1
0
Commit Graph

33 Commits

Author SHA1 Message Date
fs
f36b169f67 chore(seed): bake live test connections into init.sql + helpdesk migration
Fresh installs now come up with working dev test connections for
Microsoft SSO and Business Central without manual configuration:

- init.sql appends the live breadcrumb + icoreon tenants (idempotent
  by uuid), Felix as a 6th user with all five roles, the live
  departments, plus tenant_auth_microsoft (SSO enabled for
  breadcrumb), tenant_auth_ldap stubs, and the global Microsoft
  shared-app credentials. The MusterMandant demo seed is preserved
  as tenant 1.
- A new helpdesk migration 011 seeds the per-tenant BC connection
  rows in helpdesk_tenant_settings and the helpdesk.bc_* fallback
  settings — module-owned data stays in module migrations.
- .env.example sets APP_CRYPTO_KEY so the AES-256-GCM blobs in the
  seed (Microsoft client secret, BC basic auth passwords) actually
  decrypt out-of-the-box. Verified by decrypting all four blobs
  end-to-end through Crypto::decryptString.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 08:27:47 +02:00
fs
4b9ce4bbad Consolidate audit permissions to audit namespace 2026-04-24 14:46:38 +02:00
fs
149d4515de refactor(settings): remove global appearance settings — tenant is sole source
Removes the global app_theme, app_theme_user and app_primary_color settings
from the admin/settings area and the underlying service/cache/API/i18n/docs
layers. The tenant columns (tenants.primary_color, default_theme,
allow_user_theme) become the single source of truth for appearance.
Branding helpers are tenant-only and fall back to a hardcoded 'light' theme
with no brand color when no tenant context is available (login, error,
pre-session pages). The APP_THEME env var is removed.

Scope:
- UI: Appearance tab gone from /admin/settings; tenant edit form drops the
  global-fallback color preview.
- Service: SettingsAppGateway no longer exposes setting-backed accessors
  for theme/user-theme/primary-color. Theme catalog utilities (listThemes,
  isAllowedTheme, normalizeTheme, resolveDefaultTheme) stay and are used
  across Tenant / Auth / User flows; resolveDefaultTheme now hardcodes
  'light' with a catalog fallback (no global/env lookup).
- AdminSettingsService: buildPageData, sanitization, audit snapshot, apply
  step and cache payload are all stripped of the three keys. Dead helper
  applyAppPrimaryColor + normalizePrimaryColor removed.
- Cache: SettingCacheService HOT_PATH_KEYS drops the three keys.
- API: /settings (GET/PUT) and /settings/public (GET) no longer expose
  appearance fields; OpenAPI schemas pruned accordingly.
- Audit redaction list shortened.
- DB: db/init/init.sql seed rows removed. No migration for existing
  installs — legacy rows stay inert.
- i18n + docs: setting.app_theme, setting.app_theme_user,
  setting.app_primary_color removed from de+en locales; reference and
  explanation docs updated.
- Tests: covering tests for the removed methods pruned; ThemeResolutionTest
  rewritten for tenant-only semantics. One unrelated PHP-CS-Fixer issue in
  UserRegistrar.php cleaned up to keep QG-006 green.

Workflow: .agents/runs/SETTINGS-APPEARANCE-TENANT-ONLY/ (gitignored).
Gates: QG-001..003, QG-006, QG-008 all pass (1985 tests, 28764 assertions).
Reviews: code, security, acceptance all pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 22:40:15 +02:00
fs
da0abc824a feat(helpdesk): add software updates tracking with BC ticket integration
New Updates page in the Helpdesk module that fetches UPDATE/UPDATE-HF tickets
from Business Central (PBI_LV_Tickets) and allows assigning a domain and Gitea
link via a dialog. Ticket status (from BC) and assignment status (local) are
shown as separate columns with filters for both plus type and free-text search.
Assigned updates also appear on the domain detail page. Includes session-cached
BC fetch with refresh button, admin permissions, migration, and 16 unit tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 13:21:40 +02:00
fs
639ff161b8 fix(helpdesk): add handover permissions to admin role seed in init.sql
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 20:47:06 +02:00
fs
2424f24d27 fix(helpdesk): add software-products.manage permission to admin role seed
The new permission was missing from the admin role seed in init.sql and
needed an idempotent update script for existing installations.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 22:18:13 +02:00
fs
5a4974909b feat(helpdesk): add Risk Radar dashboard with customer risk scoring
New portfolio view scoring customers 0-100 across five dimensions:
- Open pressure (30%): open + critical ticket count
- Trend (25%): net ticket flow (created - closed) in period
- SLA overdue (20%): tickets exceeding escalation targets
- Resolution time (15%): median hours to close (null = neutral)
- Inactivity (10%): age of oldest open ticket

Card grid with score badges (color-coded high/medium/low), metric
pills, driver bars. Click opens detail dialog with all dimensions
and open ticket list. Clientside search filter.

PBI_LV_Tickets with client-driven paging ($skip/$top, hardcap 5000).
Escalation definitions cached separately (30min TTL). Truncated
banner when data is capped.

