Webshop - Admin Deep-Dive Modules (3D, CMS, Marketing, Monitoring)

Overview

This document specifies legacy admin modules that are high-risk and were not documented in the baseline admin migration spec.

Checklist coverage: - AD-006 Customer tags management - AD-010 Subscriptions admin - AD-022 3D customers/sites/default wheels/model links - AD-023 3D external vehicles module - AD-024 CMS history/team/jobs/banners/blog/catalogue/tutorials/events/logos - AD-025 Marketing signatures/team templates - AD-028 Spotlight/popular articles admin - AD-029 Article ads admin (tyre/wheel/accessory) - AD-030 Slider admin - AD-031 Banner/adverts admin - AD-032 Reviews admin - AD-038 Mailing list templates and text variables - AD-039 Security monitoring (hacking attempts log) - AD-040 System settings and cache admin - VD-004 3D model entity linkage to vehicles - VD-005 3D wheel entity and associations - MK-003 Legacy subscription entity and admin - MK-004 Reviews domain and admin - MK-005 Blog/tutorial/events/about-us content flows - MK-006 Sliders/banners/adverts CMS tooling - MK-007 Customer tags and tag-brand mappings - MK-010 Team signatures and team pages - OP-011 Monitoring screens for hacking attempts - DM-016 3D entities (model/wheel)

Primary legacy evidence: - _admin/config/menu.php - _admin/config/routing.php - _admin/controller/classes/atx/customers/* - _admin/controller/classes/atx/system/AdminSettingController.php - _admin/controller/classes/atx/vehicles/simulator/* - _core/controller/classes/atx/vehicles/simulator/VehicleExternalController.php - _admin/controller/classes/atx/cms/*, _admin/controller/classes/atx/pages/*, _admin/controller/classes/atx/articles/*, _admin/controller/classes/atx/adverts/*, _admin/controller/classes/atx/mandrill/* - _core/config/doctrine/customers.CustomerTag.orm.xml - _core/config/doctrine/customers.CustomerTagBrand.orm.xml - _core/config/doctrine/customers.Subscription.orm.xml - _core/config/doctrine/customers.Review.orm.xml - _core/config/doctrine/vehicles.simulator.ThreeDModel.orm.xml - _core/config/doctrine/articles.wheels.simulator.ThreeDWheel.orm.xml - _core/config/doctrine/cms.BlogPost.orm.xml - _core/config/doctrine/articles.BlogPost.orm.xml - _core/config/doctrine/pages.Slide.orm.xml - _core/model/classes/atx/logs/LogError.php - _core/controller/admin/cms/ajax/a_action.php

Legacy Capabilities (As-Is)

Customer Tags, Subscriptions, And Reviews

AdminCustomerTagController supports browsing and editing tag configuration that impacts storefront behavior: - Tag logo upload (/images/customer-tags) - Parent label translations - Menu visibility flags per category - CSS overrides - Permission matrix JSON - Product category toggles - showInOECorner, showPickupFields, showDropshippingDropdown, enableDocumentPortal - Per-tag invoice notification text (NL/FR/EN) - Tag-brand rules (CustomerTagBrand) with type (sets or spare_wheels), brand binding, language labels, sort order, login-only flag, and vehicle-brand filters

AdminSubscriptionController exposes a simple list-and-remove flow by email key. Legacy customer_subscription is a small state table (emailAddress, subscribed, reason).

AdminReviewController supports: - Create/update review (name, quote, rating) - Optional picture upload to /images/reviews - Active/inactive toggle from list view

3D Simulator Admin Modules

Legacy 3D admin is spread across multiple controllers: - AdminThreeDModelController: model scans from source assets, default wheel assignment, vehicle model linking, activation/version/comment flags, numberplate position/background, and regeneration jobs - AdminThreeDWheelController: wheel source discovery, wheel creation/linking, wheel image scan processing - AdminThreeDCustomerController: simulator site config (site, ip, mail, language, external list id, allow-change-list flag, FB options), numberplate upload/resize, password reset mail - AdminConsumerController: simulator consumer API key/customer coupling, allowed domains, reseller flags, logo upload - VehicleExternalController: external vehicle list CRUD, CSV import, link/unlink external vehicles to 3D model IDs, simulator-manage permission checks

