add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
use MintyPHP\Buffer;
|
2026-03-06 11:28:22 +01:00
|
|
|
use MintyPHP\Http\SessionStoreInterface;
|
refactor(audit): extract audit domain into self-contained module
Move the entire audit subsystem (system audit, API audit, import audit,
user lifecycle audit, frontend telemetry) from core into modules/audit/.
Core decoupling via interface-based injection:
- AuditRecorderInterface replaces SystemAuditService in 10+ core services
- UserLifecycleAuditInterface / ImportAuditInterface for specialized flows
- NullAuditRecorder fallback when audit module is disabled
- ApiBootstrap/ApiResponse use null-safe callable resolvers
Module structure (modules/audit/):
- Manifest with routes, permissions, scheduler jobs, authorization policy
- 9 services, 8 repositories, 6 domain enums, 4 job handlers
- 33 page files, 4 JS files, 8 test files, migration scripts, i18n
Core cleanup:
- OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService
surgically cleaned of audit-specific constants
- Sidebar template cleared of hardcoded audit navigation
- AuditModuleIsolationContractTest ensures no future core→module coupling
All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5
clean, architecture contracts verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 21:12:49 +01:00
|
|
|
use MintyPHP\Module\Audit\AuditAuthorizationPolicy;
|
|
|
|
|
use MintyPHP\Module\Audit\Service\ApiAuditService;
|
|
|
|
|
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
|
2026-03-04 15:56:58 +01:00
|
|
|
use MintyPHP\Service\Access\UiAccessService;
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
use MintyPHP\Support\Guard;
|
|
|
|
|
|
2026-03-06 11:28:22 +01:00
|
|
|
$session = app(SessionStoreInterface::class)->all();
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
Guard::requireLogin();
|
refactor(audit): extract audit domain into self-contained module
Move the entire audit subsystem (system audit, API audit, import audit,
user lifecycle audit, frontend telemetry) from core into modules/audit/.
Core decoupling via interface-based injection:
- AuditRecorderInterface replaces SystemAuditService in 10+ core services
- UserLifecycleAuditInterface / ImportAuditInterface for specialized flows
- NullAuditRecorder fallback when audit module is disabled
- ApiBootstrap/ApiResponse use null-safe callable resolvers
Module structure (modules/audit/):
- Manifest with routes, permissions, scheduler jobs, authorization policy
- 9 services, 8 repositories, 6 domain enums, 4 job handlers
- 33 page files, 4 JS files, 8 test files, migration scripts, i18n
Core cleanup:
- OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService
surgically cleaned of audit-specific constants
- Sidebar template cleared of hardcoded audit navigation
- AuditModuleIsolationContractTest ensures no future core→module coupling
All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5
clean, architecture contracts verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 21:12:49 +01:00
|
|
|
Guard::requireAbility(AuditAuthorizationPolicy::ABILITY_API_AUDIT_VIEW);
|
2026-03-04 15:56:58 +01:00
|
|
|
$viewAuth['page'] = app(UiAccessService::class)->pageCapabilities(
|
2026-03-06 11:28:22 +01:00
|
|
|
(int) ($session['user']['id'] ?? 0),
|
refactor(audit): extract audit domain into self-contained module
Move the entire audit subsystem (system audit, API audit, import audit,
user lifecycle audit, frontend telemetry) from core into modules/audit/.
