Files
breadcrumb-the-shire/core/App/registerContainer.php
fs cc2cf3a254 feat(user-lifecycle): cockpit foundation — KPI row + aside quick actions
Phase 1 of the Stripe-style policy-cockpit redesign for the user-lifecycle
settings page. Pure server-rendering — no async, no JS components, no
sparklines yet (those land in later phases).

Adds a four-tile KPI row above the configuration form (Last run,
Deactivated/30d, Deleted/30d, Pending deletion/7d), populates the
previously empty aside with three quick actions (Run policy now,
Purge logs, Policy reference link), and surfaces a relative-time +
status hint under the existing Run-Now collapsible.

Module-isolation is preserved through a new read-side contract:

* core/Service/Audit/UserLifecycleAuditDashboardInterface — read-only
  pendant to the existing write-side UserLifecycleAuditInterface.
  Methods: lastRun(), summaryByAction(int days), countActionInWindow(...).
* core/Service/Audit/NullUserLifecycleAuditDashboard — fail-closed
  default when the audit module is disabled. KPI tiles 1-3 then
  render "—"; tile 4 (pending deletion) keeps working because it
  lives in the core domain.
* modules/audit/.../Service/UserLifecycleAuditDashboardService — the
  module's implementation; reads through the existing
  UserLifecycleAuditRepository (extended with three new aggregation
  queries: lastRun, countByActionStatusSinceTimestamp, countSinceTimestamp).
* AuditContainerRegistrar binds the interface to the module impl;
  registerContainer.php registers the Null fallback before module
  bindings, mirroring how the write-side audit interface is wired.

The new core service UserLifecyclePolicyDashboardService computes
the pending-deletion-window count from the users table directly
(no audit dependency) — defensive when both policy days are 0
(returns 0 rather than running an unbounded query).

New shared template partial templates/partials/app-kpi-row.phtml is
generic — accepts a $kpiTiles array of {label, count, icon, iconTone,
href, tooltip} and reuses the existing app-tile primitive. Other
settings pages can pick it up without ceremony.

Includes:
* PHPUnit tests for both new services (happy path + Null-fallback +
  policy-disabled edge cases).
* AuditModuleIsolationContractTest allowlist extended for the new
  interface and module service.
* 14 new translation keys in both default_de.json and default_en.json
  (i18n parity verified).

All six quality gates green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-26 20:36:28 +02:00

