c429ff43cd
refactor: fix 7 CRUD system inconsistencies for robustness and maintainability
...
- Add user-assignment dependency check to DepartmentService.deleteByUuid (409 when users assigned)
- Standardize POST detection to isMethod('POST') in 10 create/edit actions
- Align RoleService code uniqueness to warning pattern (matching departments)
- Normalize repository create() return types from mixed to int|false (3 repos + 3 interfaces)
- Add JSON response branches to 4 non-user delete actions
- Document delete authorization ordering pattern
- Decompose AdminSettingsService.updateFromAdmin into domain-scoped private methods
Workflow: .agents/runs/CRUD-CONSISTENCY-001/
Reviewed by: Code Reviewer (pass), Security Reviewer (pass), Acceptance Tester (pass)
Quality gates: QG-001 PHPUnit pass, QG-002 PHPStan pass, QG-003 Architecture pass
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-22 18:25:33 +01:00
60c27e50cb
chore: snapshot notifications hardening and css/docs alignment
2026-03-20 00:05:03 +01:00
c7b8fd516a
feat: extend module platform with UI slots, runtime components, CLI tooling and {{userId}} search support
...
Completes the generic module platform that enables modules to contribute
UI elements, runtime JS components, and search resources without any
core hardcoding.
New generic UI slot types:
- topbar.right_item: module-contributed topbar buttons
- layout.body_end_template: module-contributed dialog/overlay templates
- layout.head_style: module-contributed global CSS
- runtime.component: declarative JS component registration with phase ordering
New infrastructure:
- ModuleAutoloader: PSR-4 autoloading for module-local PHP classes
- ModuleRuntimePageBuilder: symlinks module pages into runtime directory
- ModuleRuntimeAssetPublisher: publishes module CSS/JS to web/modules/
- ModulePermissionSynchronizer: syncs module permissions to DB
- CLI scripts: module-runtime-sync, module-build, module-migrate,
module-permissions-sync, module-assets-sync
- {{userId}} placeholder in SearchDataService for user-scoped search queries
- Component runtime with phased initialization (early/default/late)
- AppContainer.protectExistingBindings() to prevent module→core overwrites
- Architecture tests: ModuleStructureContractTest, CoreTemplateIsolationTest,
FrontendComponentRuntimeContractTest, AppContainerIsolationContractTest
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-18 22:19:56 +01:00
aaea038619
assign role roles
2026-03-13 21:11:48 +01:00
010690de19
refactor(actions): deduplicate audit metadata and grid user count enrichment
2026-03-13 12:05:11 +01:00
892da0048d
refactor(arch): enforce gateway compliance and remove service-wrapping gateways
2026-03-13 11:31:33 +01:00
082fa4c9a5
empty states
2026-03-13 09:49:11 +01:00
277168f7e8
feat(admin): preserve list return target for back and close actions
2026-03-11 23:32:11 +01:00
fd90065048
fix(security): add CSRF protection to all POST endpoints + contract tests (B2)
...
CSRF guards added to 16 admin pages that previously accepted POST requests
without token verification (GR-SEC-001): departments, permissions, roles,
settings, tenants, users (create/edit/bulk/tokens), and lang switch.
New contract tests:
- PostEndpointCsrfContractTest: scans all pages/ for POST handlers and
verifies checkCsrfToken is present (API/data endpoints exempt).
- DatabaseUpdatesContractTest: validates db/updates/ scripts follow naming
convention and use idempotent SQL patterns (GR-CORE-010).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-10 15:40:07 +01:00
205da203cc
refactor(pages): replace superglobals with request/session abstractions
2026-03-06 11:28:22 +01:00
8f4dd5840d
major update
2026-03-04 15:56:58 +01:00
16759a2732
weitere updates für instanzierbarkeit und sauberes testing
2026-02-24 08:49:40 +01:00
99db252f60
instances added god may help
2026-02-23 12:58:19 +01:00
25370a1a55
add composer-unused, comprehensive docs, and project restructure
...
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-22 15:27:35 +01:00
3eb9cc0ac4
big restructure
2026-02-11 19:28:12 +01:00
cd59ccd99b
baseline
2026-02-04 23:31:53 +01:00