diff --git a/README.md b/README.md index d0ab311..64c4de4 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,28 @@ Standard-Demo-User: - Abteilung: `Musterabteilung` - Rollen: `Admin`, `User` +Initiale DB-Settings (Seed): + +- `app_title` -> `CoreCore` +- `app_locale` -> `de` +- `app_theme` -> `light` +- `app_theme_user` -> `1` +- `app_registration` -> `1` (aktiv) +- `app_primary_color` -> `#105433` +- `api_token_default_ttl_days` -> `90` +- `api_token_max_ttl_days` -> `365` +- `api_cors_allowed_origins` -> `http://localhost:8080`, `http://127.0.0.1:8080` +- `session_idle_timeout_minutes` -> `30` +- `session_absolute_timeout_hours` -> `8` +- `user_inactivity_deactivate_days` -> `180` +- `user_inactivity_delete_days` -> `365` +- `default_tenant_id` -> `MusterMandant` +- `default_department_id` -> Abteilungscode `MUSTER` (`Musterabteilung`) +- `default_role_id` -> Rolle `USER` (`User`) +- `frontend_telemetry_enabled` -> `1` +- `frontend_telemetry_sample_rate` -> `0.2` +- `frontend_telemetry_allowed_events` -> `ajax_error,warn_once` + ## Projektstruktur - `/config` Konfiguration (Routen, Settings, Themes, Assets) diff --git a/db/init/init.sql b/db/init/init.sql index e08c787..ee9b516 100644 --- a/db/init/init.sql +++ b/db/init/init.sql @@ -938,13 +938,56 @@ JOIN permissions p ON p.`key` IN ('users.self_update', 'address_book.view') WHERE r.code = 'USER' OR r.description = 'User' ON DUPLICATE KEY UPDATE role_id = role_id; +INSERT INTO `settings` (`key`, `value`, `description`) +SELECT 'default_tenant_id', CAST(t.id AS CHAR), 'setting.default_tenant' +FROM tenants t +WHERE t.description = 'MusterMandant' +LIMIT 1 +ON DUPLICATE KEY UPDATE + `key` = `key`; + +INSERT INTO `settings` (`key`, `value`, `description`) +SELECT 'default_department_id', CAST(d.id AS CHAR), 'setting.default_department' +FROM departments d +JOIN tenants t ON t.id = d.tenant_id +WHERE d.code = 'MUSTER' + AND t.description = 'MusterMandant' +LIMIT 1 +ON DUPLICATE KEY UPDATE + `key` = `key`; + +INSERT INTO `settings` (`key`, `value`, `description`) +SELECT 'default_role_id', CAST(r.id AS CHAR), 'setting.default_role' +FROM roles r +WHERE r.code = 'USER' +LIMIT 1 +ON DUPLICATE KEY UPDATE + `key` = `key`; + +INSERT INTO `settings` (`key`, `value`, `description`) +SELECT 'api_cors_allowed_origins', CONCAT('http://localhost:8080', CHAR(10), 'http://127.0.0.1:8080'), 'setting.api_cors_allowed_origins' +ON DUPLICATE KEY UPDATE + `key` = `key`; + INSERT INTO `settings` (`key`, `value`, `description`) VALUES + ('app_title', 'CoreCore', 'setting.app_title'), + ('app_locale', 'de', 'setting.app_locale'), + ('app_theme', 'light', 'setting.app_theme'), + ('app_theme_user', '1', 'setting.app_theme_user'), + ('app_registration', '1', 'setting.app_registration'), + ('app_primary_color', '#105433', 'setting.app_primary_color'), + ('api_token_default_ttl_days', '90', 'setting.api_token_default_ttl_days'), + ('api_token_max_ttl_days', '365', 'setting.api_token_max_ttl_days'), + ('session_idle_timeout_minutes', '30', 'setting.session_idle_timeout_minutes'), + ('session_absolute_timeout_hours', '8', 'setting.session_absolute_timeout_hours'), + ('user_inactivity_deactivate_days', '180', 'setting.user_inactivity_deactivate_days'), + ('user_inactivity_delete_days', '365', 'setting.user_inactivity_delete_days'), ('system_audit_enabled', '1', 'setting.system_audit_enabled'), ('system_audit_retention_days', '365', 'setting.system_audit_retention_days'), - ('frontend_telemetry_enabled', '0', 