Core decoupling via interface-based injection:
- AuditRecorderInterface replaces SystemAuditService in 10+ core services
- UserLifecycleAuditInterface / ImportAuditInterface for specialized flows
- NullAuditRecorder fallback when audit module is disabled
- ApiBootstrap/ApiResponse use null-safe callable resolvers
Module structure (modules/audit/):
- Manifest with routes, permissions, scheduler jobs, authorization policy
- 9 services, 8 repositories, 6 domain enums, 4 job handlers
- 33 page files, 4 JS files, 8 test files, migration scripts, i18n
Core cleanup:
- OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService
surgically cleaned of audit-specific constants
- Sidebar template cleared of hardcoded audit navigation
- AuditModuleIsolationContractTest ensures no future core→module coupling
All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5
clean, architecture contracts verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 21:12:49 +01:00
|
|
|
['can_purge' => SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE]
|
2026-03-04 15:56:58 +01:00
|
|
|
);
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
|
|
|
|
|
Buffer::set('title', t('API audit logs'));
|
|
|
|
|
Buffer::set('grid_lang', json_encode(gridLang(), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
|
|
|
|
|
|
2026-03-04 15:56:58 +01:00
|
|
|
$filterSchema = require __DIR__ . '/filter-schema.php';
|
|
|
|
|
$filterState = gridParseFilters(requestInput()->queryAll(), [
|
|
|
|
|
...gridSchemaQuery($filterSchema),
|
|
|
|
|
'tenant_ids' => ['type' => 'csv_ids', 'max' => 200, 'return' => 'array'],
|
|
|
|
|
'user_ids' => ['type' => 'csv_ids', 'max' => 200, 'return' => 'array'],
|
|
|
|
|
]);
|
|
|
|
|
$filterOptions = app(ApiAuditService::class)->filterOptions(200);
|
|
|
|
|
|
|
|
|
|
$activeTenantIds = array_map('strval', is_array($filterState['tenant_ids'] ?? null) ? $filterState['tenant_ids'] : []);
|
|
|
|
|
$activeUserIds = array_map('strval', is_array($filterState['user_ids'] ?? null) ? $filterState['user_ids'] : []);
|
|
|
|
|
|
|
|
|
|
$apiAuditTenantItems = [];
|
|
|
|
|
foreach ((array) ($filterOptions['tenants'] ?? []) as $tenantOption) {
|
|
|
|
|
if (!is_array($tenantOption)) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
$tenantId = (int) ($tenantOption['id'] ?? 0);
|
|
|
|
|
if ($tenantId <= 0) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
$tenantLabel = trim((string) ($tenantOption['description'] ?? ''));
|
|
|
|
|
$tenantExists = (bool) ($tenantOption['exists'] ?? false);
|
|
|
|
|
if ($tenantLabel === '') {
|
|
|
|
|
$tenantLabel = $tenantExists
|
|
|
|
|
? sprintf(t('Tenant #%d'), $tenantId)
|
|
|
|
|
: sprintf(t('Tenant #%d (deleted)'), $tenantId);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$id = (string) $tenantId;
|
|
|
|
|
$apiAuditTenantItems[$id] = [
|
|
|
|
|
'id' => $id,
|
|
|
|
|
'description' => $tenantLabel,
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
foreach ($activeTenantIds as $tenantId) {
|
|
|
|
|
if (!isset($apiAuditTenantItems[$tenantId])) {
|
|
|
|
|
$apiAuditTenantItems[$tenantId] = [
|
|
|
|
|
'id' => $tenantId,
|
|
|
|
|
'description' => sprintf(t('Tenant #%d (deleted)'), (int) $tenantId),
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$apiAuditTenantItems = array_values($apiAuditTenantItems);
|
|
|
|
|
|
|
|
|
|
$apiAuditUserItems = [];
|
|
|
|
|
foreach ((array) ($filterOptions['users'] ?? []) as $userOption) {
|
|
|
|
|
if (!is_array($userOption)) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
$userId = (int) ($userOption['id'] ?? 0);
|
|
|
|
|
if ($userId <= 0) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
$userDisplayName = trim((string) ($userOption['display_name'] ?? ''));
