Part of the admin-panel expansion epic. Depends on Foundation.
Tasks
- Read-only settings view:
src/views/html.admin.settings.php → view_admin_settings_html() renders the effective $settings, masking db_pass and admin_password. Controller src/controller/admin.settings.php → admin_settings_controller().
- Generalise config writing:
src/functions/config.write.php → config_write(string $config_path, array $values): bool, generalising install_build_config() (src/functions/install.build.config.php) — same var_export()-per-key serialisation, over a defined whitelist of keys read from current $settings. Apply the db_host p:-prefix strip before writing (documented gotcha, also handled in bin/backup-database.php).
- Change admin password:
src/controller/admin.password.php → admin_password_action() (process=password) — password_hash($new, PASSWORD_DEFAULT) exactly like the installer, then config_write() with the new hash.
- Toggle flags:
src/controller/admin.settings.save.php → admin_settings_save_action() (process=settings) — write open_tracker, public_index, full_scrape, db_reset from checkboxes via config_write().
Writability + trade-off (important)
config/ is often not web-writable by design (it holds DB credentials; PDS keeps it out of the document root). Gate editing behind is_writable(dirname($config_path)) (reuse the installer's check); when not writable, render the settings page read-only with a note explaining why. Surface the documented full_scrape-on-closed-tracker privacy foot-gun as an inline warning next to that toggle.
Tests
ConfigWriteTest (assert generated source round-trips and strips p:).
Files
- New:
src/views/html.admin.settings.php, src/functions/config.write.php, src/controller/admin.settings.php, src/controller/admin.settings.save.php, src/controller/admin.password.php.
Part of the admin-panel expansion epic. Depends on Foundation.
Tasks
src/views/html.admin.settings.php→view_admin_settings_html()renders the effective$settings, maskingdb_passandadmin_password. Controllersrc/controller/admin.settings.php→admin_settings_controller().src/functions/config.write.php→config_write(string $config_path, array $values): bool, generalisinginstall_build_config()(src/functions/install.build.config.php) — samevar_export()-per-key serialisation, over a defined whitelist of keys read from current$settings. Apply thedb_hostp:-prefix strip before writing (documented gotcha, also handled inbin/backup-database.php).src/controller/admin.password.php→admin_password_action()(process=password) —password_hash($new, PASSWORD_DEFAULT)exactly like the installer, thenconfig_write()with the new hash.src/controller/admin.settings.save.php→admin_settings_save_action()(process=settings) — writeopen_tracker,public_index,full_scrape,db_resetfrom checkboxes viaconfig_write().Writability + trade-off (important)
config/is often not web-writable by design (it holds DB credentials; PDS keeps it out of the document root). Gate editing behindis_writable(dirname($config_path))(reuse the installer's check); when not writable, render the settings page read-only with a note explaining why. Surface the documentedfull_scrape-on-closed-tracker privacy foot-gun as an inline warning next to that toggle.Tests
ConfigWriteTest(assert generated source round-trips and stripsp:).Files
src/views/html.admin.settings.php,src/functions/config.write.php,src/controller/admin.settings.php,src/controller/admin.settings.save.php,src/controller/admin.password.php.