Core entity surfaces involved: - threed_model (ThreeDModel) - article_wheel_threed (ThreeDWheel) - external list/vehicle objects (VehicleExternalList, VehicleExternal)

CMS And Marketing Content Modules

Legacy content/editor stack is mixed:

1. CMS blog stack (atx\cms\BlogPost):
2. Categories (memory, tutorial, events, news)
3. Multilingual translations and slug/title/teaser/body
4. Multi-image media with sort order

5. Optional YouTube video id

6. Legacy posts stack (atx\articles\BlogPost):

7. Grouped translations (groupId + per-language row)
8. Tag entities (blog_post_tag)
9. Thumbnail/picture handling
10. Inline body image extraction path

Additional CMS modules: - History timeline items with multilingual fields + image uploads - Team and jobs pages with localized copy and image constraints - Catalogue items with localized titles and image/url scheduling field - CMS banners/text variables (AdminTextController) including named text entries (banner, cart-banner) - Old template module (admin.template_*) and new template module (admin.emailTemplates_*)

Marketing modules: - Signatures (admin.team_*, mandrill team table) - Spotlight/popular articles (admin.articlePopular_*) with promo windows and category targeting - Sliders (admin.slider_*) with priority, category, URL/page/video modes, tag/category targeting, visibility modes, and OE-corner exclusion - Adverts (admin.adverts_*) with per-language text/CTA, time windows, tag/category targeting, article-group placement, and binary image assets

Security Monitoring (Hacking Attempts)

The admin menu contains a dedicated monitoring section (logerror) with hour/day/month tabs and classification drilldown (cms_getLogErrors*).

Legacy log model (LogError) indicates captured fields include: - identity/network (User, Ip, Agent, browser/system) - request context (Url, AjaxFunction, AjaxAction, Get, Post) - security flags (IllegalParam, IllegalExec, IllegalWpAttempt) - operator notes (Analysis, Reaction)

System Settings And Cache Admin (AD-040)

Legacy admin exposes two dedicated dialogs from menu config: 1. systemsettings: - Loads all settings via admin.setting_getSettings. - Allows writing values via admin.setting_saveSetting (type, name, value, array). - Clears aggregate settings cache key (allSettings) after updates. - Includes direct putOffline / putOnline actions.

1. cache:
2. Loads cache overview via admin.setting_getCache.
3. Flushes application cache via admin.setting_flushCache -> CacheJanitor::clean().

This module is operationally high impact because it modifies runtime config and availability state from admin UI.

Current Gaps And Risks To Resolve In Migration

1. Content is split across two blog systems (articles.BlogPost and cms.BlogPost) with overlapping use-cases.
2. Upload validation is inconsistent across modules (image mime/type/size/processing rules vary and are often UI-driven).
3. Admin mutation actions have weak auditability (limited change history and operator attribution at feature level).
4. 3D processing is tightly coupled to mutable filesystem structure and synchronous heavy operations.
5. Simulator list-link permissions rely on contextual checks (bAdmin vs simulatorManage) and need explicit RBAC in Symfony.
6. Monitoring feature wiring is legacy-script based (cms_getLogErrors*) and should be formalized in modern controllers/services.
7. Review and subscription modules are operationally shallow (no lifecycle workflow, moderation queue, or retention policy).
8. Marketing targeting logic is duplicated across slides and adverts and needs a shared policy layer.
9. System settings/cache actions (including offline toggles) are mutable from admin without explicit per-change audit metadata.

Target Migration Specification (Symfony)

Scope

In-scope for this phase: - Admin customer tags, subscriptions, reviews - Admin 3D modules (models/wheels/sites/external lists) - CMS content modules (posts/blog/history/team/jobs/catalogue/banners/text variables) - Marketing admin modules (signatures/spotlight/slides/adverts) - Monitoring dashboard for hacking-attempt logs

Out-of-scope for this phase: - Public storefront rendering redesign - Full simulator rendering engine rewrite

Domain Rules To Preserve

1. Customer tags remain the central toggle surface for storefront segmentation and document-portal eligibility.
2. 3D site/list management keeps explicit allow-change-list behavior for simulator-managed accounts.
3. CMS and marketing content remains multilingual (minimum NL/FR/EN parity where legacy already supports it).
4. Slider and advert targeting must preserve customer-tag and customer-category filters, including OE-corner exclusions.
5. Monitoring keeps hour/day/month aggregation plus detailed classification view.

