2026-02-04 23:31:53 +01:00
|
|
|
<?php
|
|
|
|
|
|
2026-03-04 15:56:58 +01:00
|
|
|
use MintyPHP\Service\Docs\DocsCatalogService;
|
2026-02-04 23:31:53 +01:00
|
|
|
|
2026-03-04 15:56:58 +01:00
|
|
|
$layoutAuth = is_array($viewAuth['layout'] ?? null) ? $viewAuth['layout'] : [];
|
2026-03-26 08:22:04 +01:00
|
|
|
$moduleNavItemSlots = is_array(($layoutNav ?? [])['moduleSlots']['sidebar.admin_nav_item'] ?? null)
|
|
|
|
|
? $layoutNav['moduleSlots']['sidebar.admin_nav_item']
|
|
|
|
|
: [];
|
2026-03-26 15:06:15 +01:00
|
|
|
$moduleExplorerNavSlots = is_array(($layoutNav ?? [])['moduleSlots']['explorer.nav_item'] ?? null)
|
|
|
|
|
? $layoutNav['moduleSlots']['explorer.nav_item']
|
|
|
|
|
: [];
|
2026-03-04 15:56:58 +01:00
|
|
|
$canViewTenants = (bool) ($layoutAuth['can_view_tenants'] ?? false);
|
|
|
|
|
$canViewDepartments = (bool) ($layoutAuth['can_view_departments'] ?? false);
|
|
|
|
|
$canViewUsers = (bool) ($layoutAuth['can_view_users'] ?? false);
|
|
|
|
|
$canViewRoles = (bool) ($layoutAuth['can_view_roles'] ?? false);
|
|
|
|
|
$canViewPermissions = (bool) ($layoutAuth['can_view_permissions'] ?? false);
|
|
|
|
|
$canViewSettings = (bool) ($layoutAuth['can_view_settings'] ?? false);
|
|
|
|
|
$canViewImports = (bool) ($layoutAuth['can_view_imports'] ?? false);
|
|
|
|
|
$canViewJobs = (bool) ($layoutAuth['can_view_jobs'] ?? false);
|
|
|
|
|
$canViewDocs = (bool) ($layoutAuth['can_view_docs'] ?? false);
|
|
|
|
|
$canViewMailLog = (bool) ($layoutAuth['can_view_mail_log'] ?? false);
|
|
|
|
|
$canViewStats = (bool) ($layoutAuth['can_view_stats'] ?? false);
|
|
|
|
|
$docsDefaultSlug = DocsCatalogService::defaultSlug();
|
|
|
|
|
$docsDefaultPath = 'admin/docs/' . $docsDefaultSlug;
|
2026-02-04 23:31:53 +01:00
|
|
|
$hasOrganization = $canViewTenants || $canViewDepartments || $canViewUsers;
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
$hasUsersSection = $canViewRoles || $canViewPermissions;
|
2026-03-26 14:02:42 +01:00
|
|
|
$hasAutomationSection = $canViewImports || $canViewJobs;
|
refactor(audit): extract audit domain into self-contained module
Move the entire audit subsystem (system audit, API audit, import audit,
user lifecycle audit, frontend telemetry) from core into modules/audit/.
