forked from fa/breadcrumb-the-shire
Phase 1 of the Stripe-style policy-cockpit redesign for the user-lifecycle
settings page. Pure server-rendering — no async, no JS components, no
sparklines yet (those land in later phases).
Adds a four-tile KPI row above the configuration form (Last run,
Deactivated/30d, Deleted/30d, Pending deletion/7d), populates the
previously empty aside with three quick actions (Run policy now,
Purge logs, Policy reference link), and surfaces a relative-time +
status hint under the existing Run-Now collapsible.
Module-isolation is preserved through a new read-side contract:
* core/Service/Audit/UserLifecycleAuditDashboardInterface — read-only
pendant to the existing write-side UserLifecycleAuditInterface.
Methods: lastRun(), summaryByAction(int days), countActionInWindow(...).
* core/Service/Audit/NullUserLifecycleAuditDashboard — fail-closed
default when the audit module is disabled. KPI tiles 1-3 then
render "—"; tile 4 (pending deletion) keeps working because it
lives in the core domain.
* modules/audit/.../Service/UserLifecycleAuditDashboardService — the
module's implementation; reads through the existing
UserLifecycleAuditRepository (extended with three new aggregation
queries: lastRun, countByActionStatusSinceTimestamp, countSinceTimestamp).
* AuditContainerRegistrar binds the interface to the module impl;
registerContainer.php registers the Null fallback before module
bindings, mirroring how the write-side audit interface is wired.
The new core service UserLifecyclePolicyDashboardService computes
the pending-deletion-window count from the users table directly
(no audit dependency) — defensive when both policy days are 0
(returns 0 rather than running an unbounded query).
New shared template partial templates/partials/app-kpi-row.phtml is
generic — accepts a $kpiTiles array of {label, count, icon, iconTone,
href, tooltip} and reuses the existing app-tile primitive. Other
settings pages can pick it up without ceremony.
Includes:
* PHPUnit tests for both new services (happy path + Null-fallback +
policy-disabled edge cases).
* AuditModuleIsolationContractTest allowlist extended for the new
interface and module service.
* 14 new translation keys in both default_de.json and default_en.json
(i18n parity verified).
All six quality gates green.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
107 lines
5.2 KiB
PHP
107 lines
5.2 KiB
PHP
<?php
|
|
|
|
use MintyPHP\App\AppContainer;
|
|
use MintyPHP\App\Container\ContainerRegistrar;
|
|
use MintyPHP\App\Container\Registrars\AccessRegistrar;
|
|
use MintyPHP\App\Container\Registrars\AppServicesRegistrar;
|
|
use MintyPHP\App\Container\Registrars\AuthRegistrar;
|
|
use MintyPHP\App\Container\Registrars\DirectoryRegistrar;
|
|
use MintyPHP\App\Container\Registrars\RepositoryFactoryRegistrar;
|
|
use MintyPHP\App\Container\Registrars\ServiceFactoryRegistrar;
|
|
use MintyPHP\App\Container\Registrars\SettingsRegistrar;
|
|
use MintyPHP\App\Container\Registrars\UserRegistrar;
|
|
use MintyPHP\App\Module\ModuleEventDispatcher;
|
|
use MintyPHP\App\Module\ModuleRegistry;
|
|
use MintyPHP\Service\Audit\ApiAuditServiceInterface;
|
|
use MintyPHP\Service\Audit\ApiSystemAuditReporterInterface;
|
|
use MintyPHP\Service\Audit\AuditMetadataEnricherInterface;
|
|
use MintyPHP\Service\Audit\AuditRecorderInterface;
|
|
use MintyPHP\Service\Audit\ImportAuditInterface;
|
|
use MintyPHP\Service\Audit\NullApiAuditService;
|
|
use MintyPHP\Service\Audit\NullApiSystemAuditReporter;
|
|
use MintyPHP\Service\Audit\NullAuditMetadataEnricher;
|
|
use MintyPHP\Service\Audit\NullAuditRecorder;
|
|
use MintyPHP\Service\Audit\NullImportAudit;
|
|
use MintyPHP\Service\Audit\NullUserLifecycleAudit;
|
|
use MintyPHP\Service\Audit\NullUserLifecycleAuditDashboard;
|
|
use MintyPHP\Service\Audit\UserLifecycleAuditDashboardInterface;
|
|
use MintyPHP\Service\Audit\UserLifecycleAuditInterface;
|
|
|
|
$container = new AppContainer();
|
|
|
|
// Order matters: RepositoryFactoryRegistrar and ServiceFactoryRegistrar must run first
|
|
// because later registrars pull concrete services from those factories.