Required Improvements

1. Consolidate dual blog data models behind one canonical content domain.
2. Standardize file upload policy (mime sniffing, max size, extension checks, image transform safeguards).
3. Enforce explicit RBAC per module/action, not only menu visibility.
4. Add immutable audit trail for admin writes (who/when/what before/after).
5. Move long-running 3D processing to queue workers with retry and failure visibility.
6. Centralize targeting logic (tags/categories/visibility windows) shared by slides and adverts.
7. Define subscription and review lifecycle behavior (state transitions, retention, moderation, deletion policy).
8. Define monitoring retention/masking policy for sensitive request payload fields.

Suggested Target Components

Application services: - CustomerTagAdminService - SubscriptionAdminService - ReviewAdminService - ThreeDModelAdminService - ThreeDSiteAdminService - ExternalVehicleListService - CmsContentAdminService - MarketingPlacementService - SecurityMonitoringService

Background jobs: - 3d:scan-model - 3d:scan-wheel - 3d:rebuild-screenshot - security-monitoring:aggregate

Key aggregates/entities: - CustomerTag, CustomerTagBrand, Subscription, Review - ThreeDModel, ThreeDWheel, ThreeDSite, ExternalVehicleList, ExternalVehicleLink - ContentItem (canonical replacement for dual blog models) - Slide, Advert, Signature - SecurityAttemptLog

Data Migration Notes

1. Preserve existing customer_tag, customer_tag_brand, customer_subscription, and customer_review data.
2. Preserve 3D entities (threed_model, article_wheel_threed) and external list/link tables, with source IDs untouched.
3. Preserve both legacy post systems during transition; add source marker to canonical content projection.
4. Preserve slider/advert targeting relations (tags, customer categories, visibility flags, OE-corner flags).
5. Preserve security monitoring history where available; apply explicit retention/masking policy on migration.

Acceptance Scenarios (Gherkin)

Feature: Admin deep-dive modules

  Scenario: Update customer tag with brand and vehicle filters
    Given an admin opens customer tag "42"
    When the admin enables document portal and adds a brand rule with vehicle filters
    Then the customer tag should be persisted with updated brand mappings

  Scenario: Remove subscription entry by email
    Given a subscription exists for "user@example.com"
    When an admin removes that subscription from the admin dialog
    Then the subscription entry should no longer be returned by the admin list

  Scenario: Create review with image and activate it
    Given an admin submits a review with rating 4.5 and an image
    When the review is saved and active is set to true
    Then the review should be visible in admin listing as active

  Scenario: Link external vehicle to 3D model
    Given an external vehicle list exists
    And a 3D model exists
    When an admin links vehicle "X" to model "Y"
    Then the link should be persisted for that list

  Scenario: Prevent simulator-managed user from changing list when disabled
    Given a simulator-managed site has allow-change-list set to false
    When that user attempts to add or delete external links
    Then the mutation should be rejected

  Scenario: Save slider with targeting and visibility
    Given an admin edits a slide with tag filters and customer categories
    When the slide is saved with visibility "users only"
    Then the targeting and visibility rules should be persisted and applied

  Scenario: Save advert with date window and category targeting
    Given an admin edits an advert with visibleFrom and visibleUntil
    And assigns customer categories and tags
    When the advert is saved
    Then only matching customers within the date window should satisfy display criteria

  Scenario: Maintain multilingual CMS blog content
    Given an admin edits a CMS blog item
    When NL, FR, and EN translation fields are saved
    Then each translation should be retrievable with its own slug/title/body

  Scenario: View monitoring aggregation and details
    Given hacking-attempt logs exist for today
    When an admin opens monitoring tabs for hour and day
    Then aggregated counts and classification details should be available

  Scenario: Audit trail is written for admin mutations
    Given audit logging is enabled
    When an admin updates tags, 3D links, or marketing placements
    Then each mutation should produce a traceable audit record

Open Decisions

1. Should migration fully merge legacy articles and cms blog stacks, or keep a compatibility layer for one release?
2. Should advert image storage remain DB binary or move to object/file storage with metadata references?
3. Should subscription admin remain remove-only, or become explicit opt-in/opt-out workflow with provenance?
4. What retention period and masking rules apply to hacking-attempt request payload data?
5. Which island owns long-running 3D operations operationally: Webshop Admin, Vehicle Data, or shared Ops?