feat(tenant): per-theme logos + file-upload + button UI polish

Replace the single tenant avatar with a pair of theme-scoped brand logos.
Render only the theme-matching <img> server-side and swap src on theme
toggle via a JS hook — no reload, no double request, no CSS tricks.

Tenant logos
- TenantLogoService (ImageUploadTrait) with theme whitelist and per-theme
  storage storage/tenants/{uuid}/logo/{light|dark}/, SIZES 128/256/512
- Public serving endpoint auth/tenant-logo-file so login can show the
  logo pre-auth; matching authenticated admin preview endpoint
- appTenantLogoUrl(?size, ?theme) with 4-step fallback cascade; PDF +
  mail always request 'light'
- Admin tenant edit: avatar block replaced by "Tenant logos" details
  block inside the Master-data tab, two side-by-side slots via Pico
  .grid with the core app-file-upload partial
- Policy rename ABILITY_ADMIN_TENANTS_AVATAR_VIEW -> LOGO_VIEW, action
  routes logo / logo-delete / logo-file with theme body/query param
- API endpoint path kept (backward compat), internals on new service
- CLI tenant:logo-migrate-avatars moves legacy avatar/ -> logo/light/
  idempotently (--dry-run, --yes, --cleanup)
- i18n "Tenant image" removed, 12 new keys synced across de/en

File upload component
- Full-width preview + filename/actions below (3D stack layout)
- Fixed 16:9 aspect ratio with 1rem inner padding for consistent
  preview size across any logo aspect
- Transparency checker pattern as background so black logos stay
  visible on dark mode and white logos on light mode
- form="" + deleteFormId support so the partial works with barrier
  forms inside another form

Buttons
- width:100% dropped from button[type="submit"]; scoped back via
  .login-main for the auth-flow primary CTA
- .outline base rule now tints background via color-mix of --app-color
  so secondary/primary/danger outlines all gain a subtle surface
- .outline.secondary restyled Stripe-style in both themes: solid white
  chip with soft shadow in light, solid elevated dark chip with white
  text in dark; neutral border replaces role-colored border
- .app-action-success/.app-action-danger outlines get color-mix bg +
  theme-aware outline-text tokens for stronger contrast
- Filled .primary/.app-action-success/.app-action-danger get raised
  box-shadow (inset highlight + drop) — opt-in via class so chrome
  buttons stay flat
- Dropped the legacy .secondary utility that was clobbering the
  custom-property cascade with a hardcoded muted color

Theme swap
- Logo img carries data-src-light + data-src-dark; theme-toggle JS
  swaps src when data-theme changes, keeping the topbar/login logo in
  sync without a page reload

Quality gates: PHPUnit (2045), PHPStan L5, CS-Fixer, docs link/drift,
codex skills sync — all green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-24 20:25:53 +02:00
parent dbeac6b095
commit 6e3fc63c1d
43 changed files with 1009 additions and 282 deletions

View File

@@ -46,14 +46,14 @@ class AuthzAdminTenantsContractTest extends TestCase
public function testAdminTenantMediaEndpointsUseCentralPolicies(): void
{
$avatarView = $this->readProjectFile('pages/admin/tenants/avatar-file().php');
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_AVATAR_VIEW', $avatarView);
$logoView = $this->readProjectFile('pages/admin/tenants/logo-file().php');
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_LOGO_VIEW', $logoView);
$avatarUpload = $this->readProjectFile('pages/admin/tenants/avatar($id).php');
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE', $avatarUpload);
$logoUpload = $this->readProjectFile('pages/admin/tenants/logo($id).php');
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE', $logoUpload);
$avatarDelete = $this->readProjectFile('pages/admin/tenants/avatar-delete($id).php');
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE', $avatarDelete);
$logoDelete = $this->readProjectFile('pages/admin/tenants/logo-delete($id).php');
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE', $logoDelete);
$faviconUpload = $this->readProjectFile('pages/admin/tenants/favicon($id).php');
$this->assertStringContainsString('TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_MEDIA_UPDATE', $faviconUpload);

