fix(user-lifecycle): track last-run state in core, not in audit log
The "Last run" KPI tile stayed empty after a manual policy run, even
though the run completed successfully. Two distinct bugs were
involved:
1. The dashboard read latestSystemRun() from the audit log filtered by
trigger_type='system'. UserLifecycleService::run() never sets that
value — it uses 'manual' for actor-triggered runs and 'cron' for
scheduled ones. The query never matched anything.
2. Even with the right trigger_type, the audit log only writes per-user
entries (logDeactivate / logDelete / logDeleteFailure). A run that
processes zero users — including most cron ticks on a healthy
tenant — leaves no trace, so the tile would still show "—" after a
correct execution.
Both bugs share one root cause: run-trigger state was being inferred
from audit-log details, but those are two semantically different
things. Audit log answers "what did the run do?". A "last run" tile
answers "did the run happen?".
This commit moves run-trigger state to the core settings table and
keeps the audit log strictly for per-user events:
* Two new keys in core/Service/Settings/SettingKeys —
USER_LIFECYCLE_LAST_RUN_AT_KEY and USER_LIFECYCLE_LAST_RUN_STATUS_KEY.
* SettingsUserLifecycleGateway gains recordLastRun() and getLastRun().
UserSettingsGateway exposes them as recordLifecycleLastRun() /
getLifecycleLastRun() so UserLifecycleService can call through its
existing dependency without growing its constructor.
* UserLifecycleService::run() writes both keys in finally — every time
the lock was acquired, regardless of whether any user was processed
and regardless of whether the run finished cleanly. Status reflects
$result['ok'] ('success' / 'failed').
* UserLifecyclePolicyDashboardService gains a lastRun() reader. Action
page now sources the KPI tile from this core service instead of the
audit interface — so the tile works even when the audit module is
disabled.
* The audit-side lastRun() / latestSystemRun() / their tests are
removed (YAGNI). Phase 4 (activity feed) can rebuild from the audit
filter grid without a special method.
Behaviorally: a no-op run now records "Last run: just now · ✓ Success"
in the cockpit, exactly as expected.
All six quality gates green.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -28,6 +28,7 @@ use MintyPHP\Service\User\UserPasswordService;
|
||||
use MintyPHP\Service\User\UserProfileViewService;
|
||||
use MintyPHP\Service\User\UserRepositoryFactory;
|
||||
use MintyPHP\Service\User\UserServicesFactory;
|
||||
use MintyPHP\Service\User\UserSettingsGateway;
|
||||
use MintyPHP\Service\User\UserTenantContextService;
|
||||
|
||||
final class UserRegistrar implements ContainerRegistrar
|
||||
@@ -65,7 +66,8 @@ final class UserRegistrar implements ContainerRegistrar
|
||||
$container->set(UserDepartmentRepository::class, static fn (AppContainer $c): UserDepartmentRepository => $c->get(UserRepositoryFactory::class)->createUserDepartmentRepository());
|
||||
$container->set(UserLifecyclePolicyDashboardRepository::class, static fn (AppContainer $c): UserLifecyclePolicyDashboardRepository => $c->get(UserRepositoryFactory::class)->createUserLifecyclePolicyDashboardRepository());
|
||||
$container->set(UserLifecyclePolicyDashboardService::class, static fn (AppContainer $c): UserLifecyclePolicyDashboardService => new UserLifecyclePolicyDashboardService(
|
||||
$c->get(UserLifecyclePolicyDashboardRepository::class)
|
||||
$c->get(UserLifecyclePolicyDashboardRepository::class),
|
||||
$c->get(UserSettingsGateway::class)
|
||||
));
|
||||
$container->set(UserProfileViewService::class, static fn (AppContainer $c): UserProfileViewService => new UserProfileViewService(
|
||||
$c->get(UserAccountService::class),
|
||||
|
||||
@@ -7,11 +7,6 @@ namespace MintyPHP\Service\Audit;
|
||||
*/
|
||||
final class NullUserLifecycleAuditDashboard implements UserLifecycleAuditDashboardInterface
|
||||
{
|
||||
public function lastRun(): ?array
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
public function actionCountInWindow(string $action, int $days, string $status = 'success'): int
|
||||
{
|
||||
return 0;
|
||||
|
||||
@@ -10,13 +10,6 @@ namespace MintyPHP\Service\Audit;
|
||||
*/
|
||||
interface UserLifecycleAuditDashboardInterface
|
||||
{
|
||||
/**
|
||||
* Latest automatic (system-triggered) lifecycle run, or null when none recorded.
|
||||
*
|
||||
* @return array{created_at:string,status:string,action:string}|null
|
||||
*/
|
||||
public function lastRun(): ?array;
|
||||
|
||||
/**
|
||||
* Count successful (or status-filtered) audit-log events for a single action within the last $days.
|
||||
*/
|
||||
|
||||
@@ -25,6 +25,11 @@ final class SettingKeys
|
||||
public const SMTP_FROM_NAME_KEY = 'smtp_from_name';
|
||||
public const USER_INACTIVITY_DEACTIVATE_DAYS_KEY = 'user_inactivity_deactivate_days';
|
||||
public const USER_INACTIVITY_DELETE_DAYS_KEY = 'user_inactivity_delete_days';
|
||||
// Internal state keys: written by UserLifecycleService::run() and read by
|
||||
// the dashboard. Not intended to appear in the admin settings UI as
|
||||
// user-configurable values — they record run-trigger state.