Core decoupling via interface-based injection:
- AuditRecorderInterface replaces SystemAuditService in 10+ core services
- UserLifecycleAuditInterface / ImportAuditInterface for specialized flows
- NullAuditRecorder fallback when audit module is disabled
- ApiBootstrap/ApiResponse use null-safe callable resolvers
Module structure (modules/audit/):
- Manifest with routes, permissions, scheduler jobs, authorization policy
- 9 services, 8 repositories, 6 domain enums, 4 job handlers
- 33 page files, 4 JS files, 8 test files, migration scripts, i18n
Core cleanup:
- OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService
surgically cleaned of audit-specific constants
- Sidebar template cleared of hardcoded audit navigation
- AuditModuleIsolationContractTest ensures no future core→module coupling
All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5
clean, architecture contracts verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 21:12:49 +01:00
|
|
|
$hasLogsSection = $canViewMailLog;
|
2026-04-06 22:21:39 +02:00
|
|
|
$hasSystemSection = $canViewSettings || $canViewStats;
|
2026-03-05 08:26:51 +01:00
|
|
|
$hasAdminPanel = layoutHasAdminPanel($layoutAuth);
|
2026-02-04 23:31:53 +01:00
|
|
|
|
2026-03-04 15:56:58 +01:00
|
|
|
// Declarative nav config for admin panel groups
|
|
|
|
|
$adminNavGroups = [
|
2026-02-04 23:31:53 +01:00
|
|
|
[
|
2026-03-04 15:56:58 +01:00
|
|
|
'key' => 'admin-organization',
|
|
|
|
|
'label' => t('Organization'),
|
2026-03-13 09:49:11 +01:00
|
|
|
'icon' => 'bi-building',
|
2026-02-04 23:31:53 +01:00
|
|
|
'visible' => $hasOrganization,
|
|
|
|
|
'items' => [
|
|
|
|
|
[
|
|
|
|
|
'label' => t('Tenants'),
|
|
|
|
|
'path' => 'admin/tenants',
|
|
|
|
|
'active' => navActive('admin/tenants', true),
|
|
|
|
|
'visible' => $canViewTenants,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
'label' => t('Departments'),
|
|
|
|
|
'path' => 'admin/departments',
|
|
|
|
|
'active' => navActive('admin/departments', true),
|
|
|
|
|
'visible' => $canViewDepartments,
|
|
|
|
|
'withTenant' => true,
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
'label' => t('Users'),
|
|
|
|
|
'path' => 'admin/users',
|
|
|
|
|
'active' => navActive('admin/users', true),
|
|
|
|
|
'visible' => $canViewUsers,
|
|
|
|
|
'withTenant' => true,
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
[
|
2026-03-04 15:56:58 +01:00
|
|
|
'key' => 'admin-roles-permissions',
|
2026-02-04 23:31:53 +01:00
|
|
|
'label' => t('Roles & permissions'),
|
2026-03-13 09:49:11 +01:00
|
|
|
'icon' => 'bi-shield-lock',
|
2026-02-04 23:31:53 +01:00
|
|
|
'visible' => $hasUsersSection,
|
|
|
|
|
'items' => [
|
|
|
|
|
[
|
|
|
|
|
'label' => t('Roles'),
|
|
|
|
|
'path' => 'admin/roles',
|
|
|
|
|
'active' => navActive('admin/roles', true),
|
|
|
|
|
'visible' => $canViewRoles,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
'label' => t('Permissions'),
|
|
|
|
|
'path' => 'admin/permissions',
|
|
|
|
|
'active' => navActive('admin/permissions', true),
|
|
|
|
|
'visible' => $canViewPermissions,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
[
|
2026-03-04 15:56:58 +01:00
|
|
|
'key' => 'admin-automation',
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
'label' => t('Automation & integrations'),
|
2026-03-13 09:49:11 +01:00
|
|
|
'icon' => 'bi-plug',
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
'visible' => $hasAutomationSection,
|
|
|
|
|
'items' => [
|
|
|
|
|
[
|
|
|
|
|
'label' => t('Imports'),
|
|
|
|
|
'path' => 'admin/imports',
|
|
|
|
|
'active' => navActive('admin/imports', true),
|
|
|
|
|
