feat: extend module platform with UI slots, runtime components, CLI tooling and {{userId}} search support
Completes the generic module platform that enables modules to contribute
UI elements, runtime JS components, and search resources without any
core hardcoding.
New generic UI slot types:
- topbar.right_item: module-contributed topbar buttons
- layout.body_end_template: module-contributed dialog/overlay templates
- layout.head_style: module-contributed global CSS
- runtime.component: declarative JS component registration with phase ordering
New infrastructure:
- ModuleAutoloader: PSR-4 autoloading for module-local PHP classes
- ModuleRuntimePageBuilder: symlinks module pages into runtime directory
- ModuleRuntimeAssetPublisher: publishes module CSS/JS to web/modules/
- ModulePermissionSynchronizer: syncs module permissions to DB
- CLI scripts: module-runtime-sync, module-build, module-migrate,
module-permissions-sync, module-assets-sync
- {{userId}} placeholder in SearchDataService for user-scoped search queries
- Component runtime with phased initialization (early/default/late)
- AppContainer.protectExistingBindings() to prevent module→core overwrites
- Architecture tests: ModuleStructureContractTest, CoreTemplateIsolationTest,
FrontendComponentRuntimeContractTest, AppContainerIsolationContractTest
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:19:56 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace MintyPHP\Tests\App\Module;
|
|
|
|
|
|
|
|
|
|
use MintyPHP\App\Module\ModulePermissionSynchronizer;
|
|
|
|
|
use MintyPHP\App\Module\ModuleRegistry;
|
|
|
|
|
use MintyPHP\Repository\Access\PermissionRepositoryInterface;
|
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
|
|
|
|
|
|
final class ModulePermissionSynchronizerTest extends TestCase
|
|
|
|
|
{
|
|
|
|
|
private string $fixturesDir = '';
|
|
|
|
|
|
|
|
|
|
protected function setUp(): void
|
|
|
|
|
{
|
|
|
|
|
$this->fixturesDir = sys_get_temp_dir() . '/module-permission-sync-' . uniqid();
|
|
|
|
|
mkdir($this->fixturesDir, 0777, true);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function tearDown(): void
|
|
|
|
|
{
|
|
|
|
|
$this->removeDir($this->fixturesDir);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testSyncCreatesPermissionAndIsIdempotent(): void
|
|
|
|
|
{
|
|
|
|
|
$registry = $this->createRegistryWithPermissions([[
|
|
|
|
|
'key' => 'address_book.view',
|
|
|
|
|
'description' => 'Can view address book',
|
|
|
|
|
'active' => 1,
|
|
|
|
|
'is_system' => 1,
|
|
|
|
|
]]);
|
|
|
|
|
|
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
|
|
|
|
|
|
|
|
$first = $synchronizer->sync();
|
|
|
|
|
self::assertSame(1, $first['created']);
|
|
|
|
|
self::assertSame(0, $first['updated']);
|
|
|
|
|
self::assertSame(0, $first['unchanged']);
|
|
|
|
|
|
|
|
|
|
$second = $synchronizer->sync();
|
|
|
|
|
self::assertSame(0, $second['created']);
|
|
|
|
|
self::assertSame(0, $second['updated']);
|
|
|
|
|
self::assertSame(1, $second['unchanged']);
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-19 18:41:08 +01:00
|
|
|
public function testSyncDeactivatesOrphanedSystemPermissions(): void
|
|
|
|
|
{
|
|
|
|
|
// Module claims 'mod.perm_a' — 'mod.perm_b' is orphaned (no module owns it)
|
|
|
|
|
$registry = $this->createRegistryWithPermissions([[
|
|
|
|
|
'key' => 'mod.perm_a',
|
|
|
|
|
'description' => 'Active permission',
|
|
|
|
|
'active' => 1,
|
|
|
|
|
'is_system' => 1,
|
|
|
|
|
]]);
|
|
|
|
|
|
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
|
|
|
$repository->create([
|
|
|
|
|
'key' => 'mod.perm_a',
|
|
|
|
|