|
||||
public const USER_LIFECYCLE_LAST_RUN_AT_KEY = 'user_lifecycle_last_run_at';
|
||||
public const USER_LIFECYCLE_LAST_RUN_STATUS_KEY = 'user_lifecycle_last_run_status';
|
||||
public const SYSTEM_AUDIT_ENABLED_KEY = 'system_audit_enabled';
|
||||
public const SYSTEM_AUDIT_RETENTION_DAYS_KEY = 'system_audit_retention_days';
|
||||
public const FRONTEND_TELEMETRY_ENABLED_KEY = 'frontend_telemetry_enabled';
|
||||
|
||||
@@ -77,4 +77,42 @@ class SettingsUserLifecycleGateway
|
||||
{
|
||||
return $days >= self::USER_INACTIVITY_DAYS_MIN && $days <= self::USER_INACTIVITY_DAYS_MAX;
|
||||
}
|
||||
|
||||
/**
|
||||
* Record the completion of a UserLifecycleService::run() invocation.
|
||||
*
|
||||
* The two state keys (created_at, status) are written even when no users
|
||||
* were processed (no-op runs) so that the lifecycle cockpit can show the
|
||||
* tile correctly in every case. Audit-log entries cover what was done;
|
||||
* these settings cover that the run itself happened.
|
||||
*/
|
||||
public function recordLastRun(string $createdAtUtc, string $status): bool
|
||||
{
|
||||
$atOk = $this->settingsMetadataGateway->set(
|
||||
SettingKeys::USER_LIFECYCLE_LAST_RUN_AT_KEY,
|
||||
$createdAtUtc
|
||||
);
|
||||
$statusOk = $this->settingsMetadataGateway->set(
|
||||
SettingKeys::USER_LIFECYCLE_LAST_RUN_STATUS_KEY,
|
||||
$status
|
||||
);
|
||||
return $atOk && $statusOk;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{created_at: string, status: string}|null
|
||||
* null when no run has been recorded yet.
|
||||
*/
|
||||
public function getLastRun(): ?array
|
||||
{
|
||||
$createdAt = $this->settingsMetadataGateway->getValue(SettingKeys::USER_LIFECYCLE_LAST_RUN_AT_KEY);
|
||||
if ($createdAt === null || $createdAt === '') {
|
||||
return null;
|
||||
}
|
||||
$status = (string) ($this->settingsMetadataGateway->getValue(SettingKeys::USER_LIFECYCLE_LAST_RUN_STATUS_KEY) ?? '');
|
||||
return [
|
||||
'created_at' => $createdAt,
|
||||
'status' => $status,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,17 +5,20 @@ namespace MintyPHP\Service\User;
|
||||
use MintyPHP\Repository\User\UserLifecyclePolicyDashboardRepositoryInterface;
|
||||
|
||||
/**
|
||||
* Computes the "Pending deletion" KPI for the user lifecycle settings dashboard.
|
||||
* Computes the core-domain KPIs for the user lifecycle settings dashboard.
|
||||
*
|
||||
* If either policy threshold (deactivate / delete days) is disabled, the service short-circuits
|
||||
* to 0 without issuing a database query.
|
||||
* "Pending deletion" reads the users table directly. "Last run" reads the
|
||||
* settings table where UserLifecycleService::run() records every invocation
|
||||
* (success, failed, no-op alike) — independent of the audit module, so the
|
||||
* tile works even when audit is disabled.
|
||||
*
|
||||
* @api
|
||||
*/
|
||||
final class UserLifecyclePolicyDashboardService
|
||||
{
|
||||
public function __construct(
|
||||
private readonly UserLifecyclePolicyDashboardRepositoryInterface $userLifecyclePolicyDashboardRepository
|
||||
private readonly UserLifecyclePolicyDashboardRepositoryInterface $userLifecyclePolicyDashboardRepository,
|
||||
private readonly UserSettingsGateway $userSettingsGateway
|
||||
) {
|
||||
}
|
||||
|
||||
@@ -26,4 +29,13 @@ final class UserLifecyclePolicyDashboardService
|
||||
}
|
||||
return $this->userLifecyclePolicyDashboardRepository->countPendingDeletion($deleteDays, $windowDays);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{created_at: string, status: string}|null
|
||||
* null when no run has been recorded yet.
|
||||
*/
|
||||
public function lastRun(): ?array
|
||||
{
|
||||
return $this->userSettingsGateway->getLifecycleLastRun();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -163,6 +163,13 @@ class UserLifecycleService
|
||||
} finally {
|
||||
$this->releaseLock();
|
||||
$result['duration_ms'] = $this->durationMs($startedAt);
|
||||
// Record run-trigger state every time the lock was acquired —
|
||||
// including no-op runs (0 users processed) — so the cockpit
|
||||
// KPI tile reflects every actual execution.
|
||||
$this->settingsGateway->recordLifecycleLastRun(
|
||||
gmdate('Y-m-d H:i:s'),
|
||||
$result['ok'] ? 'success' : 'failed'
|
||||
);
|
||||
}
|
||||
|
||||
return $result;
|
||||
|
||||
@@ -57,4 +57,17 @@ class UserSettingsGateway
|
||||
{
|
||||
return $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays();
|
||||
}
|
||||
|
||||
public function recordLifecycleLastRun(string $createdAtUtc, string $status): bool
|
||||
{
|
||||
return $this->settingsUserLifecycleGateway->recordLastRun($createdAtUtc, $status);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{created_at: string, status: string}|null
|
||||
*/
|
||||
public function getLifecycleLastRun(): ?array
|
||||
{
|
||||
return $this->settingsUserLifecycleGateway->getLastRun();
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user