refactor: rename lib/ to core/ for clearer core-module separation
Rename the top-level lib/ directory to core/ so the project root immediately communicates which code is core platform and which lives in modules/. PHP namespaces (MintyPHP\*) are unchanged — only the Composer PSR-4 path mapping moves from lib/ to core/. Module-internal lib/ directories (modules/*/lib/) are untouched. Updated across the full stack: - composer.json PSR-4 mapping - bootstrap entry points (web/index.php, bin/*, tests/bootstrap.php) - tooling configs (phpstan.neon, phpunit.xml, php-cs-fixer) - 26 architecture contract tests - enforcement-policy, guard-catalog, quality-gates - all documentation (CLAUDE.md, README, 25 docs/, .agents/skills/) - bin/qa-extended.sh search paths - .claude/settings.local.json permission paths Workflow: .agents/runs/CORE-LIB-RENAME-001/ (Analyst → Planner → Executor → Code Review (4 findings fixed) → Security Review → Acceptance Test → Finalizer) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
56
core/Repository/User/UserExternalIdentityRepository.php
Normal file
56
core/Repository/User/UserExternalIdentityRepository.php
Normal file
@@ -0,0 +1,56 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Repository\User;
|
||||
|
||||
use MintyPHP\DB;
|
||||
|
||||
/** Links and looks up external identity provider accounts (Entra ID / OIDC) for users. */
|
||||
class UserExternalIdentityRepository implements UserExternalIdentityRepositoryInterface
|
||||
{
|
||||
private function unwrap($row): ?array
|
||||
{
|
||||
if (!$row || !is_array($row)) {
|
||||
return null;
|
||||
}
|
||||
if (isset($row['user_external_identities']) && is_array($row['user_external_identities'])) {
|
||||
return $row['user_external_identities'];
|
||||
}
|
||||
return $row;
|
||||
}
|
||||
|
||||
public function findByProviderTidOid(string $provider, string $tid, string $oid): ?array
|
||||
{
|
||||
$row = DB::selectOne(
|
||||
'select id, user_id, provider, oid, tid, issuer, subject, email_at_link_time, created from user_external_identities where provider = ? and tid = ? and oid = ? limit 1',
|
||||
$provider,
|
||||
$tid,
|
||||
$oid
|
||||
);
|
||||
return $this->unwrap($row);
|
||||
}
|
||||
|
||||
public function findByProviderIssuerSubject(string $provider, string $issuer, string $subject): ?array
|
||||
{
|
||||
$row = DB::selectOne(
|
||||
'select id, user_id, provider, oid, tid, issuer, subject, email_at_link_time, created from user_external_identities where provider = ? and issuer = ? and subject = ? limit 1',
|
||||
$provider,
|
||||
$issuer,
|
||||
$subject
|
||||
);
|
||||
return $this->unwrap($row);
|
||||
}
|
||||
|
||||
public function createLink(array $data): mixed
|
||||
{
|
||||
return DB::insert(
|
||||
'insert into user_external_identities (user_id, provider, oid, tid, issuer, subject, email_at_link_time, created) values (?,?,?,?,?,?,?,NOW())',
|
||||
(string) ((int) ($data['user_id'] ?? 0)),
|
||||
(string) ($data['provider'] ?? ''),
|
||||
(string) ($data['oid'] ?? ''),
|
||||
(string) ($data['tid'] ?? ''),
|
||||
(string) ($data['issuer'] ?? ''),
|
||||
(string) ($data['subject'] ?? ''),
|
||||
$data['email_at_link_time'] ?? null
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,13 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Repository\User;
|
||||
|
||||
/** Contract for linking external identity provider accounts (OIDC) to users. */
|
||||
interface UserExternalIdentityRepositoryInterface
|
||||
{
|
||||
public function findByProviderTidOid(string $provider, string $tid, string $oid): ?array;
|
||||
|
||||
public function findByProviderIssuerSubject(string $provider, string $issuer, string $subject): ?array;
|
||||
|
||||
public function createLink(array $data): mixed;
|
||||
}
|
||||
385
core/Repository/User/UserListQueryRepository.php
Normal file
385
core/Repository/User/UserListQueryRepository.php
Normal file
@@ -0,0 +1,385 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Repository\User;
|
||||
|
||||
use MintyPHP\DB;
|
||||
use MintyPHP\Repository\Support\RepoQuery;
|
||||
|
||||
/** Builds and executes complex user list queries with search, date, role, department, and custom field filters. */
|
||||
class UserListQueryRepository implements UserListQueryRepositoryInterface
|
||||
{
|
||||
private function buildUserFilters(array $options): array
|
||||
{
|
||||
$search = trim((string) ($options['search'] ?? ''));
|
||||
$active = $options['active'] ?? null;
|
||||
$createdFrom = trim((string) ($options['created_from'] ?? ''));
|
||||
$createdTo = trim((string) ($options['created_to'] ?? ''));
|
||||
$tenant = trim((string) ($options['tenant'] ?? ''));
|
||||
$tenantUuids = RepoQuery::normalizeStringList($options['tenants'] ?? []);
|
||||
$roleIds = RepoQuery::normalizeIdList($options['roles'] ?? []);
|
||||
$departmentIds = RepoQuery::normalizeIdList($options['departments'] ?? []);
|
||||
$emailVerified = $options['email_verified'] ?? null;
|
||||
$loginStatus = $options['login_status'] ?? null;
|
||||
$customFieldFilterSpec = is_array($options['customFieldFilterSpec'] ?? null)
|
||||
? $options['customFieldFilterSpec']
|
||||
: [];
|
||||
$customFieldFilters = is_array($customFieldFilterSpec['filters'] ?? null)
|
||||
? $customFieldFilterSpec['filters']
|
||||
: [];
|
||||
|
||||
$where = [];
|
||||
$params = [];
|
||||
|
||||
RepoQuery::addLikeFilter(
|
||||
$where,
|
||||
$params,
|
||||
['users.first_name', 'users.last_name', 'users.email'],
|
||||
$search
|
||||
);
|
||||
RepoQuery::addEnumFilter($where, $params, $active, [
|
||||
['aliases' => ['1', 'true', 'active'], 'sql' => 'users.active = ?', 'params' => ['1']],
|
||||
['aliases' => ['0', 'false', 'inactive'], 'sql' => 'users.active = ?', 'params' => ['0']],
|
||||
]);
|
||||
|
||||
if ($createdFrom !== '' && preg_match('/^\d{4}-\d{2}-\d{2}$/', $createdFrom)) {
|
||||
$where[] = 'users.created >= ?';
|
||||
$params[] = $createdFrom . ' 00:00:00';
|
||||
}
|
||||
if ($createdTo !== '' && preg_match('/^\d{4}-\d{2}-\d{2}$/', $createdTo)) {
|
||||
$where[] = 'users.created <= ?';
|
||||
$params[] = $createdTo . ' 23:59:59';
|
||||
}
|
||||
if ($tenantUuids) {
|
||||
$where[] = 'exists (select 1 from user_tenants ut2 join tenants t2 on t2.id = ut2.tenant_id where ut2.user_id = users.id and t2.uuid in (???))';
|
||||
$params[] = array_values($tenantUuids);
|
||||
} else {
|
||||
RepoQuery::addEqualsFilter(
|
||||
$where,
|
||||
$params,
|
||||
$tenant,
|
||||
'exists (select 1 from user_tenants ut2 join tenants t2 on t2.id = ut2.tenant_id where ut2.user_id = users.id and t2.uuid = ?)'
