get(SettingService::SMTP_PORT_KEY),
'smtp_user' => $settingGateway->get(SettingService::SMTP_USER_KEY),
'smtp_password' => $settingGateway->get(SettingService::SMTP_PASSWORD_KEY),
'smtp_secure' => $settingGateway->get(SettingService::SMTP_SECURE_KEY),
'smtp_from' => $settingGateway->get(SettingService::SMTP_FROM_KEY),
'smtp_from_name' => $settingGateway->get(SettingService::SMTP_FROM_NAME_KEY),
];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!isset($_POST['settings_submit'])) {
Router::redirect('admin/settings');
}
Guard::requirePermission(PermissionService::SETTINGS_UPDATE);
$defaultTenantId = (int) ($_POST['default_tenant_id'] ?? 0);
$defaultRoleId = (int) ($_POST['default_role_id'] ?? 0);
$defaultDepartmentId = (int) ($_POST['default_department_id'] ?? 0);
$appTitle = trim((string) ($_POST['app_title'] ?? ''));
$appLocale = trim((string) ($_POST['app_locale'] ?? ''));
$appTheme = trim((string) ($_POST['app_theme'] ?? ''));
$appThemeUser = isset($_POST['app_theme_user']);
$appRegistration = isset($_POST['app_registration']);
$apiTokenDefaultTtlDays = (int) ($_POST['api_token_default_ttl_days'] ?? 0);
$apiTokenMaxTtlDays = (int) ($_POST['api_token_max_ttl_days'] ?? 0);
$userInactivityDeactivateDays = (int) ($_POST['user_inactivity_deactivate_days'] ?? 0);
$userInactivityDeleteDays = (int) ($_POST['user_inactivity_delete_days'] ?? 0);
$apiCorsAllowedOrigins = $_POST['api_cors_allowed_origins'] ?? '';
if (is_array($apiCorsAllowedOrigins)) {
$apiCorsAllowedOrigins = '';
}
$apiCorsAllowedOrigins = trim((string) $apiCorsAllowedOrigins);
$rawPrimaryColor = $_POST['app_primary_color'] ?? '';
if (is_array($rawPrimaryColor)) {
$rawPrimaryColor = '';
}
$appPrimaryColor = trim((string) $rawPrimaryColor);
if (in_array(strtolower($appPrimaryColor), ['null', 'undefined'], true)) {
$appPrimaryColor = '';
}
$smtpHost = trim((string) ($_POST['smtp_host'] ?? ''));
$smtpPort = (int) ($_POST['smtp_port'] ?? 0);
$smtpUser = trim((string) ($_POST['smtp_user'] ?? ''));
$smtpPassword = (string) ($_POST['smtp_password'] ?? '');
$smtpSecure = trim((string) ($_POST['smtp_secure'] ?? ''));
$smtpFrom = trim((string) ($_POST['smtp_from'] ?? ''));
$smtpFromName = trim((string) ($_POST['smtp_from_name'] ?? ''));
$microsoftSharedClientId = trim((string) ($_POST['microsoft_shared_client_id'] ?? ''));
$microsoftSharedClientSecret = (string) ($_POST['microsoft_shared_client_secret'] ?? '');
$microsoftAuthority = trim((string) ($_POST['microsoft_authority'] ?? ''));
$settingGateway->setDefaultTenantId($defaultTenantId > 0 ? $defaultTenantId : null);
$settingGateway->setDefaultRoleId($defaultRoleId > 0 ? $defaultRoleId : null);
$settingGateway->setDefaultDepartmentId($defaultDepartmentId > 0 ? $defaultDepartmentId : null);
$settingGateway->setAppTitle($appTitle);
$settingGateway->setAppLocale($appLocale);
$settingGateway->setAppTheme($appTheme);
$settingGateway->setUserThemeAllowed($appThemeUser);
$settingGateway->setRegistrationEnabled($appRegistration);
$apiTokenMaxTtlOk = $settingGateway->setApiTokenMaxTtlDays($apiTokenMaxTtlDays > 0 ? $apiTokenMaxTtlDays : null);
if (!$apiTokenMaxTtlOk) {
Flash::error('API token max lifetime is invalid', 'admin/settings', 'api_token_max_ttl_invalid');
}
