2026-03-19 18:25:19 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace MintyPHP\Tests\Architecture;
|
|
|
|
|
|
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
|
|
|
|
|
|
class AuthzUiTemplateContractTest extends TestCase
|
|
|
|
|
{
|
|
|
|
|
use ProjectFileAssertionSupport;
|
|
|
|
|
|
|
|
|
|
public function testAdminTenantTemplatesUseServerCapabilities(): void
|
|
|
|
|
{
|
|
|
|
|
$indexTemplate = $this->readProjectFile('pages/admin/tenants/index(default).phtml');
|
|
|
|
|
$this->assertStringNotContainsString("can('tenants.create')", $indexTemplate);
|
|
|
|
|
$this->assertStringContainsString('$canCreateTenants', $indexTemplate);
|
|
|
|
|
|
|
|
|
|
$createTemplate = $this->readProjectFile('pages/admin/tenants/create(default).phtml');
|
|
|
|
|
$this->assertStringNotContainsString("can('custom_fields.manage')", $createTemplate);
|
|
|
|
|
$this->assertStringNotContainsString("can('tenants.sso_manage')", $createTemplate);
|
|
|
|
|
$this->assertStringContainsString('$canManageCustomFields', $createTemplate);
|
|
|
|
|
$this->assertStringContainsString('$canManageSso', $createTemplate);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAdminDepartmentsListTemplateUsesServerCapabilities(): void
|
|
|
|
|
{
|
|
|
|
|
$content = $this->readProjectFile('pages/admin/departments/index(default).phtml');
|
|
|
|
|
$this->assertStringNotContainsString("can('departments.create')", $content);
|
|
|
|
|
$this->assertStringContainsString('$canCreateDepartments', $content);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAdminRoleTemplatesUseServerCapabilities(): void
|
|
|
|
|
{
|
|
|
|
|
$indexTemplate = $this->readProjectFile('pages/admin/roles/index(default).phtml');
|
|
|
|
|
$this->assertStringNotContainsString("can('roles.create')", $indexTemplate);
|
|
|
|
|
$this->assertStringContainsString('$canCreateRoles', $indexTemplate);
|
|
|
|
|
|
|
|
|
|
$editTemplate = $this->readProjectFile('pages/admin/roles/edit(default).phtml');
|
|
|
|
|
$this->assertStringNotContainsString("can('roles.update')", $editTemplate);
|
|
|
|
|
$this->assertStringNotContainsString("can('roles.delete')", $editTemplate);
|
|
|
|
|
$this->assertStringContainsString('$canUpdateRole', $editTemplate);
|
|
|
|
|
$this->assertStringContainsString('$canDeleteRole', $editTemplate);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAdminPermissionTemplatesUseServerCapabilities(): void
|
|
|
|
|
{
|
|
|
|
|
$indexTemplate = $this->readProjectFile('pages/admin/permissions/index(default).phtml');
|
|
|
|
|
$this->assertStringNotContainsString("can('permissions.create')", $indexTemplate);
|
|
|
|
|
$this->assertStringContainsString('$canCreatePermissions', $indexTemplate);
|
|
|
|
|
|
|
|
|
|
$editTemplate = $this->readProjectFile('pages/admin/permissions/edit(default).phtml');
|
|
|
|
|
$this->assertStringNotContainsString("can('permissions.update')", $editTemplate);
|
|
|
|
|
$this->assertStringNotContainsString("can('permissions.delete')", $editTemplate);
|
|
|
|
|
$this->assertStringContainsString('$canUpdatePermission', $editTemplate);
|
|
|
|
|
$this->assertStringContainsString('$canDeletePermission', $editTemplate);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAdminSettingsTemplateUsesServerCapabilities(): void
|
|
|
|
|
{
|
|
|
|
|
$templateContent = $this->readProjectFile('pages/admin/settings/index(default).phtml');
|
|
|
|
|
$this->assertStringNotContainsString("can('settings.update')", $templateContent);
|
|
|
|
|
$this->assertStringContainsString('$canUpdateSettings', $templateContent);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testAdminUserEditTemplateUsesServerCapabilities(): void
|
|
|
|
|
{
|
|
|
|
|
$content = $this->readProjectFile('pages/admin/users/edit(default).phtml');
|
|
|
|
|
$this->assertStringNotContainsString("can('users.", $content);
|
|
|
|
|
$this->assertStringNotContainsString("can('permissions.view')", $content);
|
|
|
|
|
$this->assertStringContainsString('$canViewSecurityArtifacts', $content);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testHardCutTemplatesDoNotUseLegacyCanHelper(): void
|
|
|
|
|
{
|
|
|
|
|
$templates = [
|
|
|
|
|
'templates/partials/app-main-aside.phtml',
|
|
|
|
|
'templates/partials/app-main-aside-icon-bar.phtml',
|
refactor(audit): extract audit domain into self-contained module
Move the entire audit subsystem (system audit, API audit, import audit,
user lifecycle audit, frontend telemetry) from core into modules/audit/.