'description' => 'Active permission',
|
|
|
|
|
'active' => 1,
|
|
|
|
|
'is_system' => 1,
|
|
|
|
|
]);
|
|
|
|
|
$repository->create([
|
|
|
|
|
'key' => 'mod.perm_b',
|
|
|
|
|
'description' => 'Orphaned module permission',
|
|
|
|
|
'active' => 1,
|
|
|
|
|
'is_system' => 1,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
|
|
|
$result = $synchronizer->sync();
|
|
|
|
|
|
|
|
|
|
self::assertSame(1, $result['deactivated']);
|
|
|
|
|
self::assertSame(1, $result['unchanged']);
|
|
|
|
|
|
|
|
|
|
$orphaned = $repository->findByKey('mod.perm_b');
|
|
|
|
|
self::assertSame(0, (int) ($orphaned['active'] ?? 1), 'Orphaned permission should be deactivated');
|
|
|
|
|
|
|
|
|
|
$active = $repository->findByKey('mod.perm_a');
|
|
|
|
|
self::assertSame(1, (int) ($active['active'] ?? 0), 'Claimed permission should stay active');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testSyncDoesNotDeactivateAdminCreatedPermissions(): void
|
|
|
|
|
{
|
|
|
|
|
// Empty module — no permissions declared
|
|
|
|
|
$registry = $this->createRegistryWithPermissions([]);
|
|
|
|
|
|
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
|
|
|
$repository->create([
|
|
|
|
|
'key' => 'admin.custom',
|
|
|
|
|
'description' => 'Admin-created permission',
|
|
|
|
|
'active' => 1,
|
|
|
|
|
'is_system' => 0,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
|
|
|
$result = $synchronizer->sync();
|
|
|
|
|
|
|
|
|
|
self::assertSame(0, $result['deactivated']);
|
|
|
|
|
|
|
|
|
|
$adminPerm = $repository->findByKey('admin.custom');
|
|
|
|
|
self::assertSame(1, (int) ($adminPerm['active'] ?? 0), 'Admin-created permission must not be touched');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testSyncReactivatesPermissionWhenModuleReEnabled(): void
|
|
|
|
|
{
|
|
|
|
|
$registry = $this->createRegistryWithPermissions([[
|
|
|
|
|
'key' => 'mod.perm_a',
|
|
|
|
|
'description' => 'Reactivated permission',
|
|
|
|
|
'active' => 1,
|
|
|
|
|
'is_system' => 1,
|
|
|
|
|
]]);
|
|
|
|
|
|
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
|
|
|
// Simulate previously deactivated permission
|
|
|
|
|
$repository->create([
|
|
|
|
|
'key' => 'mod.perm_a',
|
|
|
|
|
'description' => 'Reactivated permission',
|
|
|
|
|
'active' => 0,
|
|
|
|
|
'is_system' => 1,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
|
|
|
$result = $synchronizer->sync();
|
|
|
|
|
|
|
|
|
|
self::assertSame(0, $result['created']);
|
|
|
|
|
self::assertSame(1, $result['updated']);
|
|
|
|
|
self::assertSame(0, $result['deactivated']);
|
|
|
|
|
|
|
|
|
|
$perm = $repository->findByKey('mod.perm_a');
|
|
|
|
|
self::assertSame(1, (int) ($perm['active'] ?? 0), 'Permission should be reactivated by sync');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testSyncSkipsAlreadyDeactivatedOrphans(): void
|
|
|
|
|
{
|
|
|
|
|
$registry = $this->createRegistryWithPermissions([]);
|
|
|
|
|
|
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
|
|
|
$repository->create([
|
|
|
|
|
'key' => 'mod.old_perm',
|
|
|
|
|
'description' => 'Already deactivated',
|
|
|
|
|
'active' => 0,
|
|
|
|
|
'is_system' => 1,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
|
|
|
$result = $synchronizer->sync();
|
|
|
|
|
|
|
|
|
|
self::assertSame(0, $result['deactivated'], 'Already-inactive permission should not be counted');
|
|
|
|
|
}
|
|
|
|
|
|
feat: extend module platform with UI slots, runtime components, CLI tooling and {{userId}} search support
Completes the generic module platform that enables modules to contribute
UI elements, runtime JS components, and search resources without any
core hardcoding.