|
|
|
|
|
$userEmail = trim((string) ($userOption['email'] ?? ''));
|
|
|
|
|
$userExists = (bool) ($userOption['exists'] ?? false);
|
|
|
|
|
$userLabel = $userDisplayName !== '' ? $userDisplayName : $userEmail;
|
|
|
|
|
if ($userLabel === '') {
|
|
|
|
|
$userLabel = $userExists
|
|
|
|
|
? sprintf(t('User #%d'), $userId)
|
|
|
|
|
: sprintf(t('User #%d (deleted)'), $userId);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$id = (string) $userId;
|
|
|
|
|
$apiAuditUserItems[$id] = [
|
|
|
|
|
'id' => $id,
|
|
|
|
|
'description' => $userLabel,
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
foreach ($activeUserIds as $userId) {
|
|
|
|
|
if (!isset($apiAuditUserItems[$userId])) {
|
|
|
|
|
$apiAuditUserItems[$userId] = [
|
|
|
|
|
'id' => $userId,
|
|
|
|
|
'description' => sprintf(t('User #%d (deleted)'), (int) $userId),
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$apiAuditUserItems = array_values($apiAuditUserItems);
|
|
|
|
|
|
|
|
|
|
$toolbarFilterState = [
|
|
|
|
|
'search' => (string) ($filterState['search'] ?? ''),
|
|
|
|
|
'status' => (string) ($filterState['status'] ?? ''),
|
|
|
|
|
'method' => (string) ($filterState['method'] ?? ''),
|
|
|
|
|
'created_from' => (string) ($filterState['created_from'] ?? ''),
|
|
|
|
|
'created_to' => (string) ($filterState['created_to'] ?? ''),
|
|
|
|
|
'tenant_ids' => $activeTenantIds,
|
|
|
|
|
'user_ids' => $activeUserIds,
|
|
|
|
|
];
|
|
|
|
|
$toolbarOptionSets = [
|
|
|
|
|
'tenant_items' => $apiAuditTenantItems,
|
|
|
|
|
'user_items' => $apiAuditUserItems,
|
|
|
|
|
];
|
|
|
|
|
$listFilterContext = gridBuildListFilterContext($filterSchema, [
|
|
|
|
|
'filter_state' => $filterState,
|
|
|
|
|
'search_keys' => ['search'],
|
|
|
|
|
'toolbar_state_overrides' => $toolbarFilterState,
|
|
|
|
|
'toolbar_option_sets' => $toolbarOptionSets,
|
|
|
|
|
]);
|
|
|
|
|
$toolbarFilterSchema = $listFilterContext['toolbarFilterSchema'];
|
|
|
|
|
$toolbarFilterState = $listFilterContext['toolbarFilterState'];
|
|
|
|
|
$searchToolbarFilterSchema = $listFilterContext['searchToolbarFilterSchema'];
|
|
|
|
|
$drawerToolbarFilterSchema = $listFilterContext['drawerToolbarFilterSchema'];
|
|
|
|
|
$schemaByKey = $listFilterContext['schemaByKey'];
|
|
|
|
|
$toolbarOptionSets = $listFilterContext['toolbarOptionSets'];
|
|
|
|
|
$filterChipMeta = [
|
|
|
|
|
'search' => [
|
|
|
|
|
'label' => t('Search'),
|
|
|
|
|
'type' => 'text',
|
|
|
|
|
],
|
|
|
|
|
'status' => [
|
|
|
|
|
'label' => t('Status'),
|
|
|
|
|
'type' => 'select',
|
|
|
|
|
'default' => (string) (($schemaByKey['status']['default'] ?? '')),
|
|
|
|
|
'options' => gridOptionMapFromAllowed((array) ($schemaByKey['status'] ?? [])),
|
|
|
|
|
],
|
|
|
|
|
'method' => [
|
|
|
|
|
'label' => t('Method'),
|
|
|
|
|
'type' => 'select',
|
|
|
|
|
'default' => (string) (($schemaByKey['method']['default'] ?? '')),
|
|
|
|
|
'options' => gridOptionMapFromAllowed((array) ($schemaByKey['method'] ?? [])),
|
|
|
|
|
],
|
|
|
|
|
'tenant_ids' => [
|
|
|
|
|
'label' => t('Tenants'),
|
|
|
|
|
'type' => 'multi_csv',
|
|
|
|
|
'options' => gridOptionMapFromItems($apiAuditTenantItems),
|
|
|
|
|
],
|
|
|
|
|
'user_ids' => [
|
|
|
|
|
'label' => t('Users'),
|
|
|
|
|
'type' => 'multi_csv',
|
|
|
|
|
'options' => gridOptionMapFromItems($apiAuditUserItems),
|
|
|
|
|
],
|
|
|
|
|
'created_range' => [
|
|
|
|
|
'label' => t('Created'),
|
|
|
|
|
'type' => 'date_range',
|
|
|
|
|
'from_param' => 'created_from',
|
|
|
|
|
'to_param' => 'created_to',
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
$clientFilterSchema = $listFilterContext['clientFilterSchema'];
|
|
|
|
|
$searchConfig = $listFilterContext['searchConfig'];
|