implement automatic account selection and validate identity profiles

thorewi · thorewi · commit e982e69dbd0d · 2026-03-19T11:31:44.000+01:00
- Add `SelectAccountListenerTrait` to automatically manage the `selectedAccount` for identities based on profile activity and backoffice access.
- Update `IdentityProfileFormTrait` to ensure an identity has at least one role or profile assigned.
- Optimize `AuthPresenterTrait` to prevent redundant database flushes when the selected account has not changed.
- Add `IsActiveFilterTrait` to the base query trait.
diff --git a/src/Model/Listeners/SelectAccountListenerTrait.php b/src/Model/Listeners/SelectAccountListenerTrait.php
@@ -0,0 +1,91 @@
+<?php
+
+declare(strict_types=1);
+
+namespace ADT\FancyAdmin\Model\Listeners;
+
+use ADT\FancyAdmin\Model\Entities\Identity;
+use ADT\FancyAdmin\Model\Entities\Profile;
+use ADT\FancyAdmin\Model\FancyAdmin;
+use ADT\FancyAdmin\Model\Security\SecurityUser;
+use Doctrine\ORM\Event\OnFlushEventArgs;
+use Doctrine\ORM\Events;
+
+trait SelectAccountListenerTrait
+{
+	public function __construct(
+		protected readonly SecurityUser $securityUser,
+		protected readonly FancyAdmin $fancyAdmin,
+	) {
+	}
+
+	public function getSubscribedEvents(): array
+	{
+		return [
+			Events::onFlush,
+		];
+	}
+
+	public function onFlushCallback(OnFlushEventArgs $args): void
+	{
+		if (!$this->securityUser->isLoggedIn()) {
+			return;
+		}
+
+		$em = $args->getObjectManager();
+		$uow = $em->getUnitOfWork();
+
+		$identities = [];
+
+		foreach (array_merge($uow->getScheduledEntityUpdates(), $uow->getScheduledEntityInsertions()) as $entity) {
+			if ($entity instanceof Identity) {
+				$identities[$entity->getId()] = $entity;
+			} elseif ($entity instanceof Profile) {
+				$identity = $entity->getIdentity();
+				$identities[$identity->getId()] = $identity;
+			}
+		}
+
+		foreach ($identities as $identity) {
+			$selectedAccount = $identity->getSelectedAccount();
+			$hasBackoffice = $identity->isAllowed($this->fancyAdmin->getBackofficeAclResource());
+
+			// 1) nemá backoffice přístup a nemá nastavený selectedAccount -> nastav první aktivní profil
+			if (!$hasBackoffice && !$selectedAccount) {
+				$identity->setSelectedAccount($this->getFirstActiveProfile($identity)?->getAccount());
+				$this->entitiesToRecompute[] = $identity;
+			}
+
+			// 2) má nastavený selectedAccount, ale odpovídající profil je neaktivní
+			if ($selectedAccount) {
+				$profileIsActive = false;
+				foreach ($identity->getProfiles() as $_profile) {
+					if ($_profile->getAccount() === $selectedAccount && $_profile->getIsActive()) {
+						$profileIsActive = true;
+						break;
+					}
+				}
+
+				if (!$profileIsActive) {
+					if ($hasBackoffice) {
+						$identity->setSelectedAccount(null);
+					} else {
+						$identity->setSelectedAccount($this->getFirstActiveProfile($identity)?->getAccount());
+					}
+					$this->entitiesToRecompute[] = $identity;
+				}
+			}
+		}
+	}
+
+	private function getFirstActiveProfile(Identity $identity): ?Profile
+	{
+		foreach ($identity->getProfiles() as $_profile) {
+			if ($_profile->getIsActive()) {
+				return $_profile;
+			}
+		}
+
+		return null;
+	}
+}
diff --git a/src/Model/Queries/Abstract/BaseQueryTrait.php b/src/Model/Queries/Abstract/BaseQueryTrait.php
@@ -6,6 +6,7 @@
 