'setting.frontend_telemetry_enabled'), + ('frontend_telemetry_enabled', '1', 'setting.frontend_telemetry_enabled'), ('frontend_telemetry_sample_rate', '0.2', 'setting.frontend_telemetry_sample_rate'), - ('frontend_telemetry_allowed_events', 'warn_once,ajax_error', 'setting.frontend_telemetry_allowed_events'), + ('frontend_telemetry_allowed_events', 'ajax_error,warn_once', 'setting.frontend_telemetry_allowed_events'), ('microsoft_auto_remember_default', '0', 'setting.microsoft_auto_remember_default'), ('remember_token_lifetime_days', '30', 'setting.remember_token_lifetime_days') ON DUPLICATE KEY UPDATE diff --git a/docs/reference-konfiguration.md b/docs/reference-konfiguration.md index 26e50bb..d1854f6 100644 --- a/docs/reference-konfiguration.md +++ b/docs/reference-konfiguration.md @@ -90,6 +90,34 @@ Die Firewall begrenzt gleichzeitige Requests pro IP (Concurrency-Schutz). --- +## Initiale DB-Settings (Seed) + +Beim Fresh-Setup über `db/init/init.sql` werden zusätzlich folgende Settings in der DB vorbelegt: + +- `app_title` -> `CoreCore` +- `default_tenant_id` -> Seed-Mandant `MusterMandant` +- `default_department_id` -> Seed-Abteilung mit Code `MUSTER` +- `default_role_id` -> Seed-Rolle mit Code `USER` +- `app_locale` -> `de` +- `app_theme` -> `light` +- `app_theme_user` -> `1` +- `app_registration` -> `1` (Self-Registration aktiviert) +- `app_primary_color` -> `#105433` +- `api_token_default_ttl_days` -> `90` +- `api_token_max_ttl_days` -> `365` +- `api_cors_allowed_origins` -> `http://localhost:8080`, `http://127.0.0.1:8080` +- `session_idle_timeout_minutes` -> `30` +- `session_absolute_timeout_hours` -> `8` +- `user_inactivity_deactivate_days` -> `180` +- `user_inactivity_delete_days` -> `365` +- `frontend_telemetry_enabled` -> `1` +- `frontend_telemetry_sample_rate` -> `0.2` +- `frontend_telemetry_allowed_events` -> `ajax_error,warn_once` + +Diese Defaults werden von Selbstregistrierung, Admin-Benutzeranlage und Import genutzt, wenn keine expliziten Zuordnungen gesetzt sind. + +--- + ## Produktions-Checkliste Folgende Variablen **müssen** vor Go-Live angepasst werden: diff --git a/pages/auth/forgot(login).phtml b/pages/auth/forgot(login).phtml index 18eb667..1868d1e 100644 --- a/pages/auth/forgot(login).phtml +++ b/pages/auth/forgot(login).phtml @@ -14,6 +14,7 @@ $authHelpContext = [ 'show_back_to_login' => true, 'show_support' => true, ]; +$authLogoHref = lurl('login'); ?>
diff --git a/pages/auth/login(login).phtml b/pages/auth/login(login).phtml index cd1f22c..ca384be 100644 --- a/pages/auth/login(login).phtml +++ b/pages/auth/login(login).phtml @@ -33,6 +33,7 @@ $selectedTenantInitial = strtoupper(substr($selectedTenantLabel, 0, 1)); if ($selectedTenantInitial === '') { $selectedTenantInitial = '?'; } +$canSwitchTenant = count($tenantCandidates) > 1; $errors = is_array($errors ?? null) ? $errors : []; $errorNoticeId = $errors ? 'auth-login-error-notice' : ''; $loginHeading = t('Login'); @@ -53,6 +54,10 @@ if ($stage === 'resolve_email') { 'show_support' => true, ]; } +$authLogoHref = lurl('login'); +if ($tenantHint !== '') { + $authLogoHref .= '?tenant=' . rawurlencode($tenantHint); +} ?> @@ -140,25 +145,30 @@ if ($stage === 'resolve_email') { -
-
+
+ + + + + +
+ +
diff --git a/pages/auth/register(login).phtml b/pages/auth/register(login).phtml index 9beebcb..92419d8 100644 --- a/pages/auth/register(login).phtml +++ b/pages/auth/register(login).phtml @@ -21,6 +21,7 @@ $authHelpContext = [ 'show_back_to_login' => true, 'show_support' => true, ]; +$authLogoHref = lurl('login'); ?>