refactor: rename lib/ to core/ for clearer core-module separation

Rename the top-level lib/ directory to core/ so the project root
immediately communicates which code is core platform and which lives
in modules/. PHP namespaces (MintyPHP\*) are unchanged — only the
Composer PSR-4 path mapping moves from lib/ to core/.

Module-internal lib/ directories (modules/*/lib/) are untouched.

Updated across the full stack:
- composer.json PSR-4 mapping
- bootstrap entry points (web/index.php, bin/*, tests/bootstrap.php)
- tooling configs (phpstan.neon, phpunit.xml, php-cs-fixer)
- 26 architecture contract tests
- enforcement-policy, guard-catalog, quality-gates
- all documentation (CLAUDE.md, README, 25 docs/, .agents/skills/)
- bin/qa-extended.sh search paths
- .claude/settings.local.json permission paths

Workflow: .agents/runs/CORE-LIB-RENAME-001/ (Analyst → Planner →
Executor → Code Review (4 findings fixed) → Security Review →
Acceptance Test → Finalizer)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-04-13 23:20:05 +02:00
parent 7c10fadcb9
commit 0e86925464
371 changed files with 191 additions and 192 deletions

View File

@@ -0,0 +1,127 @@
<?php
namespace MintyPHP\Repository\Access;
use MintyPHP\DB;
use MintyPHP\Repository\Support\RepoQuery;
use MintyPHP\Repository\Support\RepositoryArrayHelper;
/** Reads and writes permission records; supports active/system flag filtering. */
class PermissionRepository implements PermissionRepositoryInterface
{
public function list(): array
{
$rows = DB::select('select id, `key`, description, active, is_system, created from permissions order by `key` asc');
return RepositoryArrayHelper::unwrapList($rows, 'permissions');
}
public function listActive(): array
{
$rows = DB::select(
'select id, `key`, description, active, is_system, created from permissions where active = 1 order by `key` asc'
);
return RepositoryArrayHelper::unwrapList($rows, 'permissions');
}
public function listPaged(array $options): array
{
$search = trim((string) ($options['search'] ?? ''));
$allowedOrder = [
'key' => '`key`',
'description' => 'description',
'active' => 'active',
'created' => 'created',
];
[$limit, $offset] = RepoQuery::sanitizeLimitOffset($options);
[$order, $dir] = RepoQuery::sanitizeOrder($options, array_keys($allowedOrder), 'key', 'asc');
$orderBy = $allowedOrder[$order] ?? $allowedOrder['key'];
$where = [];
$params = [];
RepoQuery::addLikeFilter($where, $params, ['permissions.`key`', 'permissions.description'], $search);
$activeValue = array_key_exists('active', $options) ? $options['active'] : null;
RepoQuery::addEnumFilter($where, $params, $activeValue, [
['aliases' => ['1', 'true', 'active'], 'sql' => 'permissions.active = 1'],
['aliases' => ['0', 'false', 'inactive'], 'sql' => 'permissions.active = 0'],
]);
$whereSql = $where ? ' where ' . implode(' and ', $where) : '';
$total = DB::selectValue('select count(*) from permissions' . $whereSql, ...$params);
$query = 'select id, `key`, description, active, is_system, created from permissions' . $whereSql .
' order by ' . $orderBy . ' ' . $dir . ' limit ? offset ?';
$queryParams = array_merge($params, [(string) $limit, (string) $offset]);
$rows = DB::select($query, ...$queryParams);
return ['rows' => RepositoryArrayHelper::unwrapList($rows, 'permissions'), 'total' => (int) $total];
}
public function find(int $id): ?array
{
$row = DB::selectOne(
'select id, `key`, description, active, is_system, created from permissions where id = ? limit 1',
(string) $id
);
return RepositoryArrayHelper::unwrap($row, 'permissions');
}
public function findByKey(string $key): ?array
{
$row = DB::selectOne(
'select id, `key`, description, active, is_system, created from permissions where `key` = ? limit 1',
$key
);
return RepositoryArrayHelper::unwrap($row, 'permissions');
}
public function create(array $data): ?int
{
$key = trim((string) ($data['key'] ?? ''));
$desc = trim((string) ($data['description'] ?? ''));
$active = (int) ($data['active'] ?? 1);
$isSystem = (int) ($data['is_system'] ?? 0);
$result = DB::insert(
'insert into permissions (`key`, description, active, is_system, created) values (?,?,?,?,NOW())',
$key,
$desc !== '' ? $desc : null,
(string) $active,
(string) $isSystem
);
return $result ? (int) $result : null;
}
public function update(int $id, array $data): bool
{
$key = trim((string) ($data['key'] ?? ''));
$desc = trim((string) ($data['description'] ?? ''));
$active = (int) ($data['active'] ?? 1);
$isSystem = (int) ($data['is_system'] ?? 0);
$result = DB::update(
'update permissions set `key` = ?, description = ?, active = ?, is_system = ? where id = ?',
$key,
$desc !== '' ? $desc : null,
(string) $active,
(string) $isSystem,
(string) $id
);
return $result !== false;
}
public function delete(int $id): bool
{
$result = DB::delete('delete from permissions where id = ?', (string) $id);
return (bool) $result;
}
public function listSystem(): array
{
$rows = DB::select(
'select id, `key`, description, active, is_system, created from permissions where is_system = 1 order by `key` asc'
);
return RepositoryArrayHelper::unwrapList($rows, 'permissions');
}
}

