userModel = new UserModel(); $this->roleModel = new RoleModel(); $this->userRoleModel = new UserRoleModel(); } /** * Login with email and password. * * @param string $email * @param string $password * @return array|null User data + roles, or null on failure */ public function login(string $email, string $password): ?array { $user = $this->userModel->findByEmail($email); if (!$user || !$user->isActive()) { return null; } if (!password_verify($password, $user->password_hash)) { return null; } $session = session(); $session->set(self::SESSION_USER_ID, $user->id); return $this->userWithRoles($user); } /** * Logout (destroy session auth data). */ public function logout(): void { $session = session(); $session->remove(self::SESSION_USER_ID); } /** * Get current logged-in user with roles, or null. * * @return array|null { id, name, email, roles: [ role_code, role_name ] } */ public function currentUser(): ?array { $session = session(); $userId = $session->get(self::SESSION_USER_ID); if (!$userId) { return null; } $user = $this->userModel->find($userId); if (!$user || !$user->isActive()) { $session->remove(self::SESSION_USER_ID); return null; } return $this->userWithRoles($user); } /** * Build user array with roles (no password). */ protected function userWithRoles($user): array { $roleIds = $this->userRoleModel->getRoleIdsForUser($user->id); $roles = []; foreach ($roleIds as $roleId) { $role = $this->roleModel->find($roleId); if ($role) { $roles[] = [ 'role_code' => $role->role_code, 'role_name' => $role->role_name, ]; } } return [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'roles' => $roles, ]; } }