diff --git a/core/Repository/Access/RoleAssignableRoleRepository.php b/core/Repository/Access/RoleAssignableRoleRepository.php index 45ba0a7..05ffaf9 100644 --- a/core/Repository/Access/RoleAssignableRoleRepository.php +++ b/core/Repository/Access/RoleAssignableRoleRepository.php @@ -28,8 +28,7 @@ class RoleAssignableRoleRepository implements RoleAssignableRoleRepositoryInterf public function listAssignableRoleIdsByRoleIds(array $roleIds): array { - $roleIds = array_values(array_unique(array_map('intval', $roleIds))); - $roleIds = array_values(array_filter($roleIds, static fn (int $id): bool => $id > 0)); + $roleIds = toIntIds($roleIds); if (!$roleIds) { return []; } diff --git a/core/Repository/Access/RolePermissionRepository.php b/core/Repository/Access/RolePermissionRepository.php index 5eee278..223024f 100644 --- a/core/Repository/Access/RolePermissionRepository.php +++ b/core/Repository/Access/RolePermissionRepository.php @@ -25,8 +25,7 @@ class RolePermissionRepository implements RolePermissionRepositoryInterface public function countPermissionsByRoleIds(array $roleIds): array { - $roleIds = array_values(array_unique(array_map('intval', $roleIds))); - $roleIds = array_values(array_filter($roleIds, static fn ($id) => $id > 0)); + $roleIds = toIntIds($roleIds); if (!$roleIds) { return []; } diff --git a/core/Repository/CustomField/UserCustomFieldValueOptionRepository.php b/core/Repository/CustomField/UserCustomFieldValueOptionRepository.php index 861d77f..cda3287 100644 --- a/core/Repository/CustomField/UserCustomFieldValueOptionRepository.php +++ b/core/Repository/CustomField/UserCustomFieldValueOptionRepository.php @@ -17,8 +17,7 @@ class UserCustomFieldValueOptionRepository implements UserCustomFieldValueOption return false; } - $optionIds = array_values(array_unique(array_map('intval', $optionIds))); - $optionIds = array_values(array_filter($optionIds, static fn ($id) => $id > 0)); + $optionIds = toIntIds($optionIds); if (!$optionIds) { return true; } @@ -39,8 +38,7 @@ class UserCustomFieldValueOptionRepository implements UserCustomFieldValueOption public function listOptionIdsByValueIds(array $valueIds): array { - $valueIds = array_values(array_unique(array_map('intval', $valueIds))); - $valueIds = array_values(array_filter($valueIds, static fn ($id) => $id > 0)); + $valueIds = toIntIds($valueIds); if (!$valueIds) { return []; } @@ -69,7 +67,7 @@ class UserCustomFieldValueOptionRepository implements UserCustomFieldValueOption } foreach ($map as &$ids) { - $ids = array_values(array_unique(array_map('intval', $ids))); + $ids = toIntIds($ids); sort($ids, SORT_NUMERIC); } unset($ids); diff --git a/core/Repository/CustomField/UserCustomFieldValueRepository.php b/core/Repository/CustomField/UserCustomFieldValueRepository.php index 1dcf029..6158f62 100644 --- a/core/Repository/CustomField/UserCustomFieldValueRepository.php +++ b/core/Repository/CustomField/UserCustomFieldValueRepository.php @@ -27,8 +27,7 @@ class UserCustomFieldValueRepository implements UserCustomFieldValueRepositoryIn if ($userId <= 0) { return []; } - $definitionIds = array_values(array_unique(array_map('intval', $definitionIds))); - $definitionIds = array_values(array_filter($definitionIds, static fn ($id) => $id > 0)); + $definitionIds = toIntIds($definitionIds); if (!$definitionIds) { return []; } @@ -85,8 +84,7 @@ class UserCustomFieldValueRepository implements UserCustomFieldValueRepositoryIn if ($userId <= 0) { return false; } - $definitionIds = array_values(array_unique(array_map('intval', $definitionIds))); - $definitionIds = array_values(array_filter($definitionIds, static fn ($id) => $id > 0)); + $definitionIds = toIntIds($definitionIds); if (!$definitionIds) { return true; } @@ -103,8 +101,7 @@ class UserCustomFieldValueRepository implements UserCustomFieldValueRepositoryIn if ($userId <= 0) { return false; } - $tenantIds = array_values(array_unique(array_map('intval', $tenantIds))); - $tenantIds = array_values(array_filter($tenantIds, static fn ($id) => $id > 0)); + $tenantIds = toIntIds($tenantIds); if (!$tenantIds) { $result = DB::delete('delete from user_custom_field_values where user_id = ?', (string) $userId); return $result !