Core decoupling via interface-based injection:
- AuditRecorderInterface replaces SystemAuditService in 10+ core services
- UserLifecycleAuditInterface / ImportAuditInterface for specialized flows
- NullAuditRecorder fallback when audit module is disabled
- ApiBootstrap/ApiResponse use null-safe callable resolvers
Module structure (modules/audit/):
- Manifest with routes, permissions, scheduler jobs, authorization policy
- 9 services, 8 repositories, 6 domain enums, 4 job handlers
- 33 page files, 4 JS files, 8 test files, migration scripts, i18n
Core cleanup:
- OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService
surgically cleaned of audit-specific constants
- Sidebar template cleared of hardcoded audit navigation
- AuditModuleIsolationContractTest ensures no future core→module coupling
All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5
clean, architecture contracts verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 21:12:49 +01:00
|
|
|
'modules/audit/pages/admin/api-audit/index(default).phtml',
|
|
|
|
|
'modules/audit/pages/admin/system-audit/index(default).phtml',
|
|
|
|
|
'modules/audit/pages/admin/import-audit/index(default).phtml',
|
2026-03-19 18:25:19 +01:00
|
|
|
'pages/admin/scheduled-jobs/index(default).phtml',
|
|
|
|
|
'pages/admin/stats/index(default).phtml',
|
refactor(audit): extract audit domain into self-contained module
Move the entire audit subsystem (system audit, API audit, import audit,
user lifecycle audit, frontend telemetry) from core into modules/audit/.
Core decoupling via interface-based injection:
- AuditRecorderInterface replaces SystemAuditService in 10+ core services
- UserLifecycleAuditInterface / ImportAuditInterface for specialized flows
- NullAuditRecorder fallback when audit module is disabled
- ApiBootstrap/ApiResponse use null-safe callable resolvers
Module structure (modules/audit/):
- Manifest with routes, permissions, scheduler jobs, authorization policy
- 9 services, 8 repositories, 6 domain enums, 4 job handlers
- 33 page files, 4 JS files, 8 test files, migration scripts, i18n
Core cleanup:
- OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService
surgically cleaned of audit-specific constants
- Sidebar template cleared of hardcoded audit navigation
- AuditModuleIsolationContractTest ensures no future core→module coupling
All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5
clean, architecture contracts verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 21:12:49 +01:00
|
|
|
'modules/audit/pages/admin/user-lifecycle-audit/index(default).phtml',
|
|
|
|
|
'modules/audit/pages/admin/user-lifecycle-audit/view(default).phtml',
|
2026-03-19 18:25:19 +01:00
|
|
|
'pages/admin/users/index(default).phtml',
|
|
|
|
|
'pages/admin/users/create(default).phtml',
|
|
|
|
|
'pages/admin/tenants/edit(default).phtml',
|
|
|
|
|
'pages/admin/departments/edit(default).phtml',
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
foreach ($templates as $template) {
|
|
|
|
|
$content = $this->readProjectFile($template);
|
|
|
|
|
$this->assertStringNotContainsString("can('", $content, $template);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testStatsTemplateDefinesAuditTabAndPanel(): void
|
|
|
|
|
{
|
|
|
|
|
$content = $this->readProjectFile('pages/admin/stats/index(default).phtml');
|
|
|
|
|
$this->assertStringContainsString('data-tab="audit"', $content);
|
|
|
|
|
$this->assertStringContainsString('data-tab-panel="audit"', $content);
|
|
|
|
|
}
|
|
|
|
|
}
|