Phase 1 of the Stripe-style policy-cockpit redesign for the user-lifecycle
settings page. Pure server-rendering — no async, no JS components, no
sparklines yet (those land in later phases).
Adds a four-tile KPI row above the configuration form (Last run,
Deactivated/30d, Deleted/30d, Pending deletion/7d), populates the
previously empty aside with three quick actions (Run policy now,
Purge logs, Policy reference link), and surfaces a relative-time +
status hint under the existing Run-Now collapsible.
Module-isolation is preserved through a new read-side contract:
* core/Service/Audit/UserLifecycleAuditDashboardInterface — read-only
pendant to the existing write-side UserLifecycleAuditInterface.
Methods: lastRun(), summaryByAction(int days), countActionInWindow(...).
* core/Service/Audit/NullUserLifecycleAuditDashboard — fail-closed
default when the audit module is disabled. KPI tiles 1-3 then
render "—"; tile 4 (pending deletion) keeps working because it
lives in the core domain.
* modules/audit/.../Service/UserLifecycleAuditDashboardService — the
module's implementation; reads through the existing
UserLifecycleAuditRepository (extended with three new aggregation
queries: lastRun, countByActionStatusSinceTimestamp, countSinceTimestamp).
* AuditContainerRegistrar binds the interface to the module impl;
registerContainer.php registers the Null fallback before module
bindings, mirroring how the write-side audit interface is wired.
The new core service UserLifecyclePolicyDashboardService computes
the pending-deletion-window count from the users table directly
(no audit dependency) — defensive when both policy days are 0
(returns 0 rather than running an unbounded query).
New shared template partial templates/partials/app-kpi-row.phtml is
generic — accepts a $kpiTiles array of {label, count, icon, iconTone,
href, tooltip} and reuses the existing app-tile primitive. Other
settings pages can pick it up without ceremony.
Includes:
* PHPUnit tests for both new services (happy path + Null-fallback +
policy-disabled edge cases).
* AuditModuleIsolationContractTest allowlist extended for the new
interface and module service.
* 14 new translation keys in both default_de.json and default_en.json
(i18n parity verified).
All six quality gates green.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
126 lines
7.5 KiB
PHP
126 lines
7.5 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Module\Audit;
|
|
|
|
use MintyPHP\App\AppContainer;
|
|
use MintyPHP\App\Container\ContainerRegistrar;
|
|
use MintyPHP\Http\RequestRuntimeInterface;
|
|
use MintyPHP\Http\SessionStoreInterface;
|
|
use MintyPHP\Module\Audit\Handler\ApiAuditPurgeJobHandler;
|
|
use MintyPHP\Module\Audit\Handler\ImportAuditPurgeJobHandler;
|
|
use MintyPHP\Module\Audit\Handler\SystemAuditPurgeJobHandler;
|
|
use MintyPHP\Module\Audit\Handler\UserLifecycleAuditPurgeJobHandler;
|
|
use MintyPHP\Module\Audit\Http\ApiSystemAuditReporter;
|
|
use MintyPHP\Service\Audit\ApiAuditServiceInterface;
|
|
use MintyPHP\Service\Audit\ApiSystemAuditReporterInterface;
|
|
use MintyPHP\Module\Audit\Providers\AuditLayoutProvider;
|
|
use MintyPHP\Module\Audit\Repository\ApiAuditLogRepository;
|
|
use MintyPHP\Module\Audit\Repository\ImportAuditRunRepository;
|
|
use MintyPHP\Module\Audit\Repository\SystemAuditLogRepository;
|
|
use MintyPHP\Module\Audit\Repository\UserLifecycleAuditRepository;
|
|
use MintyPHP\Module\Audit\Service\ApiAuditService;
|
|
use MintyPHP\Module\Audit\Service\AuditMetadataEnricher;
|
|
use MintyPHP\Module\Audit\Service\FrontendTelemetryIngestService;
|
|
use MintyPHP\Module\Audit\Service\ImportAuditService;
|
|
use MintyPHP\Module\Audit\Service\SystemAuditRedactionService;
|
|
use MintyPHP\Module\Audit\Service\SystemAuditRowPresenter;
|
|
use MintyPHP\Module\Audit\Service\SystemAuditService;
|
|
use MintyPHP\Module\Audit\Service\UserLifecycleAuditDashboardService;
|
|
use MintyPHP\Module\Audit\Service\UserLifecycleAuditService;
|
|
use MintyPHP\Repository\User\UserReadRepository;
|
|
use MintyPHP\Service\Access\PermissionService;
|
|
use MintyPHP\Service\Audit\AuditMetadataEnricherInterface;
|
|
use MintyPHP\Service\Audit\AuditRecorderInterface;
|
|
use MintyPHP\Service\Audit\ImportAuditInterface;
|
|
use MintyPHP\Service\Audit\UserLifecycleAuditDashboardInterface;
|
|
use MintyPHP\Service\Audit\UserLifecycleAuditInterface;
|
|
use MintyPHP\Service\Security\RateLimiterService;
|
|
use MintyPHP\Service\Settings\SettingsFrontendTelemetryGateway;
|
|
use MintyPHP\Service\Settings\SettingsSystemAuditGateway;
|
|
|
|
final class AuditContainerRegistrar implements ContainerRegistrar
|
|
{
|
|
public function register(AppContainer $container): void
|
|
{
|
|
// Repositories
|
|
$container->set(SystemAuditLogRepository::class, static fn (): SystemAuditLogRepository => new SystemAuditLogRepository());
|
|
$container->set(ApiAuditLogRepository::class, static fn (): ApiAuditLogRepository => new ApiAuditLogRepository());
