refactor(settings): split admin/settings into hub + per-section subpages
Splits the 755-line monolithic settings page into a tile-based landing hub and six focused subpages (general, security, email, api, sso, branding), each with its own form, CSRF scope and POST handler. Each subpage offers Save / Save & close buttons plus a Cancel/back link to the hub. Backend (AdminSettingsService, gateways, policies, DB schema) unchanged. A new settingsSectionMergePost() helper overlays section POSTs onto the current DB values so partial saves don't wipe unrelated fields (the service defaults missing keys to 0/empty). Sub-action files (logo/favicon/tokens/lifecycle) redirect to the matching subpage, and architecture contracts now check the subpage files instead of the removed monolithic index. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -10,10 +10,22 @@ class AuthzAdminSettingsContractTest extends TestCase
|
||||
|
||||
public function testAdminSettingsActionsUseCentralPolicies(): void
|
||||
{
|
||||
// Landing hub: VIEW only (no POST handler).
|
||||
$indexContent = $this->readProjectFile('pages/admin/settings/index().php');
|
||||
$this->assertStringContainsString('AuthorizationService::class', $indexContent);
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $indexContent);
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE', $indexContent);
|
||||
|
||||
// Subpages that expose a settings form: VIEW + UPDATE.
|
||||
foreach (['general', 'security', 'email', 'api', 'sso'] as $section) {
|
||||
$content = $this->readProjectFile("pages/admin/settings/{$section}().php");
|
||||
$this->assertStringContainsString('AuthorizationService::class', $content, $section);
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $content, $section);
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_UPDATE', $content, $section);
|
||||
}
|
||||
|
||||
// Branding landing: VIEW only (uploads post to separate action files).
|
||||
$brandingIndex = $this->readProjectFile('pages/admin/settings/branding().php');
|
||||
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $brandingIndex);
|
||||
|
||||
$logoUpload = $this->readProjectFile('pages/admin/settings/logo().php');
|
||||
$this->assertStringContainsString('AuthorizationService::class', $logoUpload);
|
||||
|
||||
Reference in New Issue
Block a user