Extracts the user profile read-view into a core service + shared partial so
modules no longer duplicate the assignment/scope logic, and migrates the
admin/users list as the drawer's second consumer.
Consolidation:
- `core/Service/User/UserProfileViewService` owns the single read-path that
resolves tenants/departments/roles for a user UUID, enforces scope-aware
department visibility, and returns a consistent `{status, user}` shape.
- `templates/partials/app-user-profile.phtml` is the shared render template;
takes `$profileKey` for storage namespace + lightbox grouping.
- `AddressBookService::buildViewContext()` shrinks to a one-line delegation
and drops its `UserAssignmentService` dependency. The old
`modules/addressbook/templates/address-book-profile.phtml` is removed.
admin/users migration:
- `pages/admin/users/view-fragment($id).php` + `(none).phtml` use the core
service and enforce `ABILITY_ADMIN_USERS_VIEW`.
- `admin-users-index.js` replaces the grid-native `linkColumn` on the first
name with a formatter that emits `data-drawer-trigger`; `linkColumn` is
disabled so the drawer click handler wins. `fullUrl` points at the edit
form — drawer → edit is one click.
- Drawer labels wired via page config.
The new `DetailDrawerFragmentContractTest` validated the users fragment
endpoint automatically — no manual test additions were needed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
46 lines
1.1 KiB
PHP
46 lines
1.1 KiB
PHP
<?php
|
|
|
|
use MintyPHP\Http\SessionStoreInterface;
|
|
use MintyPHP\Service\Access\AuthorizationService;
|
|
use MintyPHP\Service\Access\UserAuthorizationPolicy;
|
|
use MintyPHP\Service\User\UserProfileViewService;
|
|
use MintyPHP\Support\Guard;
|
|
|
|
$session = app(SessionStoreInterface::class)->all();
|
|
Guard::requireLogin();
|
|
|
|
$currentUserId = (int) ($session['user']['id'] ?? 0);
|
|
$uuid = trim((string) ($id ?? ''));
|
|
if ($uuid === '') {
|
|
http_response_code(400);
|
|
return;
|
|
}
|
|
|
|
$decision = app(AuthorizationService::class)->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [
|
|
'actor_user_id' => $currentUserId,
|
|
]);
|
|
if (!$decision->isAllowed()) {
|
|
http_response_code(403);
|
|
$user = null;
|
|
return;
|
|
}
|
|
|
|
$profile = app(UserProfileViewService::class)->buildProfile($currentUserId, $uuid);
|
|
$status = (string) ($profile['status'] ?? '');
|
|
if ($status === 'not_found' || $status === 'invalid_uuid') {
|
|
http_response_code(404);
|
|
$user = null;
|
|
return;
|
|
}
|
|
if ($status === 'forbidden') {
|
|
http_response_code(403);
|
|
$user = null;
|
|
return;
|
|
}
|
|
$user = $profile['user'] ?? null;
|
|
if (!is_array($user)) {
|
|
http_response_code(404);
|
|
$user = null;
|
|
return;
|
|
}
|