Files
fs b2982bdac7 feat(ui): token-select primitive for large multi-selects
Adds tokenSelectForm() in core/Support/helpers/ui.php: an inline
typeahead combobox + flat alphabetical removable list, designed for
selections that outgrow the chip-header of the vendor MultiSelect
(roles, permissions, and similar admin pickers).

Contract:
- Hidden <select multiple name="<name>[]"> is the form submission source —
  consumers read via $request->body() verbatim, no parsing
- Items are ['id' => int, <labelKey> => string, 'key' => string?]
  where labelKeys default to ['description', 'label', 'name']; 'key' is
  an invisible fuzzy-match hint
- $labelOverrides lets callers swap emptyState / removeTooltip /
  noMatches / clearAll / countSuffix / errorMessage with domain copy
- $disabled renders pure-presentation list (no combobox, no remove)

Runtime:
- initTokenSelect in web/js/components/app-token-select.js is registered
  as 'token-select' in app-init.js; destroy()/cleanupFns contract
- Syncs the hidden <select> on every mutation and dispatches 'change'
  so dependent UI can react

Wired up: pages/admin/permissions/_form.phtml (assigned roles),
pages/admin/roles/_form.phtml (permissions + assignable roles).
Helper contract lives in tests/Support/Helpers/TokenSelectFormHelperTest.php;
runtime contract + entrypoint registration + host usage are enforced by
FrontendRuntime*ContractTest.php.

Coexists with multiSelectForm() — pick tokenSelectForm() when the
selected set can grow beyond ~10 items or typeahead is expected.
Docs in CLAUDE.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 23:52:32 +02:00

114 lines
4.2 KiB
PHTML

<?php
/**
* @var array $values
* @var string|null $formId
* @var bool $detailsOpenAll
* @var bool $isReadOnly
* @var array $roles
* @var array $selectedRoleIds
* @var bool $showDangerZone
* @var string|null $dangerZoneDeleteFormId
* @var string|null $dangerZoneWarning
* @var string|null $dangerZoneActionLabel
*/
use MintyPHP\Session;
$values = $values ?? [];
$formId = $formId ?? 'permission-form';
$detailsOpenAll = $detailsOpenAll ?? false;
$isReadOnly = $isReadOnly ?? false;
$roles = $roles ?? [];
$selectedRoleIds = $selectedRoleIds ?? [];
$showDangerZone = (bool) ($showDangerZone ?? false);
$dangerZoneDeleteFormId = (string) ($dangerZoneDeleteFormId ?? '');
$dangerZoneWarning = (string) ($dangerZoneWarning ?? t('This action cannot be undone.'));
$dangerZoneActionLabel = (string) ($dangerZoneActionLabel ?? t('Delete'));
$detailsOpenAttr = $detailsOpenAll ? 'open' : '';
$readonlyAttr = $isReadOnly ? 'readonly' : '';
$disabledAttr = $isReadOnly ? 'disabled' : '';
$keyReadonlyAttr = ($isReadOnly || !empty($values['is_system'])) ? 'readonly' : '';
?>
<form id="<?php e($formId); ?>" method="post" data-standard-detail-form="1">
<div class="app-tabs" data-tabs data-app-component="tabs" data-tabs-param="tab" data-tabs-storage-key="admin-permission-form"<?php if (!empty($ignoreTabStorage)) { echo ' data-tabs-ignore-storage'; } ?>>
<div class="app-tabs-nav">
<button type="button" data-tab="basic" data-tab-default><?php e(t('Master data')); ?></button>
<?php if ($roles): ?>
<button type="button" data-tab="roles"><?php e(t('Roles')); ?></button>
<?php endif; ?>
<button type="button" data-tab="visibility"><?php e(t('Visibility')); ?></button>
<?php if ($showDangerZone && $dangerZoneDeleteFormId !== ''): ?>
<button type="button" data-tab="danger"><?php e(t('Danger zone')); ?></button>
<?php endif; ?>
</div>
<div data-tab-panel="basic">
<div class="grid">
<label for="permission-description">
<span><?php e(t('Description')); ?></span>
<input type="text" name="description" id="permission-description"
value="<?php e($values['description'] ?? ''); ?>" <?php e($readonlyAttr); ?> />
</label>
<label for="permission-key">
<span><?php e(t('Permission key')); ?></span>
<input required type="text" name="key" id="permission-key" value="<?php e($values['key'] ?? ''); ?>" <?php e($keyReadonlyAttr); ?> />
</label>
</div>
</div>
<?php if ($roles): ?>
<div data-tab-panel="roles">
<?php tokenSelectForm(
'permission-roles',
'role_ids',
'Assigned roles',
'Search roles…',
$roles,
$selectedRoleIds,
$isReadOnly,
'description',
null,
[
'emptyState' => t('No roles selected'),
'removeTooltip' => t('Remove role'),
]
); ?>
</div>
<?php endif; ?>
<div data-tab-panel="visibility">
<?php
$statusFieldName = 'active';
$statusFieldId = 'permission-active';
$statusFieldValue = (string) ($values['active'] ?? '1');
require templatePath('partials/app-visibility-status-field.phtml');
?>
<fieldset>
<legend><small><?php e(t('System permission')); ?></small></legend>
<label class="app-field app-checkbox">
<?php $systemValue = (int) ($values['is_system'] ?? 0); ?>
<input type="checkbox" name="is_system" value="1" <?php if ($systemValue === 1) { ?>checked<?php } ?>
<?php e($disabledAttr); ?> />
<span><?php e(t('System permission')); ?></span>
</label>
<small class="muted"><?php e(t('System permissions are core and should rarely be disabled.')); ?></small>
</fieldset>
</div>
<?php if ($showDangerZone && $dangerZoneDeleteFormId !== ''): ?>
<div data-tab-panel="danger">
<?php
$dangerFormId = $dangerZoneDeleteFormId;
$dangerLegend = t('Delete');
$dangerWarning = $dangerZoneWarning;
$dangerButtonLabel = $dangerZoneActionLabel;
require templatePath('partials/app-danger-zone-delete-field.phtml');
?>
</div>
<?php endif; ?>
</div>
<?php Session::getCsrfInput(); ?>
</form>