refactor(audit): extract audit domain into self-contained module
Move the entire audit subsystem (system audit, API audit, import audit, user lifecycle audit, frontend telemetry) from core into modules/audit/. Core decoupling via interface-based injection: - AuditRecorderInterface replaces SystemAuditService in 10+ core services - UserLifecycleAuditInterface / ImportAuditInterface for specialized flows - NullAuditRecorder fallback when audit module is disabled - ApiBootstrap/ApiResponse use null-safe callable resolvers Module structure (modules/audit/): - Manifest with routes, permissions, scheduler jobs, authorization policy - 9 services, 8 repositories, 6 domain enums, 4 job handlers - 33 page files, 4 JS files, 8 test files, migration scripts, i18n Core cleanup: - OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService surgically cleaned of audit-specific constants - Sidebar template cleared of hardcoded audit navigation - AuditModuleIsolationContractTest ensures no future core→module coupling All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5 clean, architecture contracts verified. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -6,7 +6,7 @@ use MintyPHP\Repository\Support\DatabaseSessionRepository;
|
||||
use MintyPHP\Repository\User\UserListQueryRepositoryInterface;
|
||||
use MintyPHP\Repository\User\UserReadRepositoryInterface;
|
||||
use MintyPHP\Repository\User\UserWriteRepositoryInterface;
|
||||
use MintyPHP\Service\Audit\SystemAuditService;
|
||||
use MintyPHP\Service\Audit\AuditRecorderInterface;
|
||||
use MintyPHP\Service\Tenant\TenantScopeService;
|
||||
use MintyPHP\Service\User\UserAccountService;
|
||||
use MintyPHP\Service\User\UserAssignmentService;
|
||||
@@ -96,7 +96,7 @@ class UserAccountServiceTest extends TestCase
|
||||
->with(11)
|
||||
->willReturn(true);
|
||||
|
||||
$auditService = $this->createMock(SystemAuditService::class);
|
||||
$auditService = $this->createMock(AuditRecorderInterface::class);
|
||||
$auditService->expects($this->once())
|
||||
->method('record')
|
||||
->with(
|
||||
@@ -130,7 +130,7 @@ class UserAccountServiceTest extends TestCase
|
||||
->with(11)
|
||||
->willReturn(false);
|
||||
|
||||
$auditService = $this->createMock(SystemAuditService::class);
|
||||
$auditService = $this->createMock(AuditRecorderInterface::class);
|
||||
$auditService->expects($this->never())->method('record');
|
||||
|
||||
$service = $this->newService($readRepository, $writeRepository, null, null, null, null, null, null, $auditService);
|
||||
@@ -230,7 +230,7 @@ class UserAccountServiceTest extends TestCase
|
||||
$assignmentService = $this->createMock(UserAssignmentService::class);
|
||||
$assignmentService->expects($this->never())->method('bumpAuthzVersion');
|
||||
|
||||
$auditService = $this->createMock(SystemAuditService::class);
|
||||
$auditService = $this->createMock(AuditRecorderInterface::class);
|
||||
$auditService->expects($this->never())->method('record');
|
||||
|
||||
$service = $this->newService($readRepository, $writeRepository, null, $assignmentService, null, null, null, null, $auditService);
|
||||
@@ -257,7 +257,7 @@ class UserAccountServiceTest extends TestCase
|
||||
->method('bumpAuthzVersion')
|
||||
->with(33);
|
||||
|
||||
$auditService = $this->createMock(SystemAuditService::class);
|
||||
$auditService = $this->createMock(AuditRecorderInterface::class);
|
||||
$auditService->expects($this->once())
|
||||
->method('record')
|
||||
->with(
|
||||
@@ -293,7 +293,7 @@ class UserAccountServiceTest extends TestCase
|
||||
$scopeGateway = $this->createMock(TenantScopeService::class);
|
||||
$scopeGateway->method('canAccess')->willReturn(true);
|
||||
|
||||
$auditService = $this->createMock(SystemAuditService::class);
|
||||
$auditService = $this->createMock(AuditRecorderInterface::class);
|
||||
$auditService->expects($this->once())
|
||||
->method('record')
|
||||
->with(
|
||||
@@ -398,7 +398,7 @@ class UserAccountServiceTest extends TestCase
|
||||
$assignmentService->expects($this->never())->method('syncRoles');
|
||||
$assignmentService->expects($this->never())->method('syncDepartments');
|
||||
|
||||
$auditService = $this->createMock(SystemAuditService::class);
|
||||
$auditService = $this->createMock(AuditRecorderInterface::class);
|
||||