View File

@@ -30,7 +30,7 @@ class AuthzUiLayoutContractTest extends TestCase
$this->assertStringNotContainsString('$_GET', $aside);
$this->assertStringNotContainsString('$_SESSION', $aside);
$this->assertStringNotContainsString('TenantAvatarService', $aside);
$this->assertStringNotContainsString('TenantLogoService', $aside);
$this->assertStringNotContainsString('app(', $aside);
}

View File

@@ -249,7 +249,7 @@ class TenantAuthorizationPolicyTest extends TestCase
$this->assertDeniedDecision($decision, 403, 'permission_denied');
}
public function testAvatarViewAllowsTenantViewerInScope(): void
public function testLogoViewAllowsTenantViewerInScope(): void
{
$permissionService = $this->permissionGatewayAllowing([
15 => [PermissionService::TENANTS_VIEW],
@@ -262,7 +262,7 @@ class TenantAuthorizationPolicyTest extends TestCase
->willReturn(true);
$policy = new TenantAuthorizationPolicy($permissionService, $scopeGateway);
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_AVATAR_VIEW, [
$decision = $policy->authorize(TenantAuthorizationPolicy::ABILITY_ADMIN_TENANTS_LOGO_VIEW, [
'actor_user_id' => 15,
'target_tenant_id' => 9,
]);

View File

@@ -0,0 +1,115 @@
<?php
namespace MintyPHP\Tests\Service\Tenant;
use MintyPHP\Service\Tenant\TenantLogoService;
use PHPUnit\Framework\TestCase;
/**
* Service behaviour test. Upload flows are covered via path-independent
* assertions (MIME + SVG guards + dir creation semantics) because
* move_uploaded_file() requires a real HTTP-uploaded file and cannot run
* under phpunit. Integration coverage for the move step lives in the
* manual smoketest documented in the execution report.
*/
class TenantLogoServiceTest extends TestCase
{
private TenantLogoService $service;
protected function setUp(): void
{
$this->service = new TenantLogoService();
}
public function testIsValidThemeAcceptsWhitelistedThemes(): void
{
$this->assertTrue($this->service->isValidTheme('light'));
$this->assertTrue($this->service->isValidTheme('dark'));
}
public function testIsValidThemeRejectsUnknownThemes(): void
{
$this->assertFalse($this->service->isValidTheme(''));
$this->assertFalse($this->service->isValidTheme('dark-green'));
$this->assertFalse($this->service->isValidTheme('LIGHT'));
}
public function testIsValidUuidRejectsMalformedInput(): void
{
$this->assertFalse($this->service->isValidUuid('not-a-uuid'));
$this->assertFalse($this->service->isValidUuid(''));
}
public function testIsValidUuidAcceptsCanonicalUuid(): void
{
$this->assertTrue($this->service->isValidUuid('11111111-2222-3333-4444-555555555555'));
}
public function testFindLogoPathRejectsInvalidTheme(): void
{
$this->assertNull($this->service->findLogoPath('11111111-2222-3333-4444-555555555555', 'neon'));
}
public function testFindLogoPathRejectsInvalidUuid(): void
{
$this->assertNull($this->service->findLogoPath('bogus', 'light'));
}
public function testHasLogoReturnsFalseForMissingDirectory(): void
{
$this->assertFalse($this->service->hasLogo('11111111-2222-3333-4444-555555555555', 'light'));
}
public function testTenantLogoDirIncludesThemeSegment(): void
{
$uuid = '11111111-2222-3333-4444-555555555555';
$this->assertStringEndsWith('/tenants/' . $uuid . '/logo/light', $this->service->tenantLogoDir($uuid, 'light'));
$this->assertStringEndsWith('/tenants/' . $uuid . '/logo/dark', $this->service->tenantLogoDir($uuid, 'dark'));
}
public function testSaveUploadRejectsInvalidUuid(): void
{
$result = $this->service->saveUpload('not-uuid', 'light', [
'tmp_name' => '/tmp/whatever',
'error' => UPLOAD_ERR_OK,
'size' => 100,
]);
$this->assertFalse($result['ok']);
}
public function testSaveUploadRejectsInvalidTheme(): void
{
$result = $this->service->saveUpload('11111111-2222-3333-4444-555555555555', 'neon', [
'tmp_name' => '/tmp/whatever',
'error' => UPLOAD_ERR_OK,
'size' => 100,
]);
$this->assertFalse($result['ok']);
}
public function testSaveUploadRejectsOversizedFile(): void
{
$result = $this->service->saveUpload('11111111-2222-3333-4444-555555555555', 'light', [
'tmp_name' => '/tmp/whatever',
'error' => UPLOAD_ERR_OK,
'size' => 10 * 1024 * 1024,
]);
$this->assertFalse($result['ok']);
}
public function testSaveUploadRejectsMissingFile(): void
{
$result = $this->service->saveUpload('11111111-2222-3333-4444-555555555555', 'light', []);
$this->assertFalse($result['ok']);
}
public function testDeleteRejectsInvalidUuid(): void
{
$this->assertFalse($this->service->delete('bogus', 'light'));
}
public function testDeleteRejectsInvalidTheme(): void
{
$this->assertFalse($this->service->delete('11111111-2222-3333-4444-555555555555', 'neon'));
}
}

