feat(user-lifecycle): cockpit foundation — KPI row + aside quick actions

Phase 1 of the Stripe-style policy-cockpit redesign for the user-lifecycle
settings page. Pure server-rendering — no async, no JS components, no
sparklines yet (those land in later phases).

Adds a four-tile KPI row above the configuration form (Last run,
Deactivated/30d, Deleted/30d, Pending deletion/7d), populates the
previously empty aside with three quick actions (Run policy now,
Purge logs, Policy reference link), and surfaces a relative-time +
status hint under the existing Run-Now collapsible.

Module-isolation is preserved through a new read-side contract:

* core/Service/Audit/UserLifecycleAuditDashboardInterface — read-only
  pendant to the existing write-side UserLifecycleAuditInterface.
  Methods: lastRun(), summaryByAction(int days), countActionInWindow(...).
* core/Service/Audit/NullUserLifecycleAuditDashboard — fail-closed
  default when the audit module is disabled. KPI tiles 1-3 then
  render "—"; tile 4 (pending deletion) keeps working because it
  lives in the core domain.
* modules/audit/.../Service/UserLifecycleAuditDashboardService — the
  module's implementation; reads through the existing
  UserLifecycleAuditRepository (extended with three new aggregation
  queries: lastRun, countByActionStatusSinceTimestamp, countSinceTimestamp).
* AuditContainerRegistrar binds the interface to the module impl;
  registerContainer.php registers the Null fallback before module
  bindings, mirroring how the write-side audit interface is wired.

The new core service UserLifecyclePolicyDashboardService computes
the pending-deletion-window count from the users table directly
(no audit dependency) — defensive when both policy days are 0
(returns 0 rather than running an unbounded query).

New shared template partial templates/partials/app-kpi-row.phtml is
generic — accepts a $kpiTiles array of {label, count, icon, iconTone,
href, tooltip} and reuses the existing app-tile primitive. Other
settings pages can pick it up without ceremony.

Includes:
* PHPUnit tests for both new services (happy path + Null-fallback +
  policy-disabled edge cases).
* AuditModuleIsolationContractTest allowlist extended for the new
  interface and module service.
* 14 new translation keys in both default_de.json and default_en.json
  (i18n parity verified).

All six quality gates green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-26 20:36:28 +02:00
parent 004c25ac4b
commit cc2cf3a254
19 changed files with 656 additions and 3 deletions

View File

@@ -25,12 +25,14 @@ use MintyPHP\Module\Audit\Service\ImportAuditService;
use MintyPHP\Module\Audit\Service\SystemAuditRedactionService;
use MintyPHP\Module\Audit\Service\SystemAuditRowPresenter;
use MintyPHP\Module\Audit\Service\SystemAuditService;
use MintyPHP\Module\Audit\Service\UserLifecycleAuditDashboardService;
use MintyPHP\Module\Audit\Service\UserLifecycleAuditService;
use MintyPHP\Repository\User\UserReadRepository;
use MintyPHP\Service\Access\PermissionService;
use MintyPHP\Service\Audit\AuditMetadataEnricherInterface;
use MintyPHP\Service\Audit\AuditRecorderInterface;
use MintyPHP\Service\Audit\ImportAuditInterface;
use MintyPHP\Service\Audit\UserLifecycleAuditDashboardInterface;
use MintyPHP\Service\Audit\UserLifecycleAuditInterface;
use MintyPHP\Service\Security\RateLimiterService;
use MintyPHP\Service\Settings\SettingsFrontendTelemetryGateway;
@@ -64,6 +66,9 @@ final class AuditContainerRegistrar implements ContainerRegistrar
$container->set(UserLifecycleAuditService::class, static fn (AppContainer $c): UserLifecycleAuditService => new UserLifecycleAuditService(
$c->get(UserLifecycleAuditRepository::class)
));
$container->set(UserLifecycleAuditDashboardService::class, static fn (AppContainer $c): UserLifecycleAuditDashboardService => new UserLifecycleAuditDashboardService(
$c->get(UserLifecycleAuditRepository::class)
));
$container->set(ImportAuditService::class, static fn (AppContainer $c): ImportAuditService => new ImportAuditService(
$c->get(ImportAuditRunRepository::class)
));
@@ -71,6 +76,7 @@ final class AuditContainerRegistrar implements ContainerRegistrar
// Core interface bindings — override null implementations
$container->set(AuditRecorderInterface::class, static fn (AppContainer $c): AuditRecorderInterface => $c->get(SystemAuditService::class));
$container->set(UserLifecycleAuditInterface::class, static fn (AppContainer $c): UserLifecycleAuditInterface => $c->get(UserLifecycleAuditService::class));
$container->set(UserLifecycleAuditDashboardInterface::class, static fn (AppContainer $c): UserLifecycleAuditDashboardInterface => $c->get(UserLifecycleAuditDashboardService::class));
$container->set(ImportAuditInterface::class, static fn (AppContainer $c): ImportAuditInterface => $c->get(ImportAuditService::class));
$container->set(ApiAuditServiceInterface::class, static fn (AppContainer $c): ApiAuditServiceInterface => $c->get(ApiAuditService::class));
$container->set(ApiSystemAuditReporterInterface::class, static fn (AppContainer $c): ApiSystemAuditReporterInterface => $c->get(ApiSystemAuditReporter::class));