New generic UI slot types:
- topbar.right_item: module-contributed topbar buttons
- layout.body_end_template: module-contributed dialog/overlay templates
- layout.head_style: module-contributed global CSS
- runtime.component: declarative JS component registration with phase ordering
New infrastructure:
- ModuleAutoloader: PSR-4 autoloading for module-local PHP classes
- ModuleRuntimePageBuilder: symlinks module pages into runtime directory
- ModuleRuntimeAssetPublisher: publishes module CSS/JS to web/modules/
- ModulePermissionSynchronizer: syncs module permissions to DB
- CLI scripts: module-runtime-sync, module-build, module-migrate,
module-permissions-sync, module-assets-sync
- {{userId}} placeholder in SearchDataService for user-scoped search queries
- Component runtime with phased initialization (early/default/late)
- AppContainer.protectExistingBindings() to prevent module→core overwrites
- Architecture tests: ModuleStructureContractTest, CoreTemplateIsolationTest,
FrontendComponentRuntimeContractTest, AppContainerIsolationContractTest
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:19:56 +01:00
|
|
|
public function testSyncUpdatesExistingPermissionWhenDefinitionChanged(): void
|
|
|
|
|
{
|
|
|
|
|
$registry = $this->createRegistryWithPermissions([[
|
|
|
|
|
'key' => 'address_book.view',
|
|
|
|
|
'description' => 'Can view address book',
|
|
|
|
|
'active' => 1,
|
|
|
|
|
'is_system' => 1,
|
|
|
|
|
]]);
|
|
|
|
|
|
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
|
|
|
$repository->create([
|
|
|
|
|
'key' => 'address_book.view',
|
|
|
|
|
'description' => 'Old description',
|
|
|
|
|
'active' => 0,
|
|
|
|
|
'is_system' => 0,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
|
|
|
$result = $synchronizer->sync();
|
|
|
|
|
|
|
|
|
|
self::assertSame(0, $result['created']);
|
|
|
|
|
self::assertSame(1, $result['updated']);
|
|
|
|
|
self::assertSame(0, $result['unchanged']);
|
|
|
|
|
|
|
|
|
|
$permission = $repository->findByKey('address_book.view');
|
|
|
|
|
self::assertSame('Can view address book', $permission['description'] ?? null);
|
|
|
|
|
self::assertSame(1, (int) ($permission['active'] ?? 0));
|
|
|
|
|
self::assertSame(1, (int) ($permission['is_system'] ?? 0));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param list<array{key: string, description: string, active: int, is_system: int}> $permissions
|
|
|
|
|
*/
|
|
|
|
|
private function createRegistryWithPermissions(array $permissions): ModuleRegistry
|
|
|
|
|
{
|
|
|
|
|
mkdir($this->fixturesDir . '/mod-perm', 0777, true);
|
|
|
|
|
file_put_contents(
|
|
|
|
|
$this->fixturesDir . '/mod-perm/module.php',
|
|
|
|
|
'<?php return ' . var_export([
|
|
|
|
|
'id' => 'mod-perm',
|
|
|
|
|
'permissions' => $permissions,
|
|
|
|
|
], true) . ';'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
return ModuleRegistry::boot($this->fixturesDir, ['mod-perm']);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function removeDir(string $dir): void
|
|
|
|
|
{
|
|
|
|
|
if (!is_dir($dir)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
$items = new \RecursiveIteratorIterator(
|
|
|
|
|
new \RecursiveDirectoryIterator($dir, \FilesystemIterator::SKIP_DOTS),
|
|
|
|
|
\RecursiveIteratorIterator::CHILD_FIRST
|
|
|
|
|
);
|
|
|
|
|
foreach ($items as $item) {
|
|
|
|
|
if ($item->isDir()) {
|
|
|
|
|
rmdir($item->getPathname());
|
|
|
|
|
} else {
|
|
|
|
|
unlink($item->getPathname());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
rmdir($dir);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
final class InMemoryPermissionRepository implements PermissionRepositoryInterface
|
|
|
|
|
{
|
|
|
|
|
/** @var array<int, array<string, mixed>> */
|
|
|
|
|
private array $rows = [];
|
|
