feat: add read-only System Info admin page with health checks and module inventory

New page at /admin/system-info with three tabs:
- Overview: PHP version, SAPI, environment, 6 health checks (DB, schema,
  storage, RBAC baseline, admin role, scheduler heartbeat)
- Modules: table of active modules with version, dependencies, permission count
- Permissions: active/inactive counts and per-source breakdown

Gated behind new system_info.view permission assigned to Admin role.
No mutations — purely diagnostic/observability.

Includes SystemHealthService, SystemInfoService, SystemHealthRepository
with interface, DI registration, i18n keys (de+en), idempotent DB update
script, and 17 new PHPUnit tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-03-22 15:08:02 +01:00
parent be8bf496cb
commit cf8c59d3f8
17 changed files with 1164 additions and 4 deletions

View File

@@ -17,6 +17,7 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
public const ABILITY_ADMIN_JOBS_MANAGE = 'ops.admin.jobs.manage';
public const ABILITY_ADMIN_MAIL_LOG_VIEW = 'ops.admin.mail_log.view';
public const ABILITY_ADMIN_STATS_VIEW = 'ops.admin.stats.view';
public const ABILITY_ADMIN_SYSTEM_INFO_VIEW = 'ops.admin.system_info.view';
public const ABILITY_ADMIN_API_DOCS_VIEW = 'ops.admin.api_docs.view';
public const ABILITY_ADMIN_IMPORTS_TYPE_USERS = 'ops.admin.imports.type.users';
public const ABILITY_ADMIN_IMPORTS_TYPE_DEPARTMENTS = 'ops.admin.imports.type.departments';
@@ -61,6 +62,7 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
self::ABILITY_ADMIN_JOBS_MANAGE,
self::ABILITY_ADMIN_MAIL_LOG_VIEW,
self::ABILITY_ADMIN_STATS_VIEW,
self::ABILITY_ADMIN_SYSTEM_INFO_VIEW,
self::ABILITY_ADMIN_API_DOCS_VIEW,
self::ABILITY_ADMIN_IMPORTS_TYPE_USERS,
self::ABILITY_ADMIN_IMPORTS_TYPE_DEPARTMENTS,
@@ -109,6 +111,7 @@ final class OperationsAuthorizationPolicy implements AuthorizationPolicyInterfac
self::ABILITY_ADMIN_JOBS_MANAGE => $this->allowIfHas($actorUserId, PermissionService::JOBS_MANAGE),
self::ABILITY_ADMIN_MAIL_LOG_VIEW => $this->allowIfHas($actorUserId, PermissionService::MAIL_LOG_VIEW),
self::ABILITY_ADMIN_STATS_VIEW => $this->allowIfHas($actorUserId, PermissionService::STATS_VIEW),
self::ABILITY_ADMIN_SYSTEM_INFO_VIEW => $this->allowIfHas($actorUserId, PermissionService::SYSTEM_INFO_VIEW),
self::ABILITY_ADMIN_API_DOCS_VIEW => $this->allowIfHas($actorUserId, PermissionService::API_DOCS_VIEW),
self::ABILITY_ADMIN_IMPORTS_TYPE_USERS => $this->allowIfHas($actorUserId, PermissionService::USERS_IMPORT),
self::ABILITY_ADMIN_IMPORTS_TYPE_DEPARTMENTS => $this->allowIfHas($actorUserId, PermissionService::DEPARTMENTS_IMPORT),