== false; diff --git a/core/Repository/Org/DepartmentRepository.php b/core/Repository/Org/DepartmentRepository.php index 091d037..fe2dbe5 100644 --- a/core/Repository/Org/DepartmentRepository.php +++ b/core/Repository/Org/DepartmentRepository.php @@ -109,7 +109,7 @@ class DepartmentRepository implements DepartmentRepositoryInterface } } elseif (array_key_exists('tenantIds', $options)) { $tenantIds = $options['tenantIds']; - $tenantIds = is_array($tenantIds) ? array_values(array_unique(array_map('intval', $tenantIds))) : []; + $tenantIds = toIntIds($tenantIds); if ($tenantIds) { $where[] = 'departments.tenant_id in (???)'; $params[] = $tenantIds; diff --git a/core/Repository/User/UserWriteRepository.php b/core/Repository/User/UserWriteRepository.php index 9c48486..cbd4a95 100644 --- a/core/Repository/User/UserWriteRepository.php +++ b/core/Repository/User/UserWriteRepository.php @@ -36,8 +36,7 @@ class UserWriteRepository implements UserWriteRepositoryInterface public function bumpAuthzVersionByUserIds(array $userIds): int { - $userIds = array_values(array_unique(array_map('intval', $userIds))); - $userIds = array_values(array_filter($userIds, static fn ($id) => $id > 0)); + $userIds = toIntIds($userIds); if (!$userIds) { return 0; } diff --git a/core/Service/Access/UserAuthorizationPolicy.php b/core/Service/Access/UserAuthorizationPolicy.php index 6fa3df3..dfd881c 100644 --- a/core/Service/Access/UserAuthorizationPolicy.php +++ b/core/Service/Access/UserAuthorizationPolicy.php @@ -409,9 +409,7 @@ class UserAuthorizationPolicy implements AuthorizationPolicyInterface 'can_view_security_artifacts' => $isOwnAccount || $canViewUserAudit, 'can_view_permissions_table' => $this->hasPermission($actorUserId, PermissionService::PERMISSIONS_VIEW), 'is_own_account' => $isOwnAccount, - 'allowed_tenant_ids' => is_array($allowedTenantIds) - ? array_values(array_unique(array_map('intval', $allowedTenantIds))) - : null, + 'allowed_tenant_ids' => is_array($allowedTenantIds) ? toIntIds($allowedTenantIds) : null, ]; return AuthorizationDecision::allow(['capabilities' => $capabilities]); diff --git a/core/Service/Auth/SsoUserLinkService.php b/core/Service/Auth/SsoUserLinkService.php index f822c09..8f17a3b 100644 --- a/core/Service/Auth/SsoUserLinkService.php +++ b/core/Service/Auth/SsoUserLinkService.php @@ -377,7 +377,7 @@ class SsoUserLinkService private function ensureTenantAssignment(int $userId, int $tenantId): void { - $tenantIds = array_values(array_unique(array_map('intval', $this->userTenantRepository->listTenantIdsByUserId($userId)))); + $tenantIds = toIntIds($this->userTenantRepository->listTenantIdsByUserId($userId)); if (!in_array($tenantId, $tenantIds, true)) { $tenantIds[] = $tenantId; $this->userAssignmentService->syncTenants($userId, $tenantIds); diff --git a/core/Service/CustomField/UserCustomFieldValueService.php b/core/Service/CustomField/UserCustomFieldValueService.php index 0d1e0e5..23ddb8a 100644 --- a/core/Service/CustomField/UserCustomFieldValueService.php +++ b/core/Service/CustomField/UserCustomFieldValueService.php @@ -25,7 +25,7 @@ class UserCustomFieldValueService if (!$canEdit) { return ['ok' => true, 'errors' => []]; } - $tenantIds = self::normalizeTenantIds($tenantIds); + $tenantIds = toIntIds($tenantIds); if (!$tenantIds) { return ['ok' => true, 'errors' => []]; } @@ -38,7 +38,7 @@ class UserCustomFieldValueService public function buildDefinitionsByTenant(array $tenantIds, bool $includeInactive = false): array { - $tenantIds = self::normalizeTenantIds($tenantIds); + $tenantIds = toIntIds($tenantIds); if (!$tenantIds) { return []; } @@ -83,8 +83,7 @@ class UserCustomFieldValueService if ($userId <= 0) { return []; } - $definitionIds = array_values(array_unique(array_map('intval', $definitionIds))); - $definitionIds = array_values(array_filter($definitionIds, static fn ($id) => $id > 0)); + $definitionIds = toIntIds($definitionIds); if (!$definitionIds) { return []; } @@ -251,7 +250,7 @@ class UserCustomFieldValueService return ['ok' => false, 'errors' => [t('User not found')]]; } - $tenantIds = self::normalizeTenantIds($tenantIds); + $tenantIds = toIntIds($tenantIds); // Always clean values for tenants no longer assigned — happens even when !