'visible' => $canViewImports,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
],
|
|
|
|
|
[
|
|
|
|
|
'label' => t('Scheduled jobs'),
|
|
|
|
|
'path' => 'admin/scheduled-jobs',
|
|
|
|
|
'active' => navActive('admin/scheduled-jobs', true),
|
|
|
|
|
'visible' => $canViewJobs,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
[
|
2026-03-04 15:56:58 +01:00
|
|
|
'key' => 'admin-logs',
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
'label' => t('Logs'),
|
2026-03-13 09:49:11 +01:00
|
|
|
'icon' => 'bi-journal-text',
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
'visible' => $hasLogsSection,
|
|
|
|
|
'items' => [
|
2026-02-04 23:31:53 +01:00
|
|
|
[
|
2026-03-26 14:02:42 +01:00
|
|
|
'label' => t('nav.logs.mail'),
|
2026-02-04 23:31:53 +01:00
|
|
|
'path' => 'admin/mail-log',
|
|
|
|
|
'active' => navActive('admin/mail-log', true),
|
|
|
|
|
'visible' => $canViewMailLog,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
],
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
[
|
2026-03-04 15:56:58 +01:00
|
|
|
'key' => 'admin-system',
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
'label' => t('System'),
|
2026-03-13 09:49:11 +01:00
|
|
|
'icon' => 'bi-sliders',
|
add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
|
|
|
'visible' => $hasSystemSection,
|
|
|
|
|
'items' => [
|
2026-02-04 23:31:53 +01:00
|
|
|
[
|
|
|
|
|
'label' => t('Settings'),
|
|
|
|
|
'path' => 'admin/settings',
|
|
|
|
|
'active' => navActive('admin/settings', true),
|
|
|
|
|
'visible' => $canViewSettings,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
],
|
2026-04-06 22:21:39 +02:00
|
|
|
[
|
|
|
|
|
'label' => t('Statistics'),
|
|
|
|
|
'path' => 'admin/stats',
|
|
|
|
|
'active' => navActive('admin/stats', true),
|
|
|
|
|
'visible' => $canViewStats,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
],
|
2026-02-04 23:31:53 +01:00
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
|
2026-03-26 08:22:04 +01:00
|
|
|
// ── Append module-contributed admin nav groups (sidebar.admin_nav_item slot) ──
|
|
|
|
|
// Module items are grouped by their 'group' key. Each unique group becomes a
|
|
|
|
|
// <details><summary> section appended after the core admin nav groups.
|
2026-03-26 08:16:58 +01:00
|
|
|
if ($moduleNavItemSlots) {
|
2026-03-26 08:22:04 +01:00
|
|
|
$moduleGroupsByKey = [];
|
2026-03-26 08:16:58 +01:00
|
|
|
usort($moduleNavItemSlots, static fn ($a, $b) => ($a['order'] ?? 100) <=> ($b['order'] ?? 100));
|
|
|
|
|
foreach ($moduleNavItemSlots as $slot) {
|
|
|
|
|
if (!is_array($slot)) { continue; }
|
2026-03-26 08:22:04 +01:00
|
|
|
$groupKey = trim((string) ($slot['group'] ?? ''));
|
2026-03-26 08:16:58 +01:00
|
|
|
$slotPath = trim((string) ($slot['path'] ?? ''));
|
|
|
|
|
$slotLabel = trim((string) ($slot['label'] ?? ''));
|
|
|
|
|
$slotPermission = trim((string) ($slot['permission'] ?? ''));
|
2026-03-26 08:22:04 +01:00
|
|
|
if ($groupKey === '' || $slotPath === '' || $slotLabel === '') { continue; }
|
2026-03-26 08:16:58 +01:00
|
|
|
$slotVisible = $slotPermission === '' || !empty($layoutAuth[$slotPermission]);
|
2026-03-26 08:22:04 +01:00
|
|
|
if (!isset($moduleGroupsByKey[$groupKey])) {
|
|
|
|
|
$moduleGroupsByKey[$groupKey] = [];
|
|
|
|
|
}
|
|
|
|
|
$moduleGroupsByKey[$groupKey][] = [
|
2026-03-26 08:16:58 +01:00
|
|
|
'label' => t($slotLabel),
|
|
|
|
|
'path' => $slotPath,
|
|
|
|
|
'active' => navActive($slotPath, true),
|
|
|
|
|
'visible' => $slotVisible,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
];
|
2026-03-26 08:22:04 +01:00
|
|
|
}
|
|
|
|
|
// Known group metadata — modules declare their group key, we map to label + icon.
