100 lines
3.1 KiB
PHP
100 lines
3.1 KiB
PHP
<?php
|
|
|
|
namespace KTXC\Controllers;
|
|
|
|
use KTXC\Http\Response\JsonResponse;
|
|
use KTXC\Module\ModuleManager;
|
|
use KTXC\Security\Authorization\PermissionChecker;
|
|
use KTXC\Service\UserAccountsService;
|
|
use KTXC\SessionIdentity;
|
|
use KTXF\Controller\ControllerAbstract;
|
|
use KTXC\SessionTenant;
|
|
use KTXF\Routing\Attributes\AuthenticatedRoute;
|
|
|
|
class InitController extends ControllerAbstract
|
|
{
|
|
public function __construct(
|
|
private readonly SessionTenant $tenant,
|
|
private readonly SessionIdentity $userIdentity,
|
|
private readonly ModuleManager $moduleManager,
|
|
private readonly UserAccountsService $userService,
|
|
private readonly PermissionChecker $permissionChecker,
|
|
) {}
|
|
|
|
#[AuthenticatedRoute(
|
|
'/init',
|
|
name: 'init',
|
|
methods: ['GET']
|
|
)]
|
|
public function index(): JsonResponse {
|
|
|
|
$configuration = [];
|
|
|
|
// modules - filter by permissions
|
|
$configuration['modules'] = [];
|
|
foreach ($this->moduleManager->list() as $module) {
|
|
if (!method_exists($module, 'bootUi')) {
|
|
continue;
|
|
}
|
|
|
|
// Check if user has permission to view this module
|
|
// Allow access if user has: {module_handle}, {module_handle}.*, or * permission
|
|
$handle = $module->handle();
|
|
if (!$this->hasModuleViewPermission($handle)) {
|
|
continue;
|
|
}
|
|
|
|
$configuration['modules'][$handle] = $module->bootUi();
|
|
}
|
|
|
|
// tenant
|
|
$configuration['tenant'] = [
|
|
'id' => $this->tenant->identifier(),
|
|
'domain' => $this->tenant->domain(),
|
|
'label' => $this->tenant->label(),
|
|
];
|
|
|
|
// user
|
|
$configuration['user'] = [
|
|
'auth' => [
|
|
'identifier' => $this->userIdentity->identifier(),
|
|
'identity' => $this->userIdentity->identity()->getIdentity(),
|
|
'label' => $this->userIdentity->label(),
|
|
'roles' => $this->userIdentity->identity()->getRoles(),
|
|
'permissions' => $this->userIdentity->identity()->getPermissions(),
|
|
],
|
|
'profile' => $this->userService->getEditableFields($this->userIdentity->identifier()),
|
|
'settings' => $this->userService->fetchSettings(),
|
|
];
|
|
|
|
return new JsonResponse($configuration);
|
|
|
|
}
|
|
|
|
/**
|
|
* Check if user has permission to view a module
|
|
*
|
|
* Checks for the following permissions (in order):
|
|
* 1. {module_handle} - module access permission
|
|
* 2. {module_handle}.* - wildcard for the module
|
|
* 3. * - global wildcard
|
|
*
|
|
* @param string $moduleHandle The module handle to check
|
|
* @return bool
|
|
*/
|
|
private function hasModuleViewPermission(string $moduleHandle): bool
|
|
{
|
|
// Core module is always accessible to authenticated users
|
|
if ($moduleHandle === 'core') {
|
|
return true;
|
|
}
|
|
|
|
// Check for specific module permission or wildcard permissions
|
|
return $this->permissionChecker->canAny([
|
|
"{$moduleHandle}",
|
|
"{$moduleHandle}.*",
|
|
]);
|
|
}
|
|
|
|
}
|