 use ADT\Components\AjaxSelect\Traits\OrByIdFilterTrait;
 use ADT\DoctrineComponents\QueryObject\Filters\IsActiveFilter;
+use ADT\DoctrineComponents\QueryObject\Filters\IsActiveFilterTrait;
 use ADT\DoctrineComponents\QueryObject\QueryObjectByMode;
 use ADT\FancyAdmin\Model\Entities\Account;
 use ADT\FancyAdmin\Model\Security\SecurityUser;
@@ -14,6 +15,7 @@
 trait BaseQueryTrait
 {
 	use OrByIdFilterTrait;
+	use IsActiveFilterTrait;
 
 	abstract protected function applySecurityFilter(): void;
 	abstract protected function applyAccountFilter(QueryBuilder $qb, Account $account): void;
diff --git a/src/UI/Components/Forms/IdentityProfileFormTrait.php b/src/UI/Components/Forms/IdentityProfileFormTrait.php
@@ -59,7 +59,8 @@ public function addFormFields(Form $form, Identity|Profile|null $entity, bool $i
 
 			if ($isEdit || $primaryEl['email']->getValue()) {
 				$this->addIsActiveField($form);
-				if (!$isEdit) {
+				$submittedBySearch = $form->isSubmitted() instanceof SubmitterControl && $form->isSubmitted()->getName() === 'search';
+				if ($submittedBySearch) {
 					$form['isActive']->setValue(true);
 				}
 
@@ -68,10 +69,13 @@ public function addFormFields(Form $form, Identity|Profile|null $entity, bool $i
 
 					$form->addDynamicContainer(
 						'profiles',
-						function (StaticContainer $container) use ($form, $entity) {
+						function (StaticContainer $container) use ($form, $entity, $submittedBySearch) {
 							$_profile = $entity?->getProfiles()[$container->getName()] ?? null;
 
 							$container->addCheckbox('isActive', 'fcadmin.forms.user.labels.isActive');
+							if ($submittedBySearch) {
+								$container['isActive']->setValue(true);
+							}
 							$this->addRoles($container, $this->getProfileRoles($this->_fancyAdmin->getContext()), required: true);
 							$container->addSelect('account', 'fcadmin.forms.user.labels.company', $this->_accountQueryFactory->create()->disableAccountFilter()->orById($_profile?->getAccount()->getId())->fetchPairs('fullName'))
 								->setPrompt('---');
@@ -194,6 +198,18 @@ public function processUserForm(Identity $identity): void
 		}
 	}
 
+	protected function validateForm(Form $form): void
+	{
+		if (!isset($form['profiles'])) {
+			return;
+		}
+
+		$hasProfiles = count($form['profiles']->getContainers()) > 0;
+		if (!$hasProfiles && !$form['roles']->getValue()) {
+			$form['roles']->addError('Role je povinná, pokud není přidaný žádný profil.');
+		}
+	}
+
 	protected function getIdentityRoles(?string $context): array
 	{
 		return  $this->_aclRoleQueryFactory->create()->byType(AclRoleTypeEnum::IDENTITY)->byContext($context)->fetch();
diff --git a/src/UI/Presenters/AuthPresenterTrait.php b/src/UI/Presenters/AuthPresenterTrait.php
@@ -65,11 +65,15 @@ protected function startup(): void
 		}
 
 		if ($this->getParameter('selectedAccount')) {
-			$this->getUser()->getIdentity()->setSelectedAccount($this->_accountQueryFactory->create()->disableAccountFilter()->byId($this->getParameter('selectedAccount'))->fetchOne());
-			$this->_em->flush();
+			if ($this->getUser()->getIdentity()->getSelectedAccount()?->getId() !== $this->getParameter('selectedAccount')) {
+				$this->getUser()->getIdentity()->setSelectedAccount($this->_accountQueryFactory->create()->disableAccountFilter()->byId($this->getParameter('selectedAccount'))->fetchOne());
+				$this->_em->flush();
+			}
 		} elseif ($this->getUser()->isAllowed($this->_fancyAdmin->getBackofficeAclResource())) {
-			$this->getUser()->getIdentity()->setSelectedAccount(null);
-			$this->_em->flush();
+			if ($this->getUser()->getIdentity()->getSelectedAccount()) {
+				$this->getUser()->getIdentity()->setSelectedAccount(null);
+				$this->_em->flush();
+			}
 		} elseif ($this->getUser()->getIdentity()->getSelectedAccount()) {
 			// TODO odstranit
 			try {