|
|
|
|
|
$moduleGroupMeta = [
|
2026-03-26 14:02:42 +01:00
|
|
|
'admin-automation' => ['label' => t('Automation & integrations'), 'icon' => 'bi-gear-wide-connected'],
|
2026-03-26 08:22:04 +01:00
|
|
|
'admin-logs' => ['label' => t('Audit & logs'), 'icon' => 'bi-journal-text'],
|
|
|
|
|
];
|
|
|
|
|
foreach ($moduleGroupsByKey as $groupKey => $items) {
|
|
|
|
|
$hasVisible = false;
|
|
|
|
|
foreach ($items as $item) {
|
|
|
|
|
if (!empty($item['visible'])) { $hasVisible = true; break; }
|
2026-03-26 08:16:58 +01:00
|
|
|
}
|
2026-03-26 08:22:04 +01:00
|
|
|
// Also add mail log to the logs group if it exists as a core item
|
|
|
|
|
if ($groupKey === 'admin-logs' && $canViewMailLog) {
|
|
|
|
|
array_unshift($items, [
|
2026-03-26 14:02:42 +01:00
|
|
|
'label' => t('nav.logs.mail'),
|
2026-03-26 08:22:04 +01:00
|
|
|
'path' => 'admin/mail-log',
|
|
|
|
|
'active' => navActive('admin/mail-log', true),
|
|
|
|
|
'visible' => $canViewMailLog,
|
|
|
|
|
'withTenant' => false,
|
|
|
|
|
]);
|
|
|
|
|
$hasVisible = true;
|
|
|
|
|
}
|
|
|
|
|
$meta = $moduleGroupMeta[$groupKey] ?? ['label' => $groupKey, 'icon' => 'bi-list'];
|
|
|
|
|
$adminNavGroups[] = [
|
|
|
|
|
'key' => $groupKey,
|
|
|
|
|
'label' => $meta['label'],
|
|
|
|
|
'icon' => $meta['icon'],
|
|
|
|
|
'visible' => $hasVisible,
|
|
|
|
|
'items' => $items,
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
// If modules contributed to admin-logs, remove the core-only logs group (which only had mail log)
|
|
|
|
|
if (isset($moduleGroupsByKey['admin-logs'])) {
|
|
|
|
|
$adminNavGroups = array_values(array_filter($adminNavGroups, static function ($g) {
|
|
|
|
|
// Remove the original core logs group (it's been merged into the module-contributed one)
|
|
|
|
|
return !(($g['key'] ?? '') === 'admin-logs' && count($g['items'] ?? []) === 1 && ($g['items'][0]['path'] ?? '') === 'admin/mail-log');
|
|
|
|
|
}));
|
2026-03-26 08:16:58 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-04 15:56:58 +01:00
|
|
|
// Render helper for grouped admin aside navigation
|
|
|
|
|
$renderAdminNavGroup = static function (array $group, string $tenantQueryParam): void {
|
|
|
|
|
if (empty($group['visible'])) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
$groupKey = trim((string) ($group['key'] ?? ''));
|
|
|
|
|
if ($groupKey === '') {
|
2026-02-04 23:31:53 +01:00
|
|
|
return;
|
|
|
|
|
}
|
2026-03-04 15:56:58 +01:00
|
|
|
$items = $group['items'] ?? [];
|
2026-02-04 23:31:53 +01:00
|
|
|
$items = array_values(array_filter($items, static fn ($item) => !empty($item['visible'])));
|
|
|
|
|
if (!$items) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2026-03-04 15:56:58 +01:00
|
|
|
$groupIsActive = false;
|
|
|
