fix(audit): harden module isolation and fix post-extraction drift
Fix 5 broken FQCN references (runtime errors) where core pages referenced non-existent MintyPHP\Service\Audit\AuditMetadataEnricher and SystemAuditService. Add AuditMetadataEnricherInterface with NullAuditMetadataEnricher fallback so deactivating the audit module no longer crashes core edit pages. Move audit search resources from core Search*Provider files into the module via a new AuditSearchResourceProvider implementing the existing SearchResourceProvider contract. Add module-specific purge permissions (audit.api.purge, audit.imports.purge) replacing core ABILITY_ADMIN_SETTINGS_UPDATE. Also fixes: session key prefix convention, hardcoded English string, $_SERVER superglobal fallback, and manifest schema drift (i18n_path, group in ui_slots). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,107 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Module\Audit\Providers;
|
||||
|
||||
use MintyPHP\App\Module\Contracts\SearchResourceProvider;
|
||||
|
||||
/**
|
||||
* Provides audit search resources (API audit, system audit) for the global search.
|
||||
*/
|
||||
final class AuditSearchResourceProvider implements SearchResourceProvider
|
||||
{
|
||||
public function resources(): array
|
||||
{
|
||||
return [
|
||||
'api-audit' => [
|
||||
'label' => t('API audit'),
|
||||
'permission' => 'api_audit.view',
|
||||
'count_sql' => "select count(*) from api_audit_log where (request_id like ? escape '\\\\' or path like ? escape '\\\\' or error_code like ? escape '\\\\' or ip like ? escape '\\\\')",
|
||||
'preview_sql' => "select id, request_id, method, path, status_code, created_at from api_audit_log where (request_id like ? escape '\\\\' or path like ? escape '\\\\' or error_code like ? escape '\\\\' or ip like ? escape '\\\\') order by created_at desc limit ?",
|
||||
'result_sql' => "select id, request_id, method, path, status_code, created_at from api_audit_log where (request_id like ? escape '\\\\' or path like ? escape '\\\\' or error_code like ? escape '\\\\' or ip like ? escape '\\\\') order by created_at desc",
|
||||
],
|
||||
'system-audit' => [
|
||||
'label' => t('System audit'),
|
||||
'permission' => 'system_audit.view',
|
||||
'count_sql' => "select count(*) from system_audit_log where (request_id like ? escape '\\\\' or event_type like ? escape '\\\\' or error_code like ? escape '\\\\' or path like ? escape '\\\\')",
|
||||
'preview_sql' => "select id, request_id, event_type, outcome, created_at from system_audit_log where (request_id like ? escape '\\\\' or event_type like ? escape '\\\\' or error_code like ? escape '\\\\' or path like ? escape '\\\\') order by created_at desc limit ?",
|
||||
'result_sql' => "select id, request_id, event_type, outcome, created_at from system_audit_log where (request_id like ? escape '\\\\' or event_type like ? escape '\\\\' or error_code like ? escape '\\\\' or path like ? escape '\\\\') order by created_at desc",
|
||||
],
|
||||
];
|
||||
}
|
||||
|
||||
public function mapResultItem(string $resourceKey, array $row): ?array
|
||||
{
|
||||
if ($resourceKey === 'api-audit') {
|
||||
return $this->mapApiAuditItem($row);
|
||||
}
|
||||
|
||||
if ($resourceKey === 'system-audit') {
|
||||
return $this->mapSystemAuditItem($row);
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public function listUrl(string $resourceKey, string $encodedSearch): string
|
||||
{
|
||||
return match ($resourceKey) {
|
||||
'api-audit' => lurl('admin/api-audit') . '?search=' . $encodedSearch,
|
||||
'system-audit' => lurl('admin/system-audit') . '?search=' . $encodedSearch,
|
||||
default => '',
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $row
|
||||
* @return array{title: string, subtitle: string, url: string, icon: string}|null
|
||||
*/
|
||||
private function mapApiAuditItem(array $row): ?array
|
||||
{
|
||||
$method = strtoupper(trim((string) ($row['method'] ?? '')));
|
||||
$path = trim((string) ($row['path'] ?? ''));
|
||||
$statusCode = (int) ($row['status_code'] ?? 0);
|
||||
$requestId = trim((string) ($row['request_id'] ?? ''));
|
||||
|
||||
$title = trim($method . ' ' . $path);
|
||||
if ($title === '') {
|
||||
$title = $requestId;
|
||||
}
|
||||
if ($title === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
$subtitle = trim(($statusCode > 0 ? (string) $statusCode : '') . ($requestId !== '' ? ' — ' . $requestId : ''));
|
||||
|
||||
return [
|
||||
'title' => $title,
|
||||
'subtitle' => $subtitle,
|
||||
'url' => lurl('admin/api-audit/view/' . ($row['id'] ?? '')),
|
||||
'icon' => 'bi-shield-check',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $row
|
||||
* @return array{title: string, subtitle: string, url: string, icon: string}|null
|
||||
*/
|
||||
private function mapSystemAuditItem(array $row): ?array
|
||||
{
|
||||
$eventType = trim((string) ($row['event_type'] ?? ''));
|
||||
$outcome = strtolower(trim((string) ($row['outcome'] ?? '')));
|
||||
$requestId = trim((string) ($row['request_id'] ?? ''));
|
||||
|
||||
$title = $eventType !== '' ? $eventType : $requestId;
|
||||
if ($title === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
$subtitle = trim(($outcome !== '' ? strtoupper($outcome) : '') . ($requestId !== '' ? ' — ' . $requestId : ''));
|
||||
|
||||
return [
|
||||
'title' => $title,
|
||||
'subtitle' => $subtitle,
|
||||
'url' => lurl('admin/system-audit/view/' . ($row['id'] ?? '')),
|
||||
'icon' => 'bi-journal-lock',
|
||||
];
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user