MALIO-DEV/Coltura
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(sites) : API CRUD + rattachement User<->Site + admin (ticket 2/4)

Browse Source 
Exposition de Site via API Platform (5 operations RBAC sites.view/sites.manage),
relation User.sites (M2M user_site EAGER) + User.currentSite (M2O nullable,
ON DELETE SET NULL). Endpoint PATCH /api/me/current-site via ressource
virtuelle + processor (SiteNotAuthorizedException → 403). UserRbacProcessor
etendu avec gardes post-persist : auto-reset si currentSite retire, auto-select
premier site si null + sites non vide.

Page /admin/sites (DataTable + drawer creation/edition + modale suppression).
UserRbacDrawer etendu avec section "Sites autorises". Colonne "Sites" ajoutee
dans la table /admin/users (liste des noms separes par virgule). Sidebar
entree Sites (module: sites, permission: sites.view).

Refactor adresse : split full_address en street + complement (nullable) + getter
computed Site::getFullAddress() multi-lignes. Migration ALTER dediee pour
compat devs ayant deja joue le ticket 1. Fixtures avec vraies adresses
(Chatellerault/Fontenet/Pommevic).

Doctrine : inversedBy synchrone User.sites <-> Site.users pour maintenir la
collection inverse en memoire. User::switchCurrentSite() porte la garde
domaine (throw SiteNotAuthorizedException), aligne sur Role::ensureDeletable.
Helper skipIfSitesModuleDisabled centralise dans AbstractApiTestCase.

Tests : 182/182 (182/182 aussi module desactive, 2 skipped). 29 nouveaux tests
PHPUnit (CRUD API, switch currentSite, cascade DB, /api/me enrichi, extension
/rbac, gardes structurelles fullAddress/currentSite ignores, anti-cycle
Site.users). 11 tests Vitest sur la validation hex couleur.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Autin
2026-04-20 10:09:05 +02:00
parent 105574ba2f
commit d137828919
32 changed files with 2271 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
tests/Module/Core/Api/AbstractApiTestCase.php
View File

@@ -130,4 +130,34 @@ abstract class AbstractApiTestCase extends ApiTestCase
return ['username' => $username, 'password' => $password];
}
/**
* Skip le test courant si le module Sites est desactive dans
* `config/modules.php` de l'environnement de test.
*
* Mecanisme : on cherche la permission `sites.view` en base. Si le
* module Sites est desactive, `app:sync-permissions` aura marque cette
* permission comme orpheline et l'aura supprimee de la table — donc
* `findOneBy(['code' => 'sites.view'])` renvoie null.
*
* Quand utiliser ce helper : tests qui s'appuient sur
* `createUserWithPermission('sites.*')`. Les tests qui utilisent
* uniquement l'admin (qui bypass via isAdmin) n'en ont pas besoin :
* la classe Site reste mappee Doctrine et exposee via API Platform
* meme module desactive (mapping inconditionnel, decision assumee
* ticket 1).
*/
protected function skipIfSitesModuleDisabled(): void
{
if (!self::$kernel) {
self::bootKernel();
}
$perm = $this->getEm()
->getRepository(Permission::class)
->findOneBy(['code' => 'sites.view'])
;
if (null === $perm) {
self::markTestSkipped('Module Sites desactive : permission sites.view introuvable en base.');
}
}
}