$apiTokenTtlOk = $settingGateway->setApiTokenDefaultTtlDays($apiTokenDefaultTtlDays > 0 ? $apiTokenDefaultTtlDays : null);
if (!$apiTokenTtlOk) {
Flash::error('API token default lifetime is invalid', 'admin/settings', 'api_token_default_ttl_invalid');
}
$userDeactivateOk = $settingGateway->setUserInactivityDeactivateDays($userInactivityDeactivateDays);
if (!$userDeactivateOk) {
Flash::error(
'User inactivity deactivation period is invalid',
'admin/settings',
'user_inactivity_deactivate_days_invalid'
);
}
if ($userInactivityDeactivateDays > 0) {
$userDeleteOk = $settingGateway->setUserInactivityDeleteDays($userInactivityDeleteDays);
if (!$userDeleteOk) {
Flash::error(
'User inactivity deletion period is invalid',
'admin/settings',
'user_inactivity_delete_days_invalid'
);
}
} else {
if ($userInactivityDeleteDays > 0) {
Flash::error(
'Auto-delete is ignored while auto-deactivate is disabled',
'admin/settings',
'user_inactivity_delete_requires_deactivate'
);
}
$settingGateway->setUserInactivityDeleteDays(0);
}
$apiCorsOriginsOk = $settingGateway->setApiCorsAllowedOrigins($apiCorsAllowedOrigins);
if (!$apiCorsOriginsOk) {
Flash::error('CORS allowed origins are invalid', 'admin/settings', 'api_cors_allowed_origins_invalid');
}
$primaryOk = $settingGateway->setAppPrimaryColor($appPrimaryColor);
if (!$primaryOk) {
$appPrimaryColor = '';
Flash::error('Primary color is invalid', 'admin/settings', 'app_primary_invalid');
}
$settingGateway->setSmtpHost($smtpHost);
$settingGateway->setSmtpPort($smtpPort > 0 ? $smtpPort : null);
$settingGateway->setSmtpUser($smtpUser);
if (trim($smtpPassword) !== '') {
$settingGateway->setSmtpPassword($smtpPassword);
}
$settingGateway->setSmtpSecure($smtpSecure);
$settingGateway->setSmtpFrom($smtpFrom);
$settingGateway->setSmtpFromName($smtpFromName);
$msClientIdOk = $settingGateway->setMicrosoftSharedClientId($microsoftSharedClientId);
if (!$msClientIdOk) {
Flash::error('Microsoft client ID is invalid', 'admin/settings', 'microsoft_client_id_invalid');
}
$msAuthorityOk = $settingGateway->setMicrosoftAuthority($microsoftAuthority);
if (!$msAuthorityOk) {
Flash::error('Microsoft authority is invalid', 'admin/settings', 'microsoft_authority_invalid');
}
if (trim($microsoftSharedClientSecret) !== '') {
try {
$settingGateway->setMicrosoftSharedClientSecret($microsoftSharedClientSecret);
} catch (\Throwable $exception) {
Flash::error('Microsoft client secret could not be encrypted', 'admin/settings', 'microsoft_client_secret_invalid');
}
}
$settingCacheService->update([
'app_title' => $appTitle !== '' ? $appTitle : null,
'app_locale' => $appLocale !== '' ? $appLocale : null,
'app_theme' => $appTheme !== '' ? $appTheme : null,
'app_theme_user' => $appThemeUser ? '1' : '0',
'app_registration' => $appRegistration ? '1' : '0',
'app_primary_color' => $appPrimaryColor !== '' ? $appPrimaryColor : null,
'api_token_default_ttl_days' => (string) $settingGateway->getApiTokenDefaultTtlDays(),
'api_token_max_ttl_days' => (string) $settingGateway->getApiTokenMaxTtlDays(),
'api_cors_allowed_origins' => $settingGateway->getValue(SettingService::API_CORS_ALLOWED_ORIGINS_KEY),
]);
Flash::success('Settings updated', 'admin/settings', 'settings_updated');
Router::redirect('admin/settings');
}
Buffer::set('title', t('Settings'));