feat(user-lifecycle): cockpit foundation — KPI row + aside quick actions

Phase 1 of the Stripe-style policy-cockpit redesign for the user-lifecycle
settings page. Pure server-rendering — no async, no JS components, no
sparklines yet (those land in later phases).

Adds a four-tile KPI row above the configuration form (Last run,
Deactivated/30d, Deleted/30d, Pending deletion/7d), populates the
previously empty aside with three quick actions (Run policy now,
Purge logs, Policy reference link), and surfaces a relative-time +
status hint under the existing Run-Now collapsible.

Module-isolation is preserved through a new read-side contract:

* core/Service/Audit/UserLifecycleAuditDashboardInterface — read-only
  pendant to the existing write-side UserLifecycleAuditInterface.
  Methods: lastRun(), summaryByAction(int days), countActionInWindow(...).
* core/Service/Audit/NullUserLifecycleAuditDashboard — fail-closed
  default when the audit module is disabled. KPI tiles 1-3 then
  render "—"; tile 4 (pending deletion) keeps working because it
  lives in the core domain.
* modules/audit/.../Service/UserLifecycleAuditDashboardService — the
  module's implementation; reads through the existing
  UserLifecycleAuditRepository (extended with three new aggregation
  queries: lastRun, countByActionStatusSinceTimestamp, countSinceTimestamp).
* AuditContainerRegistrar binds the interface to the module impl;
  registerContainer.php registers the Null fallback before module
  bindings, mirroring how the write-side audit interface is wired.

The new core service UserLifecyclePolicyDashboardService computes
the pending-deletion-window count from the users table directly
(no audit dependency) — defensive when both policy days are 0
(returns 0 rather than running an unbounded query).

New shared template partial templates/partials/app-kpi-row.phtml is
generic — accepts a $kpiTiles array of {label, count, icon, iconTone,
href, tooltip} and reuses the existing app-tile primitive. Other
settings pages can pick it up without ceremony.

Includes:
* PHPUnit tests for both new services (happy path + Null-fallback +
  policy-disabled edge cases).
* AuditModuleIsolationContractTest allowlist extended for the new
  interface and module service.
* 14 new translation keys in both default_de.json and default_en.json
  (i18n parity verified).

All six quality gates green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-26 20:36:28 +02:00
parent 004c25ac4b
commit cc2cf3a254
19 changed files with 656 additions and 3 deletions