|
||||
);
|
||||
}
|
||||
if ($roleIds) {
|
||||
$where[] = 'exists (select 1 from user_roles ur2 where ur2.user_id = users.id and ur2.role_id in (???))';
|
||||
$params[] = array_map('strval', $roleIds);
|
||||
}
|
||||
if ($departmentIds) {
|
||||
$where[] = 'exists (select 1 from user_departments ud2 where ud2.user_id = users.id and ud2.department_id in (???))';
|
||||
$params[] = array_map('strval', $departmentIds);
|
||||
}
|
||||
RepoQuery::addEnumFilter($where, $params, $emailVerified, [
|
||||
['aliases' => ['1', 'true', 'verified', 'yes'], 'sql' => 'users.email_verified_at is not null'],
|
||||
['aliases' => ['0', 'false', 'unverified', 'no'], 'sql' => 'users.email_verified_at is null'],
|
||||
]);
|
||||
RepoQuery::addEnumFilter($where, $params, $loginStatus, [
|
||||
['aliases' => ['never', 'none', 'no'], 'sql' => 'users.last_login_at is null'],
|
||||
['aliases' => ['ever', 'logged', 'yes'], 'sql' => 'users.last_login_at is not null'],
|
||||
]);
|
||||
if (!empty($customFieldFilters['select']) && is_array($customFieldFilters['select'])) {
|
||||
foreach ($customFieldFilters['select'] as $definitionId => $optionId) {
|
||||
$definitionId = (int) $definitionId;
|
||||
$optionId = (int) $optionId;
|
||||
if ($definitionId <= 0 || $optionId <= 0) {
|
||||
continue;
|
||||
}
|
||||
$where[] = 'exists (select 1 from user_custom_field_values ucfv ' .
|
||||
'where ucfv.user_id = users.id and ucfv.definition_id = ? and ucfv.option_id = ?)';
|
||||
$params[] = (string) $definitionId;
|
||||
$params[] = (string) $optionId;
|
||||
}
|
||||
}
|
||||
if (!empty($customFieldFilters['boolean']) && is_array($customFieldFilters['boolean'])) {
|
||||
foreach ($customFieldFilters['boolean'] as $definitionId => $boolValue) {
|
||||
$definitionId = (int) $definitionId;
|
||||
$boolValue = (int) $boolValue;
|
||||
if ($definitionId <= 0 || ($boolValue !== 0 && $boolValue !== 1)) {
|
||||
continue;
|
||||
}
|
||||
$where[] = 'exists (select 1 from user_custom_field_values ucfv ' .
|
||||
'where ucfv.user_id = users.id and ucfv.definition_id = ? and ucfv.value_bool = ?)';
|
||||
$params[] = (string) $definitionId;
|
||||
$params[] = (string) $boolValue;
|
||||
}
|
||||
}
|
||||
if (!empty($customFieldFilters['multiselect']) && is_array($customFieldFilters['multiselect'])) {
|
||||
foreach ($customFieldFilters['multiselect'] as $definitionId => $optionIds) {
|
||||
$definitionId = (int) $definitionId;
|
||||
$optionIds = RepoQuery::normalizeIdList($optionIds);
|
||||
if ($definitionId <= 0 || !$optionIds) {
|
||||
continue;
|
||||
}
|
||||
$where[] = 'exists (select 1 from user_custom_field_values ucfv ' .
|
||||
'join user_custom_field_value_options ucfvo on ucfvo.value_id = ucfv.id ' .
|
||||
'where ucfv.user_id = users.id and ucfv.definition_id = ? and ucfvo.option_id in (???))';
|
||||
$params[] = (string) $definitionId;
|
||||
$params[] = array_map('strval', $optionIds);
|
||||
}
|
||||
}
|
||||
if (!empty($customFieldFilters['date']) && is_array($customFieldFilters['date'])) {
|
||||
foreach ($customFieldFilters['date'] as $definitionId => $bounds) {
|
||||
$definitionId = (int) $definitionId;
|
||||
$from = is_array($bounds) ? trim((string) ($bounds['from'] ?? '')) : '';
|
||||
$to = is_array($bounds) ? trim((string) ($bounds['to'] ?? '')) : '';
|
||||
if ($definitionId <= 0 || ($from === '' && $to === '')) {
|
||||
continue;
|
||||
}
|
||||
if ($from !== '') {
|
||||
$where[] = 'exists (select 1 from user_custom_field_values ucfv ' .
