forked from fa/breadcrumb-the-shire
Move the entire audit subsystem (system audit, API audit, import audit, user lifecycle audit, frontend telemetry) from core into modules/audit/. Core decoupling via interface-based injection: - AuditRecorderInterface replaces SystemAuditService in 10+ core services - UserLifecycleAuditInterface / ImportAuditInterface for specialized flows - NullAuditRecorder fallback when audit module is disabled - ApiBootstrap/ApiResponse use null-safe callable resolvers Module structure (modules/audit/): - Manifest with routes, permissions, scheduler jobs, authorization policy - 9 services, 8 repositories, 6 domain enums, 4 job handlers - 33 page files, 4 JS files, 8 test files, migration scripts, i18n Core cleanup: - OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService surgically cleaned of audit-specific constants - Sidebar template cleared of hardcoded audit navigation - AuditModuleIsolationContractTest ensures no future core→module coupling All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5 clean, architecture contracts verified. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
74 lines
2.0 KiB
PHP
74 lines
2.0 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Service\Audit;
|
|
|
|
/**
|
|
* Core-side contract for recording user lifecycle audit events (deactivation, deletion, restore).
|
|
*
|
|
* Implemented by the audit module's UserLifecycleAuditService when active.
|
|
* Falls back to NullUserLifecycleAudit (no-op) when the audit module is disabled.
|
|
*/
|
|
interface UserLifecycleAuditInterface
|
|
{
|
|
/**
|
|
* @param array<string, mixed> $policy
|
|
* @param array<string, mixed> $targetUser
|
|
*/
|
|
public function logDeactivate(
|
|
string $runUuid,
|
|
string $triggerType,
|
|
array $policy,
|
|
?int $actorUserId,
|
|
array $targetUser,
|
|
string $status = 'success',
|
|
?string $reasonCode = null
|
|
): bool;
|
|
|
|
/**
|
|
* @param array<string, mixed> $policy
|
|
* @param array<string, mixed> $targetUser
|
|
*/
|
|
public function logDeleteWithSnapshot(
|
|
string $runUuid,
|
|
string $triggerType,
|
|
array $policy,
|
|
?int $actorUserId,
|
|
array $targetUser
|
|
): int|false;
|
|
|
|
/**
|
|
* @param array<string, mixed> $policy
|
|
* @param array<string, mixed> $targetUser
|
|
*/
|
|
public function logDeleteFailure(
|
|
string $runUuid,
|
|
string $triggerType,
|
|
array $policy,
|
|
?int $actorUserId,
|
|
array $targetUser,
|
|
string $reasonCode
|
|
): bool;
|
|
|
|
/**
|
|
* @param array<string, mixed> $policy
|
|
* @param array<string, mixed> $targetUser
|
|
*/
|
|
public function logRestore(
|
|
string $runUuid,
|
|
string $triggerType,
|
|
array $policy,
|
|
?int $actorUserId,
|
|
array $targetUser,
|
|
string $status = 'success',
|
|
?string $reasonCode = null
|
|
): bool;
|
|
|
|
public function markDeleteEventRestored(int $auditId, int $restoredByUserId, int $restoredUserId): bool;
|
|
|
|
public function updateStatus(int $id, string $status, ?string $reasonCode = null): bool;
|
|
|
|
public function findDeleteEventForRestore(int $id, bool $forUpdate = false): ?array;
|
|
|
|
public function decryptSnapshot(array $event): ?array;
|
|
}
|