$auditService->expects($this->never())->method('record');
|
||||
|
||||
$databaseSessionRepository = $this->createMock(DatabaseSessionRepository::class);
|
||||
@@ -628,7 +628,7 @@ class UserAccountServiceTest extends TestCase
|
||||
?UserSettingsGateway $settingsGateway = null,
|
||||
?TenantScopeService $scopeGateway = null,
|
||||
?UserDirectoryGateway $directoryGateway = null,
|
||||
?SystemAuditService $auditService = null,
|
||||
?AuditRecorderInterface $auditService = null,
|
||||
?DatabaseSessionRepository $databaseSessionRepository = null
|
||||
): UserAccountService {
|
||||
$readRepository = $readRepository ?? $this->createMock(UserReadRepositoryInterface::class);
|
||||
@@ -673,7 +673,7 @@ class UserAccountServiceTest extends TestCase
|
||||
$directoryGateway->method('findTenantByUuid')->willReturn(null);
|
||||
}
|
||||
|
||||
$auditService = $auditService ?? $this->createMock(SystemAuditService::class);
|
||||
$auditService = $auditService ?? $this->createMock(AuditRecorderInterface::class);
|
||||
$databaseSessionRepository = $databaseSessionRepository ?? $this->createMock(DatabaseSessionRepository::class);
|
||||
|
||||
return new UserAccountService(
|
||||
|
||||
@@ -5,7 +5,7 @@ namespace MintyPHP\Tests\Service\User;
|
||||
use MintyPHP\Repository\Support\DatabaseSessionRepository;
|
||||
use MintyPHP\Repository\User\UserReadRepositoryInterface;
|
||||
use MintyPHP\Repository\User\UserWriteRepositoryInterface;
|
||||
use MintyPHP\Service\Audit\UserLifecycleAuditService;
|
||||
use MintyPHP\Service\Audit\UserLifecycleAuditInterface;
|
||||
use MintyPHP\Service\User\UserLifecycleRestoreService;
|
||||
use MintyPHP\Service\User\UserSettingsGateway;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
@@ -32,7 +32,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
'theme' => 'dark',
|
||||
];
|
||||
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->expects($this->once())
|
||||
->method('findDeleteEventForRestore')
|
||||
->with(1, true)
|
||||
@@ -143,7 +143,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsAuditEventNotFoundWhenEventIsNull(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->expects($this->once())
|
||||
->method('findDeleteEventForRestore')
|
||||
->with(1, true)
|
||||
@@ -169,7 +169,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsAlreadyRestoredWhenEventHasRestoredAt(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')->willReturn([
|
||||
'id' => 1,
|
||||
'restored_at' => '2025-01-01 00:00:00',
|
||||
@@ -193,7 +193,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsSnapshotUnavailableWhenDecryptReturnsNull(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')->willReturn([
|
||||
'id' => 1,
|
||||
'restored_at' => null,
|
||||
@@ -218,7 +218,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsSnapshotInvalidWhenUuidIsMissing(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')->willReturn(['id' => 1, 'restored_at' => null]);
|
||||
$auditService->method('decryptSnapshot')->willReturn(['uuid' => '', 'email' => 'a@b.com']);
|
||||
|
||||
@@ -238,7 +238,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsSnapshotInvalidWhenEmailIsMissing(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')->willReturn(['id' => 1, 'restored_at' => null]);
|
||||
$auditService->method('decryptSnapshot')->willReturn(['uuid' => 'u1', 'email' => '']);
|
||||
|
||||
@@ -260,7 +260,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsUuidExistsWhenUserWithUuidAlreadyExists(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')->willReturn(['id' => 1, 'restored_at' => null]);
|
||||
$auditService->method('decryptSnapshot')->willReturn(['uuid' => 'existing-uuid', 'email' => 'new@example.com']);
|
||||
|
||||
@@ -287,7 +287,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsEmailExistsWhenUserWithEmailAlreadyExists(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')->willReturn(['id' => 1, 'restored_at' => null]);
|
||||
$auditService->method('decryptSnapshot')->willReturn(['uuid' => 'new-uuid', 'email' => 'existing@example.com']);
|
||||
|
||||
@@ -315,7 +315,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsCreateFailedWhenWriteRepoReturnsZero(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')->willReturn(['id' => 1, 'restored_at' => null]);
|
||||
