fix: features & quality — access.xml/config.xml, CSV import UI, dead-code/leak, packaging (#95 #103 #104 #107) #111

2026-06-29T15:26:28Z

jmiller commented

2026-06-29 15:26:28 +00:00

Third batch from the audit. All PHP php -l clean; access.xml/config.xml/manifest parse; INI parses.

#95 — ACL + Options

access.xml with core actions + custom mokoog.batch / mokoog.import.
config.xml — Permissions tab (rules) + a note pointing OG/SEO settings to the system plugin (the Options button previously opened an empty modal).
Both declared in the manifest. BatchController/ImportExportController now check the custom actions with a fallback to the prior core checks, so no existing user loses access.

#103 — CSV import reachable

Import toolbar button toggles a multipart upload form (jform[csv_file]) posting to importexport.import with a CSRF token. (The import controller was fully implemented but had no UI trigger.)

#104 — Dead code + disk leak

Deleted unused ImageGenerator class and JsonLdBuilder::buildOrganization().
Added ImageHelper::pruneOldFiles() (deletes generated images > 30 days, recursive, skips index.html) and call it on content save — the generated-image cache was never pruned and grew unbounded.
(Minor leftovers noted on the issue: ImageHelper::validate() unused, resizeToSize duplicates resize.)

#107 — Packaging

Declared language/en-US in the manifest (was on disk but never installed).
Removed undeclared empty stub dirs src/Field, src/Service.
(Manifest/SQL version drift is CI-managed — left to the release workflow.)

Verification note

ACL gates and the upload form can't be confirmed via static checks — recommend a runtime smoke test (Options→Permissions tab renders; import button reveals form + uploads; low-priv user blocked from batch/import).

Closes #95, #103, #107. Mostly-closes #104.

🤖 Generated with Claude Code

Third batch from the audit. All PHP `php -l` clean; access.xml/config.xml/manifest parse; INI parses. ## #95 — ACL + Options - **`access.xml`** with core actions + custom `mokoog.batch` / `mokoog.import`. - **`config.xml`** — Permissions tab (rules) + a note pointing OG/SEO settings to the system plugin (the Options button previously opened an empty modal). - Both declared in the manifest. `BatchController`/`ImportExportController` now check the custom actions **with a fallback to the prior core checks**, so no existing user loses access. ## #103 — CSV import reachable - Import toolbar button toggles a multipart upload form (`jform[csv_file]`) posting to `importexport.import` with a CSRF token. (The import controller was fully implemented but had no UI trigger.) ## #104 — Dead code + disk leak - Deleted unused `ImageGenerator` class and `JsonLdBuilder::buildOrganization()`. - Added `ImageHelper::pruneOldFiles()` (deletes generated images > 30 days, recursive, skips `index.html`) and call it on content save — the generated-image cache was never pruned and grew unbounded. - (Minor leftovers noted on the issue: `ImageHelper::validate()` unused, `resizeToSize` duplicates `resize`.) ## #107 — Packaging - Declared `language/en-US` in the manifest (was on disk but never installed). - Removed undeclared empty stub dirs `src/Field`, `src/Service`. - (Manifest/SQL version drift is CI-managed — left to the release workflow.) ## Verification note ACL gates and the upload form can't be confirmed via static checks — recommend a runtime smoke test (Options→Permissions tab renders; import button reveals form + uploads; low-priv user blocked from batch/import). Closes #95, #103, #107. Mostly-closes #104. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

jmiller added 1 commit 2026-06-29 15:26:29 +00:00

fix: features & quality batch (#95 , #103 , #104 , #107 )

Universal: PR Check / Branch Policy (pull_request) Successful in 2s

Details

Universal: PR Check / Validate PR (pull_request) Failing after 7s

Details

RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped

Details

Branch Cleanup / Delete merged branch (pull_request) Failing after 2s

Details

Universal: PR Check / Secret Scan (pull_request) Successful in 16s

Details

Generic: Project CI / Lint & Validate (pull_request) Successful in 48s

Details

Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Failing after 52s

Details

Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Failing after 5s

Details

Generic: Project CI / Tests (pull_request) Has been cancelled

Details

Universal: PR Check / Build RC Package (pull_request) Has been cancelled

Details

Universal: PR Check / Report Issues (pull_request) Has been cancelled

Details

d8376d6cdf

#95 — ACL + Options:
- Add access.xml (core actions + mokoog.batch / mokoog.import custom actions)
- Add config.xml (Permissions tab + note pointing settings to the system plugin)
- Declare both in the manifest; Batch/ImportExport controllers now check the
  custom actions with a fallback to the prior core checks (no lockout)

#103 — CSV import is now reachable:
- Add an Import toolbar button that toggles a multipart file-upload form
  (jform[csv_file]) posting to importexport.import with a CSRF token

#104 — Dead code + disk leak:
- Delete unused ImageGenerator class and JsonLdBuilder::buildOrganization()
- Add ImageHelper::pruneOldFiles() (deletes generated images older than 30d)
  and call it on content save so the generated-image cache is bounded

#107 — Packaging:
- Declare language/en-US in the component manifest (was never installed)
- Remove undeclared empty stub dirs src/Field, src/Service