|
||||
'where ucfv.user_id = users.id and ucfv.definition_id = ? and ucfv.value_date >= ?)';
|
||||
$params[] = (string) $definitionId;
|
||||
$params[] = $from;
|
||||
}
|
||||
if ($to !== '') {
|
||||
$where[] = 'exists (select 1 from user_custom_field_values ucfv ' .
|
||||
'where ucfv.user_id = users.id and ucfv.definition_id = ? and ucfv.value_date <= ?)';
|
||||
$params[] = (string) $definitionId;
|
||||
$params[] = $to;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!empty($options['tenantUserId'])) {
|
||||
$tenantUserId = (int) $options['tenantUserId'];
|
||||
if ($tenantUserId > 0) {
|
||||
if (defined('TENANT_SCOPE_STRICT') && TENANT_SCOPE_STRICT) {
|
||||
$where[] = 'exists (select 1 from user_tenants ut join user_tenants ut2 on ut2.tenant_id = ut.tenant_id ' .
|
||||
"join tenants t on t.id = ut.tenant_id and t.status = 'active' " .
|
||||
'where ut2.user_id = ? and ut.user_id = users.id)';
|
||||
$params[] = (string) $tenantUserId;
|
||||
} else {
|
||||
$where[] = '(not exists (select 1 from user_tenants ut where ut.user_id = users.id) ' .
|
||||
'or exists (select 1 from user_tenants ut join user_tenants ut2 on ut2.tenant_id = ut.tenant_id ' .
|
||||
"join tenants t on t.id = ut.tenant_id and t.status = 'active' " .
|
||||
'where ut2.user_id = ? and ut.user_id = users.id))';
|
||||
$params[] = (string) $tenantUserId;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$whereSql = $where ? (' where ' . implode(' and ', $where)) : '';
|
||||
return [$whereSql, $params];
|
||||
}
|
||||
|
||||
private function buildListQuery(string $whereSql, string $order, string $dir): string
|
||||
{
|
||||
return 'select users.id, users.uuid, users.first_name, users.last_name, users.display_name, users.email, users.profile_description, users.job_title, users.phone, users.mobile, users.short_dial, users.address, users.postal_code, users.city, users.country, users.region, users.hire_date, users.theme, users.primary_tenant_id, users.created_by, users.modified_by, users.created, users.modified, users.last_login_at, users.last_login_provider, users.active, ' .
|
||||
'pt.description as primary_tenant_label ' .
|
||||
"from users left join tenants pt on pt.id = users.primary_tenant_id and pt.status = 'active'" .
|
||||
$whereSql .
|
||||
sprintf(' order by `users`.`%s` %s limit ? offset ?', $order, $dir);
|
||||
}
|
||||
|
||||
private function extractIds(array $list): array
|
||||
{
|
||||
$ids = [];
|
||||
foreach ($list as $user) {
|
||||
if (isset($user['id'])) {
|
||||
$ids[] = (int) $user['id'];
|
||||
}
|
||||
}
|
||||
return $ids;
|
||||
}
|
||||
|
||||
private function collectLabels(array $rows, string $userKey, string $labelKey): array
|
||||
{
|
||||
$labelsByUser = [];
|
||||
foreach ($rows as $row) {
|
||||
$userId = 0;
|
||||
$label = '';
|
||||
if (isset($row[$userKey]) && is_array($row[$userKey])) {
|
||||
$userId = (int) ($row[$userKey]['user_id'] ?? 0);
|
||||
}
|
||||
if (isset($row[$labelKey]) && is_array($row[$labelKey])) {
|
||||
$label = (string) ($row[$labelKey]['description'] ?? '');
|
||||
}
|
||||
if ($userId === 0 || $label === '') {
|
||||
foreach ($row as $value) {
|
||||
if (!is_array($value)) {
|
||||
continue;
|
||||
}
|
||||
if ($userId === 0 && isset($value['user_id'])) {
|
||||
$userId = (int) $value['user_id'];
|
||||
}
|
||||
if ($label === '' && isset($value['description'])) {
|
||||
$label = (string) $value['description'];
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($userId === 0 && isset($row['user_id'])) {
|
||||
$userId = (int) $row['user_id'];
|
||||
}
|
||||
if ($label === '' && isset($row['description'])) {
|
||||
$label = (string) $row['description'];
|
||||
}
|
||||
if ($userId > 0 && $label !== '') {
|
||||
$labelsByUser[$userId] ??= [];
|
||||
$labelsByUser[$userId][] = $label;
|
||||
}
|
||||
}
|
||||
return $labelsByUser;
|
||||
}
|
||||
|
||||
private function hydrateUserLabels(array $list, array $options): array
|
||||
{
|
||||
$ids = $this->extractIds($list);
|
||||
if (!$ids) {
|
||||
return $list;
|
||||
}
|
||||
|
||||
$scopeUserId = (int) ($options['tenantUserId'] ?? 0);
|
||||
$scopeToActiveTenants = $scopeUserId > 0;
|
||||
$tenantLabelJoin = $scopeToActiveTenants
|
||||
? "join tenants t on t.id = ut.tenant_id and t.status = 'active' "
|
||||
: 'join tenants t on t.id = ut.tenant_id ';
|
||||
$placeholders = implode(',', array_fill(0, count($ids), '?'));
|
||||
$tenantScopeSql = '';
|
||||
$tenantScopeParams = [];
|
||||
if ($scopeToActiveTenants) {
|
||||
$tenantScopeSql = ' and exists (select 1 from user_tenants uts ' .
|
||||
"join tenants ts on ts.id = uts.tenant_id and ts.status = 'active' " .
|
||||
'where uts.user_id = ? and uts.tenant_id = ut.tenant_id)';
|
||||
$tenantScopeParams[] = (string) $scopeUserId;
|
||||
}
|
||||
|
||||
$labelSql = 'select ut.user_id as user_id, t.id as tenant_id, t.description as description from user_tenants ut ' . $tenantLabelJoin .
