Move the entire audit subsystem (system audit, API audit, import audit, user lifecycle audit, frontend telemetry) from core into modules/audit/. Core decoupling via interface-based injection: - AuditRecorderInterface replaces SystemAuditService in 10+ core services - UserLifecycleAuditInterface / ImportAuditInterface for specialized flows - NullAuditRecorder fallback when audit module is disabled - ApiBootstrap/ApiResponse use null-safe callable resolvers Module structure (modules/audit/): - Manifest with routes, permissions, scheduler jobs, authorization policy - 9 services, 8 repositories, 6 domain enums, 4 job handlers - 33 page files, 4 JS files, 8 test files, migration scripts, i18n Core cleanup: - OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService surgically cleaned of audit-specific constants - Sidebar template cleared of hardcoded audit navigation - AuditModuleIsolationContractTest ensures no future core→module coupling All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5 clean, architecture contracts verified. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
49 lines
1.9 KiB
PHP
49 lines
1.9 KiB
PHP
<?php
|
|
|
|
use MintyPHP\Http\SessionStoreInterface;
|
|
use MintyPHP\Router;
|
|
use MintyPHP\Session;
|
|
use MintyPHP\Support\Flash;
|
|
use MintyPHP\Support\Guard;
|
|
|
|
$session = app(SessionStoreInterface::class)->all();
|
|
Guard::requireLogin();
|
|
Guard::requireAbility(\MintyPHP\Module\Audit\AuditAuthorizationPolicy::ABILITY_USER_LIFECYCLE_RESTORE);
|
|
|
|
$auditId = (int) ($id ?? 0);
|
|
$errorBag = formErrors();
|
|
|
|
if (strtoupper((string) (requestInput()->method())) !== 'POST') {
|
|
Router::redirect('admin/user-lifecycle-audit');
|
|
}
|
|
if (!Session::checkCsrfToken()) {
|
|
$errorBag->addGlobal(t('Form expired, please try again'));
|
|
flashFormErrors($errorBag, 'admin/user-lifecycle-audit', 'user_lifecycle_restore');
|
|
Router::redirect('admin/user-lifecycle-audit');
|
|
}
|
|
|
|
$result = app(\MintyPHP\Service\User\UserLifecycleRestoreService::class)->restoreFromLifecycleAudit(
|
|
$auditId,
|
|
(int) ($session['user']['id'] ?? 0)
|
|
);
|
|
|
|
if (!($result['ok'] ?? false)) {
|
|
$error = (string) ($result['error'] ?? 'restore_unexpected_error');
|
|
if ($error === 'restore_email_exists') {
|
|
$errorBag->addGlobal(t('Restore not possible: email already exists'));
|
|
} elseif ($error === 'restore_uuid_exists') {
|
|
$errorBag->addGlobal(t('Restore not possible: uuid already exists'));
|
|
} elseif ($error === 'snapshot_unavailable') {
|
|
$errorBag->addGlobal(t('Lifecycle snapshot unavailable'));
|
|
} elseif ($error === 'audit_event_already_restored') {
|
|
$errorBag->addGlobal(t('Lifecycle event was already restored'));
|
|
} else {
|
|
$errorBag->addGlobal(t('User restore failed'));
|
|
}
|
|
flashFormErrors($errorBag, "admin/user-lifecycle-audit/view/$auditId", 'user_lifecycle_restore');
|
|
Router::redirect("admin/user-lifecycle-audit/view/$auditId");
|
|
}
|
|
|
|
Flash::success(t('User restored'), "admin/user-lifecycle-audit/view/$auditId", 'user_restored');
|
|
Router::redirect("admin/user-lifecycle-audit/view/$auditId");
|