feat(user-lifecycle): cockpit foundation — KPI row + aside quick actions
Phase 1 of the Stripe-style policy-cockpit redesign for the user-lifecycle
settings page. Pure server-rendering — no async, no JS components, no
sparklines yet (those land in later phases).
Adds a four-tile KPI row above the configuration form (Last run,
Deactivated/30d, Deleted/30d, Pending deletion/7d), populates the
previously empty aside with three quick actions (Run policy now,
Purge logs, Policy reference link), and surfaces a relative-time +
status hint under the existing Run-Now collapsible.
Module-isolation is preserved through a new read-side contract:
* core/Service/Audit/UserLifecycleAuditDashboardInterface — read-only
pendant to the existing write-side UserLifecycleAuditInterface.
Methods: lastRun(), summaryByAction(int days), countActionInWindow(...).
* core/Service/Audit/NullUserLifecycleAuditDashboard — fail-closed
default when the audit module is disabled. KPI tiles 1-3 then
render "—"; tile 4 (pending deletion) keeps working because it
lives in the core domain.
* modules/audit/.../Service/UserLifecycleAuditDashboardService — the
module's implementation; reads through the existing
UserLifecycleAuditRepository (extended with three new aggregation
queries: lastRun, countByActionStatusSinceTimestamp, countSinceTimestamp).
* AuditContainerRegistrar binds the interface to the module impl;
registerContainer.php registers the Null fallback before module
bindings, mirroring how the write-side audit interface is wired.
The new core service UserLifecyclePolicyDashboardService computes
the pending-deletion-window count from the users table directly
(no audit dependency) — defensive when both policy days are 0
(returns 0 rather than running an unbounded query).
New shared template partial templates/partials/app-kpi-row.phtml is
generic — accepts a $kpiTiles array of {label, count, icon, iconTone,
href, tooltip} and reuses the existing app-tile primitive. Other
settings pages can pick it up without ceremony.
Includes:
* PHPUnit tests for both new services (happy path + Null-fallback +
policy-disabled edge cases).
* AuditModuleIsolationContractTest allowlist extended for the new
interface and module service.
* 14 new translation keys in both default_de.json and default_en.json
(i18n parity verified).
All six quality gates green.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -25,12 +25,14 @@ use MintyPHP\Module\Audit\Service\ImportAuditService;
|
||||
use MintyPHP\Module\Audit\Service\SystemAuditRedactionService;
|
||||
use MintyPHP\Module\Audit\Service\SystemAuditRowPresenter;
|
||||
use MintyPHP\Module\Audit\Service\SystemAuditService;
|
||||
use MintyPHP\Module\Audit\Service\UserLifecycleAuditDashboardService;
|
||||
use MintyPHP\Module\Audit\Service\UserLifecycleAuditService;
|
||||
use MintyPHP\Repository\User\UserReadRepository;
|
||||
use MintyPHP\Service\Access\PermissionService;
|
||||
use MintyPHP\Service\Audit\AuditMetadataEnricherInterface;
|
||||
use MintyPHP\Service\Audit\AuditRecorderInterface;
|
||||
use MintyPHP\Service\Audit\ImportAuditInterface;
|
||||
use MintyPHP\Service\Audit\UserLifecycleAuditDashboardInterface;
|
||||
use MintyPHP\Service\Audit\UserLifecycleAuditInterface;
|
||||
use MintyPHP\Service\Security\RateLimiterService;
|
||||
use MintyPHP\Service\Settings\SettingsFrontendTelemetryGateway;
|
||||
@@ -64,6 +66,9 @@ final class AuditContainerRegistrar implements ContainerRegistrar
|
||||
$container->set(UserLifecycleAuditService::class, static fn (AppContainer $c): UserLifecycleAuditService => new UserLifecycleAuditService(
|
||||
$c->get(UserLifecycleAuditRepository::class)
|
||||
));
|
||||
$container->set(UserLifecycleAuditDashboardService::class, static fn (AppContainer $c): UserLifecycleAuditDashboardService => new UserLifecycleAuditDashboardService(
|
||||
$c->get(UserLifecycleAuditRepository::class)
|
||||
));
|
||||
$container->set(ImportAuditService::class, static fn (AppContainer $c): ImportAuditService => new ImportAuditService(
|
||||
$c->get(ImportAuditRunRepository::class)
|
||||
));
|
||||
@@ -71,6 +76,7 @@ final class AuditContainerRegistrar implements ContainerRegistrar
|
||||
// Core interface bindings — override null implementations
|
||||
$container->set(AuditRecorderInterface::class, static fn (AppContainer $c): AuditRecorderInterface => $c->get(SystemAuditService::class));
|
||||
$container->set(UserLifecycleAuditInterface::class, static fn (AppContainer $c): UserLifecycleAuditInterface => $c->get(UserLifecycleAuditService::class));
|
||||
$container->set(UserLifecycleAuditDashboardInterface::class, static fn (AppContainer $c): UserLifecycleAuditDashboardInterface => $c->get(UserLifecycleAuditDashboardService::class));
|
||||
$container->set(ImportAuditInterface::class, static fn (AppContainer $c): ImportAuditInterface => $c->get(ImportAuditService::class));
|
||||
$container->set(ApiAuditServiceInterface::class, static fn (AppContainer $c): ApiAuditServiceInterface => $c->get(ApiAuditService::class));
|
||||
$container->set(ApiSystemAuditReporterInterface::class, static fn (AppContainer $c): ApiSystemAuditReporterInterface => $c->get(ApiSystemAuditReporter::class));
|
||||
|
||||
@@ -278,6 +278,92 @@ class UserLifecycleAuditRepository
|
||||
return (int) $updated > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Most recent system-triggered lifecycle run (any status), used by the policy dashboard tile.
