202 lines
6.4 KiB
PHP
202 lines
6.4 KiB
PHP
<?php
|
|
|
|
namespace KTXC\Controllers;
|
|
|
|
use KTXC\Http\Response\JsonResponse;
|
|
use KTXC\SessionIdentity;
|
|
use KTXC\SessionTenant;
|
|
use KTXC\Service\UserRolesService;
|
|
use KTXF\Controller\ControllerAbstract;
|
|
use KTXF\Routing\Attributes\AuthenticatedRoute;
|
|
use Psr\Log\LoggerInterface;
|
|
|
|
/**
|
|
* User Roles Controller
|
|
* Core administrative role management operations
|
|
*/
|
|
class UserRolesController extends ControllerAbstract
|
|
{
|
|
public function __construct(
|
|
private readonly SessionTenant $tenantIdentity,
|
|
private readonly SessionIdentity $userIdentity,
|
|
private readonly UserRolesService $roleService,
|
|
private readonly LoggerInterface $logger
|
|
) {}
|
|
|
|
/**
|
|
* Main versioned endpoint for role management
|
|
*/
|
|
#[AuthenticatedRoute('/user/roles/v1', name: 'user.roles.v1', methods: ['POST'])]
|
|
public function index(int $version, string $transaction, string $operation, array $data = []): JsonResponse
|
|
{
|
|
try {
|
|
// Check role admin permission
|
|
if (!$this->userIdentity->hasPermission('role.admin')) {
|
|
return new JsonResponse([
|
|
'status' => 'error',
|
|
'data' => ['code' => 403, 'message' => 'Insufficient permissions']
|
|
], JsonResponse::HTTP_FORBIDDEN);
|
|
}
|
|
|
|
$result = $this->process($operation, $data);
|
|
|
|
return new JsonResponse([
|
|
'version' => $version,
|
|
'transaction' => $transaction,
|
|
'operation' => $operation,
|
|
'status' => 'success',
|
|
'data' => $result,
|
|
], JsonResponse::HTTP_OK);
|
|
|
|
} catch (\InvalidArgumentException $e) {
|
|
$this->logger->error('Role manager validation error', [
|
|
'operation' => $operation,
|
|
'error' => $e->getMessage(),
|
|
'trace' => $e->getTraceAsString()
|
|
]);
|
|
|
|
return new JsonResponse([
|
|
'version' => $version,
|
|
'transaction' => $transaction,
|
|
'operation' => $operation,
|
|
'status' => 'error',
|
|
'data' => ['code' => 400, 'message' => $e->getMessage()]
|
|
], JsonResponse::HTTP_BAD_REQUEST);
|
|
|
|
} catch (\Throwable $e) {
|
|
$this->logger->error('Role manager operation failed', [
|
|
'operation' => $operation,
|
|
'error' => $e->getMessage(),
|
|
'trace' => $e->getTraceAsString()
|
|
]);
|
|
|
|
return new JsonResponse([
|
|
'version' => $version,
|
|
'transaction' => $transaction,
|
|
'operation' => $operation,
|
|
'status' => 'error',
|
|
'data' => ['code' => $e->getCode(), 'message' => $e->getMessage()]
|
|
], JsonResponse::HTTP_INTERNAL_SERVER_ERROR);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Process operation
|
|
*/
|
|
private function process(string $operation, array $data): mixed
|
|
{
|
|
return match ($operation) {
|
|
'role.list' => $this->roleList($data),
|
|
'role.fetch' => $this->roleFetch($data),
|
|
'role.create' => $this->roleCreate($data),
|
|
'role.update' => $this->roleUpdate($data),
|
|
'role.delete' => $this->roleDelete($data),
|
|
'permissions.list' => $this->permissionsList($data),
|
|
default => throw new \InvalidArgumentException("Invalid operation: {$operation}"),
|
|
};
|
|
}
|
|
|
|
// =========================================================================
|
|
// Role Operations
|
|
// =========================================================================
|
|
|
|
/**
|
|
* List all roles
|
|
*/
|
|
private function roleList(array $data): array
|
|
{
|
|
$roles = $this->roleService->listRoles();
|
|
|
|
// Add user count to each role
|
|
foreach ($roles as &$role) {
|
|
$role['user_count'] = $this->roleService->getRoleUserCount($role['rid']);
|
|
}
|
|
|
|
return $roles;
|
|
}
|
|
|
|
/**
|
|
* Fetch single role
|
|
*/
|
|
private function roleFetch(array $data): array
|
|
{
|
|
$rid = $data['rid'] ?? throw new \InvalidArgumentException('Role ID required');
|
|
|
|
$role = $this->roleService->getRole($rid);
|
|
if (!$role) {
|
|
throw new \InvalidArgumentException('Role not found');
|
|
}
|
|
|
|
$role['user_count'] = $this->roleService->getRoleUserCount($rid);
|
|
|
|
return $role;
|
|
}
|
|
|
|
/**
|
|
* Create new role
|
|
*/
|
|
private function roleCreate(array $data): array
|
|
{
|
|
if (!$this->userIdentity->hasPermission('role.manage')) {
|
|
throw new \InvalidArgumentException('Insufficient permissions to create roles');
|
|
}
|
|
|
|
$roleData = [
|
|
'label' => $data['label'] ?? throw new \InvalidArgumentException('Role label required'),
|
|
'description' => $data['description'] ?? '',
|
|
'permissions' => $data['permissions'] ?? []
|
|
];
|
|
|
|
return $this->roleService->createRole($roleData);
|
|
}
|
|
|
|
/**
|
|
* Update existing role
|
|
*/
|
|
private function roleUpdate(array $data): bool
|
|
{
|
|
if (!$this->userIdentity->hasPermission('role.manage')) {
|
|
throw new \InvalidArgumentException('Insufficient permissions to update roles');
|
|
}
|
|
|
|
$rid = $data['rid'] ?? throw new \InvalidArgumentException('Role ID required');
|
|
|
|
$updates = [];
|
|
$allowedFields = ['label', 'description', 'permissions'];
|
|
|
|
foreach ($allowedFields as $field) {
|
|
if (isset($data[$field])) {
|
|
$updates[$field] = $data[$field];
|
|
}
|
|
}
|
|
|
|
if (empty($updates)) {
|
|
throw new \InvalidArgumentException('No valid fields to update');
|
|
}
|
|
|
|
return $this->roleService->updateRole($rid, $updates);
|
|
}
|
|
|
|
/**
|
|
* Delete role
|
|
*/
|
|
private function roleDelete(array $data): bool
|
|
{
|
|
if (!$this->userIdentity->hasPermission('role.manage')) {
|
|
throw new \InvalidArgumentException('Insufficient permissions to delete roles');
|
|
}
|
|
|
|
$rid = $data['rid'] ?? throw new \InvalidArgumentException('Role ID required');
|
|
|
|
return $this->roleService->deleteRole($rid);
|
|
}
|
|
|
|
/**
|
|
* Get available permissions
|
|
*/
|
|
private function permissionsList(array $data): array
|
|
{
|
|
return $this->roleService->availablePermissions();
|
|
}
|
|
}
|