refactor(settings): split security into 4 focused tiles

Extracts user-lifecycle, audit and telemetry from the security subpage
into their own tiles, and renames the slimmed-down security subpage to
account-access for a clearer scope. Each subpage now has at most three
detail cards instead of the eight previously crowded into security.

Hub gains four tiles, sub-action redirects (expire-remember-tokens,
run-user-lifecycle) move to their new sections, architecture tests track
the new section list and i18n adds the new labels in de + en.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-25 08:50:05 +02:00
parent dd5c305f7e
commit c14d42f198
18 changed files with 846 additions and 376 deletions

View File

@@ -16,7 +16,7 @@ class AuthzAdminSettingsContractTest extends TestCase
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $indexContent);
// Subpages that expose a settings form: VIEW + UPDATE.
foreach (['general', 'security', 'email', 'api', 'sso'] as $section) {
foreach (['general', 'account-access', 'user-lifecycle', 'audit', 'telemetry', 'email', 'api', 'sso'] as $section) {
$content = $this->readProjectFile("pages/admin/settings/{$section}().php");
$this->assertStringContainsString('AuthorizationService::class', $content, $section);
$this->assertStringContainsString('SettingsAuthorizationPolicy::ABILITY_ADMIN_SETTINGS_VIEW', $content, $section);

View File

@@ -59,7 +59,7 @@ class AuthzUiTemplateContractTest extends TestCase
// Settings was split into a landing hub + per-section subpages.
// The form-carrying subpages must use the server-side $canUpdateSettings
// capability instead of the legacy can() helper.
foreach (['general', 'security', 'email', 'api', 'sso', 'branding'] as $section) {
foreach (['general', 'account-access', 'user-lifecycle', 'audit', 'telemetry', 'email', 'api', 'sso', 'branding'] as $section) {
$templateContent = $this->readProjectFile("pages/admin/settings/{$section}(default).phtml");
$this->assertStringNotContainsString("can('settings.update')", $templateContent, $section);
$this->assertStringContainsString('$canUpdateSettings', $templateContent, $section);

View File

@@ -18,9 +18,11 @@ final class DetailActionPolicyContractFiles
'pages/admin/roles/edit(default).phtml',
'pages/admin/permissions/edit(default).phtml',
// Settings subpages that carry danger actions (and therefore need
// the data-detail-confirm-message contract) — general/email/sso/branding
// have no destructive buttons and are deliberately excluded.
'pages/admin/settings/security(default).phtml',
// the data-detail-confirm-message contract). Subpages without
// destructive buttons (general/audit/telemetry/email/sso/branding)
// are deliberately excluded.
'pages/admin/settings/account-access(default).phtml',
'pages/admin/settings/user-lifecycle(default).phtml',
'pages/admin/settings/api(default).phtml',
'templates/partials/app-details-titlebar.phtml',
'templates/partials/app-details-aside-actions.phtml',

View File

@@ -17,7 +17,10 @@ final class DetailPageContractFiles
'pages/admin/permissions/_form.phtml',
'pages/admin/scheduled-jobs/edit(default).phtml',
'pages/admin/settings/general(default).phtml',
'pages/admin/settings/security(default).phtml',
'pages/admin/settings/account-access(default).phtml',
'pages/admin/settings/user-lifecycle(default).phtml',
'pages/admin/settings/audit(default).phtml',
'pages/admin/settings/telemetry(default).phtml',
'pages/admin/settings/email(default).phtml',
'pages/admin/settings/api(default).phtml',
'pages/admin/settings/sso(default).phtml',