|
||||
'where ut.user_id in (' . $placeholders . ')' . $tenantScopeSql . ' order by t.description asc';
|
||||
$labelRows = call_user_func_array(['MintyPHP\\DB', 'select'], array_merge(
|
||||
[$labelSql],
|
||||
array_merge(array_map('strval', $ids), $tenantScopeParams)
|
||||
));
|
||||
$roleRows = DB::select(
|
||||
'select ur.user_id as user_id, r.description as description from user_roles ur join roles r on r.id = ur.role_id and r.active = 1 ' .
|
||||
'where ur.user_id in (' . $placeholders . ') order by r.description asc',
|
||||
...array_map('strval', $ids)
|
||||
);
|
||||
|
||||
$departmentScopeSql = '';
|
||||
$departmentScopeParams = [];
|
||||
if ($scopeToActiveTenants) {
|
||||
$departmentScopeSql = ' and exists (select 1 from user_tenants uts ' .
|
||||
"join tenants ts on ts.id = uts.tenant_id and ts.status = 'active' " .
|
||||
'where uts.user_id = ? and uts.tenant_id = d.tenant_id)';
|
||||
$departmentScopeParams[] = (string) $scopeUserId;
|
||||
}
|
||||
$departmentLabelSql = 'select ud.user_id as user_id, d.description as description from user_departments ud ' .
|
||||
'join departments d on d.id = ud.department_id and d.active = 1 ' .
|
||||
'where ud.user_id in (' . $placeholders . ')' . $departmentScopeSql . ' order by d.description asc';
|
||||
$departmentRows = call_user_func_array(['MintyPHP\\DB', 'select'], array_merge(
|
||||
[$departmentLabelSql],
|
||||
array_merge(array_map('strval', $ids), $departmentScopeParams)
|
||||
));
|
||||
|
||||
$tenantMapByUser = [];
|
||||
foreach ($labelRows as $row) {
|
||||
$userId = 0;
|
||||
$tenantId = 0;
|
||||
$label = '';
|
||||
if (isset($row['ut']) && is_array($row['ut'])) {
|
||||
$userId = (int) ($row['ut']['user_id'] ?? 0);
|
||||
}
|
||||
if (isset($row['t']) && is_array($row['t'])) {
|
||||
$tenantId = (int) ($row['t']['tenant_id'] ?? 0);
|
||||
$label = (string) ($row['t']['description'] ?? '');
|
||||
}
|
||||
if ($userId === 0 || $tenantId === 0 || $label === '') {
|
||||
foreach ($row as $value) {
|
||||
if (!is_array($value)) {
|
||||
continue;
|
||||
}
|
||||
if ($userId === 0 && isset($value['user_id'])) {
|
||||
$userId = (int) $value['user_id'];
|
||||
}
|
||||
if ($tenantId === 0 && isset($value['tenant_id'])) {
|
||||
$tenantId = (int) $value['tenant_id'];
|
||||
}
|
||||
if ($label === '' && isset($value['description'])) {
|
||||
$label = (string) $value['description'];
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($userId === 0 && isset($row['user_id'])) {
|
||||
$userId = (int) $row['user_id'];
|
||||
}
|
||||
if ($tenantId === 0 && isset($row['tenant_id'])) {
|
||||
$tenantId = (int) $row['tenant_id'];
|
||||
}
|
||||
if ($label === '' && isset($row['description'])) {
|
||||
$label = (string) $row['description'];
|
||||
}
|
||||
if ($userId > 0 && $tenantId > 0 && $label !== '') {
|
||||
$tenantMapByUser[$userId] ??= [];
|
||||
$tenantMapByUser[$userId][$tenantId] = $label;
|
||||
}
|
||||
}
|
||||
$tenantLabelsByUser = [];
|
||||
foreach ($tenantMapByUser as $userId => $map) {
|
||||
$tenantLabelsByUser[$userId] = array_values($map);
|
||||
}
|
||||
$roleLabelsByUser = $this->collectLabels($roleRows, 'ur', 'r');
|
||||
$departmentLabelsByUser = $this->collectLabels($departmentRows, 'ud', 'd');
|
||||
|
||||
foreach ($list as &$user) {
|
||||
$userId = (int) ($user['id'] ?? 0);
|
||||
$primaryId = (int) ($user['primary_tenant_id'] ?? 0);
|
||||
$user['tenant_labels'] = $tenantLabelsByUser[$userId] ?? [];
|
||||
if ($primaryId > 0 && isset($tenantMapByUser[$userId][$primaryId])) {
|
||||
$user['primary_tenant_label'] = $tenantMapByUser[$userId][$primaryId];
|
||||
}
|
||||
$user['role_labels'] = $roleLabelsByUser[$userId] ?? [];
|
||||
$user['department_labels'] = $departmentLabelsByUser[$userId] ?? [];
|
||||
}
|
||||
unset($user);
|
||||
|
||||
return $list;
|
||||
}
|
||||
|
||||
private function unwrapList($rows): array
|
||||
{
|
||||
if (!is_array($rows)) {
|
||||
return [];
|
||||
}
|
||||
$list = [];
|
||||
foreach ($rows as $row) {
|
||||
$user = $row['users'] ?? null;
|
||||
if (is_array($user)) {
|
||||
foreach ($row as $key => $value) {
|
||||
if ($key === 'users' || is_array($value)) {
|
||||
continue;
|
||||
}
|
||||
$user[$key] = $value;
|
||||
}
|
||||
if (isset($row['pt']) && is_array($row['pt'])) {
|
||||
$label = (string) ($row['pt']['description'] ?? '');
|
||||
if ($label !== '') {
|
||||
$user['primary_tenant_label'] = $label;
|
||||
}
|
||||
}
|
||||
$list[] = $user;
|
||||
}
|
||||
}
|
||||
return $list;
|
||||
}
|
||||
|
||||
public function listPaged(array $options): array
|
||||
{
|
||||
$allowedOrder = ['id', 'uuid', 'first_name', 'last_name', 'display_name', 'email', 'created', 'modified', 'active', 'last_login_at'];
|
||||
[$limit, $offset] = RepoQuery::sanitizeLimitOffset($options);
|
||||
[$order, $dir] = RepoQuery::sanitizeOrder($options, $allowedOrder);
|
||||
[$whereSql, $params] = $this->buildUserFilters($options);
|
||||
|
||||
$count = DB::selectValue('select count(*) from users' . $whereSql, ...$params);
