fix api security issues and update pages issue

This commit is contained in:
root
2026-06-04 16:41:19 -04:00
parent feb6be0610
commit 5e5fe3794a
32 changed files with 1628 additions and 37 deletions
+26 -2
View File
@@ -3,6 +3,8 @@
namespace App\Services\Roles;
use App\Models\UserRole;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
class RoleSwitchService
{
@@ -16,8 +18,30 @@ class RoleSwitchService
return array_values(array_filter(array_map(fn ($r) => (string) ($r['role_name'] ?? ''), $roles)));
}
public function switchRole(string $role): string
public function switchRole(int $userId, string $role): string
{
return $this->dashboardService->bestDashboardRouteFor([$role]);
$requested = strtolower(trim($role));
if ($requested === '') {
throw new NotFoundHttpException('Role not found.');
}
$roles = $this->getUserRoleNames($userId);
$matchedRole = null;
foreach ($roles as $assignedRole) {
$normalized = strtolower(trim($assignedRole));
if ($normalized === $requested) {
$matchedRole = $assignedRole;
break;
}
}
if ($matchedRole === null) {
throw new AccessDeniedHttpException('Invalid role selected.');
}
session()->put('role', $matchedRole);
return $this->dashboardService->bestDashboardRouteFor([$matchedRole]);
}
}