View File

@@ -0,0 +1,26 @@
<?php
namespace MintyPHP\Repository\Access;
/** Contract for permission CRUD and lookup by key or ID. */
interface PermissionRepositoryInterface
{
public function list(): array;
public function listActive(): array;
public function listPaged(array $options): array;
public function find(int $id): ?array;
public function findByKey(string $key): ?array;
public function create(array $data): ?int;
public function update(int $id, array $data): bool;
public function delete(int $id): bool;
/** @return list<array{id: int, key: string, description: string, active: int, is_system: int}> */
public function listSystem(): array;
}

View File

@@ -0,0 +1,75 @@
<?php
namespace MintyPHP\Repository\Access;
use MintyPHP\DB;
/** Manages which roles a given role is allowed to assign (role hierarchy). */
class RoleAssignableRoleRepository implements RoleAssignableRoleRepositoryInterface
{
public function listAssignableRoleIdsByRoleId(int $roleId): array
{
$rows = DB::select(
'select assignable_role_id from role_assignable_roles where role_id = ?',
(string) $roleId
);
if (!is_array($rows)) {
return [];
}
$ids = [];
foreach ($rows as $row) {
$data = $row['role_assignable_roles'] ?? $row;
if (is_array($data) && isset($data['assignable_role_id'])) {
$ids[] = (int) $data['assignable_role_id'];
}
}
return array_values(array_unique($ids));
}
public function listAssignableRoleIdsByRoleIds(array $roleIds): array
{
$roleIds = array_values(array_unique(array_map('intval', $roleIds)));
$roleIds = array_values(array_filter($roleIds, static fn (int $id): bool => $id > 0));
if (!$roleIds) {
return [];
}
$placeholders = implode(',', array_fill(0, count($roleIds), '?'));
$rows = DB::select(
'select distinct assignable_role_id from role_assignable_roles where role_id in (' .
$placeholders .
')',
...array_map('strval', $roleIds)
);
if (!is_array($rows)) {
return [];
}
$ids = [];
foreach ($rows as $row) {
$data = $row['role_assignable_roles'] ?? $row;
if (is_array($data) && isset($data['assignable_role_id'])) {
$ids[] = (int) $data['assignable_role_id'];
}
}
return array_values(array_unique($ids));
}
public function replaceForRole(int $roleId, array $assignableRoleIds): bool
{
DB::delete('delete from role_assignable_roles where role_id = ?', (string) $roleId);
$ids = array_values(array_unique(array_filter(array_map('intval', $assignableRoleIds))));
if (!$ids) {
return true;
}
foreach ($ids as $assignableRoleId) {
DB::insert(
'insert into role_assignable_roles (role_id, assignable_role_id, created) values (?,?,NOW())',
(string) $roleId,
(string) $assignableRoleId
);
}
return true;
}
}