|
||||
$total = $count ? (int) $count : 0;
|
||||
|
||||
$query = $this->buildListQuery($whereSql, $order, $dir);
|
||||
$queryParams = array_merge($params, [(string) $limit, (string) $offset]);
|
||||
$rows = call_user_func_array(['MintyPHP\\DB', 'select'], array_merge([$query], $queryParams));
|
||||
|
||||
$list = $this->unwrapList($rows);
|
||||
$list = $this->hydrateUserLabels($list, $options);
|
||||
|
||||
return [
|
||||
'total' => $total,
|
||||
'rows' => $list,
|
||||
];
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Repository\User;
|
||||
|
||||
/** Contract for paginated user listing with multi-criteria filtering. */
|
||||
interface UserListQueryRepositoryInterface
|
||||
{
|
||||
public function listPaged(array $options): array;
|
||||
}
|
||||
155
core/Repository/User/UserReadRepository.php
Normal file
155
core/Repository/User/UserReadRepository.php
Normal file
@@ -0,0 +1,155 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Repository\User;
|
||||
|
||||
use MintyPHP\DB;
|
||||
|
||||
/** Retrieves user records and authorization snapshots; no write operations. */
|
||||
class UserReadRepository implements UserReadRepositoryInterface
|
||||
{
|
||||
public function findAuthzSnapshot(int $userId): ?array
|
||||
{
|
||||
if ($userId <= 0) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$row = DB::selectOne(
|
||||
'select id, active, authz_version, locale, theme, current_tenant_id from users where id = ? limit 1',
|
||||
(string) $userId
|
||||
);
|
||||
|
||||
return $this->unwrap($row);
|
||||
}
|
||||
|
||||
public function find(int $id): ?array
|
||||
{
|
||||
$row = DB::selectOne(
|
||||
'select id, uuid, first_name, last_name, display_name, email, profile_description, job_title, phone, mobile, short_dial, address, postal_code, city, country, region, hire_date, email_verified_at, last_login_at, last_login_provider, password, locale, totp_secret, theme, primary_tenant_id, current_tenant_id, created_by, modified_by, created, modified, active, authz_version from users where id = ? limit 1',
|
||||
(string) $id
|
||||
);
|
||||
return $this->unwrap($row);
|
||||
}
|
||||
|
||||
public function findByUuid(string $uuid): ?array
|
||||
{
|
||||
$row = DB::selectOne(
|
||||
'select id, uuid, first_name, last_name, display_name, email, profile_description, job_title, phone, mobile, short_dial, address, postal_code, city, country, region, hire_date, email_verified_at, last_login_at, last_login_provider, password, locale, totp_secret, theme, primary_tenant_id, current_tenant_id, created_by, modified_by, created, modified, active, authz_version, active_changed_at, active_changed_by from users where uuid = ? limit 1',
|
||||
$uuid
|
||||
);
|
||||
return $this->unwrap($row);
|
||||
}
|
||||
|
||||
public function findByEmail(string $email): ?array
|
||||
{
|
||||
$row = DB::selectOne(
|
||||
'select id, uuid, first_name, last_name, display_name, email, profile_description, job_title, phone, mobile, short_dial, address, postal_code, city, country, region, hire_date, email_verified_at, last_login_at, last_login_provider, password, locale, totp_secret, theme, primary_tenant_id, current_tenant_id, created_by, modified_by, created, modified, active, authz_version, active_changed_at, active_changed_by from users where email = ? limit 1',
|
||||
$email
|
||||
);
|
||||
return $this->unwrap($row);
|
||||
}
|
||||
|
||||
public function listPrivilegedUserIdsByPermissionKeys(array $permissionKeys): array
|
||||
{
|
||||
$keys = array_values(array_unique(array_filter(array_map(
|
||||
static fn ($key) => trim((string) $key),
|
||||
$permissionKeys
|
||||
))));
|
||||
if (!$keys) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$placeholders = implode(',', array_fill(0, count($keys), '?'));
|
||||
$rows = DB::select(
|
||||
'select distinct ur.user_id from user_roles ur ' .
|
||||
'join roles r on r.id = ur.role_id and r.active = 1 ' .
|
||||
'join role_permissions rp on rp.role_id = ur.role_id ' .
|
||||
'join permissions p on p.id = rp.permission_id and p.active = 1 ' .
|
||||
"where p.`key` in ($placeholders)",
|
||||
...$keys
|
||||
);
|
||||
if (!is_array($rows)) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$ids = [];
|
||||
foreach ($rows as $row) {
|
||||
$data = $row['ur'] ?? $row['user_roles'] ?? $row;
|
||||
$userId = (int) ($data['user_id'] ?? $row['user_id'] ?? 0);
|
||||
if ($userId > 0) {
|
||||
$ids[] = $userId;
|
||||
}
|
||||
}
|
||||
return array_values(array_unique($ids));
|
||||
}
|
||||
|
||||
public function listIdsForAutoDeactivate(int $days, array $excludedUserIds, int $limit = 500): array
|
||||
{
|
||||
if ($days <= 0 || $limit <= 0) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$excluded = array_values(array_unique(array_filter(array_map('intval', $excludedUserIds), static fn ($id) => $id > 0)));
|
||||
$query = 'select id from users where active = 1 and coalesce(last_login_at, created) <= DATE_SUB(UTC_TIMESTAMP(), INTERVAL ' .
|
||||
(int) $days .