189
tests/Module/Core/Api/UserRbacSitesApiTest.php Normal file
View File

@@ -0,0 +1,189 @@
<?php
declare(strict_types=1);
namespace App\Tests\Module\Core\Api;
use App\Module\Core\Domain\Entity\User;
use App\Module\Sites\Domain\Entity\Site;
/**
* Tests d'extension de l'endpoint PATCH /api/users/{id}/rbac pour assigner
* des sites a un user, avec les deux gardes post-persist :
* - si currentSite n'est plus dans sites → null ;
* - si currentSite null ET sites non vide → auto-select premier site.
*
* @internal
*/
final class UserRbacSitesApiTest extends AbstractApiTestCase
{
public function testAdminCanAssignSitesToUser(): void
{
$em = $this->getEm();
$saintJean = $em->getRepository(Site::class)->findOneBy(['name' => 'Saint-Jean']);
self::assertNotNull($saintJean);
$alice = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
$aliceId = $alice->getId();
$em->clear();
$client = $this->authenticatedClient('admin', 'admin');
$client->request('PATCH', '/api/users/'.$aliceId.'/rbac', [
'headers' => ['Content-Type' => 'application/merge-patch+json'],
'json' => [
'sites' => ['/api/sites/'.$saintJean->getId()],
],
]);
self::assertResponseIsSuccessful();
// Verification cote base.
$em = $this->getEm();
$em->clear();
$reloaded = $em->getRepository(User::class)->find($aliceId);
self::assertNotNull($reloaded);
self::assertCount(1, $reloaded->getSites());
self::assertSame('Saint-Jean', $reloaded->getSites()->first()->getName());
// Restauration pour ne pas polluer les autres tests.
$this->restoreAliceSites();
}
public function testRemovingCurrentSiteResetsCurrentSiteToNullThenAutoSelectsFirst(): void
{
// alice a actuellement {Chatellerault}, currentSite=Chatellerault.
// On lui attribue {Saint-Jean} : Chatellerault disparait → currentSite
// devrait temporairement etre null, PUIS auto-select Saint-Jean (seul
// site restant).
$em = $this->getEm();
$saintJean = $em->getRepository(Site::class)->findOneBy(['name' => 'Saint-Jean']);
$alice = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
$aliceId = $alice->getId();
$em->clear();
$client = $this->authenticatedClient('admin', 'admin');
$client->request('PATCH', '/api/users/'.$aliceId.'/rbac', [
'headers' => ['Content-Type' => 'application/merge-patch+json'],
'json' => [
'sites' => ['/api/sites/'.$saintJean->getId()],
],
]);
self::assertResponseIsSuccessful();
$em = $this->getEm();
$em->clear();
$reloaded = $em->getRepository(User::class)->find($aliceId);
self::assertNotNull($reloaded->getCurrentSite());
self::assertSame('Saint-Jean', $reloaded->getCurrentSite()->getName());
$this->restoreAliceSites();
}
public function testEmptySitesPayloadResetsCurrentSiteToNull(): void
{
$em = $this->getEm();
$alice = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
$aliceId = $alice->getId();
$em->clear();
$client = $this->authenticatedClient('admin', 'admin');
$client->request('PATCH', '/api/users/'.$aliceId.'/rbac', [
'headers' => ['Content-Type' => 'application/merge-patch+json'],
'json' => [
'sites' => [],
],
]);
self::assertResponseIsSuccessful();
$em = $this->getEm();
$em->clear();
$reloaded = $em->getRepository(User::class)->find($aliceId);
self::assertCount(0, $reloaded->getSites());
self::assertNull($reloaded->getCurrentSite());
$this->restoreAliceSites();
}
public function testCurrentSiteFieldInRbacPayloadIsSilentlyIgnored(): void
{
// Garde structurelle : `currentSite` n'est pas dans le groupe
// user:rbac:write. Un client malveillant qui essaierait de set un
// currentSite arbitraire via /rbac doit etre silencieusement
// ignore (le seul flux autorise est PATCH /me/current-site).
$em = $this->getEm();
$pommevic = $em->getRepository(Site::class)->findOneBy(['name' => 'Pommevic']);
$alice = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
$aliceId = $alice->getId();
$em->clear();
$client = $this->authenticatedClient('admin', 'admin');
$client->request('PATCH', '/api/users/'.$aliceId.'/rbac', [
'headers' => ['Content-Type' => 'application/merge-patch+json'],
'json' => [
'currentSite' => '/api/sites/'.$pommevic->getId(),
],
]);
self::assertResponseIsSuccessful();
// alice n'a Pommevic ni dans ses sites ni en currentSite (le champ
// a ete ignore par le denormalizer). Son currentSite reste son
// Chatellerault d'origine.
$em = $this->getEm();
$em->clear();
$reloaded = $em->getRepository(User::class)->find($aliceId);
self::assertNotNull($reloaded);
self::assertNotNull($reloaded->getCurrentSite());
self::assertSame('Chatellerault', $reloaded->getCurrentSite()->getName());
}
public function testRbacPatchWithoutSitesFieldDoesNotChangeCurrentSite(): void
{
// Garde structurelle : si le payload /rbac ne contient pas le champ
// `sites`, ensureCurrentSiteConsistency ne doit pas auto-modifier
// le currentSite (alice avait deja Chatellerault). Un PATCH qui
// change uniquement isAdmin ou roles ne doit pas remuer la
// configuration site de l'user.
$em = $this->getEm();
$alice = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
$aliceId = $alice->getId();
$em->clear();
$client = $this->authenticatedClient('admin', 'admin');
$client->request('PATCH', '/api/users/'.$aliceId.'/rbac', [
'headers' => ['Content-Type' => 'application/merge-patch+json'],
'json' => [
'isAdmin' => false,
],
]);
self::assertResponseIsSuccessful();
$em = $this->getEm();
$em->clear();
$reloaded = $em->getRepository(User::class)->find($aliceId);
self::assertNotNull($reloaded->getCurrentSite());
self::assertSame('Chatellerault', $reloaded->getCurrentSite()->getName());
}
/**
* Remet alice dans l'etat des fixtures : un seul site Chatellerault,
* currentSite Chatellerault. Evite la pollution inter-tests.
*/
private function restoreAliceSites(): void
{
$em = $this->getEm();
$chatellerault = $em->getRepository(Site::class)->findOneBy(['name' => 'Chatellerault']);
$alice = $em->getRepository(User::class)->findOneBy(['username' => 'alice']);
// Reset complet des sites
foreach ($alice->getSites() as $existing) {
$alice->removeSite($existing);
}
$alice->addSite($chatellerault);
$alice->setCurrentSite($chatellerault);
$em->flush();
}
}