ahmido
e241e27853
Implements the Settings foundation workspace controls. Includes: - Settings foundation UI/controls scoped to workspace context - Related onboarding/consent flow adjustments as included in branch history Testing: - `vendor/bin/sail artisan test --compact --no-ansi --filter=SettingsFoundation` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #119
220 lines
7.2 KiB
PHP
220 lines
7.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Services\Settings;
|
|
|
|
use App\Models\Tenant;
|
|
use App\Models\TenantSetting;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Models\WorkspaceSetting;
|
|
use App\Services\Audit\WorkspaceAuditLogger;
|
|
use App\Services\Auth\WorkspaceCapabilityResolver;
|
|
use App\Support\Audit\AuditActionId;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Settings\SettingDefinition;
|
|
use App\Support\Settings\SettingsRegistry;
|
|
use Illuminate\Auth\Access\AuthorizationException;
|
|
use Illuminate\Support\Facades\Validator;
|
|
use Illuminate\Validation\ValidationException;
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
|
|
class SettingsWriter
|
|
{
|
|
public function __construct(
|
|
private SettingsRegistry $registry,
|
|
private SettingsResolver $resolver,
|
|
private WorkspaceAuditLogger $auditLogger,
|
|
private WorkspaceCapabilityResolver $workspaceCapabilityResolver,
|
|
) {}
|
|
|
|
public function updateWorkspaceSetting(User $actor, Workspace $workspace, string $domain, string $key, mixed $value): WorkspaceSetting
|
|
{
|
|
$this->authorizeManage($actor, $workspace);
|
|
|
|
$definition = $this->requireDefinition($domain, $key);
|
|
$normalizedValue = $this->validatedValue($definition, $value);
|
|
|
|
$existing = WorkspaceSetting::query()
|
|
->where('workspace_id', (int) $workspace->getKey())
|
|
->where('domain', $domain)
|
|
->where('key', $key)
|
|
->first();
|
|
|
|
$beforeValue = $existing instanceof WorkspaceSetting
|
|
? $this->decodeStoredValue($existing->getAttribute('value'))
|
|
: null;
|
|
|
|
$setting = WorkspaceSetting::query()->updateOrCreate([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'domain' => $domain,
|
|
'key' => $key,
|
|
], [
|
|
'value' => $normalizedValue,
|
|
'updated_by_user_id' => (int) $actor->getKey(),
|
|
]);
|
|
|
|
$this->resolver->clearCache();
|
|
|
|
$afterValue = $this->resolver->resolveValue($workspace, $domain, $key);
|
|
|
|
$this->auditLogger->log(
|
|
workspace: $workspace,
|
|
action: AuditActionId::WorkspaceSettingUpdated->value,
|
|
context: [
|
|
'metadata' => [
|
|
'scope' => 'workspace',
|
|
'domain' => $domain,
|
|
'key' => $key,
|
|
'before_value' => $beforeValue,
|
|
'after_value' => $afterValue,
|
|
],
|
|
],
|
|
actor: $actor,
|
|
resourceType: 'workspace_setting',
|
|
resourceId: $domain.'.'.$key,
|
|
);
|
|
|
|
return $setting;
|
|
}
|
|
|
|
public function resetWorkspaceSetting(User $actor, Workspace $workspace, string $domain, string $key): void
|
|
{
|
|
$this->authorizeManage($actor, $workspace);
|
|
|
|
$this->requireDefinition($domain, $key);
|
|
|
|
$existing = WorkspaceSetting::query()
|
|
->where('workspace_id', (int) $workspace->getKey())
|
|
->where('domain', $domain)
|
|
->where('key', $key)
|
|
->first();
|
|
|
|
$beforeValue = $existing instanceof WorkspaceSetting
|
|
? $this->decodeStoredValue($existing->getAttribute('value'))
|
|
: null;
|
|
|
|
if ($existing instanceof WorkspaceSetting) {
|
|
$existing->delete();
|
|
}
|
|
|
|
$this->resolver->clearCache();
|
|
|
|
$afterValue = $this->resolver->resolveValue($workspace, $domain, $key);