$auditService->method('decryptSnapshot')->willReturn(['uuid' => 'u1', 'email' => 'e@x.com']);
|
||||
|
||||
@@ -348,7 +348,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsCreateFailedWhenWriteRepoReturnsFalse(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')->willReturn(['id' => 1, 'restored_at' => null]);
|
||||
$auditService->method('decryptSnapshot')->willReturn(['uuid' => 'u1', 'email' => 'e@x.com']);
|
||||
|
||||
@@ -383,7 +383,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreReturnsMarkFailedWhenMarkRestoredReturnsFalse(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')->willReturn(['id' => 1, 'restored_at' => null]);
|
||||
$auditService->method('decryptSnapshot')->willReturn(['uuid' => 'u1', 'email' => 'e@x.com']);
|
||||
$auditService->expects($this->once())
|
||||
@@ -423,7 +423,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreRollsBackOnUnexpectedException(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')
|
||||
->willThrowException(new \RuntimeException('unexpected'));
|
||||
|
||||
@@ -445,7 +445,7 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
|
||||
public function testRestoreRollbackQuietlySwallowsRollbackException(): void
|
||||
{
|
||||
$auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$auditService->method('findDeleteEventForRestore')
|
||||
->willThrowException(new \RuntimeException('db error'));
|
||||
|
||||
@@ -470,14 +470,14 @@ class UserLifecycleRestoreServiceTest extends TestCase
|
||||
private function newService(
|
||||
?UserReadRepositoryInterface $userReadRepository = null,
|
||||
?UserWriteRepositoryInterface $userWriteRepository = null,
|
||||
?UserLifecycleAuditService $userLifecycleAuditService = null,
|
||||
?UserLifecycleAuditInterface $userLifecycleAuditService = null,
|
||||
?DatabaseSessionRepository $databaseSessionRepository = null,
|
||||
?UserSettingsGateway $userSettingsGateway = null,
|
||||
): UserLifecycleRestoreService {
|
||||
return new UserLifecycleRestoreService(
|
||||
$userReadRepository ?? $this->createMock(UserReadRepositoryInterface::class),
|
||||
$userWriteRepository ?? $this->createMock(UserWriteRepositoryInterface::class),
|
||||
$userLifecycleAuditService ?? $this->createMock(UserLifecycleAuditService::class),
|
||||
$userLifecycleAuditService ?? $this->createMock(UserLifecycleAuditInterface::class),
|
||||
$databaseSessionRepository ?? $this->createMock(DatabaseSessionRepository::class),
|
||||
$userSettingsGateway ?? $this->createMock(UserSettingsGateway::class),
|
||||
);
|
||||
|
||||
@@ -5,7 +5,7 @@ namespace MintyPHP\Tests\Service\User;
|
||||
use MintyPHP\Repository\Support\DatabaseSessionRepository;
|
||||
use MintyPHP\Repository\User\UserReadRepositoryInterface;
|
||||
use MintyPHP\Repository\User\UserWriteRepositoryInterface;
|
||||
use MintyPHP\Service\Audit\UserLifecycleAuditService;
|
||||
use MintyPHP\Service\Audit\UserLifecycleAuditInterface;
|
||||
use MintyPHP\Service\User\UserLifecycleService;
|
||||
use MintyPHP\Service\User\UserSettingsGateway;
|
||||
use PHPUnit\Framework\MockObject\MockObject;
|
||||
@@ -16,7 +16,7 @@ class UserLifecycleServiceTest extends TestCase
|
||||
private UserReadRepositoryInterface&MockObject $userReadRepository;
|
||||
private UserWriteRepositoryInterface&MockObject $userWriteRepository;
|
||||
private UserSettingsGateway&MockObject $settingsGateway;
|
||||
private UserLifecycleAuditService&MockObject $auditService;
|
||||
private UserLifecycleAuditInterface&MockObject $auditService;
|
||||
private DatabaseSessionRepository&MockObject $databaseSessionRepository;
|
||||
|
||||
protected function setUp(): void
|
||||
@@ -24,7 +24,7 @@ class UserLifecycleServiceTest extends TestCase
|
||||
$this->userReadRepository = $this->createMock(UserReadRepositoryInterface::class);
|
||||
$this->userWriteRepository = $this->createMock(UserWriteRepositoryInterface::class);
|
||||
$this->settingsGateway = $this->createMock(UserSettingsGateway::class);
|
||||
$this->auditService = $this->createMock(UserLifecycleAuditService::class);
|
||||
$this->auditService = $this->createMock(UserLifecycleAuditInterface::class);
|
||||
$this->databaseSessionRepository = $this->createMock(DatabaseSessionRepository::class);
|
||||
|
||||
// Default: lock succeeds, release is a no-op
|
||||
|
||||
Reference in New Issue
Block a user