View File

@@ -0,0 +1,95 @@
<?php
namespace MintyPHP\Tests\Support;
use MintyPHP\App\AppContainer;
use MintyPHP\Service\Branding\BrandingLogoService;
use MintyPHP\Service\Tenant\TenantLogoService;
use PHPUnit\Framework\TestCase;
/**
* Covers the appTenantLogoUrl() fallback cascade:
* 1. tenant logo for the requested theme
* 2. tenant logo for the other theme
* 3. global app logo
* 4. hardcoded brand asset
*/
class TenantLogoHelperTest extends TestCase
{
use AppContainerIsolationTrait;
private AppContainer $container;
private string $tenantUuid = '11111111-2222-3333-4444-555555555555';
protected function setUp(): void
{
$_SESSION = [];
$this->container = new AppContainer();
$this->pushAppContainer($this->container);
}
protected function tearDown(): void
{
$this->restoreAppContainer();
$_SESSION = [];
}
public function testFallsBackToAppLogoWithoutTenantContext(): void
{
$this->mockLogoService(false, false);
$this->mockBrandingLogo(false);
$url = appTenantLogoUrl(128, 'light');
$this->assertStringContainsString('brand/logo.svg', $url);
}
public function testUsesRequestedThemeWhenAvailable(): void
{
$_SESSION['current_tenant'] = ['uuid' => $this->tenantUuid];
$this->mockLogoService(true, true);
$url = appTenantLogoUrl(256, 'dark');
$this->assertStringContainsString('auth/tenant-logo-file', $url);
$this->assertStringContainsString('theme=dark', $url);
}
public function testFallsBackToOtherThemeWhenRequestedMissing(): void
{
$_SESSION['current_tenant'] = ['uuid' => $this->tenantUuid];
$this->mockLogoService(true, false);
$url = appTenantLogoUrl(256, 'dark');
$this->assertStringContainsString('auth/tenant-logo-file', $url);
$this->assertStringContainsString('theme=light', $url);
}
public function testFallsBackToAppLogoWhenTenantHasNoLogos(): void
{
$_SESSION['current_tenant'] = ['uuid' => $this->tenantUuid];
$this->mockLogoService(false, false);
$this->mockBrandingLogo(true);
$url = appTenantLogoUrl(128, 'light');
$this->assertStringContainsString('branding/logo', $url);
}
private function mockLogoService(bool $hasLight, bool $hasDark): void
{
$mock = $this->createMock(TenantLogoService::class);
$mock->method('hasLogo')->willReturnCallback(function (string $uuid, string $theme) use ($hasLight, $hasDark): bool {
return $theme === 'light' ? $hasLight : $hasDark;
});
$this->container->set(TenantLogoService::class, fn () => $mock);
}
private function mockBrandingLogo(bool $hasLogo): void
{
$mock = $this->createMock(BrandingLogoService::class);
$mock->method('hasLogo')->willReturn($hasLogo);
$this->container->set(BrandingLogoService::class, fn () => $mock);
}
}