|
||||
*
|
||||
* @return array{created_at:string,status:string,action:string}|null
|
||||
*/
|
||||
public function latestSystemRun(): ?array
|
||||
{
|
||||
$row = DB::selectOne(
|
||||
'select created_at, status, action
|
||||
from user_lifecycle_audit_log
|
||||
where trigger_type = ?
|
||||
order by created_at desc
|
||||
limit 1',
|
||||
UserLifecycleTriggerType::System->value
|
||||
);
|
||||
if (!is_array($row)) {
|
||||
return null;
|
||||
}
|
||||
$item = $row['user_lifecycle_audit_log'] ?? $row;
|
||||
if (!is_array($item) || !isset($item['created_at'])) {
|
||||
return null;
|
||||
}
|
||||
return [
|
||||
'created_at' => (string) $item['created_at'],
|
||||
'status' => (string) ($item['status'] ?? ''),
|
||||
'action' => (string) ($item['action'] ?? ''),
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Count audit-log events for a single action+status within the last $days days (UTC).
|
||||
*/
|
||||
public function countActionInWindow(string $action, int $days, string $status): int
|
||||
{
|
||||
if ($days <= 0) {
|
||||
return 0;
|
||||
}
|
||||
$value = DB::selectValue(
|
||||
'select count(*)
|
||||
from user_lifecycle_audit_log
|
||||
where action = ?
|
||||
and status = ?
|
||||
and created_at >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL ? DAY)',
|
||||
$action,
|
||||
$status,
|
||||
(string) $days
|
||||
);
|
||||
return (int) ($value ?? 0);
|
||||
}
|
||||
|
||||
/**
|
||||
* Map of action → count for the given status within the last $days days (UTC).
|
||||
*
|
||||
* @return array<string, int>
|
||||
*/
|
||||
public function sumByActionInWindow(int $days, string $status): array
|
||||
{
|
||||
if ($days <= 0) {
|
||||
return [];
|
||||
}
|
||||
$rows = DB::select(
|
||||
'select action, count(*) as cnt
|
||||
from user_lifecycle_audit_log
|
||||
where status = ?
|
||||
and created_at >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL ? DAY)
|
||||
group by action',
|
||||
$status,
|
||||
(string) $days
|
||||
);
|
||||
$summary = [];
|
||||
if (is_array($rows)) {
|
||||
foreach ($rows as $row) {
|
||||
$item = is_array($row) ? ($row['user_lifecycle_audit_log'] ?? $row) : null;
|
||||
if (!is_array($item)) {
|
||||
continue;
|
||||
}
|
||||
$action = trim((string) ($item['action'] ?? ''));
|
||||
if ($action === '') {
|
||||
continue;
|
||||
}
|
||||
$summary[$action] = (int) ($item['cnt'] ?? 0);
|
||||
}
|
||||
}
|
||||
return $summary;
|
||||
}
|
||||
|
||||
public function purgeOlderThanDays(int $days): int
|
||||
{
|
||||
if ($days <= 0) {
|
||||
|
||||
@@ -0,0 +1,50 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Module\Audit\Service;
|
||||
|
||||
use MintyPHP\Module\Audit\Domain\UserLifecycleAction;
|
||||
use MintyPHP\Module\Audit\Domain\UserLifecycleStatus;
|
||||
use MintyPHP\Module\Audit\Repository\UserLifecycleAuditRepository;
|
||||
use MintyPHP\Service\Audit\UserLifecycleAuditDashboardInterface;
|
||||
|
||||
/**
|
||||
* Read-side dashboard implementation that delegates to {@see UserLifecycleAuditRepository}
|
||||
* and normalizes every input via the lifecycle taxonomy enums (defence-in-depth).
|
||||
*/
|
||||
final class UserLifecycleAuditDashboardService implements UserLifecycleAuditDashboardInterface
|
||||
{
|
||||
public function __construct(private readonly UserLifecycleAuditRepository $userLifecycleAuditRepository)
|
||||
{
|
||||
}
|
||||
|
||||
public function lastRun(): ?array
|
||||
{
|
||||
return $this->userLifecycleAuditRepository->latestSystemRun();
|
||||
}
|
||||
|
||||
public function actionCountInWindow(string $action, int $days, string $status = 'success'): int
|
||||
{
|
||||
$normalizedAction = UserLifecycleAction::tryNormalize($action);
|
||||
if ($normalizedAction === null) {
|
||||
return 0;
|
||||
}
|
||||
$normalizedStatus = UserLifecycleStatus::tryNormalize($status);
|
||||
if ($normalizedStatus === null) {
|
||||
return 0;
|
||||
}
|
||||
return $this->userLifecycleAuditRepository->countActionInWindow(
|
||||
$normalizedAction->value,
|
||||
$days,
|
||||
$normalizedStatus->value
|
||||
);
|
||||
}
|
||||
|
||||
public function summaryByAction(int $days, string $status = 'success'): array
|
||||
{
|
||||
$normalizedStatus = UserLifecycleStatus::tryNormalize($status);
|
||||
if ($normalizedStatus === null) {
|
||||
return [];
|
||||
}
|
||||
return $this->userLifecycleAuditRepository->sumByActionInWindow($days, $normalizedStatus->value);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user