$canEdit, // because orphaned custom field data should not persist after tenant reassignment. if (!$this->valueRepository->deleteByUserOutsideTenantIds($userId, $tenantIds)) { @@ -541,12 +540,6 @@ class UserCustomFieldValueService return $this->userScopeGateway; } - private static function normalizeTenantIds(array $tenantIds): array - { - $tenantIds = array_values(array_unique(array_map('intval', $tenantIds))); - return array_values(array_filter($tenantIds, static fn ($id) => $id > 0)); - } - private static function normalizeBool($value): ?int { if (is_bool($value)) { diff --git a/core/Service/Org/DepartmentService.php b/core/Service/Org/DepartmentService.php index 523577d..0d519e2 100644 --- a/core/Service/Org/DepartmentService.php +++ b/core/Service/Org/DepartmentService.php @@ -43,8 +43,7 @@ class DepartmentService public function groupActiveByTenantIds(array $tenantIds): array { - $tenantIds = array_values(array_unique(array_map('intval', $tenantIds))); - $tenantIds = array_values(array_filter($tenantIds, static fn ($id) => $id > 0)); + $tenantIds = toIntIds($tenantIds); if (!$tenantIds) { return []; } diff --git a/core/Service/User/UserAssignmentService.php b/core/Service/User/UserAssignmentService.php index 8661c28..4a0e814 100644 --- a/core/Service/User/UserAssignmentService.php +++ b/core/Service/User/UserAssignmentService.php @@ -176,8 +176,7 @@ class UserAssignmentService public function syncRoles(int $userId, array $roleIds, bool $bumpAuthz = true, int $actorUserId = 0): bool { - $ids = array_values(array_unique(array_map('intval', $roleIds))); - $ids = array_values(array_filter($ids, static fn ($id) => $id > 0)); + $ids = toIntIds($roleIds); $validIds = $this->directoryGateway->listActiveRoleIds(); if ($validIds) { $validMap = array_fill_keys($validIds, true); @@ -201,16 +200,11 @@ class UserAssignmentService public function syncDepartments(int $userId, array $departmentIds, bool $bumpAuthz = true): bool { - $ids = array_values(array_unique(array_map('intval', $departmentIds))); - $ids = array_values(array_filter($ids, static fn ($id) => $id > 0)); + $ids = toIntIds($departmentIds); // Important: use the user's assigned tenants directly (no permission bypass), // otherwise privileged users (e.g. admins) would incorrectly allow departments // from tenants that were just removed from their assignments. - $userTenantIds = array_values(array_unique(array_map( - 'intval', - $this->userTenantRepository->listTenantIdsByUserId($userId) - ))); - $userTenantIds = array_values(array_filter($userTenantIds, static fn ($id) => $id > 0)); + $userTenantIds = toIntIds($this->userTenantRepository->listTenantIdsByUserId($userId)); if (!$userTenantIds) { $ids = []; } else { @@ -304,14 +298,12 @@ class UserAssignmentService $collect($item); } - $ids = array_values(array_unique(array_map('intval', $flat))); - return array_values(array_filter($ids, static fn ($id) => $id > 0)); + return toIntIds($flat); } public function normalizeTenantIds(array $tenantIds): array { - $ids = array_values(array_unique(array_map('intval', $tenantIds))); - $ids = array_filter($ids, static fn ($id) => $id > 0); + $ids = toIntIds($tenantIds); $validIds = $this->directoryGateway->listTenantIds(); if ($validIds) { $validMap = array_fill_keys($validIds, true); diff --git a/modules/notifications/lib/Module/Notifications/Listeners/NotificationListenerTrait.php b/modules/notifications/lib/Module/Notifications/Listeners/NotificationListenerTrait.php index 03b1714..3501535 100644 --- a/modules/notifications/lib/Module/Notifications/Listeners/NotificationListenerTrait.php +++ b/modules/notifications/lib/Module/Notifications/Listeners/NotificationListenerTrait.php @@ -46,11 +46,6 @@ trait NotificationListenerTrait */ protected function sanitizeTenantIds(mixed $tenantIds): array { - if (!is_array($tenantIds)) { - return []; - } - - $ids = array_values(array_unique(array_map('intval', $tenantIds))); - return array_values(array_filter($ids, static fn (int $tenantId): bool => $tenantId > 0)); + return is_array($tenantIds) ? toIntIds($tenantIds) : []; } }