ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
097-settings-foundation
TenantAtlas/app/Services/Settings/SettingsWriter.php

220 lines
7.2 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
namespace App\Services\Settings;
use App\Models\Tenant;
use App\Models\TenantSetting;
use App\Models\User;
use App\Models\Workspace;
use App\Models\WorkspaceSetting;
use App\Services\Audit\WorkspaceAuditLogger;
use App\Services\Auth\WorkspaceCapabilityResolver;
use App\Support\Audit\AuditActionId;
use App\Support\Auth\Capabilities;
use App\Support\Settings\SettingDefinition;
use App\Support\Settings\SettingsRegistry;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\ValidationException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class SettingsWriter
{
public function __construct(
private SettingsRegistry $registry,
private SettingsResolver $resolver,
private WorkspaceAuditLogger $auditLogger,
private WorkspaceCapabilityResolver $workspaceCapabilityResolver,
) {}
public function updateWorkspaceSetting(User $actor, Workspace $workspace, string $domain, string $key, mixed $value): WorkspaceSetting
{
$this->authorizeManage($actor, $workspace);
$definition = $this->requireDefinition($domain, $key);
$normalizedValue = $this->validatedValue($definition, $value);
$existing = WorkspaceSetting::query()
->where('workspace_id', (int) $workspace->getKey())
->where('domain', $domain)
->where('key', $key)
->first();
$beforeValue = $existing instanceof WorkspaceSetting
? $this->decodeStoredValue($existing->getAttribute('value'))
: null;
$setting = WorkspaceSetting::query()->updateOrCreate([
'workspace_id' => (int) $workspace->getKey(),
'domain' => $domain,
'key' => $key,
], [
'value' => $normalizedValue,
'updated_by_user_id' => (int) $actor->getKey(),
]);
$this->resolver->clearCache();
$afterValue = $this->resolver->resolveValue($workspace, $domain, $key);
$this->auditLogger->log(
workspace: $workspace,
action: AuditActionId::WorkspaceSettingUpdated->value,
context: [
'metadata' => [
'scope' => 'workspace',
'domain' => $domain,
'key' => $key,
'before_value' => $beforeValue,
'after_value' => $afterValue,
],
],
actor: $actor,
resourceType: 'workspace_setting',
resourceId: $domain.'.'.$key,
);
return $setting;
}
public function resetWorkspaceSetting(User $actor, Workspace $workspace, string $domain, string $key): void
{
$this->authorizeManage($actor, $workspace);
$this->requireDefinition($domain, $key);
$existing = WorkspaceSetting::query()
->where('workspace_id', (int) $workspace->getKey())
->where('domain', $domain)
->where('key', $key)
->first();
$beforeValue = $existing instanceof WorkspaceSetting
? $this->decodeStoredValue($existing->getAttribute('value'))
: null;
if ($existing instanceof WorkspaceSetting) {
$existing->delete();
}
$this->resolver->clearCache();
$afterValue = $this->resolver->resolveValue($workspace, $domain, $key);
$this->auditLogger->log(
workspace: $workspace,
action: AuditActionId::WorkspaceSettingReset->value,
context: [
'metadata' => [
'scope' => 'workspace',
'domain' => $domain,
'key' => $key,
'before_value' => $beforeValue,
'after_value' => $afterValue,
],
],
actor: $actor,
resourceType: 'workspace_setting',
resourceId: $domain.'.'.$key,
);
}
public function updateTenantSetting(User $actor, Workspace $workspace, Tenant $tenant, string $domain, string $key, mixed $value): TenantSetting
{
$this->authorizeManage($actor, $workspace);
$this->assertTenantBelongsToWorkspace($workspace, $tenant);
$definition = $this->requireDefinition($domain, $key);
$normalizedValue = $this->validatedValue($definition, $value);
$setting = TenantSetting::query()->updateOrCreate([
'workspace_id' => (int) $workspace->getKey(),
'tenant_id' => (int) $tenant->getKey(),
'domain' => $domain,
'key' => $key,
], [
'value' => $normalizedValue,
'updated_by_user_id' => (int) $actor->getKey(),
]);
$this->resolver->clearCache();
return $setting;
}
public function resetTenantSetting(User $actor, Workspace $workspace, Tenant $tenant, string $domain, string $key): void
{
$this->authorizeManage($actor, $workspace);
$this->assertTenantBelongsToWorkspace($workspace, $tenant);
$this->requireDefinition($domain, $key);
TenantSetting::query()
->where('workspace_id', (int) $workspace->getKey())
->where('tenant_id', (int) $tenant->getKey())
->where('domain', $domain)
->where('key', $key)
->delete();
$this->resolver->clearCache();
}
private function requireDefinition(string $domain, string $key): SettingDefinition
{
$definition = $this->registry->find($domain, $key);
if ($definition instanceof SettingDefinition) {
return $definition;
}
throw ValidationException::withMessages([
'key' => [sprintf('Unknown setting key: %s.%s', $domain, $key)],
]);
}
private function validatedValue(SettingDefinition $definition, mixed $value): mixed
{
$validator = Validator::make(
data: ['value' => $value],
rules: ['value' => $definition->rules],
);
if ($validator->fails()) {
throw ValidationException::withMessages($validator->errors()->toArray());
}
return $definition->normalize($validator->validated()['value']);
}
private function authorizeManage(User $actor, Workspace $workspace): void
{
if (! $this->workspaceCapabilityResolver->isMember($actor, $workspace)) {
throw new NotFoundHttpException('Workspace not found.');
}
if (! $this->workspaceCapabilityResolver->can($actor, $workspace, Capabilities::WORKSPACE_SETTINGS_MANAGE)) {
throw new AuthorizationException('Missing workspace settings manage capability.');
}
}
private function assertTenantBelongsToWorkspace(Workspace $workspace, Tenant $tenant): void
{
if ((int) $tenant->workspace_id !== (int) $workspace->getKey()) {
throw new NotFoundHttpException('Tenant is outside the selected workspace scope.');
}
}
private function decodeStoredValue(mixed $value): mixed
{
if (! is_string($value)) {
return $value;
}
$decoded = json_decode($value, true);
return json_last_error() === JSON_ERROR_NONE ? $decoded : $value;
}
}
Reference in New Issue View Git Blame Copy Permalink