- Add .gitea/workflows/deploy.yaml: QA → build prod image → SCP to server → docker load + compose up + module:sync
- Fix Dockerfile prod stage: copy module web assets directly from modules/*/web/ instead of resolving symlinks (symlinks are excluded via .dockerignore and break on Windows/CI)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Edit page: managers see 'Delete handover' button in aside with confirm dialog
- Delete handler: POST action=delete → deleteByIds → redirect to list
- Flash scope set to null (global) so toast shows reliably after redirect
regardless of locale prefix or query string in URL
- i18n: added Delete handover / Delete this handover? / Handover deleted (de+en)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Tabs: replace open/closed with active (draft+in_progress+under_review)
and done (completed+archived) — records now appear in the correct tab
Create wizard assign mode: redirect to list with flash message after
assigning instead of opening edit page
i18n: add In progress / Done tab labels and wizard strings (de + en)
Nikita Soldatov note: user does not exist in DB — needs to be created
via admin user management
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
HandoverServiceTest: 30 new cases covering:
- assign(): happy path, draft→in_progress transition, permission check,
zero assignedTo, not found, email sent, due date passed to repo
- submitForReview(): assignee and manager paths, non-assignee denied,
wrong status (under_review/completed), revision created, email sent
- resendNotification(): happy path, permission denied, no assignee
- statusLabel/Variant for under_review
HandoverNotificationServiceTest: 9 new cases covering:
- notifyAssigned: sends correct template+vars, skips on empty/null email,
fallback dash for empty debitor and due_date
- notifyReviewRequested: sends to manager, skips on no email,
fallback dash for empty assignee name
48 tests total, all passing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
MintyPHP DB returns rows as $row[$table][$field], so tenant users
come back as $u['u']['id'] not $u['id']. Added fallback for both.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New statuses: under_review
- New DB fields: assigned_to, assigned_by, assigned_at, due_date (migration 012)
- HandoverNotificationService: emails on assign and review-request
- HandoverService: assign(), submitForReview(), resendNotification()
- Assign page: manager selects employee + due date, resend notification
- Create wizard: manager can assign during creation (step 1)
- Edit page: "Submit for review" button for assignee, assign link for manager
- List page: open/closed tabs, non-managers see only their assigned handovers
- Email templates: handover_assigned + handover_review_requested (de/en)
- i18n keys added for de and en
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
web_init uses cp -rp which copies symlinks as symlinks.
Since the nginx container doesn't have /var/www/modules/,
symlinks in web/modules/ break. Replace them with actual copies at build time.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds helpdesk/dashboard route, empty page/view, Overview nav group in the
sidebar, and Dashboard i18n keys (de + en). No content yet.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Most German docs were written with `ue`/`ae`/`oe`/`ss` ASCII fallbacks
(`fuer`, `aenderung`, `koennen`, `gemaess`) — relic from older toolchain
constraints. Replaced 237 occurrences across 38 .md files with proper
umlauts and ß so the docs read naturally.
Substitutions are constrained to plain prose: fenced code blocks
(```...```), inline code spans (`...`), markdown link targets `[..](..)`,
and HTML comments are preserved verbatim. Path references like
`docs/howto-erste-aenderung.md` keep their original (umlaut-replaced)
filenames — only the surrounding prose is normalised.
Tool: bin/fix-md-umlauts.py (idempotent — no-op on already-clean files).
Re-runnable if ASCII fallbacks creep back in via copy-paste.
Doc-link-check + doc-drift-check stay green.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Existing systems used to have no automatic mechanism for the
db/updates/*.sql idempotent updates after `git pull` — devs had to
remember which files were already applied and run new ones manually
with `mariadb < ...`. Mirror module:migrate to fix this:
- New `bin/console db:migrate` walks db/updates/*.sql in alphabetical
order, skipping anything already recorded in the new core_migrations
tracking table. Each file runs in its own transaction; failure
rolls back so the file is retried on the next run.
- New `db:migrate --status` lists applied vs. pending files without
running anything. Useful for ops debugging "schema seems stale"
symptoms.
- module:sync now runs db:migrate as its first step, so the standard
post-pull command stays a single invocation. README's 3-step setup
is unchanged — module:sync now also covers core schema updates.
CoreMigrationRepository owns its own mysqli connection (using the
same DB credentials as MintyPHP\DB) and runs raw `$mysqli->query()`
instead of going through DB::query's prepared statement path —
MariaDB rejects some DDL (e.g. ALTER TABLE … ADD CONSTRAINT CHECK)
in the prepared protocol, which the existing 18 db/updates files
trip on. ModuleMigrationRepository is left untouched (no module
migration uses such DDL today and changing the vendor pattern is
out of scope).
