1
0

feat(user-lifecycle): cockpit foundation — KPI row + aside quick actions

Phase 1 of the Stripe-style policy-cockpit redesign for the user-lifecycle
settings page. Pure server-rendering — no async, no JS components, no
sparklines yet (those land in later phases).

Adds a four-tile KPI row above the configuration form (Last run,
Deactivated/30d, Deleted/30d, Pending deletion/7d), populates the
previously empty aside with three quick actions (Run policy now,
Purge logs, Policy reference link), and surfaces a relative-time +
status hint under the existing Run-Now collapsible.

Module-isolation is preserved through a new read-side contract:

* core/Service/Audit/UserLifecycleAuditDashboardInterface — read-only
  pendant to the existing write-side UserLifecycleAuditInterface.
  Methods: lastRun(), summaryByAction(int days), countActionInWindow(...).
* core/Service/Audit/NullUserLifecycleAuditDashboard — fail-closed
  default when the audit module is disabled. KPI tiles 1-3 then
  render "—"; tile 4 (pending deletion) keeps working because it
  lives in the core domain.
* modules/audit/.../Service/UserLifecycleAuditDashboardService — the
  module's implementation; reads through the existing
  UserLifecycleAuditRepository (extended with three new aggregation
  queries: lastRun, countByActionStatusSinceTimestamp, countSinceTimestamp).
* AuditContainerRegistrar binds the interface to the module impl;
  registerContainer.php registers the Null fallback before module
  bindings, mirroring how the write-side audit interface is wired.

The new core service UserLifecyclePolicyDashboardService computes
the pending-deletion-window count from the users table directly
(no audit dependency) — defensive when both policy days are 0
(returns 0 rather than running an unbounded query).

New shared template partial templates/partials/app-kpi-row.phtml is
generic — accepts a $kpiTiles array of {label, count, icon, iconTone,
href, tooltip} and reuses the existing app-tile primitive. Other
settings pages can pick it up without ceremony.

Includes:
* PHPUnit tests for both new services (happy path + Null-fallback +
  policy-disabled edge cases).
* AuditModuleIsolationContractTest allowlist extended for the new
  interface and module service.
* 14 new translation keys in both default_de.json and default_en.json
  (i18n parity verified).

All six quality gates green.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-26 20:36:28 +02:00
parent 004c25ac4b
commit cc2cf3a254
19 changed files with 656 additions and 3 deletions

View File

@@ -278,6 +278,92 @@ class UserLifecycleAuditRepository
return (int) $updated > 0;
}
/**
* Most recent system-triggered lifecycle run (any status), used by the policy dashboard tile.
*
* @return array{created_at:string,status:string,action:string}|null
*/
public function latestSystemRun(): ?array
{
$row = DB::selectOne(
'select created_at, status, action
from user_lifecycle_audit_log
where trigger_type = ?
order by created_at desc
limit 1',
UserLifecycleTriggerType::System->value
);
if (!is_array($row)) {
return null;
}
$item = $row['user_lifecycle_audit_log'] ?? $row;
if (!is_array($item) || !isset($item['created_at'])) {
return null;
}
return [
'created_at' => (string) $item['created_at'],
'status' => (string) ($item['status'] ?? ''),
'action' => (string) ($item['action'] ?? ''),
];
}
/**
* Count audit-log events for a single action+status within the last $days days (UTC).
*/
public function countActionInWindow(string $action, int $days, string $status): int
{
if ($days <= 0) {
return 0;
}
$value = DB::selectValue(
'select count(*)
from user_lifecycle_audit_log
where action = ?
and status = ?
and created_at >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL ? DAY)',
$action,
$status,
(string) $days
);
return (int) ($value ?? 0);
}
/**
* Map of action → count for the given status within the last $days days (UTC).
*
* @return array<string, int>
*/
public function sumByActionInWindow(int $days, string $status): array
{
if ($days <= 0) {
return [];
}
$rows = DB::select(
'select action, count(*) as cnt
from user_lifecycle_audit_log
where status = ?
and created_at >= DATE_SUB(UTC_TIMESTAMP(), INTERVAL ? DAY)
group by action',
$status,
(string) $days
);
$summary = [];
if (is_array($rows)) {
foreach ($rows as $row) {
$item = is_array($row) ? ($row['user_lifecycle_audit_log'] ?? $row) : null;
if (!is_array($item)) {
continue;
}
$action = trim((string) ($item['action'] ?? ''));
if ($action === '') {
continue;
}
$summary[$action] = (int) ($item['cnt'] ?? 0);
}
}
return $summary;
}
public function purgeOlderThanDays(int $days): int
{
if ($days <= 0) {