forked from fa/breadcrumb-the-shire
Move the entire audit subsystem (system audit, API audit, import audit, user lifecycle audit, frontend telemetry) from core into modules/audit/. Core decoupling via interface-based injection: - AuditRecorderInterface replaces SystemAuditService in 10+ core services - UserLifecycleAuditInterface / ImportAuditInterface for specialized flows - NullAuditRecorder fallback when audit module is disabled - ApiBootstrap/ApiResponse use null-safe callable resolvers Module structure (modules/audit/): - Manifest with routes, permissions, scheduler jobs, authorization policy - 9 services, 8 repositories, 6 domain enums, 4 job handlers - 33 page files, 4 JS files, 8 test files, migration scripts, i18n Core cleanup: - OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService surgically cleaned of audit-specific constants - Sidebar template cleared of hardcoded audit navigation - AuditModuleIsolationContractTest ensures no future core→module coupling All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5 clean, architecture contracts verified. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
87 lines
4.0 KiB
PHP
87 lines
4.0 KiB
PHP
<?php
|
|
|
|
use MintyPHP\App\AppContainer;
|
|
use MintyPHP\App\Container\ContainerRegistrar;
|
|
use MintyPHP\App\Container\Registrars\AccessRegistrar;
|
|
use MintyPHP\App\Container\Registrars\AppServicesRegistrar;
|
|
use MintyPHP\App\Container\Registrars\AuthRegistrar;
|
|
use MintyPHP\App\Container\Registrars\DirectoryRegistrar;
|
|
use MintyPHP\App\Container\Registrars\RepositoryFactoryRegistrar;
|
|
use MintyPHP\App\Container\Registrars\ServiceFactoryRegistrar;
|
|
use MintyPHP\App\Container\Registrars\SettingsRegistrar;
|
|
use MintyPHP\App\Container\Registrars\UserRegistrar;
|
|
use MintyPHP\App\Module\ModuleEventDispatcher;
|
|
use MintyPHP\App\Module\ModuleRegistry;
|
|
use MintyPHP\Service\Audit\AuditRecorderInterface;
|
|
use MintyPHP\Service\Audit\ImportAuditInterface;
|
|
use MintyPHP\Service\Audit\NullAuditRecorder;
|
|
use MintyPHP\Service\Audit\NullImportAudit;
|
|
use MintyPHP\Service\Audit\NullUserLifecycleAudit;
|
|
use MintyPHP\Service\Audit\UserLifecycleAuditInterface;
|
|
|
|
$container = new AppContainer();
|
|
|
|
// Order matters: RepositoryFactoryRegistrar and ServiceFactoryRegistrar must run first
|
|
// because later registrars pull concrete services from those factories.
|
|
$registrars = [
|
|
new RepositoryFactoryRegistrar(), // raw repository factories (no deps)
|
|
new ServiceFactoryRegistrar(), // service factories wired with their repo/gateway deps
|
|
new AccessRegistrar(), // RBAC: permissions, roles, authorization
|
|
new AuthRegistrar(), // authentication, SSO, tokens
|
|
new DirectoryRegistrar(), // tenants, departments, scope
|
|
new UserRegistrar(), // user services and repositories
|
|
new SettingsRegistrar(), // settings, branding
|
|
new AppServicesRegistrar(), // leaf services (stats, search, mail, scheduler, ...)
|
|
];
|
|
|
|
foreach ($registrars as $registrar) {
|
|
$registrar->register($container);
|
|
}
|
|
|
|
// ── Module registrars (run after all Core registrars) ────────────────
|
|
// Module registrars MUST NOT overwrite existing container keys.
|
|
// The ModuleRegistry is stored in the container for downstream access.
|
|
|
|
$modulesConfig = is_file(__DIR__ . '/../../config/modules.php')
|
|
? (array) require __DIR__ . '/../../config/modules.php'
|
|
: [];
|
|
$enabledModules = ModuleRegistry::resolveEnabledModules($modulesConfig);
|
|
$modulesDir = dirname(__DIR__, 2) . '/modules';
|
|
$moduleRegistry = ModuleRegistry::boot($modulesDir, $enabledModules);
|
|
|
|
$container->set(ModuleRegistry::class, static fn (): ModuleRegistry => $moduleRegistry);
|
|
$container->set(ModuleEventDispatcher::class, static fn () => new ModuleEventDispatcher(
|
|
$moduleRegistry->getEventListeners(),
|
|
$container,
|
|
$container->has(AuditRecorderInterface::class) ? $container->get(AuditRecorderInterface::class) : null
|
|
));
|
|
|
|
// Disallow overriding existing core bindings from module registrars.
|
|
$container->protectExistingBindings();
|
|
|
|
foreach ($moduleRegistry->getContainerRegistrars() as $registrarClass) {
|
|
if (!class_exists($registrarClass)) {
|
|
throw new RuntimeException("Module container registrar class not found: {$registrarClass}");
|
|
}
|
|
$registrarInstance = new $registrarClass();
|
|
if (!$registrarInstance instanceof ContainerRegistrar) {
|
|
throw new RuntimeException(
|
|
"Module container registrar '{$registrarClass}' must implement " . ContainerRegistrar::class
|
|
);
|
|
}
|
|
$registrarInstance->register($container);
|
|
}
|
|
|
|
// ── Audit interface fallbacks (null implementations when audit module is disabled) ──
|
|
if (!$container->has(AuditRecorderInterface::class)) {
|
|
$container->set(AuditRecorderInterface::class, static fn (): AuditRecorderInterface => new NullAuditRecorder());
|
|
}
|
|
if (!$container->has(UserLifecycleAuditInterface::class)) {
|
|
$container->set(UserLifecycleAuditInterface::class, static fn (): UserLifecycleAuditInterface => new NullUserLifecycleAudit());
|
|
}
|
|
if (!$container->has(ImportAuditInterface::class)) {
|
|
$container->set(ImportAuditInterface::class, static fn (): ImportAuditInterface => new NullImportAudit());
|
|
}
|
|
|
|
return $container;
|