|
|
|
private int $nextId = 1;
|
|
|
|
|
|
|
|
|
|
public function list(): array
|
|
|
|
|
{
|
|
|
|
|
return array_values($this->rows);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function listActive(): array
|
|
|
|
|
{
|
|
|
|
|
return array_values(array_filter($this->rows, static fn (array $row): bool => (int) ($row['active'] ?? 0) === 1));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function listPaged(array $options): array
|
|
|
|
|
{
|
|
|
|
|
return ['rows' => $this->list(), 'total' => count($this->rows)];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function find(int $id): ?array
|
|
|
|
|
{
|
|
|
|
|
return $this->rows[$id] ?? null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function findByKey(string $key): ?array
|
|
|
|
|
{
|
|
|
|
|
foreach ($this->rows as $row) {
|
|
|
|
|
if ((string) ($row['key'] ?? '') === $key) {
|
|
|
|
|
return $row;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function create(array $data): ?int
|
|
|
|
|
{
|
|
|
|
|
$id = $this->nextId++;
|
|
|
|
|
$this->rows[$id] = [
|
|
|
|
|
'id' => $id,
|
|
|
|
|
'key' => (string) ($data['key'] ?? ''),
|
|
|
|
|
'description' => (string) ($data['description'] ?? ''),
|
|
|
|
|
'active' => (int) ($data['active'] ?? 1),
|
|
|
|
|
'is_system' => (int) ($data['is_system'] ?? 1),
|
|
|
|
|
];
|
|
|
|
|
return $id;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function update(int $id, array $data): bool
|
|
|
|
|
{
|
|
|
|
|
if (!isset($this->rows[$id])) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$this->rows[$id]['key'] = (string) ($data['key'] ?? $this->rows[$id]['key']);
|
|
|
|
|
$this->rows[$id]['description'] = (string) ($data['description'] ?? $this->rows[$id]['description']);
|
|
|
|
|
$this->rows[$id]['active'] = (int) ($data['active'] ?? $this->rows[$id]['active']);
|
|
|
|
|
$this->rows[$id]['is_system'] = (int) ($data['is_system'] ?? $this->rows[$id]['is_system']);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function delete(int $id): bool
|
|
|
|
|
{
|
|
|
|
|
unset($this->rows[$id]);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2026-03-19 18:41:08 +01:00
|
|
|
|
|
|
|
|
public function listSystem(): array
|
|
|
|
|
{
|
|
|
|
|
return array_values(array_filter($this->rows, static fn (array $row): bool => (int) ($row['is_system'] ?? 0) === 1));
|
|
|
|
|
}
|
feat: extend module platform with UI slots, runtime components, CLI tooling and {{userId}} search support
Completes the generic module platform that enables modules to contribute
UI elements, runtime JS components, and search resources without any
core hardcoding.
New generic UI slot types:
- topbar.right_item: module-contributed topbar buttons
- layout.body_end_template: module-contributed dialog/overlay templates
- layout.head_style: module-contributed global CSS
- runtime.component: declarative JS component registration with phase ordering
New infrastructure:
- ModuleAutoloader: PSR-4 autoloading for module-local PHP classes
- ModuleRuntimePageBuilder: symlinks module pages into runtime directory
- ModuleRuntimeAssetPublisher: publishes module CSS/JS to web/modules/
- ModulePermissionSynchronizer: syncs module permissions to DB
- CLI scripts: module-runtime-sync, module-build, module-migrate,
module-permissions-sync, module-assets-sync
- {{userId}} placeholder in SearchDataService for user-scoped search queries
- Component runtime with phased initialization (early/default/late)
- AppContainer.protectExistingBindings() to prevent module→core overwrites
- Architecture tests: ModuleStructureContractTest, CoreTemplateIsolationTest,
FrontendComponentRuntimeContractTest, AppContainerIsolationContractTest
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 22:19:56 +01:00
|
|
|
}
|