|
|
foreach ($items as $item) {
|
|
|
|
|
$activeState = $item['active'] ?? [];
|
|
|
|
|
if (!empty($activeState['isActive'])) {
|
|
|
|
|
$groupIsActive = true;
|
|
|
|
|
break;
|
2026-02-04 23:31:53 +01:00
|
|
|
}
|
2026-03-04 15:56:58 +01:00
|
|
|
}
|
|
|
|
|
?>
|
|
|
|
|
<li class="app-sidebar-group app-sidebar-admin-group">
|
|
|
|
|
<details data-details-key="<?php e($groupKey); ?>"<?php if ($groupIsActive): ?> open<?php endif; ?>>
|
|
|
|
|
<summary>
|
2026-03-13 09:49:11 +01:00
|
|
|
<?php if (!empty($group['icon'])): ?><i class="bi <?php e($group['icon']); ?>"></i> <?php endif; ?>
|
2026-03-04 15:56:58 +01:00
|
|
|
<span><?php e($group['label'] ?? ''); ?></span>
|
|
|
|
|
</summary>
|
|
|
|
|
<ul>
|
|
|
|
|
<?php foreach ($items as $item): ?>
|
|
|
|
|
<?php
|
|
|
|
|
$href = $item['path'] ?? '';
|
|
|
|
|
if ($href !== '' && !empty($item['withTenant'])) {
|
|
|
|
|
$href .= $tenantQueryParam;
|
|
|
|
|
}
|
|
|
|
|
$active = $item['active'] ?? ['class' => '', 'aria' => ''];
|
|
|
|
|
?>
|
|
|
|
|
<li>
|
2026-04-06 12:08:25 +02:00
|
|
|
<a href="<?php e($href); ?>" class="<?php e($active['class'] ?? ''); ?>" <?php echo $active['aria'] ?? ''; // raw-html-ok: pre-built ARIA attribute from navActive() ?>>
|
2026-03-04 15:56:58 +01:00
|
|
|
<?php e($item['label'] ?? ''); ?>
|
|
|
|
|
</a>
|
|
|
|
|
</li>
|
|
|
|
|
<?php endforeach; ?>
|
|
|
|
|
</ul>
|
|
|
|
|
</details>
|
|
|
|
|
</li>
|
2026-02-04 23:31:53 +01:00
|
|
|
<?php
|
|
|
|
|
};
|
|
|
|
|
|
2026-03-05 08:26:51 +01:00
|
|
|
// Read precomputed layout context from web/index.php (before Session::end()).
|
|
|
|
|
$layoutNav = is_array($layoutNav ?? null) ? $layoutNav : [];
|
|
|
|
|
$currentTenant = is_array($layoutNav['currentTenant'] ?? null) ? $layoutNav['currentTenant'] : null;
|
|
|
|
|
$availableTenants = is_array($layoutNav['availableTenants'] ?? null) ? $layoutNav['availableTenants'] : [];
|
|
|
|
|
$tenantQueryParam = trim((string) ($layoutNav['tenantQueryParam'] ?? ''));
|
|
|
|
|
$tenantAvatar = is_array($layoutNav['tenantAvatar'] ?? null) ? $layoutNav['tenantAvatar'] : [];
|
|
|
|
|
$tenantUuid = trim((string) ($tenantAvatar['uuid'] ?? ''));
|
|
|
|
|
$tenantName = trim((string) ($tenantAvatar['name'] ?? ''));
|
|
|
|
|
$hasTenantAvatar = !empty($tenantAvatar['hasAvatar']);
|
|
|
|
|
$csrfKey = trim((string) ($layoutNav['csrfKey'] ?? \MintyPHP\Session::$csrfSessionKey));
|
|
|
|
|
$csrfToken = (string) ($layoutNav['csrfToken'] ?? '');
|
feat: extend module platform with UI slots, runtime components, CLI tooling and {{userId}} search support
Completes the generic module platform that enables modules to contribute
UI elements, runtime JS components, and search resources without any
core hardcoding.
