forked from fa/breadcrumb-the-shire
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks - Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists - Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services - Add Microsoft OIDC SSO, API token management, and user lifecycle features - Add swagger-ui vendor integration and OpenAPI spec - Add production Docker setup and bin/ scripts - Update composer dependencies, config, templates, and frontend assets throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
141 lines
4.2 KiB
PHP
141 lines
4.2 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Service\Access;
|
|
|
|
use MintyPHP\Repository\Access\RoleRepository;
|
|
use MintyPHP\Service\Settings\SettingService;
|
|
|
|
class RoleService
|
|
{
|
|
public static function list(): array
|
|
{
|
|
return RoleRepository::list();
|
|
}
|
|
|
|
public static function listActive(): array
|
|
{
|
|
return RoleRepository::listActive();
|
|
}
|
|
|
|
public static function listPaged(array $options): array
|
|
{
|
|
return RoleRepository::listPaged($options);
|
|
}
|
|
|
|
public static function findByUuid(string $uuid): ?array
|
|
{
|
|
return RoleRepository::findByUuid($uuid);
|
|
}
|
|
|
|
public static function findById(int $id): ?array
|
|
{
|
|
return RoleRepository::find($id);
|
|
}
|
|
|
|
public static function createFromAdmin(array $input, int $currentUserId = 0): array
|
|
{
|
|
$form = self::sanitizeBase($input);
|
|
$errors = self::validateBase($form, 0);
|
|
|
|
if ($errors) {
|
|
return ['ok' => false, 'errors' => $errors, 'form' => $form];
|
|
}
|
|
|
|
$createdId = RoleRepository::create([
|
|
'description' => $form['description'],
|
|
'code' => $form['code'] ?: null,
|
|
'active' => $form['active'],
|
|
'created_by' => $currentUserId > 0 ? $currentUserId : null,
|
|
]);
|
|
|
|
if (!$createdId) {
|
|
return ['ok' => false, 'errors' => [t('Role can not be created')], 'form' => $form];
|
|
}
|
|
|
|
$createdRole = RoleRepository::find((int) $createdId);
|
|
$uuid = $createdRole['uuid'] ?? null;
|
|
if (!empty($input['is_default'])) {
|
|
SettingService::setDefaultRoleId((int) $createdId);
|
|
}
|
|
return ['ok' => true, 'form' => $form, 'uuid' => $uuid, 'id' => (int) $createdId];
|
|
}
|
|
|
|
public static function updateFromAdmin(int $roleId, array $input, int $currentUserId = 0): array
|
|
{
|
|
$form = self::sanitizeBase($input);
|
|
$errors = self::validateBase($form, $roleId);
|
|
|
|
if ($errors) {
|
|
return ['ok' => false, 'errors' => $errors, 'form' => $form];
|
|
}
|
|
|
|
$updated = RoleRepository::update($roleId, [
|
|
'description' => $form['description'],
|
|
'code' => $form['code'] ?: null,
|
|
'active' => $form['active'],
|
|
'modified_by' => $currentUserId > 0 ? $currentUserId : null,
|
|
]);
|
|
|
|
if (!$updated) {
|
|
return ['ok' => false, 'errors' => [t('Role can not be updated')], 'form' => $form];
|
|
}
|
|
|
|
return ['ok' => true, 'form' => $form];
|
|
}
|
|
|
|
public static function deleteByUuid(string $uuid): array
|
|
{
|
|
$uuid = trim($uuid);
|
|
if ($uuid === '') {
|
|
return ['ok' => false, 'status' => 404, 'error' => 'not_found'];
|
|
}
|
|
|
|
$role = RoleRepository::findByUuid($uuid);
|
|
if (!$role || !isset($role['id'])) {
|
|
return ['ok' => false, 'status' => 404, 'error' => 'not_found'];
|
|
}
|
|
|
|
if (($role['description'] ?? '') === 'Admin') {
|
|
return ['ok' => false, 'status' => 403, 'error' => 'admin_role_protected'];
|
|
}
|
|
|
|
$deleted = RoleRepository::delete((int) $role['id']);
|
|
if (!$deleted) {
|
|
return ['ok' => false, 'status' => 500, 'error' => 'delete_failed'];
|
|
}
|
|
|
|
return ['ok' => true, 'role' => $role];
|
|
}
|
|
|
|
private static function sanitizeBase(array $input): array
|
|
{
|
|
return [
|
|
'description' => trim((string) ($input['description'] ?? '')),
|
|
'code' => trim((string) ($input['code'] ?? '')),
|
|
'active' => self::normalizeActive($input['active'] ?? 1),
|
|
];
|
|
}
|
|
|
|
private static function validateBase(array $form, int $excludeId): array
|
|
{
|
|
$errors = [];
|
|
if ($form['description'] === '') {
|
|
$errors[] = t('Description cannot be empty');
|
|
}
|
|
$code = $form['code'] ?? '';
|
|
if ($code !== '' && RoleRepository::existsByCode($code, $excludeId)) {
|
|
$errors[] = t('Role code already exists');
|
|
}
|
|
return $errors;
|
|
}
|
|
|
|
private static function normalizeActive($value): int
|
|
{
|
|
$value = strtolower(trim((string) $value));
|
|
if (in_array($value, ['0', 'false', 'inactive'], true)) {
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
}
|