fix: features & quality — access.xml/config.xml, CSV import UI, dead-code/leak, packaging (#95 #103 #104 #107) #111

Merged
jmiller merged 1 commits from fix/features-quality-batch into dev 2026-06-29 15:26:41 +00:00
Owner

Third batch from the audit. All PHP php -l clean; access.xml/config.xml/manifest parse; INI parses.

#95 — ACL + Options

  • access.xml with core actions + custom mokoog.batch / mokoog.import.
  • config.xml — Permissions tab (rules) + a note pointing OG/SEO settings to the system plugin (the Options button previously opened an empty modal).
  • Both declared in the manifest. BatchController/ImportExportController now check the custom actions with a fallback to the prior core checks, so no existing user loses access.

#103 — CSV import reachable

  • Import toolbar button toggles a multipart upload form (jform[csv_file]) posting to importexport.import with a CSRF token. (The import controller was fully implemented but had no UI trigger.)

#104 — Dead code + disk leak

  • Deleted unused ImageGenerator class and JsonLdBuilder::buildOrganization().
  • Added ImageHelper::pruneOldFiles() (deletes generated images > 30 days, recursive, skips index.html) and call it on content save — the generated-image cache was never pruned and grew unbounded.
  • (Minor leftovers noted on the issue: ImageHelper::validate() unused, resizeToSize duplicates resize.)

#107 — Packaging

  • Declared language/en-US in the manifest (was on disk but never installed).
  • Removed undeclared empty stub dirs src/Field, src/Service.
  • (Manifest/SQL version drift is CI-managed — left to the release workflow.)

Verification note

ACL gates and the upload form can't be confirmed via static checks — recommend a runtime smoke test (Options→Permissions tab renders; import button reveals form + uploads; low-priv user blocked from batch/import).

Closes #95, #103, #107. Mostly-closes #104.

🤖 Generated with Claude Code

Third batch from the audit. All PHP `php -l` clean; access.xml/config.xml/manifest parse; INI parses. ## #95 — ACL + Options - **`access.xml`** with core actions + custom `mokoog.batch` / `mokoog.import`. - **`config.xml`** — Permissions tab (rules) + a note pointing OG/SEO settings to the system plugin (the Options button previously opened an empty modal). - Both declared in the manifest. `BatchController`/`ImportExportController` now check the custom actions **with a fallback to the prior core checks**, so no existing user loses access. ## #103 — CSV import reachable - Import toolbar button toggles a multipart upload form (`jform[csv_file]`) posting to `importexport.import` with a CSRF token. (The import controller was fully implemented but had no UI trigger.) ## #104 — Dead code + disk leak - Deleted unused `ImageGenerator` class and `JsonLdBuilder::buildOrganization()`. - Added `ImageHelper::pruneOldFiles()` (deletes generated images > 30 days, recursive, skips `index.html`) and call it on content save — the generated-image cache was never pruned and grew unbounded. - (Minor leftovers noted on the issue: `ImageHelper::validate()` unused, `resizeToSize` duplicates `resize`.) ## #107 — Packaging - Declared `language/en-US` in the manifest (was on disk but never installed). - Removed undeclared empty stub dirs `src/Field`, `src/Service`. - (Manifest/SQL version drift is CI-managed — left to the release workflow.) ## Verification note ACL gates and the upload form can't be confirmed via static checks — recommend a runtime smoke test (Options→Permissions tab renders; import button reveals form + uploads; low-priv user blocked from batch/import). Closes #95, #103, #107. Mostly-closes #104. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
jmiller added 1 commit 2026-06-29 15:26:29 +00:00
fix: features & quality batch (#95, #103, #104, #107)
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Universal: PR Check / Validate PR (pull_request) Failing after 7s
RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped
Branch Cleanup / Delete merged branch (pull_request) Failing after 2s
Universal: PR Check / Secret Scan (pull_request) Successful in 16s
Generic: Project CI / Lint & Validate (pull_request) Successful in 48s
Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Failing after 52s
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Failing after 5s
Generic: Project CI / Tests (pull_request) Has been cancelled
Universal: PR Check / Build RC Package (pull_request) Has been cancelled
Universal: PR Check / Report Issues (pull_request) Has been cancelled
d8376d6cdf
#95 — ACL + Options:
- Add access.xml (core actions + mokoog.batch / mokoog.import custom actions)
- Add config.xml (Permissions tab + note pointing settings to the system plugin)
- Declare both in the manifest; Batch/ImportExport controllers now check the
  custom actions with a fallback to the prior core checks (no lockout)

#103 — CSV import is now reachable:
- Add an Import toolbar button that toggles a multipart file-upload form
  (jform[csv_file]) posting to importexport.import with a CSRF token

#104 — Dead code + disk leak:
- Delete unused ImageGenerator class and JsonLdBuilder::buildOrganization()
- Add ImageHelper::pruneOldFiles() (deletes generated images older than 30d)
  and call it on content save so the generated-image cache is bounded

#107 — Packaging:
- Declare language/en-US in the component manifest (was never installed)
- Remove undeclared empty stub dirs src/Field, src/Service
jmiller merged commit cb28cb12cd into dev 2026-06-29 15:26:41 +00:00
jmiller deleted branch fix/features-quality-batch 2026-06-29 15:26:42 +00:00
Sign in to join this conversation.
No Reviewers
Priority -
Type -
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuiteOpenGraph#111