New generic UI slot types:
- topbar.right_item: module-contributed topbar buttons
- layout.body_end_template: module-contributed dialog/overlay templates
- layout.head_style: module-contributed global CSS
- runtime.component: declarative JS component registration with phase ordering
New infrastructure:
- ModuleAutoloader: PSR-4 autoloading for module-local PHP classes
- ModuleRuntimePageBuilder: symlinks module pages into runtime directory
- ModuleRuntimeAssetPublisher: publishes module CSS/JS to web/modules/
- ModulePermissionSynchronizer: syncs module permissions to DB
- CLI scripts: module-runtime-sync, module-build, module-migrate,
module-permissions-sync, module-assets-sync
- {{userId}} placeholder in SearchDataService for user-scoped search queries
- Component runtime with phased initialization (early/default/late)
- AppContainer.protectExistingBindings() to prevent module→core overwrites
- Architecture tests: ModuleStructureContractTest, CoreTemplateIsolationTest,
FrontendComponentRuntimeContractTest, AppContainerIsolationContractTest
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:19:56 +01:00
|
|
|
$moduleSlots = is_array($layoutNav['moduleSlots'] ?? null) ? $layoutNav['moduleSlots'] : [];
|
|
|
|
|
$modulePanelSlots = is_array($moduleSlots['aside.tab_panel'] ?? null) ? $moduleSlots['aside.tab_panel'] : [];
|
2026-02-04 23:31:53 +01:00
|
|
|
?>
|
feat: introduce module system and extract address book as first module (MODULAR-MONOLITH-V1-001)
Add a module kernel (ModuleManifest, ModuleRegistry) that allows modules to
contribute routes, UI slots, search providers, layout context, session
lifecycle, and permissions. Modules are activated via config/modules.php or
APP_ENABLED_MODULES env variable. Conflicts (duplicate routes, permissions,
slot keys) cause a fail-fast with a clear error message.
Extract the address book from hardcoded Core integration points into the
first module (modules/addressbook/). The module provides:
- Aside icon-bar tab + People panel via UI slot system
- Global search resource via AddressBookSearchProvider
- Layout context data via AddressBookLayoutProvider
- Session lifecycle via AddressBookSessionProvider
Core cleanup removes address-book hardcodings from SearchSqlResourceProvider,
SearchUiMetaProvider, SearchItemMapperProvider, appBuildLayoutNavContext(),
and the aside templates. Permissions (ADDRESS_BOOK_VIEW) and business logic
(AddressBookService) remain in Core as they gate general user visibility.
Includes 38 new tests (894 total), PHPStan level 5 clean, and architecture
tests verifying zero hardcoded address-book references in search/templates.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 15:43:25 +01:00
|
|
|
<aside class="app-sidebar" id="app-sidebar" data-app-component="sidebar-toggle">
|
2026-02-04 23:31:53 +01:00
|
|
|
<div id="app-sidebar-panels" class="app-sidebar-panels">
|
|
|
|
|
<nav id="aside-panel-explorer" class="app-sidebar-panel" data-aside-panel="explorer"
|
|
|
|
|
data-aside-title="<?php e(t('Explorer')); ?>" role="tabpanel" aria-labelledby="aside-tab-explorer"
|
|
|
|
|
aria-label="<?php e(t('Primary navigation')); ?>">
|
|
|
|
|
<ul>
|
|
|
|
|
<li>
|
|
|
|
|
<?php $home = navActive(['', 'admin'], false); ?>
|
2026-04-06 12:08:25 +02:00