|
||||
' DAY)';
|
||||
$params = [];
|
||||
if ($excluded) {
|
||||
$placeholders = implode(',', array_fill(0, count($excluded), '?'));
|
||||
$query .= " and id not in ($placeholders)";
|
||||
$params = array_map('strval', $excluded);
|
||||
}
|
||||
$query .= ' order by coalesce(last_login_at, created) asc limit ?';
|
||||
$params[] = (string) $limit;
|
||||
$rows = DB::select($query, ...$params);
|
||||
if (!is_array($rows)) {
|
||||
return [];
|
||||
}
|
||||
return $this->extractIdList($rows);
|
||||
}
|
||||
|
||||
public function listIdsForAutoDelete(int $days, array $excludedUserIds, int $limit = 500): array
|
||||
{
|
||||
if ($days <= 0 || $limit <= 0) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$excluded = array_values(array_unique(array_filter(array_map('intval', $excludedUserIds), static fn ($id) => $id > 0)));
|
||||
$query = 'select id from users where active = 0 and active_changed_at is not null and active_changed_at <= DATE_SUB(UTC_TIMESTAMP(), INTERVAL ' .
|
||||
(int) $days .
|
||||
' DAY)';
|
||||
$params = [];
|
||||
if ($excluded) {
|
||||
$placeholders = implode(',', array_fill(0, count($excluded), '?'));
|
||||
$query .= " and id not in ($placeholders)";
|
||||
$params = array_map('strval', $excluded);
|
||||
}
|
||||
$query .= ' order by active_changed_at asc limit ?';
|
||||
$params[] = (string) $limit;
|
||||
$rows = DB::select($query, ...$params);
|
||||
if (!is_array($rows)) {
|
||||
return [];
|
||||
}
|
||||
return $this->extractIdList($rows);
|
||||
}
|
||||
|
||||
private function unwrap(?array $row): ?array
|
||||
{
|
||||
if (!$row) {
|
||||
return null;
|
||||
}
|
||||
return $row['users'] ?? null;
|
||||
}
|
||||
|
||||
private function extractIdList(array $rows): array
|
||||
{
|
||||
$ids = [];
|
||||
foreach ($rows as $row) {
|
||||
$data = $row['users'] ?? $row;
|
||||
$id = (int) ($data['id'] ?? $row['id'] ?? 0);
|
||||
if ($id > 0) {
|
||||
$ids[] = $id;
|
||||
}
|
||||
}
|
||||
return array_values(array_unique($ids));
|
||||
}
|
||||
}
|
||||
21
core/Repository/User/UserReadRepositoryInterface.php
Normal file
21
core/Repository/User/UserReadRepositoryInterface.php
Normal file
@@ -0,0 +1,21 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Repository\User;
|
||||
|
||||
/** Contract for read-only user lookups by ID, UUID, email, and authorization snapshots. */
|
||||
interface UserReadRepositoryInterface
|
||||
{
|
||||
public function findAuthzSnapshot(int $userId): ?array;
|
||||
|
||||
public function find(int $id): ?array;
|
||||
|
||||
public function findByUuid(string $uuid): ?array;
|
||||
|
||||
public function findByEmail(string $email): ?array;
|
||||
|
||||
public function listPrivilegedUserIdsByPermissionKeys(array $permissionKeys): array;
|
||||
|
||||
public function listIdsForAutoDeactivate(int $days, array $excludedUserIds, int $limit = 500): array;
|
||||
|
||||
public function listIdsForAutoDelete(int $days, array $excludedUserIds, int $limit = 500): array;
|
||||
}
|
||||
320
core/Repository/User/UserWriteRepository.php
Normal file
320
core/Repository/User/UserWriteRepository.php
Normal file
@@ -0,0 +1,320 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Repository\User;
|
||||
|
||||
use MintyPHP\DB;
|
||||
use MintyPHP\Repository\Support\RepoQuery;
|
||||
|
||||
/** Creates and mutates user records including activation, tenant links, and preferences. */
|
||||
class UserWriteRepository implements UserWriteRepositoryInterface
|
||||
{
|
||||
public function updateLastLogin(int $userId, string $provider = 'local'): void
|
||||
{
|
||||
if ($userId <= 0) {
|
||||
return;
|
||||
}
|
||||
$provider = trim(strtolower($provider));
|
||||
if (!in_array($provider, ['local', 'microsoft'], true)) {
|
||||
$provider = 'local';
|
||||
}
|
||||
DB::query('update users set last_login_at = UTC_TIMESTAMP(), last_login_provider = ? where id = ?', $provider, (string) $userId);
|
||||
}
|
||||
|
||||
public function bumpAuthzVersion(int $userId): bool
|
||||
{
|
||||
if ($userId <= 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$result = DB::update(
|
||||
'update users set authz_version = authz_version + 1 where id = ?',
|
||||
(string) $userId
|
||||
);
|
||||
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function bumpAuthzVersionByUserIds(array $userIds): int
|
||||
{
|
||||
$userIds = array_values(array_unique(array_map('intval', $userIds)));
|
||||
$userIds = array_values(array_filter($userIds, static fn ($id) => $id > 0));
|
||||
if (!$userIds) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
$placeholders = implode(',', array_fill(0, count($userIds), '?'));
|
||||
$result = DB::update(
|
||||
"update users set authz_version = authz_version + 1 where id in ($placeholders)",
|
||||
...array_map('strval', $userIds)
|
||||
);
|
||||
|
||||
return $result !== false ? (int) $result : 0;
|
||||
}
|
||||
|
||||
public function create(array $data): int|false
|
||||
{
|
||||
$hash = password_hash($data['password'], PASSWORD_DEFAULT);
|
||||
return DB::insert(
|
||||
'insert into users (uuid, first_name, last_name, display_name, email, profile_description, job_title, phone, mobile, short_dial, address, postal_code, city, country, region, hire_date, password, locale, totp_secret, theme, primary_tenant_id, current_tenant_id, created_by, created, active, active_changed_at, active_changed_by) values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,NOW(),?,?,?)',
|
||||
$data['uuid'] ?? RepoQuery::uuidV4(),
|
||||
