1
0
Files
breadcrumb-the-shire/lib/Service/User/UserLifecycleService.php

188 lines
6.8 KiB
PHP
Raw Normal View History

<?php
namespace MintyPHP\Service\User;
2026-03-04 15:56:58 +01:00
use MintyPHP\Repository\Support\DatabaseSessionRepository;
use MintyPHP\Repository\Support\RepoQuery;
2026-02-23 12:58:19 +01:00
use MintyPHP\Repository\User\UserReadRepository;
use MintyPHP\Repository\User\UserWriteRepository;
use MintyPHP\Service\Access\PermissionService;
use MintyPHP\Service\Audit\UserLifecycleAuditService;
class UserLifecycleService
{
private const LOCK_NAME = 'user_lifecycle_maintenance';
private const BATCH_SIZE = 500;
2026-02-23 12:58:19 +01:00
public function __construct(
private readonly UserReadRepository $userReadRepository,
private readonly UserWriteRepository $userWriteRepository,
private readonly UserSettingsGateway $settingsGateway,
2026-03-04 15:56:58 +01:00
private readonly UserLifecycleAuditService $userLifecycleAuditService,
private readonly DatabaseSessionRepository $databaseSessionRepository
2026-02-23 12:58:19 +01:00
) {
}
public function run(?int $actorUserId = null): array
{
$startedAt = microtime(true);
$runUuid = RepoQuery::uuidV4();
$triggerType = ($actorUserId ?? 0) > 0 ? 'manual' : 'cron';
2026-02-23 12:58:19 +01:00
$deactivateDays = $this->settingsGateway->getUserInactivityDeactivateDays();
$deleteDays = $this->settingsGateway->getUserInactivityDeleteDays();
if ($deactivateDays <= 0) {
$deleteDays = 0;
}
2026-02-23 12:58:19 +01:00
$privilegedUserIds = $this->userReadRepository->listPrivilegedUserIdsByPermissionKeys([
PermissionService::SETTINGS_UPDATE,
PermissionService::TENANTS_UPDATE,
]);
$result = [
'ok' => true,
'locked' => false,
'error' => null,
'run_uuid' => $runUuid,
'deactivated_count' => 0,
'deleted_count' => 0,
'skipped_count' => 0,
'skipped_privileged_count' => count($privilegedUserIds),
'policy' => [
'deactivate_days' => $deactivateDays,
'delete_days' => $deleteDays,
],
'duration_ms' => 0,
];
2026-02-23 12:58:19 +01:00
if (!$this->acquireLock()) {
$result['ok'] = false;
$result['locked'] = true;
$result['error'] = 'lock_not_acquired';
2026-02-23 12:58:19 +01:00
$result['duration_ms'] = $this->durationMs($startedAt);
return $result;
}
try {
if ($deactivateDays > 0) {
while (true) {
2026-02-23 12:58:19 +01:00
$ids = $this->userReadRepository->listIdsForAutoDeactivate($deactivateDays, $privilegedUserIds, self::BATCH_SIZE);
if (!$ids) {
break;
}
$usersById = [];
foreach ($ids as $id) {
2026-02-23 12:58:19 +01:00
$user = $this->userReadRepository->find((int) $id);
if ($user) {
$usersById[(int) $id] = $user;
}
}
2026-02-23 12:58:19 +01:00
$updated = $this->userWriteRepository->setInactiveByIds(
$ids,
$actorUserId && $actorUserId > 0 ? $actorUserId : null
);
if ($updated <= 0) {
$result['ok'] = false;
$result['error'] = 'deactivate_failed';
break;
}
$result['deactivated_count'] += $updated;
2026-02-23 12:58:19 +01:00
$this->userWriteRepository->bumpAuthzVersionByUserIds($ids);
foreach ($ids as $id) {
if (!isset($usersById[(int) $id])) {
continue;
}
2026-02-23 12:58:19 +01:00
$this->userLifecycleAuditService->logDeactivate(
$runUuid,
$triggerType,
$result['policy'],
$actorUserId,
$usersById[(int) $id],
'success',
null
);
}
if (count($ids) < self::BATCH_SIZE) {
break;
}
}
}
if ($deleteDays > 0) {
while (true) {
2026-02-23 12:58:19 +01:00
$ids = $this->userReadRepository->listIdsForAutoDelete($deleteDays, $privilegedUserIds, self::BATCH_SIZE);
if (!$ids) {
break;
}
foreach ($ids as $id) {
2026-02-23 12:58:19 +01:00
$user = $this->userReadRepository->find((int) $id);
if (!$user) {
continue;
}
2026-02-23 12:58:19 +01:00
$auditId = $this->userLifecycleAuditService->logDeleteWithSnapshot(
$runUuid,
$triggerType,
$result['policy'],
$actorUserId,
$user
);
if (!$auditId) {
$result['skipped_count']++;
2026-02-23 12:58:19 +01:00
$this->userLifecycleAuditService->logDeleteFailure(
$runUuid,
$triggerType,
$result['policy'],
$actorUserId,
$user,
'audit_snapshot_failed'
);
continue;
}
2026-02-23 12:58:19 +01:00
$deleted = $this->userWriteRepository->deleteByIds([(int) $id]);
if ($deleted <= 0) {
$result['skipped_count']++;
2026-02-23 12:58:19 +01:00
$this->userLifecycleAuditService->updateStatus((int) $auditId, 'failed', 'delete_failed');
continue;
}
$result['deleted_count'] += $deleted;
}
if (count($ids) < self::BATCH_SIZE) {
break;
}
}
}
} catch (\Throwable $exception) {
$result['ok'] = false;
$result['error'] = 'unexpected_error';
} finally {
2026-02-23 12:58:19 +01:00
$this->releaseLock();
$result['duration_ms'] = $this->durationMs($startedAt);
}
return $result;
}
2026-02-23 12:58:19 +01:00
private function acquireLock(): bool
{
2026-03-04 15:56:58 +01:00
return $this->databaseSessionRepository->acquireAdvisoryLock(self::LOCK_NAME, 0);
}
2026-02-23 12:58:19 +01:00
private function releaseLock(): void
{
try {
2026-03-04 15:56:58 +01:00
$this->databaseSessionRepository->releaseAdvisoryLock(self::LOCK_NAME);
} catch (\Throwable $exception) {
// no-op
}
}
2026-02-23 12:58:19 +01:00
private function durationMs(float $startedAt): int
{
return (int) max(0, round((microtime(true) - $startedAt) * 1000));
}
}