End-to-end verified: against an existing DB the first run applies
all 19 idempotent files as no-ops and records them, second run
reports "all updates already applied". Against a freshly init'd
DB the same thing happens — no double work, no surprises. All
encrypted seed secrets keep decrypting because APP_CRYPTO_KEY
is unchanged.
Tests: tests/Console/CoreCommandsTest covers success/failure/status
output shapes against a FakeModuleRunner (mirror of the existing
ModuleCommandsTest pattern). 5 stale baseline entries in
phpstan-baseline removed (covered by the new @api annotation on
the test fixture class).
Docs: CLAUDE.md and docs/reference-cli-commands.md document the
new command + --status flag; docs/howto-fehlerbehebung.md gains
a "schema seems stale after git pull" section pointing at
db:migrate --status.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
config/config.php was gitignored and devs had to copy it from
config/config.php.example on every fresh clone. Since the bootstrap
config reads everything from .env via $envString() / $envInt() /
$envBool() defaults, there is nothing developer-specific in the file —
the cp step was dead ceremony.
- Remove config/config.php from .gitignore and track it directly
- Delete config/config.php.example
- Drop the example-existence + per-doc reference checks from
bin/docs-drift-check.sh; add a legacy-pattern check that flags
any new mention of the removed example file
- Update ConfigContractsTest to require config.php and forbid the
example
- Clean stale references in CLAUDE.md, README.md, six docs files,
and the core-guardrails skill
Same commit slims README down from 294 to 47 lines: one setup
checklist (now 3 commands instead of 4), the seeded login table,
the three quality-gate commands, and pointers to CLAUDE.md and
docs/index.md for everything else.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Fresh installs now come up with working dev test connections for
Microsoft SSO and Business Central without manual configuration:
- init.sql appends the live breadcrumb + icoreon tenants (idempotent
by uuid), Felix as a 6th user with all five roles, the live
departments, plus tenant_auth_microsoft (SSO enabled for
breadcrumb), tenant_auth_ldap stubs, and the global Microsoft
shared-app credentials. The MusterMandant demo seed is preserved
as tenant 1.
- A new helpdesk migration 011 seeds the per-tenant BC connection
rows in helpdesk_tenant_settings and the helpdesk.bc_* fallback
settings — module-owned data stays in module migrations.
- .env.example sets APP_CRYPTO_KEY so the AES-256-GCM blobs in the
seed (Microsoft client secret, BC basic auth passwords) actually
decrypt out-of-the-box. Verified by decrypting all four blobs
end-to-end through Crypto::decryptString.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Commit 4890a28 folded templates/partials/app-flash.phtml into
app-toast-stack.phtml, which the base layout now mounts itself. 14
helpdesk views still required the deleted partial and crashed every
helpdesk page with a 500 (Failed opening required app-flash.phtml).
Remove the redundant requires; the unified toast stack continues to
render flash messages via the layout.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Codifies the rule that every class referenced via `$c->get(X::class)`
inside a container registrar must itself be bound via
`$container->set(X::class, ...)` somewhere — in the same registrar,
in core/App/registerContainer.php, or in a module container
registrar.
Catches the bug pattern from cd2c9c5: a registrar's factory closure
pulled UserSettingsGateway via $c->get() but no matching ->set() ever
ran. Unit tests with mocked dependencies passed; the failure only
surfaced at runtime ("Service not bound: ...") when the affected
admin/settings/user-lifecycle page tried to construct the dashboard
service against the live container.
Implementation is purely static — token / regex parsing of registrar
files plus class_exists() / interface_exists() gating to avoid false
positives on non-class identifiers. No factory invocation, so the
test does not require DB / session / HTTP and is fast.
Verified by reverting the cd2c9c5 binding line in the working tree
and running the test — it produces the exact "UserSettingsGateway
referenced in core/App/Container/Registrars/UserRegistrar.php"
finding. Restored after the dry-run.
Allowlist starts with two framework-bootstrap classes (AppContainer,
ModuleRegistry) that are bound outside the registrar mechanism.
Each future addition needs an inline justification.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Seven translation keys were orphaned by the recent user-lifecycle
cockpit work (commits 144d841, cc2cf3a, 157eb18) and now have zero
callers in pages/, modules/, or core/:
* "Run lifecycle now" — was the <details>-summary title
* "Run user lifecycle now" — was the <details>-button label
* "This runs the lifecycle policy immediately and may deactivate or
delete users." — was the <details>-blockquote warning
* "User lifecycle logs" — was the embedded panel's title
* "Purge user lifecycle logs" — was the panel's purge-button label
* "Purge entries older than 365 days?" — was the panel's purge confirm
* "Lifecycle audit entry not found" — was the deleted view($id).php
flash key
The aside-actions partial uses different, still-active keys
("Run policy now", "Purge logs", "Run user lifecycle now?") so no
visible string lost. Removed from all four i18n files
(core + audit-module, de + en) so translation parity stays balanced
and the architecture-test "i18n parity" check stays green.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>