|
|
|
<a href="<?php e(lurl('')); ?>" class="<?php e($home['class']); ?>" <?php echo $home['aria']; // raw-html-ok: pre-built ARIA attribute from navActive() ?>>
|
2026-02-04 23:31:53 +01:00
|
|
|
<?php e(t('Home')); ?>
|
|
|
|
|
</a>
|
|
|
|
|
</li>
|
2026-03-26 15:06:15 +01:00
|
|
|
<?php foreach ($moduleExplorerNavSlots as $explorerSlot):
|
|
|
|
|
if (!is_array($explorerSlot)) { continue; }
|
|
|
|
|
$explorerKey = $explorerSlot['key'] ?? '';
|
|
|
|
|
$explorerLabel = $explorerSlot['label'] ?? '';
|
|
|
|
|
$explorerHref = $explorerSlot['href'] ?? '';
|
|
|
|
|
$explorerPermission = $explorerSlot['permission'] ?? '';
|
|
|
|
|
if ($explorerKey === '' || $explorerHref === '') { continue; }
|
|
|
|
|
if ($explorerPermission !== '' && empty($layoutAuth[$explorerPermission])) { continue; }
|
|
|
|
|
if (!str_starts_with($explorerHref, '/') && !str_starts_with($explorerHref, 'http')) {
|
|
|
|
|
$explorerHref = lurl($explorerHref);
|
|
|
|
|
}
|
|
|
|
|
$explorerActive = navActive($explorerSlot['href'], true);
|
|
|
|
|
?>
|
|
|
|
|
<li>
|
|
|
|
|
<a href="<?php e($explorerHref); ?>" class="<?php e($explorerActive['class'] ?? ''); ?>"
|
2026-04-06 12:08:25 +02:00
|
|
|
<?php echo $explorerActive['aria'] ?? ''; // raw-html-ok: pre-built ARIA attribute from navActive() ?>>
|
2026-03-26 15:06:15 +01:00
|
|
|
<?php e(t($explorerLabel)); ?>
|
|
|
|
|
</a>
|
|
|
|
|
</li>
|
|
|
|
|
<?php endforeach; ?>
|
2026-02-04 23:31:53 +01:00
|
|
|
</ul>
|
|
|
|
|
</nav>
|
|
|
|
|
<?php if ($hasAdminPanel): ?>
|
|
|
|
|
<nav id="aside-panel-admin" class="app-sidebar-panel" data-aside-panel="admin"
|
2026-03-04 15:56:58 +01:00
|
|
|
data-aside-title="<?php e(t('Admin')); ?>" data-aside-details-storage="aside-admin-sections-v1"
|
|
|
|
|
data-aside-details-open-active="1" role="tabpanel" aria-labelledby="aside-tab-admin" hidden>
|
2026-02-04 23:31:53 +01:00
|
|
|
<ul>
|
2026-03-04 15:56:58 +01:00
|
|
|
<?php foreach ($adminNavGroups as $group): ?>
|
|
|
|
|
<?php $renderAdminNavGroup($group, $tenantQueryParam); ?>
|
2026-02-04 23:31:53 +01:00
|
|
|
<?php endforeach; ?>
|
|
|
|
|
</ul>
|
|
|
|
|
</nav>
|
|
|
|
|
<?php endif; ?>
|
|
|
|
|
|
feat: introduce module system and extract address book as first module (MODULAR-MONOLITH-V1-001)
Add a module kernel (ModuleManifest, ModuleRegistry) that allows modules to
contribute routes, UI slots, search providers, layout context, session
lifecycle, and permissions. Modules are activated via config/modules.php or
APP_ENABLED_MODULES env variable. Conflicts (duplicate routes, permissions,
slot keys) cause a fail-fast with a clear error message.
Extract the address book from hardcoded Core integration points into the
first module (modules/addressbook/). The module provides:
- Aside icon-bar tab + People panel via UI slot system
- Global search resource via AddressBookSearchProvider
- Layout context data via AddressBookLayoutProvider
- Session lifecycle via AddressBookSessionProvider
Core cleanup removes address-book hardcodings from SearchSqlResourceProvider,
SearchUiMetaProvider, SearchItemMapperProvider, appBuildLayoutNavContext(),
and the aside templates. Permissions (ADDRESS_BOOK_VIEW) and business logic
(AddressBookService) remain in Core as they gate general user visibility.