$data['first_name'],
|
||||
$data['last_name'],
|
||||
$this->buildDisplayName($data),
|
||||
$data['email'],
|
||||
$data['profile_description'] ?? null,
|
||||
$data['job_title'] ?? null,
|
||||
$data['phone'] ?? null,
|
||||
$data['mobile'] ?? null,
|
||||
$data['short_dial'] ?? null,
|
||||
$data['address'] ?? null,
|
||||
$data['postal_code'] ?? null,
|
||||
$data['city'] ?? null,
|
||||
$data['country'] ?? null,
|
||||
$data['region'] ?? null,
|
||||
$data['hire_date'] ?? null,
|
||||
$hash,
|
||||
$data['locale'] ?? null,
|
||||
$data['totp_secret'],
|
||||
$data['theme'] ?? 'light',
|
||||
$data['primary_tenant_id'] ?? null,
|
||||
$data['current_tenant_id'] ?? $data['primary_tenant_id'] ?? null,
|
||||
$data['created_by'] ?? null,
|
||||
$data['active'],
|
||||
$data['active_changed_at'] ?? null,
|
||||
$data['active_changed_by'] ?? null
|
||||
);
|
||||
}
|
||||
|
||||
public function update(int $id, array $data): bool
|
||||
{
|
||||
$fields = [
|
||||
'first_name' => $data['first_name'],
|
||||
'last_name' => $data['last_name'],
|
||||
'display_name' => $this->buildDisplayName($data),
|
||||
'email' => $data['email'],
|
||||
'profile_description' => $data['profile_description'] ?? null,
|
||||
'job_title' => $data['job_title'] ?? null,
|
||||
'phone' => $data['phone'] ?? null,
|
||||
'mobile' => $data['mobile'] ?? null,
|
||||
'short_dial' => $data['short_dial'] ?? null,
|
||||
'address' => $data['address'] ?? null,
|
||||
'postal_code' => $data['postal_code'] ?? null,
|
||||
'city' => $data['city'] ?? null,
|
||||
'country' => $data['country'] ?? null,
|
||||
'region' => $data['region'] ?? null,
|
||||
'hire_date' => $data['hire_date'] ?? null,
|
||||
'totp_secret' => $data['totp_secret'],
|
||||
'active' => $data['active'],
|
||||
];
|
||||
if (array_key_exists('locale', $data)) {
|
||||
$fields['locale'] = $data['locale'];
|
||||
}
|
||||
if (array_key_exists('theme', $data)) {
|
||||
$fields['theme'] = $data['theme'];
|
||||
}
|
||||
if (array_key_exists('primary_tenant_id', $data)) {
|
||||
$fields['primary_tenant_id'] = $data['primary_tenant_id'];
|
||||
}
|
||||
if (array_key_exists('current_tenant_id', $data)) {
|
||||
$fields['current_tenant_id'] = $data['current_tenant_id'];
|
||||
}
|
||||
if (array_key_exists('modified_by', $data)) {
|
||||
$fields['modified_by'] = $data['modified_by'];
|
||||
}
|
||||
if (array_key_exists('active_changed_at', $data)) {
|
||||
$fields['active_changed_at'] = $data['active_changed_at'];
|
||||
}
|
||||
if (array_key_exists('active_changed_by', $data)) {
|
||||
$fields['active_changed_by'] = $data['active_changed_by'];
|
||||
}
|
||||
|
||||
if (!empty($data['password'])) {
|
||||
$fields['password'] = password_hash($data['password'], PASSWORD_DEFAULT);
|
||||
}
|
||||
|
||||
$setParts = [];
|
||||
$params = [];
|
||||
foreach ($fields as $field => $value) {
|
||||
$setParts[] = sprintf('`%s` = ?', $field);
|
||||
$params[] = $value;
|
||||
}
|
||||
$params[] = (string) $id;
|
||||
|
||||
$query = 'update users set ' . implode(', ', $setParts) . ' where id = ?';
|
||||
$result = DB::update($query, ...$params);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function setActive(int $id, bool $active, ?int $changedBy = null): bool
|
||||
{
|
||||
$result = DB::update(
|
||||
'update users set active = ?, active_changed_at = NOW(), active_changed_by = ? where id = ?',
|
||||
$active ? 1 : 0,
|
||||
$changedBy,
|
||||
(string) $id
|
||||
);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function setCurrentTenant(int $id, int $tenantId): bool
|
||||
{
|
||||
$result = DB::update(
|
||||
'update users set current_tenant_id = ? where id = ?',
|
||||
(string) $tenantId,
|
||||
(string) $id
|
||||
);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function setActiveByUuids(array $uuids, bool $active, ?int $modifiedBy = null): bool
|
||||
{
|
||||
$uuids = array_values(array_filter(array_map('trim', $uuids)));
|
||||
if (!$uuids) {
|
||||
return false;
|
||||
}
|
||||
$placeholders = implode(',', array_fill(0, count($uuids), '?'));
|
||||
$query = "update users set active = ?, modified_by = ?, active_changed_at = NOW(), active_changed_by = ? where uuid in ($placeholders)";
|
||||
$params = array_merge([$active ? 1 : 0, $modifiedBy, $modifiedBy], $uuids);
|
||||
$result = DB::update($query, ...$params);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function setInactiveByIds(array $userIds, ?int $changedBy = null): int
|
||||
{
|
||||
$ids = array_values(array_unique(array_filter(array_map('intval', $userIds), static fn ($id) => $id > 0)));
|
||||
if (!$ids) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
$placeholders = implode(',', array_fill(0, count($ids), '?'));
|
||||
$query = "update users set active = 0, modified_by = ?, active_changed_at = UTC_TIMESTAMP(), active_changed_by = ? where active = 1 and id in ($placeholders)";
|
||||
$params = array_merge([$changedBy, $changedBy], array_map('strval', $ids));
|
||||
$result = DB::update($query, ...$params);
|
||||
return $result !== false ? (int) $result : 0;
|
||||
}
|
||||
|
||||
public function deleteByIds(array $userIds): int
|
||||
{
|
||||
$ids = array_values(array_unique(array_filter(array_map('intval', $userIds), static fn ($id) => $id > 0)));
|
||||
if (!$ids) {
|
||||
return 0;
|
||||
}
|
||||
$placeholders = implode(',', array_fill(0, count($ids), '?'));
|
||||
$result = DB::delete(
|
||||
"delete from users where id in ($placeholders)",
|
||||
...array_map('strval', $ids)