View File

@@ -278,6 +278,92 @@ class UserLifecycleAuditRepository
return (int) $updated > 0;
}
/**
* Most recent system-triggered lifecycle run (any status), used by the policy dashboard tile.
*
* @return array{created_at:string,status:string,action:string}|null
*/
public function latestSystemRun(): ?array
{
$row = DB::selectOne(
'select created_at, status, action
from user_lifecycle_audit_log
where trigger_type = ?
order by created_at desc
limit 1',
UserLifecycleTriggerType::System->value
);
if (!is_array($row)) {
return null;
}
$item = $row['user_lifecycle_audit_log'] ?? $row;
if (!is_array($item) || !isset($item['created_at'])) {
return null;
}
return [
'created_at' => (string) $item['created_at'],
'status' => (string) ($item['status'] ?? ''),
'action' => (string) ($item['action'] ?? ''),
];
}
/**
* Count audit-log events for a single action+status within the last $days days (UTC).
*/
public function countActionInWindow(string $action, int $days, string $status): int
{
if ($days <= 0) {
return 0;
}
$value = DB::selectValue(
'select count(*)
from user_lifecycle_audit_log
where action = ?
and status = ?
and created_at >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL ? DAY)',
$action,
$status,
(string) $days
);
return (int) ($value ?? 0);
}
/**
* Map of action → count for the given status within the last $days days (UTC).
*
* @return array<string, int>
*/
public function sumByActionInWindow(int $days, string $status): array
{
if ($days <= 0) {
return [];
}
$rows = DB::select(
'select action, count(*) as cnt
from user_lifecycle_audit_log
where status = ?
and created_at >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL ? DAY)
group by action',
$status,
(string) $days
);
$summary = [];
if (is_array($rows)) {
foreach ($rows as $row) {
$item = is_array($row) ? ($row['user_lifecycle_audit_log'] ?? $row) : null;
if (!is_array($item)) {
continue;
}
$action = trim((string) ($item['action'] ?? ''));
if ($action === '') {
continue;
}
$summary[$action] = (int) ($item['cnt'] ?? 0);
}
}
return $summary;
}
public function purgeOlderThanDays(int $days): int
{
if ($days <= 0) {

View File

@@ -0,0 +1,50 @@
<?php
namespace MintyPHP\Module\Audit\Service;
use MintyPHP\Module\Audit\Domain\UserLifecycleAction;
use MintyPHP\Module\Audit\Domain\UserLifecycleStatus;
use MintyPHP\Module\Audit\Repository\UserLifecycleAuditRepository;
use MintyPHP\Service\Audit\UserLifecycleAuditDashboardInterface;
/**
* Read-side dashboard implementation that delegates to {@see UserLifecycleAuditRepository}
* and normalizes every input via the lifecycle taxonomy enums (defence-in-depth).
*/
final class UserLifecycleAuditDashboardService implements UserLifecycleAuditDashboardInterface
{
public function __construct(private readonly UserLifecycleAuditRepository $userLifecycleAuditRepository)
{
}
public function lastRun(): ?array
{
return $this->userLifecycleAuditRepository->latestSystemRun();
}
public function actionCountInWindow(string $action, int $days, string $status = 'success'): int
{
$normalizedAction = UserLifecycleAction::tryNormalize($action);
if ($normalizedAction === null) {
return 0;
}
$normalizedStatus = UserLifecycleStatus::tryNormalize($status);
if ($normalizedStatus === null) {
return 0;
}
return $this->userLifecycleAuditRepository->countActionInWindow(
$normalizedAction->value,
$days,
$normalizedStatus->value
);
}
public function summaryByAction(int $days, string $status = 'success'): array
{
$normalizedStatus = UserLifecycleStatus::tryNormalize($status);
if ($normalizedStatus === null) {
return [];
}
return $this->userLifecycleAuditRepository->sumByActionInWindow($days, $normalizedStatus->value);
}
}

