Files
breadcrumb-the-shire/pages/admin/users/index().php
2026-03-05 11:17:42 +01:00

162 lines
6.7 KiB
PHP

<?php
use MintyPHP\Buffer;
use MintyPHP\Http\Request;
use MintyPHP\Router;
use MintyPHP\Service\Access\UiAccessService;
use MintyPHP\Service\Access\UiCapabilityMap;
use MintyPHP\Service\Access\UserAuthorizationPolicy;
use MintyPHP\Session;
use MintyPHP\Support\Guard;
Guard::requireLogin();
$authorizationService = app(\MintyPHP\Service\Access\AuthorizationService::class);
$decision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_VIEW, [
'actor_user_id' => (int) ($_SESSION['user']['id'] ?? 0),
]);
if (!$decision->isAllowed()) {
if (Request::wantsJson()) {
http_response_code($decision->status());
Router::json(['error' => $decision->error()]);
return;
}
Router::redirect('error/forbidden?url=' . urlencode(Request::pathWithQuery()));
return;
}
$filterSchema = require __DIR__ . '/filter-schema.php';
$query = requestInput()->queryAll();
$filterState = gridParseFilters($query, [
'tenant' => ['type' => 'string'],
'roles' => ['type' => 'csv_ids', 'max' => 200, 'return' => 'array'],
'departments' => ['type' => 'csv_ids', 'max' => 200, 'return' => 'array'],
'active' => ['type' => 'string', 'default' => 'all'],
'email_verified' => ['type' => 'string', 'default' => 'all'],
'login_status' => ['type' => 'string', 'default' => 'all'],
'created_from' => ['type' => 'date'],
'created_to' => ['type' => 'date'],
'search' => ['type' => 'string'],
]);
$currentUserId = (int) ($_SESSION['user']['id'] ?? 0);
$allowedTenantIds = app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->getUserTenantIds($currentUserId);
$uiAccessService = app(UiAccessService::class);
$selfEditDecision = $authorizationService->authorize(UserAuthorizationPolicy::ABILITY_ADMIN_USERS_EDIT_CONTEXT, [
'actor_user_id' => $currentUserId,
'target_user_id' => $currentUserId,
]);
$selfEditCapabilities = $selfEditDecision->attribute('capabilities', []);
$viewAuth['page'] = [
...$uiAccessService->pageCapabilities($currentUserId, UiCapabilityMap::PAGE_USERS_INDEX),
'can_update_self' => $selfEditDecision->isAllowed()
&& is_array($selfEditCapabilities)
&& (bool) ($selfEditCapabilities['can_edit_user'] ?? false),
];
Buffer::set('title', t('Users'));
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
$csrfKey = Session::$csrfSessionKey;
$csrfToken = $_SESSION[$csrfKey] ?? '';
Buffer::set(
'grid_csrf',
json_encode(['key' => $csrfKey, 'token' => $csrfToken], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES)
);
$tenants = app(\MintyPHP\Service\Tenant\TenantService::class)->list();
if ($allowedTenantIds) {
$tenants = array_values(array_filter($tenants, static function (array $tenant) use ($allowedTenantIds): bool {
$tenantId = (int) ($tenant['id'] ?? 0);
return $tenantId > 0 && in_array($tenantId, $allowedTenantIds, true);
}));
} elseif (app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->isStrict()) {
$tenants = [];
}
sortByDescription($tenants);
$roles = app(\MintyPHP\Service\Access\RoleService::class)->listActive();
sortByDescription($roles);
$departments = $allowedTenantIds ? app(\MintyPHP\Service\Org\DepartmentService::class)->listByTenantIds($allowedTenantIds) : [];
if (!$allowedTenantIds && !app(\MintyPHP\Service\Directory\DirectoryScopeGateway::class)->isStrict()) {
$departments = app(\MintyPHP\Service\Org\DepartmentService::class)->list();
}
sortByDescription($departments);
$toolbarOptionSets = [
'department_items' => array_map(static fn (array $item): array => [
'id' => (string) ($item['id'] ?? ''),
'description' => (string) ($item['description'] ?? ''),
'translate' => false,
], $departments),
'role_items' => array_map(static fn (array $item): array => [
'id' => (string) ($item['id'] ?? ''),
'description' => (string) ($item['description'] ?? ''),
'translate' => false,
], $roles),
];
$toolbarFilterStateOverrides = [
'tenant' => (string) ($filterState['tenant'] ?? ''),
'roles' => array_map('strval', (array) ($filterState['roles'] ?? [])),
'departments' => array_map('strval', (array) ($filterState['departments'] ?? [])),
'active' => (string) ($filterState['active'] ?? 'all'),
'email_verified' => (string) ($filterState['email_verified'] ?? 'all'),
'login_status' => (string) ($filterState['login_status'] ?? 'all'),
'created_from' => (string) ($filterState['created_from'] ?? ''),
'created_to' => (string) ($filterState['created_to'] ?? ''),
'search' => (string) ($filterState['search'] ?? ''),
];
$listFilterContext = gridBuildListFilterContext($filterSchema, [
'filter_state' => $filterState,
'search_keys' => ['tenant', 'search'],
'toolbar_state_overrides' => $toolbarFilterStateOverrides,
'toolbar_option_sets' => $toolbarOptionSets,
]);
$toolbarFilterSchema = $listFilterContext['toolbarFilterSchema'];
$toolbarFilterState = $listFilterContext['toolbarFilterState'];
$searchToolbarFilterSchema = $listFilterContext['searchToolbarFilterSchema'];
$drawerToolbarFilterSchema = $listFilterContext['drawerToolbarFilterSchema'];
$schemaByKey = $listFilterContext['schemaByKey'];
$toolbarOptionSets = $listFilterContext['toolbarOptionSets'];
$filterChipMeta = [
'search' => [
'label' => 'Search',
'type' => 'text',
],
'departments' => [
'label' => 'Departments',
'type' => 'multi_csv',
'options' => gridOptionMapFromItems((array) ($toolbarOptionSets['department_items'] ?? [])),
],
'roles' => [
'label' => 'Roles',
'type' => 'multi_csv',
'options' => gridOptionMapFromItems((array) ($toolbarOptionSets['role_items'] ?? [])),
],
'active' => [
'label' => t('Status'),
'type' => 'select',
'default' => (string) (($schemaByKey['active']['default'] ?? 'all')),
'options' => gridOptionMapFromAllowed((array) ($schemaByKey['active'] ?? [])),
],
'email_verified' => [
'label' => t('Email verified'),
'type' => 'select',
'default' => (string) (($schemaByKey['email_verified']['default'] ?? 'all')),
'options' => gridOptionMapFromAllowed((array) ($schemaByKey['email_verified'] ?? [])),
],
'login_status' => [
'label' => t('Login status'),
'type' => 'select',
'default' => (string) (($schemaByKey['login_status']['default'] ?? 'all')),
'options' => gridOptionMapFromAllowed((array) ($schemaByKey['login_status'] ?? [])),
],
'created_range' => [
'label' => 'Created',
'type' => 'date_range',
'from_param' => 'created_from',
'to_param' => 'created_to',
],
];
$clientFilterSchema = $listFilterContext['clientFilterSchema'];
$searchConfig = $listFilterContext['searchConfig'];