Refactor routes and controllers for RESTful resource access

Updated controllers and routes to use RESTful resource-based URLs and parameter passing for groups, users, and notification channels. Added user isolation checks for domain and group access, ensuring proper data filtering based on isolation mode. Adjusted views to match new route structure and improved security and maintainability by removing reliance on query parameters for resource identification.
2025-10-20 21:08:09 +03:00
parent c4e4196e02
commit ac7a0c0aa8
10 changed files with 266 additions and 94 deletions
--- a/app/Models/Domain.php
+++ b/app/Models/Domain.php
@@ -91,15 +91,22 @@ class Domain extends Model
    /**
     * Get domain with notification channels
     */
-    public function getWithChannels(int $id): ?array
+    public function getWithChannels(int $id, ?int $userId = null): ?array
    {
        $sql = "SELECT d.*, ng.name as group_name, ng.id as group_id
                FROM domains d 
                LEFT JOIN notification_groups ng ON d.notification_group_id = ng.id 
                WHERE d.id = ?";
+        
+        $params = [$id];
+        
+        if ($userId) {
+            $sql .= " AND d.user_id = ?";
+            $params[] = $userId;
+        }

        $stmt = $this->db->prepare($sql);
-        $stmt->execute([$id]);
+        $stmt->execute($params);
        $domain = $stmt->fetch();

        if (!$domain) {
@@ -117,6 +124,25 @@ class Domain extends Model
        return $domain;
    }

+    /**
+     * Find domain by ID with user isolation support
+     */
+    public function findWithIsolation(int $id, ?int $userId = null): ?array
+    {
+        $sql = "SELECT * FROM domains WHERE id = ?";
+        $params = [$id];
+        
+        if ($userId) {
+            $sql .= " AND user_id = ?";
+            $params[] = $userId;
+        }
+        
+        $stmt = $this->db->prepare($sql);
+        $stmt->execute($params);
+        $result = $stmt->fetch();
+        return $result ?: null;
+    }
+
    /**
     * Check if domain exists
     */
@@ -362,19 +388,26 @@ class Domain extends Model
    /**
     * Search domains for suggestions (quick search)
     */
-    public function searchSuggestions(string $query, int $limit = 5): array
+    public function searchSuggestions(string $query, int $limit = 5, ?int $userId = null): array
    {
        $sql = "SELECT d.id, d.domain_name, d.registrar, d.expiration_date, d.status, ng.name as group_name 
                FROM domains d 
                LEFT JOIN notification_groups ng ON d.notification_group_id = ng.id 
-                WHERE d.domain_name LIKE ? 
-                   OR d.registrar LIKE ?
-                ORDER BY d.domain_name ASC
-                LIMIT ?";
+                WHERE (d.domain_name LIKE ? 
+                   OR d.registrar LIKE ?)";
+        
+        $params = ['%' . $query . '%', '%' . $query . '%'];
+        
+        if ($userId) {
+            $sql .= " AND d.user_id = ?";
+            $params[] = $userId;
+        }
+        
+        $sql .= " ORDER BY d.domain_name ASC LIMIT ?";
+        $params[] = $limit;

-        $searchTerm = '%' . $query . '%';
        $stmt = $this->db->prepare($sql);
-        $stmt->execute([$searchTerm, $searchTerm, $limit]);
+        $stmt->execute($params);
        return $stmt->fetchAll();
    }