View File

@@ -0,0 +1,22 @@
<?php
namespace MintyPHP\Repository\Access;
interface RoleAssignableRoleRepositoryInterface
{
/** @return int[] */
public function listAssignableRoleIdsByRoleId(int $roleId): array;
/**
* Union of assignable role IDs across multiple roles (e.g. all roles of an actor).
* @param int[] $roleIds
* @return int[]
*/
public function listAssignableRoleIdsByRoleIds(array $roleIds): array;
/**
* Atomic replace: delete all + re-insert.
* @param int[] $assignableRoleIds
*/
public function replaceForRole(int $roleId, array $assignableRoleIds): bool;
}

View File

@@ -0,0 +1,198 @@
<?php
namespace MintyPHP\Repository\Access;
use MintyPHP\DB;
/** Manages the many-to-many link between roles and permissions. */
class RolePermissionRepository implements RolePermissionRepositoryInterface
{
public function listPermissionIdsByRoleId(int $roleId): array
{
$rows = DB::select('select permission_id from role_permissions where role_id = ?', (string) $roleId);
if (!is_array($rows)) {
return [];
}
$ids = [];
foreach ($rows as $row) {
$data = $row['role_permissions'] ?? $row;
if (is_array($data) && isset($data['permission_id'])) {
$ids[] = (int) $data['permission_id'];
}
}
return array_values(array_unique($ids));
}
public function countPermissionsByRoleIds(array $roleIds): array
{
$roleIds = array_values(array_unique(array_map('intval', $roleIds)));
$roleIds = array_values(array_filter($roleIds, static fn ($id) => $id > 0));
if (!$roleIds) {
return [];
}
$placeholders = implode(',', array_fill(0, count($roleIds), '?'));
$rows = DB::select(
'select rp.role_id, count(distinct rp.permission_id) as permission_count from role_permissions rp where rp.role_id in (' .
$placeholders .
') group by rp.role_id',
...array_map('strval', $roleIds)
);
if (!is_array($rows)) {
return [];
}
$result = [];
foreach ($rows as $row) {
$roleId = self::extractIntField($row, 'role_id');
if ($roleId <= 0) {
continue;
}
$result[$roleId] = self::extractIntField($row, 'permission_count');
}
return $result;
}
public function replaceForRole(int $roleId, array $permissionIds): bool
{
DB::delete('delete from role_permissions where role_id = ?', (string) $roleId);
$ids = array_values(array_unique(array_filter(array_map('intval', $permissionIds))));
if (!$ids) {
return true;
}
foreach ($ids as $permissionId) {
DB::insert(
'insert into role_permissions (role_id, permission_id, created) values (?,?,NOW())',
(string) $roleId,
(string) $permissionId
);
}
return true;
}
public function listRoleIdsByPermissionId(int $permissionId): array
{
$rows = DB::select('select role_id from role_permissions where permission_id = ?', (string) $permissionId);
if (!is_array($rows)) {
return [];
}
$ids = [];
foreach ($rows as $row) {
$data = $row['role_permissions'] ?? $row;
if (is_array($data) && isset($data['role_id'])) {
$ids[] = (int) $data['role_id'];
}
}
return array_values(array_unique($ids));
}