|
|
$container->set(UserLifecycleAuditRepository::class, static fn (): UserLifecycleAuditRepository => new UserLifecycleAuditRepository());
|
|
$container->set(ImportAuditRunRepository::class, static fn (): ImportAuditRunRepository => new ImportAuditRunRepository());
|
|
|
|
// Redaction
|
|
$container->set(SystemAuditRedactionService::class, static fn (): SystemAuditRedactionService => new SystemAuditRedactionService());
|
|
$container->set(SystemAuditRowPresenter::class, static fn (): SystemAuditRowPresenter => new SystemAuditRowPresenter());
|
|
|
|
// Concrete audit services
|
|
$container->set(SystemAuditService::class, static fn (AppContainer $c): SystemAuditService => new SystemAuditService(
|
|
$c->get(SystemAuditLogRepository::class),
|
|
$c->get(SystemAuditRedactionService::class),
|
|
$c->get(SettingsSystemAuditGateway::class),
|
|
$c->get(SessionStoreInterface::class)
|
|
));
|
|
$container->set(ApiAuditService::class, static fn (AppContainer $c): ApiAuditService => new ApiAuditService(
|
|
$c->get(ApiAuditLogRepository::class),
|
|
$c->get(RequestRuntimeInterface::class)
|
|
));
|
|
$container->set(UserLifecycleAuditService::class, static fn (AppContainer $c): UserLifecycleAuditService => new UserLifecycleAuditService(
|
|
$c->get(UserLifecycleAuditRepository::class)
|
|
));
|
|
$container->set(UserLifecycleAuditDashboardService::class, static fn (AppContainer $c): UserLifecycleAuditDashboardService => new UserLifecycleAuditDashboardService(
|
|
$c->get(UserLifecycleAuditRepository::class)
|
|
));
|
|
$container->set(ImportAuditService::class, static fn (AppContainer $c): ImportAuditService => new ImportAuditService(
|
|
$c->get(ImportAuditRunRepository::class)
|
|
));
|
|
|
|
// Core interface bindings — override null implementations
|
|
$container->set(AuditRecorderInterface::class, static fn (AppContainer $c): AuditRecorderInterface => $c->get(SystemAuditService::class));
|
|
$container->set(UserLifecycleAuditInterface::class, static fn (AppContainer $c): UserLifecycleAuditInterface => $c->get(UserLifecycleAuditService::class));
|
|
$container->set(UserLifecycleAuditDashboardInterface::class, static fn (AppContainer $c): UserLifecycleAuditDashboardInterface => $c->get(UserLifecycleAuditDashboardService::class));
|
|
$container->set(ImportAuditInterface::class, static fn (AppContainer $c): ImportAuditInterface => $c->get(ImportAuditService::class));
|
|
$container->set(ApiAuditServiceInterface::class, static fn (AppContainer $c): ApiAuditServiceInterface => $c->get(ApiAuditService::class));
|
|
$container->set(ApiSystemAuditReporterInterface::class, static fn (AppContainer $c): ApiSystemAuditReporterInterface => $c->get(ApiSystemAuditReporter::class));
|
|
|
|
// Frontend telemetry
|
|
$container->set(FrontendTelemetryIngestService::class, static fn (AppContainer $c): FrontendTelemetryIngestService => new FrontendTelemetryIngestService(
|
|
$c->get(SystemAuditService::class),
|
|
$c->get(SettingsFrontendTelemetryGateway::class),
|
|
$c->get(RateLimiterService::class),
|
|
$c->get(SessionStoreInterface::class)
|
|
));
|
|
|
|
// API system audit reporter
|
|
$container->set(ApiSystemAuditReporter::class, static fn (AppContainer $c): ApiSystemAuditReporter => new ApiSystemAuditReporter(
|
|
$c->get(SystemAuditService::class)
|
|
));
|
|
|
|
// Metadata enricher
|
|
$container->set(AuditMetadataEnricher::class, static fn (AppContainer $c): AuditMetadataEnricher => new AuditMetadataEnricher(
|
|
$c->get(UserReadRepository::class)
|
|
));
|
|
$container->set(AuditMetadataEnricherInterface::class, static fn (AppContainer $c): AuditMetadataEnricherInterface => $c->get(AuditMetadataEnricher::class));
|
|
|
|
// Authorization policy
|
|
$container->set(AuditAuthorizationPolicy::class, static fn (AppContainer $c): AuditAuthorizationPolicy => new AuditAuthorizationPolicy(
|
|
$c->get(PermissionService::class)
|
|
));
|
|
|
|
// Scheduler job handlers
|
|
$container->set(SystemAuditPurgeJobHandler::class, static fn (AppContainer $c): SystemAuditPurgeJobHandler => new SystemAuditPurgeJobHandler(
|
|
$c->get(SystemAuditService::class)
|
|
));
|
|
$container->set(ApiAuditPurgeJobHandler::class, static fn (AppContainer $c): ApiAuditPurgeJobHandler => new ApiAuditPurgeJobHandler(
|
|
$c->get(ApiAuditService::class)
|
|
));
|
|
$container->set(ImportAuditPurgeJobHandler::class, static fn (AppContainer $c): ImportAuditPurgeJobHandler => new ImportAuditPurgeJobHandler(
|
|
$c->get(ImportAuditService::class)
|
|
));
|
|
$container->set(UserLifecycleAuditPurgeJobHandler::class, static fn (AppContainer $c): UserLifecycleAuditPurgeJobHandler => new UserLifecycleAuditPurgeJobHandler(
|
|
$c->get(UserLifecycleAuditService::class)
|
|
));
|
|
|
|
// Layout provider
|
|
$container->set(AuditLayoutProvider::class, static fn (AppContainer $c): AuditLayoutProvider => new AuditLayoutProvider());
|
|
}
|
|
}
|