feat(core) : RBAC Task 1 - entites Permission et Role + domaine securite

- Entite Permission avec methodes markOrphan/revive/updateMetadata - Entite Role avec addPermission/removePermission/ensureDeletable - Constantes SystemRoles (codes admin/user partages) - Exception SystemRoleDeletionException pour la garde de suppression - Tests unitaires couvrant le comportement domaine (pas de BDD) Ticket #343 - 1/7 : fondations RBAC (domaine pur, sans persistence). Les entites ne portent pas encore repositoryClass (ajoute en Task 2). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 16:30:15 +02:00
parent e3025bf2c9
commit f0ea9201f5
7 changed files with 459 additions and 0 deletions
--- a/tests/Module/Core/Domain/Entity/RoleTest.php
+++ b/tests/Module/Core/Domain/Entity/RoleTest.php
@@ -0,0 +1,79 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Tests\Module\Core\Domain\Entity;
+
+use App\Module\Core\Domain\Entity\Permission;
+use App\Module\Core\Domain\Entity\Role;
+use App\Module\Core\Domain\Exception\SystemRoleDeletionException;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * @internal
+ */
+final class RoleTest extends TestCase
+{
+    public function testConstructorInitialState(): void
+    {
+        $role = new Role('custom', 'Custom');
+
+        self::assertNull($role->getId());
+        self::assertSame('custom', $role->getCode());
+        self::assertSame('Custom', $role->getLabel());
+        self::assertNull($role->getDescription());
+        self::assertFalse($role->isSystem());
+        self::assertTrue($role->getPermissions()->isEmpty());
+    }
+
+    public function testAddPermissionAddsOnce(): void
+    {
+        $role       = new Role('custom', 'Custom');
+        $permission = new Permission('core.users.view', 'Voir', 'core');
+
+        $role->addPermission($permission);
+        $role->addPermission($permission);
+
+        self::assertSame(1, $role->getPermissions()->count());
+    }
+
+    public function testRemovePermissionRemovesWhenPresent(): void
+    {
+        $role       = new Role('custom', 'Custom');
+        $permission = new Permission('core.users.view', 'Voir', 'core');
+
+        $role->addPermission($permission);
+        $role->removePermission($permission);
+
+        self::assertSame(0, $role->getPermissions()->count());
+    }
+
+    public function testRemovePermissionIsNoOpWhenAbsent(): void
+    {
+        $role       = new Role('custom', 'Custom');
+        $permission = new Permission('core.users.view', 'Voir', 'core');
+
+        $role->removePermission($permission);
+
+        self::assertSame(0, $role->getPermissions()->count());
+    }
+
+    public function testEnsureDeletableAllowsNonSystemRole(): void
+    {
+        $role = new Role('custom', 'Custom', false);
+
+        $role->ensureDeletable();
+
+        $this->expectNotToPerformAssertions();
+    }
+
+    public function testEnsureDeletableThrowsForSystemRole(): void
+    {
+        $role = new Role('admin', 'Admin', true);
+
+        $this->expectException(SystemRoleDeletionException::class);
+        $this->expectExceptionMessage('admin');
+
+        $role->ensureDeletable();
+    }
+}