public function replaceForPermission(int $permissionId, array $roleIds): bool
{
DB::delete('delete from role_permissions where permission_id = ?', (string) $permissionId);
$ids = array_values(array_unique(array_filter(array_map('intval', $roleIds))));
if (!$ids) {
return true;
}
foreach ($ids as $roleId) {
DB::insert(
'insert into role_permissions (role_id, permission_id, created) values (?,?,NOW())',
(string) $roleId,
(string) $permissionId
);
}
return true;
}
public function listPermissionKeysByRoleIds(array $roleIds): array
{
$ids = array_values(array_unique(array_filter(array_map('intval', $roleIds))));
if (!$ids) {
return [];
}
$rows = DB::select(
'select p.`key` as `key` from role_permissions rp ' .
'join roles r on r.id = rp.role_id and r.active = 1 ' .
'join permissions p on p.id = rp.permission_id and p.active = 1 ' .
'where rp.role_id in (???)',
array_map('strval', $ids)
);
if (!is_array($rows)) {
return [];
}
$keys = [];
foreach ($rows as $row) {
$data = $row['p'] ?? $row;
if (is_array($data) && isset($data['key'])) {
$keys[] = (string) $data['key'];
} elseif (is_array($row) && isset($row['key'])) {
$keys[] = (string) $row['key'];
}
}
return array_values(array_unique($keys));
}
public function listPermissionsWithRolesByRoleIds(array $roleIds): array
{
$ids = array_values(array_unique(array_filter(array_map('intval', $roleIds))));
if (!$ids) {
return [];
}
$rows = DB::select(
'select rp.permission_id as permission_id, p.`key` as `key`, p.description as `description`, r.description as role ' .
'from role_permissions rp join permissions p on p.id = rp.permission_id and p.active = 1 ' .
'join roles r on r.id = rp.role_id and r.active = 1 where rp.role_id in (???) ' .
'order by p.`key` asc, r.description asc',
array_map('strval', $ids)
);
if (!is_array($rows)) {
return [];
}
$permMap = [];
foreach ($rows as $row) {
$rowPerm = $row['p'] ?? ($row['permissions'] ?? $row);
$rowRole = $row['r'] ?? ($row['roles'] ?? $row);
$rowRp = $row['rp'] ?? ($row['role_permissions'] ?? $row);
$permId = $rowRp['permission_id'] ?? ($row['permission_id'] ?? null);
$key = (string) ($rowPerm['key'] ?? $row['key'] ?? '');
if ($permId === null || $key === '') {
continue;
}
if (!isset($permMap[$permId])) {
$desc = (string) ($rowPerm['description'] ?? $row['description'] ?? '');
$permMap[$permId] = [
'key' => $key,
'description' => $desc,
'roles' => [],
];
}
$roleLabel = (string) ($rowRole['description'] ?? $rowRole['role'] ?? $row['role'] ?? '');
if ($roleLabel !== '') {
$permMap[$permId]['roles'][] = $roleLabel;
}
}
foreach ($permMap as &$item) {
$item['roles'] = array_values(array_unique($item['roles']));
}
unset($item);
return array_values($permMap);
}
private function extractIntField(array $row, string $field): int
{
foreach ($row as $value) {
if (!is_array($value)) {
continue;
}
if (array_key_exists($field, $value)) {
return (int) $value[$field];
}
}
if (array_key_exists($field, $row)) {
return (int) $row[$field];
}
return 0;
}
}