View File

@@ -0,0 +1,97 @@
<?php
namespace MintyPHP\Tests\Module\Audit\Service;
use MintyPHP\Module\Audit\Repository\UserLifecycleAuditRepository;
use MintyPHP\Module\Audit\Service\UserLifecycleAuditDashboardService;
use PHPUnit\Framework\TestCase;
class UserLifecycleAuditDashboardServiceTest extends TestCase
{
public function testLastRunReturnsNullWhenRepositoryHasNoSystemRun(): void
{
$repository = $this->createMock(UserLifecycleAuditRepository::class);
$repository->expects($this->once())->method('latestSystemRun')->willReturn(null);
$service = new UserLifecycleAuditDashboardService($repository);
$this->assertNull($service->lastRun());
}
public function testLastRunNormalizesRowToContractShape(): void
{
$repository = $this->createMock(UserLifecycleAuditRepository::class);
$repository->method('latestSystemRun')->willReturn([
'created_at' => '2026-04-25 12:00:00',
'status' => 'success',
'action' => 'deactivate',
]);
$service = new UserLifecycleAuditDashboardService($repository);
$row = $service->lastRun();
$this->assertIsArray($row);
$this->assertSame('2026-04-25 12:00:00', $row['created_at']);
$this->assertSame('success', $row['status']);
$this->assertSame('deactivate', $row['action']);
}
public function testActionCountInWindowReturnsZeroForUnknownAction(): void
{
$repository = $this->createMock(UserLifecycleAuditRepository::class);
$repository->expects($this->never())->method('countActionInWindow');
$service = new UserLifecycleAuditDashboardService($repository);
$this->assertSame(0, $service->actionCountInWindow('not-a-real-action', 30));
}
public function testActionCountInWindowReturnsZeroForUnknownStatus(): void
{
$repository = $this->createMock(UserLifecycleAuditRepository::class);
$repository->expects($this->never())->method('countActionInWindow');
$service = new UserLifecycleAuditDashboardService($repository);
$this->assertSame(0, $service->actionCountInWindow('deactivate', 30, 'not-a-status'));
}
public function testActionCountInWindowDelegatesNormalizedValuesToRepository(): void
{
$repository = $this->createMock(UserLifecycleAuditRepository::class);
$repository->expects($this->once())
->method('countActionInWindow')
->with('deactivate', 30, 'success')
->willReturn(7);
$service = new UserLifecycleAuditDashboardService($repository);
$this->assertSame(7, $service->actionCountInWindow('Deactivate', 30, 'Success'));
}
public function testSummaryByActionReturnsEmptyForUnknownStatus(): void
{
$repository = $this->createMock(UserLifecycleAuditRepository::class);
$repository->expects($this->never())->method('sumByActionInWindow');
$service = new UserLifecycleAuditDashboardService($repository);
$this->assertSame([], $service->summaryByAction(30, 'not-a-status'));
}
public function testSummaryByActionDelegatesNormalizedStatus(): void
{
$repository = $this->createMock(UserLifecycleAuditRepository::class);
$repository->expects($this->once())
->method('sumByActionInWindow')
->with(30, 'success')
->willReturn(['deactivate' => 4, 'delete' => 2]);
$service = new UserLifecycleAuditDashboardService($repository);
$this->assertSame(
['deactivate' => 4, 'delete' => 2],
$service->summaryByAction(30, 'Success')
);
}
}