View File

@@ -4,7 +4,10 @@ use MintyPHP\Buffer;
use MintyPHP\Http\SessionStoreInterface;
use MintyPHP\Router;
use MintyPHP\Service\Access\SettingsAuthorizationPolicy;
use MintyPHP\Service\Audit\NullUserLifecycleAuditDashboard;
use MintyPHP\Service\Audit\UserLifecycleAuditDashboardInterface;
use MintyPHP\Service\Settings\AdminSettingsService;
use MintyPHP\Service\User\UserLifecyclePolicyDashboardService;
use MintyPHP\Support\Flash;
use MintyPHP\Support\Guard;
@@ -75,6 +78,135 @@ if ($request->isMethod('POST')) {
Router::redirect($redirectTarget);
}
// ── KPI cockpit data (server-rendered, no async) ─────────────────────
$deactivateDays = (int) ($values['user_inactivity_deactivate_days'] ?? 0);
$deleteDays = (int) ($values['user_inactivity_delete_days'] ?? 0);
$dashboardService = app(UserLifecyclePolicyDashboardService::class);
$auditDashboard = app(UserLifecycleAuditDashboardInterface::class);
$auditDashboardActive = !($auditDashboard instanceof NullUserLifecycleAuditDashboard);
$lastRun = $auditDashboard->lastRun();
$summary = $auditDashboard->summaryByAction(30);
$pendingCount = $dashboardService->pendingDeletionCount($deactivateDays, $deleteDays, 7);
$lastRunAt = $lastRun !== null ? (string) ($lastRun['created_at'] ?? '') : null;
$lastRunStatus = $lastRun !== null ? (string) ($lastRun['status'] ?? '') : null;
if ($lastRunAt !== null && $lastRunAt === '') {
$lastRunAt = null;
}
// Build relative-time + status suffix for the Run-Now <details> summary line and the KPI tile.
$lastRunRelative = '—';
$lastRunStatusLabel = '';
if ($lastRunAt !== null) {
try {
$createdUtc = (new \DateTimeImmutable($lastRunAt, new \DateTimeZone('UTC')))->getTimestamp();
$diffDays = (int) floor((time() - $createdUtc) / 86400);
if ($diffDays <= 0) {
$lastRunRelative = t('today');
} elseif ($diffDays === 1) {
$lastRunRelative = t('yesterday');
} else {
$lastRunRelative = sprintf(t('%d days ago'), $diffDays);
}
} catch (\Throwable) {
$lastRunRelative = '—';
}
if ($lastRunStatus !== null && $lastRunStatus !== '') {
// Status enum tokens are translated via existing 'Success'/'Failed'/'Skipped' keys.
$statusKey = ucfirst(strtolower($lastRunStatus));
$lastRunStatusLabel = t($statusKey);
}
}
$lastRunSummary = '';
if ($lastRunAt !== null) {
$lastRunSummary = sprintf(
'%s: %s%s',
t('Last run'),
$lastRunRelative,
$lastRunStatusLabel !== '' ? ' · ' . $lastRunStatusLabel : ''
);
} else {
$lastRunSummary = t('No runs yet');
}
$lastRunTooltip = $lastRunStatusLabel !== '' ? $lastRunStatusLabel : t('No runs yet');
$pendingDisabled = ($deactivateDays <= 0 || $deleteDays <= 0);
/** @var array<int, array<string, mixed>> $kpiTiles */
$kpiTiles = [
[
'label' => t('Last run'),
'count' => $lastRunAt !== null ? $lastRunRelative : '—',
'icon' => 'bi bi-clock-history',
'iconTone' => 'blue',
'href' => 'admin/settings/user-lifecycle',
'tooltip' => $lastRunTooltip,
],
[
'label' => t('Deactivated'),
'count' => $auditDashboardActive ? (string) ((int) ($summary['deactivate'] ?? 0)) : '—',
'icon' => 'bi bi-person-dash',
'iconTone' => 'amber',
'href' => 'admin/settings/user-lifecycle',
'tooltip' => t('Last 30 days'),
],
[
'label' => t('Deleted'),
'count' => $auditDashboardActive ? (string) ((int) ($summary['delete'] ?? 0)) : '—',
'icon' => 'bi bi-person-x',
'iconTone' => 'red',
'href' => 'admin/settings/user-lifecycle',
'tooltip' => t('Last 30 days'),
],
[
'label' => t('Pending deletion'),
'count' => $pendingDisabled ? '—' : (string) $pendingCount,
'icon' => 'bi bi-exclamation-triangle',
'iconTone' => 'orange',
'href' => 'admin/users',
'tooltip' => t('Next 7 days'),
],
];
// ── Aside quick actions ──────────────────────────────────────────────
/** @var array<int, array<string, mixed>> $asideActions */
$asideActions = [];
if ($canUpdateSettings) {
$asideActions[] = [
'type' => 'form',
'label' => t('Run policy now'),
'action' => 'admin/settings/run-user-lifecycle',
'method' => 'POST',
'class' => 'secondary outline small',
'tone' => 'danger',
'confirm' => t('Run user lifecycle now?'),
'detailActionKind' => 'danger',
];
}
if ($canUpdateSettings && $auditDashboardActive) {
$asideActions[] = [
'type' => 'form',
'label' => t('Purge logs'),
'action' => 'admin/settings/user-lifecycle/audit-purge',
'method' => 'POST',
'class' => 'secondary outline small',
'tone' => 'danger',
'confirm' => t('Purge old user lifecycle audit log entries?'),
'detailActionKind' => 'purge',
];
}
$asideActions[] = [
'type' => 'link',
'label' => t('Policy reference'),
'href' => 'docs/reference-benutzer-lifecycle-policy.md',
'class' => 'secondary outline small',
'target' => '_blank',
'rel' => 'noopener',
];
Buffer::set('title', t('User lifecycle settings'));
$breadcrumbs = [