View File

@@ -0,0 +1,21 @@
<?php
namespace MintyPHP\Repository\Access;
/** Contract for managing permission assignments on roles. */
interface RolePermissionRepositoryInterface
{
public function listPermissionIdsByRoleId(int $roleId): array;
public function countPermissionsByRoleIds(array $roleIds): array;
public function replaceForRole(int $roleId, array $permissionIds): bool;
public function listRoleIdsByPermissionId(int $permissionId): array;
public function replaceForPermission(int $permissionId, array $roleIds): bool;
public function listPermissionKeysByRoleIds(array $roleIds): array;
public function listPermissionsWithRolesByRoleIds(array $roleIds): array;
}

View File

@@ -0,0 +1,163 @@
<?php
namespace MintyPHP\Repository\Access;
use MintyPHP\DB;
use MintyPHP\Repository\Support\RepoQuery;
use MintyPHP\Repository\Support\RepositoryArrayHelper;
/** Reads and writes role records with pagination, search, and code uniqueness checks. */
class RoleRepository implements RoleRepositoryInterface
{
public function list(): array
{
$rows = DB::select(
'select id, uuid, description, code, active, created_by, modified_by, created, modified from roles order by id desc'
);
return RepositoryArrayHelper::unwrapList($rows, 'roles');
}
public function listActive(): array
{
$rows = DB::select(
'select id, uuid, description, code, active, created_by, modified_by, created, modified from roles where active = 1 order by description asc'
);
return RepositoryArrayHelper::unwrapList($rows, 'roles');
}
public function listByIds(array $roleIds): array
{
$roleIds = RepositoryArrayHelper::sanitizePositiveIds($roleIds);
if (!$roleIds) {
return [];
}
$placeholders = implode(',', array_fill(0, count($roleIds), '?'));
$rows = DB::select(
'select id, uuid, description, code, active, created_by, modified_by, created, modified from roles where id in (' . $placeholders . ')',
...array_map('strval', $roleIds)
);
return RepositoryArrayHelper::unwrapList($rows, 'roles');
}
public function listIds(): array
{
$rows = DB::select('select id from roles');
return RepositoryArrayHelper::extractIds($rows, 'roles');
}
public function listActiveIds(): array
{
$rows = DB::select('select id from roles where active = 1');
return RepositoryArrayHelper::extractIds($rows, 'roles');
}
public function listPaged(array $options): array
{
$search = trim((string) ($options['search'] ?? ''));
$allowedOrder = ['id', 'uuid', 'description', 'code', 'active', 'created', 'modified'];
[$limit, $offset] = RepoQuery::sanitizeLimitOffset($options);
[$order, $dir] = RepoQuery::sanitizeOrder($options, $allowedOrder);
$where = [];
$params = [];
RepoQuery::addLikeFilter($where, $params, ['description', 'uuid', 'code'], $search);
$activeValue = array_key_exists('active', $options) ? $options['active'] : null;
RepoQuery::addEnumFilter($where, $params, $activeValue, [
['aliases' => ['1', 'true', 'active'], 'sql' => 'roles.active = 1'],
['aliases' => ['0', 'false', 'inactive'], 'sql' => 'roles.active = 0'],
]);
$whereSql = $where ? (' where ' . implode(' and ', $where)) : '';
$count = DB::selectValue('select count(*) from roles' . $whereSql, ...$params);
$total = $count ? (int) $count : 0;
$query = 'select id, uuid, description, code, active, created_by, modified_by, created, modified from roles' .
$whereSql .
sprintf(' order by `%s` %s limit ? offset ?', $order, $dir);
$queryParams = array_merge($params, [(string) $limit, (string) $offset]);
$rows = call_user_func_array(['MintyPHP\\DB', 'select'], array_merge([$query], $queryParams));
return [
'total' => $total,
'rows' => RepositoryArrayHelper::unwrapList($rows, 'roles'),
];
}
public function find(int $id): ?array
{
$row = DB::selectOne(
'select id, uuid, description, code, active, created_by, modified_by, created, modified from roles where id = ? limit 1',
(string) $id
);
return RepositoryArrayHelper::unwrap($row, 'roles');
}
public function findByUuid(string $uuid): ?array
{
$row = DB::selectOne(
'select id, uuid, description, code, active, created_by, modified_by, created, modified from roles where uuid = ? limit 1',
$uuid
);
return RepositoryArrayHelper::unwrap($row, 'roles');
}
public function existsByCode(string $code, int $excludeId = 0): bool
{
$code = trim($code);
if ($code === '') {
return false;
}
if ($excludeId > 0) {
$count = DB::selectValue('select count(*) from roles where code = ? and id != ?', $code, (string) $excludeId);
} else {
$count = DB::selectValue('select count(*) from roles where code = ?', $code);
}
return $count ? ((int) $count > 0) : false;
}
public function create(array $data): int|false
{
return DB::insert(
'insert into roles (uuid, description, code, active, created_by, created) values (?,?,?,?,?,NOW())',
$data['uuid'] ?? RepoQuery::uuidV4(),
$data['description'],
$data['code'] ?? null,
$data['active'] ?? 1,
$data['created_by'] ?? null
);
}
public function update(int $id, array $data): bool
{
$fields = [
'description' => $data['description'],
'code' => $data['code'] ?? null,
'active' => $data['active'] ?? 1,
];
if (array_key_exists('modified_by', $data)) {
$fields['modified_by'] = $data['modified_by'];
}
$setParts = [];
$params = [];
foreach ($fields as $field => $value) {
$setParts[] = sprintf('`%s` = ?', $field);
$params[] = $value;
}
$params[] = (string) $id;
$query = 'update roles set ' . implode(', ', $setParts) . ' where id = ?';
$result = DB::update($query, ...$params);
return $result !== false;
}
public function delete(int $id): bool
{
$result = DB::delete('delete from roles where id = ?', (string) $id);
return $result !== false;
}
}