|
|
|
|
$this->auditLogger->log(
|
|
workspace: $workspace,
|
|
action: AuditActionId::WorkspaceSettingReset->value,
|
|
context: [
|
|
'metadata' => [
|
|
'scope' => 'workspace',
|
|
'domain' => $domain,
|
|
'key' => $key,
|
|
'before_value' => $beforeValue,
|
|
'after_value' => $afterValue,
|
|
],
|
|
],
|
|
actor: $actor,
|
|
resourceType: 'workspace_setting',
|
|
resourceId: $domain.'.'.$key,
|
|
);
|
|
}
|
|
|
|
public function updateTenantSetting(User $actor, Workspace $workspace, Tenant $tenant, string $domain, string $key, mixed $value): TenantSetting
|
|
{
|
|
$this->authorizeManage($actor, $workspace);
|
|
$this->assertTenantBelongsToWorkspace($workspace, $tenant);
|
|
|
|
$definition = $this->requireDefinition($domain, $key);
|
|
$normalizedValue = $this->validatedValue($definition, $value);
|
|
|
|
$setting = TenantSetting::query()->updateOrCreate([
|
|
'workspace_id' => (int) $workspace->getKey(),
|
|
'tenant_id' => (int) $tenant->getKey(),
|
|
'domain' => $domain,
|
|
'key' => $key,
|
|
], [
|
|
'value' => $normalizedValue,
|
|
'updated_by_user_id' => (int) $actor->getKey(),
|
|
]);
|
|
|
|
$this->resolver->clearCache();
|
|
|
|
return $setting;
|
|
}
|
|
|
|
public function resetTenantSetting(User $actor, Workspace $workspace, Tenant $tenant, string $domain, string $key): void
|
|
{
|
|
$this->authorizeManage($actor, $workspace);
|
|
$this->assertTenantBelongsToWorkspace($workspace, $tenant);
|
|
|
|
$this->requireDefinition($domain, $key);
|
|
|
|
TenantSetting::query()
|
|
->where('workspace_id', (int) $workspace->getKey())
|
|
->where('tenant_id', (int) $tenant->getKey())
|
|
->where('domain', $domain)
|
|
->where('key', $key)
|
|
->delete();
|
|
|
|
$this->resolver->clearCache();
|
|
}
|
|
|
|
private function requireDefinition(string $domain, string $key): SettingDefinition
|
|
{
|
|
$definition = $this->registry->find($domain, $key);
|
|
|
|
if ($definition instanceof SettingDefinition) {
|
|
return $definition;
|
|
}
|
|
|
|
throw ValidationException::withMessages([
|
|
'key' => [sprintf('Unknown setting key: %s.%s', $domain, $key)],
|
|
]);
|
|
}
|
|
|
|
private function validatedValue(SettingDefinition $definition, mixed $value): mixed
|
|
{
|
|
$validator = Validator::make(
|
|
data: ['value' => $value],
|
|
rules: ['value' => $definition->rules],
|
|
);
|
|
|
|
if ($validator->fails()) {
|
|
throw ValidationException::withMessages($validator->errors()->toArray());
|
|
}
|
|
|
|
return $definition->normalize($validator->validated()['value']);
|
|
}
|
|
|
|
private function authorizeManage(User $actor, Workspace $workspace): void
|
|
{
|
|
if (! $this->workspaceCapabilityResolver->isMember($actor, $workspace)) {
|
|
throw new NotFoundHttpException('Workspace not found.');
|
|
}
|
|
|
|
if (! $this->workspaceCapabilityResolver->can($actor, $workspace, Capabilities::WORKSPACE_SETTINGS_MANAGE)) {
|
|
throw new AuthorizationException('Missing workspace settings manage capability.');
|
|
}
|
|
}
|
|
|
|
private function assertTenantBelongsToWorkspace(Workspace $workspace, Tenant $tenant): void
|
|
{
|
|
if ((int) $tenant->workspace_id !== (int) $workspace->getKey()) {
|
|
throw new NotFoundHttpException('Tenant is outside the selected workspace scope.');
|
|
}
|
|
}
|
|
|
|
private function decodeStoredValue(mixed $value): mixed
|
|
{
|
|
if (! is_string($value)) {
|
|
return $value;
|
|
}
|
|
|
|
$decoded = json_decode($value, true);
|
|
|
|
return json_last_error() === JSON_ERROR_NONE ? $decoded : $value;
|
|
}
|
|
}
|