107 lines
5.2 KiB
PHP

<?php
use MintyPHP\App\AppContainer;
use MintyPHP\App\Container\ContainerRegistrar;
use MintyPHP\App\Container\Registrars\AccessRegistrar;
use MintyPHP\App\Container\Registrars\AppServicesRegistrar;
use MintyPHP\App\Container\Registrars\AuthRegistrar;
use MintyPHP\App\Container\Registrars\DirectoryRegistrar;
use MintyPHP\App\Container\Registrars\RepositoryFactoryRegistrar;
use MintyPHP\App\Container\Registrars\ServiceFactoryRegistrar;
use MintyPHP\App\Container\Registrars\SettingsRegistrar;
use MintyPHP\App\Container\Registrars\UserRegistrar;
use MintyPHP\App\Module\ModuleEventDispatcher;
use MintyPHP\App\Module\ModuleRegistry;
use MintyPHP\Service\Audit\ApiAuditServiceInterface;
use MintyPHP\Service\Audit\ApiSystemAuditReporterInterface;
use MintyPHP\Service\Audit\AuditMetadataEnricherInterface;
use MintyPHP\Service\Audit\AuditRecorderInterface;
use MintyPHP\Service\Audit\ImportAuditInterface;
use MintyPHP\Service\Audit\NullApiAuditService;
use MintyPHP\Service\Audit\NullApiSystemAuditReporter;
use MintyPHP\Service\Audit\NullAuditMetadataEnricher;
use MintyPHP\Service\Audit\NullAuditRecorder;
use MintyPHP\Service\Audit\NullImportAudit;
use MintyPHP\Service\Audit\NullUserLifecycleAudit;
use MintyPHP\Service\Audit\NullUserLifecycleAuditDashboard;
use MintyPHP\Service\Audit\UserLifecycleAuditDashboardInterface;
use MintyPHP\Service\Audit\UserLifecycleAuditInterface;
$container = new AppContainer();
// Order matters: RepositoryFactoryRegistrar and ServiceFactoryRegistrar must run first
// because later registrars pull concrete services from those factories.
$registrars = [
new RepositoryFactoryRegistrar(), // raw repository factories (no deps)
new ServiceFactoryRegistrar(), // service factories wired with their repo/gateway deps
new AccessRegistrar(), // RBAC: permissions, roles, authorization
new AuthRegistrar(), // authentication, SSO, tokens
new DirectoryRegistrar(), // tenants, departments, scope
new UserRegistrar(), // user services and repositories
new SettingsRegistrar(), // settings, branding
new AppServicesRegistrar(), // leaf services (stats, search, mail, scheduler, ...)
];
foreach ($registrars as $registrar) {
$registrar->register($container);
}
// ── Module registrars (run after all Core registrars) ────────────────
// Module registrars MUST NOT overwrite existing container keys.
// The ModuleRegistry is stored in the container for downstream access.
$modulesConfig = is_file(__DIR__ . '/../../config/modules.php')
? (array) require __DIR__ . '/../../config/modules.php'
: [];
$enabledModules = ModuleRegistry::resolveEnabledModules($modulesConfig);
$modulesDir = dirname(__DIR__, 2) . '/modules';
$moduleRegistry = ModuleRegistry::boot($modulesDir, $enabledModules);
$container->set(ModuleRegistry::class, static fn (): ModuleRegistry => $moduleRegistry);
$container->set(ModuleEventDispatcher::class, static fn () => new ModuleEventDispatcher(
$moduleRegistry->getEventListeners(),
$container,
$container->has(AuditRecorderInterface::class) ? $container->get(AuditRecorderInterface::class) : null
));
// Disallow overriding existing core bindings from module registrars.
$container->protectExistingBindings();
foreach ($moduleRegistry->getContainerRegistrars() as $registrarClass) {
if (!class_exists($registrarClass)) {
throw new RuntimeException("Module container registrar class not found: {$registrarClass}");
}
$registrarInstance = new $registrarClass();
if (!$registrarInstance instanceof ContainerRegistrar) {
throw new RuntimeException(
"Module container registrar '{$registrarClass}' must implement " . ContainerRegistrar::class
);
}
$registrarInstance->register($container);
}
// ── Audit interface fallbacks (null implementations when audit module is disabled) ──
if (!$container->has(AuditRecorderInterface::class)) {
$container->set(AuditRecorderInterface::class, static fn (): AuditRecorderInterface => new NullAuditRecorder());
}
if (!$container->has(UserLifecycleAuditInterface::class)) {
$container->set(UserLifecycleAuditInterface::class, static fn (): UserLifecycleAuditInterface => new NullUserLifecycleAudit());
}
if (!$container->has(UserLifecycleAuditDashboardInterface::class)) {
$container->set(UserLifecycleAuditDashboardInterface::class, static fn (): UserLifecycleAuditDashboardInterface => new NullUserLifecycleAuditDashboard());
}
if (!$container->has(ImportAuditInterface::class)) {
$container->set(ImportAuditInterface::class, static fn (): ImportAuditInterface => new NullImportAudit());
}
if (!$container->has(AuditMetadataEnricherInterface::class)) {
$container->set(AuditMetadataEnricherInterface::class, static fn (): AuditMetadataEnricherInterface => new NullAuditMetadataEnricher());
}
if (!$container->has(ApiAuditServiceInterface::class)) {
$container->set(ApiAuditServiceInterface::class, static fn (): ApiAuditServiceInterface => new NullApiAuditService());
}
if (!$container->has(ApiSystemAuditReporterInterface::class)) {
$container->set(ApiSystemAuditReporterInterface::class, static fn (): ApiSystemAuditReporterInterface => new NullApiSystemAuditReporter());
}
return $container;