Includes 38 new tests (894 total), PHPStan level 5 clean, and architecture
tests verifying zero hardcoded address-book references in search/templates.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 15:43:25 +01:00
|
|
|
<?php
|
|
|
|
|
// ── Module-contributed aside panels (aside.tab_panel slot) ──
|
|
|
|
|
foreach ($modulePanelSlots as $panelSlot):
|
|
|
|
|
if (!is_array($panelSlot)) { continue; }
|
|
|
|
|
$panelKey = $panelSlot['key'] ?? '';
|
|
|
|
|
$panelLabel = $panelSlot['label'] ?? '';
|
|
|
|
|
$panelTemplate = $panelSlot['panel_template'] ?? '';
|
|
|
|
|
$panelPermission = $panelSlot['permission'] ?? '';
|
|
|
|
|
if ($panelPermission !== '' && empty($layoutAuth[$panelPermission])) { continue; }
|
|
|
|
|
if ($panelKey === '' || $panelTemplate === '') { continue; }
|
|
|
|
|
?>
|
|
|
|
|
<?php
|
|
|
|
|
$panelDetailsStorage = $panelSlot['details_storage'] ?? '';
|
|
|
|
|
$panelDetailsOpenActive = !empty($panelSlot['details_open_active']);
|
|
|
|
|
?>
|
|
|
|
|
<nav id="aside-panel-<?php e($panelKey); ?>" class="app-sidebar-panel"
|
|
|
|
|
data-aside-panel="<?php e($panelKey); ?>"
|
|
|
|
|
<?php if ($panelDetailsStorage !== ''): ?>data-aside-details-storage="<?php e($panelDetailsStorage); ?>"<?php endif; ?>
|
|
|
|
|
<?php if ($panelDetailsOpenActive): ?>data-aside-details-open-active="1"<?php endif; ?>
|
|
|
|
|
data-aside-title="<?php e(t($panelLabel)); ?>"
|
|
|
|
|
role="tabpanel" aria-labelledby="aside-tab-<?php e($panelKey); ?>" hidden>
|
|
|
|
|
<?php
|
|
|
|
|
// Include the module-provided panel template
|
|
|
|
|
$panelTemplatePath = $panelTemplate;
|
|
|
|
|
if (is_file($panelTemplatePath)) {
|
|
|
|
|
include $panelTemplatePath;
|
|
|
|
|
}
|
|
|
|
|
?>
|
2026-02-04 23:31:53 +01:00
|
|
|
</nav>
|
feat: introduce module system and extract address book as first module (MODULAR-MONOLITH-V1-001)
Add a module kernel (ModuleManifest, ModuleRegistry) that allows modules to
contribute routes, UI slots, search providers, layout context, session
lifecycle, and permissions. Modules are activated via config/modules.php or
APP_ENABLED_MODULES env variable. Conflicts (duplicate routes, permissions,
slot keys) cause a fail-fast with a clear error message.
Extract the address book from hardcoded Core integration points into the
first module (modules/addressbook/). The module provides:
- Aside icon-bar tab + People panel via UI slot system
- Global search resource via AddressBookSearchProvider
- Layout context data via AddressBookLayoutProvider
- Session lifecycle via AddressBookSessionProvider
Core cleanup removes address-book hardcodings from SearchSqlResourceProvider,
SearchUiMetaProvider, SearchItemMapperProvider, appBuildLayoutNavContext(),
and the aside templates. Permissions (ADDRESS_BOOK_VIEW) and business logic
(AddressBookService) remain in Core as they gate general user visibility.
Includes 38 new tests (894 total), PHPStan level 5 clean, and architecture
tests verifying zero hardcoded address-book references in search/templates.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 15:43:25 +01:00
|
|
|
<?php endforeach; ?>
|
2026-02-04 23:31:53 +01:00
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
</aside>
|