New: RiskRadarService, getTicketsForRiskRadar(), 13 PHPUnit tests,
permission helpdesk.risk-radar.view, 2 routes, i18n de+en.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 00:24:48 +02:00
fs
c6c5d06936 feat(audit): harden API audit log redaction and schema
- Change query_json column from TEXT to JSON, ip/user_agent to CHAR(64)
  for PII redaction compliance
- Update repository, service, and views for hardened schema
- Add architecture contract test for security logging redaction
- Add search resource provider test coverage
- Include DB migration script for existing installs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 23:20:55 +02:00
fs
cae66e5361 feat(helpdesk): add team workload dashboard with per-agent metrics
New standalone page (helpdesk/team) showing support agent workload
aggregated from BC tickets. KPI bar (open, unassigned, avg age, resolved),
per-agent table sorted by open tickets, period selector (30/90/180/365d).
Global OData query via getTicketsForTeam() without customer filter.
New permission helpdesk.team-workload.view with admin role assignment.
Includes 6 PHPUnit tests for buildTeamWorkloadDashboard().

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 18:46:54 +02:00
fs
a0d7670dd7 feat(helpdesk): align module with core list/drawer standards
- add helpdesk module pages, services, settings and tests

- standardize debtor list on drawer/grid contracts and robust filter drawer behavior

- add helpdesk aside panel navigation and settings visibility provider

- switch primary list slug to helpdesk/debitor and remove helpdesk/search compatibility

- include required core contract updates for list contracts and detail/drawer integration
2026-04-02 17:48:27 +02:00
fs
5d07236758 feat(search): refresh global search UI and align qa/docs updates 2026-04-02 10:49:35 +02:00
fs
d1eeac6692 feat: add LDAP authentication as per-tenant login method
Add LDAP as a third authentication option alongside local password and
Microsoft Entra ID SSO. Per-tenant configuration supports Active Directory,
OpenLDAP, and FreeIPA with configurable attribute mapping, search-then-bind
and direct-bind methods, encrypted bind credentials (AES-256-GCM),
profile sync on login, and user auto-provisioning via external identity
linking.

Includes admin UI for connection settings with test-connection button,
login page LDAP form, 25 new PHPUnit tests, and de/en translations.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 07:26:04 +01:00
fs
f8b5c8de65 feat: seed demo users for each role in init.sql
Add 4 new demo users (Max Machtvoll/Manager, Bernd Benutzer/User,
Petra Pruefblick/Auditor, Hilfe Hilde/Support) so a fresh install
showcases all 5 roles with realistic data across both departments.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 22:27:35 +01:00
fs
cf8c59d3f8 feat: add read-only System Info admin page with health checks and module inventory
New page at /admin/system-info with three tabs:
- Overview: PHP version, SAPI, environment, 6 health checks (DB, schema,
  storage, RBAC baseline, admin role, scheduler heartbeat)
- Modules: table of active modules with version, dependencies, permission count
- Permissions: active/inactive counts and per-source breakdown

Gated behind new system_info.view permission assigned to Admin role.
No mutations — purely diagnostic/observability.

Includes SystemHealthService, SystemInfoService, SystemHealthRepository
with interface, DI registration, i18n keys (de+en), idempotent DB update
script, and 17 new PHPUnit tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 15:08:02 +01:00
fs
60c27e50cb chore: snapshot notifications hardening and css/docs alignment 2026-03-20 00:05:03 +01:00
fs
fb6e30a062 feat: add notifications module with bell UI, event listeners, and cleanup job
In-app notification system with topbar bell icon, dropdown panel,
mark-as-read/dismiss actions, and scheduled cleanup of old read
notifications. Includes event listeners for user.created and
user.deleted events, authorization policy, and full test coverage.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 22:09:44 +01:00
fs
9688848401 Global Boomarks 2026-03-14 21:45:58 +01:00
fs
aaea038619 assign role roles 2026-03-13 21:11:48 +01:00
fs
0b9014dcbf page update 2026-03-12 14:09:06 +01:00
fs
2dc140b55a update mandant seed 2026-03-12 09:41:04 +01:00
fs
bc9506866f Seed api_tokens.manage via init SQL 2026-03-11 22:18:54 +01:00
fs
51e9a5c19a Fill demo user address-book seed fields 2026-03-11 21:25:22 +01:00
fs
60b890d367 Finalize init defaults and auth flow UX improvements 2026-03-11 21:11:19 +01:00
fs
f27de98bed Improve seed defaults for tenant, departments, user role and generic DB names 2026-03-11 20:24:18 +01:00
fs
285d6edb2e Verify demo seed user and make init FK creation idempotent 2026-03-11 20:16:45 +01:00
fs
eefbad2318 Fix fresh DB init order for users current_tenant FK 2026-03-11 20:14:04 +01:00
fs
964c07a9de feat(auth): add microsoft auto-remember policy with tenant override and configurable remember TTL 2026-03-10 22:48:10 +01:00
fs
9a08f96c11 agent foundation 2026-03-06 00:44:52 +01:00
fs
8f4dd5840d major update 2026-03-04 15:56:58 +01:00
fs
16759a2732 weitere updates für instanzierbarkeit und sauberes testing 2026-02-24 08:49:40 +01:00
fs
25370a1a55 add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00
fs
3eb9cc0ac4 big restructure 2026-02-11 19:28:12 +01:00
fs
cd59ccd99b baseline 2026-02-04 23:31:53 +01:00