View File

@@ -0,0 +1,31 @@
<?php
namespace MintyPHP\Repository\Access;
/** Contract for role CRUD, existence checks, and filtered listing. */
interface RoleRepositoryInterface
{
public function list(): array;
public function listActive(): array;
public function listByIds(array $roleIds): array;
public function listIds(): array;
public function listActiveIds(): array;
public function listPaged(array $options): array;
public function find(int $id): ?array;
public function findByUuid(string $uuid): ?array;
public function existsByCode(string $code, int $excludeId = 0): bool;
public function create(array $data): int|false;
public function update(int $id, array $data): bool;
public function delete(int $id): bool;
}

View File

@@ -0,0 +1,110 @@
<?php
namespace MintyPHP\Repository\Access;
use MintyPHP\DB;
use MintyPHP\Repository\Support\RepositoryArrayHelper;
/** Queries user-role assignments and counts active/inactive users per role. */
class UserRoleRepository implements UserRoleRepositoryInterface
{
public function listRoleIdsByUserId(int $userId): array
{
$rows = DB::select('select role_id from user_roles where user_id = ?', (string) $userId);
return RepositoryArrayHelper::extractIds($rows, 'user_roles', 'role_id');
}
public function replaceForUser(int $userId, array $roleIds): bool
{
DB::delete('delete from user_roles where user_id = ?', (string) $userId);
if (!$roleIds) {
return true;
}
foreach ($roleIds as $roleId) {
DB::insert(
'insert into user_roles (user_id, role_id, created) values (?,?,NOW())',
(string) $userId,
(string) $roleId
);
}
return true;
}
public function listUserIdsByRoleIds(array $roleIds): array
{
$ids = RepositoryArrayHelper::sanitizePositiveIds($roleIds);
if (!$ids) {
return [];
}
$rows = DB::select(
'select distinct user_id from user_roles where role_id in (???)',
array_map('strval', $ids)
);
return RepositoryArrayHelper::sanitizePositiveIds(
RepositoryArrayHelper::extractIds($rows, 'user_roles', 'user_id')
);
}
public function countUsersByRoleIds(array $roleIds): array
{
return $this->countByRoleIds($roleIds, false);
}
public function countActiveUsersByRoleIds(array $roleIds): array
{
return $this->countByRoleIds($roleIds, true);
}
private function countByRoleIds(array $roleIds, bool $activeOnly): array
{
$roleIds = RepositoryArrayHelper::sanitizePositiveIds($roleIds);
if (!$roleIds) {
return [];
}
$placeholders = implode(',', array_fill(0, count($roleIds), '?'));
$joinUsersSql = $activeOnly ? ' join users u on u.id = ur.user_id and u.active = 1' : '';
$rows = DB::select(
'select ur.role_id, count(distinct ur.user_id) as user_count from user_roles ur' .
$joinUsersSql .
' where ur.role_id in (' . $placeholders . ') group by ur.role_id',
...array_map('strval', $roleIds)
);
if (!is_array($rows)) {
return [];
}
$result = [];
foreach ($rows as $row) {
$roleId = $this->extractIntField($row, 'role_id');
if ($roleId <= 0) {
continue;
}
$result[$roleId] = $this->extractIntField($row, 'user_count');
}
return $result;
}
private function extractIntField(array $row, string $field): int
{
foreach ($row as $value) {
if (!is_array($value)) {
continue;
}
if (array_key_exists($field, $value)) {
return (int) $value[$field];
}
}
if (array_key_exists($field, $row)) {
return (int) $row[$field];
}
return 0;
}
}

View File

@@ -0,0 +1,17 @@
<?php
namespace MintyPHP\Repository\Access;
/** Contract for querying user-role relationships and role usage counts. */
interface UserRoleRepositoryInterface
{
public function listRoleIdsByUserId(int $userId): array;
public function replaceForUser(int $userId, array $roleIds): bool;
public function listUserIdsByRoleIds(array $roleIds): array;
public function countUsersByRoleIds(array $roleIds): array;
public function countActiveUsersByRoleIds(array $roleIds): array;
}