|
|
$registrars = [
|
|
new RepositoryFactoryRegistrar(), // raw repository factories (no deps)
|
|
new ServiceFactoryRegistrar(), // service factories wired with their repo/gateway deps
|
|
new AccessRegistrar(), // RBAC: permissions, roles, authorization
|
|
new AuthRegistrar(), // authentication, SSO, tokens
|
|
new DirectoryRegistrar(), // tenants, departments, scope
|
|
new UserRegistrar(), // user services and repositories
|
|
new SettingsRegistrar(), // settings, branding
|
|
new AppServicesRegistrar(), // leaf services (stats, search, mail, scheduler, ...)
|
|
];
|
|
|
|
foreach ($registrars as $registrar) {
|
|
$registrar->register($container);
|
|
}
|
|
|
|
// ── Module registrars (run after all Core registrars) ────────────────
|
|
// Module registrars MUST NOT overwrite existing container keys.
|
|
// The ModuleRegistry is stored in the container for downstream access.
|
|
|
|
$modulesConfig = is_file(__DIR__ . '/../../config/modules.php')
|
|
? (array) require __DIR__ . '/../../config/modules.php'
|
|
: [];
|
|
$enabledModules = ModuleRegistry::resolveEnabledModules($modulesConfig);
|
|
$modulesDir = dirname(__DIR__, 2) . '/modules';
|
|
$moduleRegistry = ModuleRegistry::boot($modulesDir, $enabledModules);
|
|
|
|
$container->set(ModuleRegistry::class, static fn (): ModuleRegistry => $moduleRegistry);
|
|
$container->set(ModuleEventDispatcher::class, static fn () => new ModuleEventDispatcher(
|
|
$moduleRegistry->getEventListeners(),
|
|
$container,
|
|
$container->has(AuditRecorderInterface::class) ? $container->get(AuditRecorderInterface::class) : null
|
|
));
|
|
|
|
// Disallow overriding existing core bindings from module registrars.
|
|
$container->protectExistingBindings();
|
|
|
|
foreach ($moduleRegistry->getContainerRegistrars() as $registrarClass) {
|
|
if (!class_exists($registrarClass)) {
|
|
throw new RuntimeException("Module container registrar class not found: {$registrarClass}");
|
|
}
|
|
$registrarInstance = new $registrarClass();
|
|
if (!$registrarInstance instanceof ContainerRegistrar) {
|
|
throw new RuntimeException(
|
|
"Module container registrar '{$registrarClass}' must implement " . ContainerRegistrar::class
|
|
);
|
|
}
|
|
$registrarInstance->register($container);
|
|
}
|
|
|
|
// ── Audit interface fallbacks (null implementations when audit module is disabled) ──
|
|
if (!$container->has(AuditRecorderInterface::class)) {
|
|
$container->set(AuditRecorderInterface::class, static fn (): AuditRecorderInterface => new NullAuditRecorder());
|
|
}
|
|
if (!$container->has(UserLifecycleAuditInterface::class)) {
|
|
$container->set(UserLifecycleAuditInterface::class, static fn (): UserLifecycleAuditInterface => new NullUserLifecycleAudit());
|
|
}
|
|
if (!$container->has(UserLifecycleAuditDashboardInterface::class)) {
|
|
$container->set(UserLifecycleAuditDashboardInterface::class, static fn (): UserLifecycleAuditDashboardInterface => new NullUserLifecycleAuditDashboard());
|
|
}
|
|
if (!$container->has(ImportAuditInterface::class)) {
|
|
$container->set(ImportAuditInterface::class, static fn (): ImportAuditInterface => new NullImportAudit());
|
|
}
|
|
if (!$container->has(AuditMetadataEnricherInterface::class)) {
|
|
$container->set(AuditMetadataEnricherInterface::class, static fn (): AuditMetadataEnricherInterface => new NullAuditMetadataEnricher());
|
|
}
|
|
if (!$container->has(ApiAuditServiceInterface::class)) {
|
|
$container->set(ApiAuditServiceInterface::class, static fn (): ApiAuditServiceInterface => new NullApiAuditService());
|
|
}
|
|
if (!$container->has(ApiSystemAuditReporterInterface::class)) {
|
|
$container->set(ApiSystemAuditReporterInterface::class, static fn (): ApiSystemAuditReporterInterface => new NullApiSystemAuditReporter());
|
|
}
|
|
|
|
return $container;
|