|
||||
);
|
||||
return $result !== false ? (int) $result : 0;
|
||||
}
|
||||
|
||||
public function setLocale(int $id, string $locale): bool
|
||||
{
|
||||
$result = DB::update('update users set locale = ? where id = ?', $locale, (string) $id);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function setTheme(int $id, string $theme): bool
|
||||
{
|
||||
$result = DB::update('update users set theme = ? where id = ?', $theme, (string) $id);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function updateProfileFieldsFromSso(int $id, array $fields): bool
|
||||
{
|
||||
if ($id <= 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$row = DB::selectOne('select first_name, last_name, email, phone, mobile, job_title, display_name from users where id = ? limit 1', (string) $id);
|
||||
$existing = $row['users'] ?? null;
|
||||
if (!is_array($existing)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$allowed = ['first_name', 'last_name', 'display_name', 'job_title', 'phone', 'mobile'];
|
||||
$updates = [];
|
||||
foreach ($allowed as $field) {
|
||||
if (!array_key_exists($field, $fields)) {
|
||||
continue;
|
||||
}
|
||||
$value = trim((string) $fields[$field]);
|
||||
if ($value === '') {
|
||||
continue;
|
||||
}
|
||||
if ((string) ($existing[$field] ?? '') === $value) {
|
||||
continue;
|
||||
}
|
||||
$updates[$field] = $value;
|
||||
}
|
||||
|
||||
if (!$updates) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!isset($updates['display_name']) && (isset($updates['first_name']) || isset($updates['last_name']))) {
|
||||
$displayData = [
|
||||
'first_name' => $updates['first_name'] ?? (string) ($existing['first_name'] ?? ''),
|
||||
'last_name' => $updates['last_name'] ?? (string) ($existing['last_name'] ?? ''),
|
||||
'email' => (string) ($existing['email'] ?? ''),
|
||||
];
|
||||
$updates['display_name'] = $this->buildDisplayName($displayData);
|
||||
}
|
||||
|
||||
$setParts = [];
|
||||
$params = [];
|
||||
foreach ($updates as $field => $value) {
|
||||
$setParts[] = sprintf('`%s` = ?', $field);
|
||||
$params[] = $value;
|
||||
}
|
||||
$params[] = (string) $id;
|
||||
|
||||
$result = DB::update(
|
||||
'update users set ' . implode(', ', $setParts) . ' where id = ?',
|
||||
...$params
|
||||
);
|
||||
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function setPassword(int $id, string $password): bool
|
||||
{
|
||||
$hash = password_hash($password, PASSWORD_DEFAULT);
|
||||
$result = DB::update('update users set password = ?, modified_by = NULL where id = ?', $hash, (string) $id);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function setEmailVerified(int $id): bool
|
||||
{
|
||||
$result = DB::update('update users set email_verified_at = NOW() where id = ?', (string) $id);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function delete(int $id): bool
|
||||
{
|
||||
$result = DB::delete('delete from users where id = ?', (string) $id);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
public function deleteByUuids(array $uuids): bool
|
||||
{
|
||||
$uuids = array_values(array_filter(array_map('trim', $uuids)));
|
||||
if (!$uuids) {
|
||||
return false;
|
||||
}
|
||||
$placeholders = implode(',', array_fill(0, count($uuids), '?'));
|
||||
$query = "delete from users where uuid in ($placeholders)";
|
||||
$result = DB::delete($query, ...$uuids);
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
private function buildDisplayName(array $data): string
|
||||
{
|
||||
$first = trim((string) ($data['first_name'] ?? ''));
|
||||
$last = trim((string) ($data['last_name'] ?? ''));
|
||||
$name = trim($first . ' ' . $last);
|
||||
if ($name === '') {
|
||||
$name = trim((string) ($data['email'] ?? ''));
|
||||
}
|
||||
return $name;
|
||||
}
|
||||
}
|
||||
41
core/Repository/User/UserWriteRepositoryInterface.php
Normal file
41
core/Repository/User/UserWriteRepositoryInterface.php
Normal file
@@ -0,0 +1,41 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Repository\User;
|
||||
|
||||
/** Contract for user creation, updates, activation, tenant assignment, and preference changes. */
|
||||
interface UserWriteRepositoryInterface
|
||||
{
|
||||
public function updateLastLogin(int $userId, string $provider = 'local'): void;
|
||||
|
||||
public function bumpAuthzVersion(int $userId): bool;
|
||||
|
||||
public function bumpAuthzVersionByUserIds(array $userIds): int;
|
||||
|
||||
public function create(array $data): int|false;
|
||||
|
||||
public function update(int $id, array $data): bool;
|
||||
|
||||
public function setActive(int $id, bool $active, ?int $changedBy = null): bool;
|
||||
|
||||
public function setCurrentTenant(int $id, int $tenantId): bool;
|
||||
|
||||
public function setActiveByUuids(array $uuids, bool $active, ?int $modifiedBy = null): bool;
|
||||
|
||||
public function setInactiveByIds(array $userIds, ?int $changedBy = null): int;
|
||||
|
||||
public function deleteByIds(array $userIds): int;
|
||||
|
||||
public function setLocale(int $id, string $locale): bool;
|
||||
|
||||
public function setTheme(int $id, string $theme): bool;
|
||||
|
||||
public function updateProfileFieldsFromSso(int $id, array $fields): bool;
|
||||
|
||||
public function setPassword(int $id, string $password): bool;
|
||||
|
||||
public function setEmailVerified(int $id): bool;
|
||||
|
||||
public function delete(int $id): bool;
|
||||
|
||||
public function deleteByUuids(array $uuids): bool;
|
||||
}
|
||||
Reference in New Issue
Block a user