История коммитов

- Add UserListController (GET /admin/users[/by-nick|/by-ip]) backed by GetUserListUseCase + UserListResultDTO
- Add UserListSort enum (whitelisted sort columns) and UserListRepositoryInterface + EloquentUserListRepository (paginate preg=1)
- Reuse AdminUserRowMapper for table rows; paginate via Tools::displayPagination + PageMeta
- Remove legacy includes/userlist.php and its $actions entry; point both sidebars to /admin/users
- Pagination total now counts approved users only (matches the listed set), fixing the legacy count-all mismatch

- Add StaffListController (GET /admin/staff) backed by GetStaffListUseCase + StaffListDTO/StaffGroupDTO
- Add StaffRepositoryInterface + EloquentStaffRepository and AdminUserRowMapper (reuses Johncms\Users\User)
- Remove legacy includes/adminlist.php and its $actions entry; point both sidebars to /admin/staff
- AdminAccessMiddleware now returns a sidebar-less 403 page for insufficient rights instead of pageNotFound()
- Add system::error/403 templates to admin (guest layout) and default themes
- Fix RenderEngineFactory/Assets isAdmin() to match bare /admin (no trailing slash) and ignore query string

- Add DashboardController (GET /admin) backed by GetDashboardContextUseCase + DashboardContextDTO
- Add DashboardRepositoryInterface + EloquentDashboardRepository (reuses User and Forum ForumMessage models)
- Add AdminAccessMiddleware (rights>=7 gate, guest -> /admin/login) and UserRights enum
- Grow services.php to load Application (exclude DTO/Exceptions) + Infrastructure and bind the repository
- Rename legacy catch-all to admin.legacy with priority(-100) so migrated routes win over it

Build complete breadcrumb chains on album/photo pages and their
actions so every page links back to the user's album list, the album
and (for photo actions) the photo.

- Insert the 'user albums' level (Your/User albums) and the album/photo
links on show, photo view, comments, upload, edit/create/delete album
and edit/move/delete photo pages.
- Inject User into the six write controllers to label the user level.
- Make the album name a plain leaf on the album page (was a self-link).

Escape audit of the album module (escape-on-output model).

- Escape the username and album URL in user_row.phtml (an XSS hole
affecting the album list and users pages); also escape the filter
links in users.phtml.
- Stop double-escaping album names/descriptions: checkout() already
runs htmlentities(), so drop it from PhotoPresenter::previewText
and presentDetail, UserAlbumsController, and the breadcrumb titles
in ShowAlbumController and PhotoCommentsController (the breadcrumbs
template escapes on render). Templates now escape these values once.
- Drop the now-unused Tools injection from UserAlbumsController and
PhotoCommentsController.

Move all album routes into one $router->group('') with a shared
AuthorizedUserMiddleware (mirroring the profile module) instead of
per-route middleware. Numeric path params use the inline {id:number}
syntax; the filter/type enum params keep explicit requirements.

All actions are migrated to the new architecture, so the legacy
front controller can go.

- Delete index.php, lib/Photo.php and the empty includes/ directory.
- Drop the legacy catch-all route (album.legacy); the Aura autoload
registration is removed with index.php.
- Point the sitemap album entry at /album (the migrated route).

Move the vote action to POST /album/photo/{img}/vote/{type} with CSRF.

- Add VoteType enum, EnsureVoteAccessUseCase (can_vote policy),
GetVotePhotoContextUseCase, VotePhotoUseCase and VotePhotoController.
- Add vote repository methods (hasUserVote/addVote) and atomic
vote counter increments on the photo repository.
- Update PhotoPresenter vote URLs and convert vote links to inline
POST forms in top/show/show_one templates.
- Remove legacy includes/vote.php and drop it from the dispatcher.

Add DeletePhotoController (GET confirm + POST submit) with CSRF token
validation, GetDeletePhotoContextUseCase guard (owner / rights>=6) and
DeletePhotoUseCase cascading file/vote/comment removal.

New route POST/GET /album/photo/{img}/delete replaces legacy
?act=image_delete; remove includes/image_delete.php and the legacy
image_delete.phtml template (reuse generic confirm_delete.phtml).

Add MovePhotoController (GET album picker + POST submit) with
GetMovePhotoContextUseCase guard (owner or rights>=6) and MovePhotoUseCase
validating the target album belongs to the photo owner and moving the photo
(inheriting the target album's access). New repository helpers
getUserAlbumsExcept and moveToAlbum. New routes GET+POST
/album/photo/{img}/move; drop the image_move action from the legacy dispatcher
and point the photo move link to the new URL.