tristan
d137828919
Exposition de Site via API Platform (5 operations RBAC sites.view/sites.manage), relation User.sites (M2M user_site EAGER) + User.currentSite (M2O nullable, ON DELETE SET NULL). Endpoint PATCH /api/me/current-site via ressource virtuelle + processor (SiteNotAuthorizedException → 403). UserRbacProcessor etendu avec gardes post-persist : auto-reset si currentSite retire, auto-select premier site si null + sites non vide. Page /admin/sites (DataTable + drawer creation/edition + modale suppression). UserRbacDrawer etendu avec section "Sites autorises". Colonne "Sites" ajoutee dans la table /admin/users (liste des noms separes par virgule). Sidebar entree Sites (module: sites, permission: sites.view). Refactor adresse : split full_address en street + complement (nullable) + getter computed Site::getFullAddress() multi-lignes. Migration ALTER dediee pour compat devs ayant deja joue le ticket 1. Fixtures avec vraies adresses (Chatellerault/Fontenet/Pommevic). Doctrine : inversedBy synchrone User.sites <-> Site.users pour maintenir la collection inverse en memoire. User::switchCurrentSite() porte la garde domaine (throw SiteNotAuthorizedException), aligne sur Role::ensureDeletable. Helper skipIfSitesModuleDisabled centralise dans AbstractApiTestCase. Tests : 182/182 (182/182 aussi module desactive, 2 skipped). 29 nouveaux tests PHPUnit (CRUD API, switch currentSite, cascade DB, /api/me enrichi, extension /rbac, gardes structurelles fullAddress/currentSite ignores, anti-cycle Site.users). 11 tests Vitest sur la validation hex couleur. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
93 lines
3.3 KiB
PHP
93 lines
3.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Tests\Module\Sites\Api;
|
|
|
|
use App\Module\Sites\Domain\Entity\Site;
|
|
use App\Tests\Module\Core\Api\AbstractApiTestCase;
|
|
|
|
/**
|
|
* Tests fonctionnels de l'endpoint PATCH /api/me/current-site (switch).
|
|
*
|
|
* Fixtures utilisees :
|
|
* - alice : rattachee a Chatellerault uniquement (currentSite = Chatellerault).
|
|
* - admin : rattache aux 3 sites.
|
|
* - bob : rattache a Saint-Jean uniquement.
|
|
*
|
|
* @internal
|
|
*/
|
|
final class CurrentSiteSwitchApiTest extends AbstractApiTestCase
|
|
{
|
|
public function testUserCanSwitchToAuthorizedSite(): void
|
|
{
|
|
// admin a les 3 sites. On le bascule de Chatellerault vers Pommevic.
|
|
$em = $this->getEm();
|
|
$pommevic = $em->getRepository(Site::class)->findOneBy(['name' => 'Pommevic']);
|
|
self::assertNotNull($pommevic);
|
|
|
|
$client = $this->authenticatedClient('admin', 'admin');
|
|
$response = $client->request('PATCH', '/api/me/current-site', [
|
|
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
|
'json' => ['site' => '/api/sites/'.$pommevic->getId()],
|
|
]);
|
|
|
|
self::assertResponseIsSuccessful();
|
|
$data = $response->toArray();
|
|
self::assertSame('Pommevic', $data['currentSite']['name']);
|
|
}
|
|
|
|
public function testUserCannotSwitchToUnauthorizedSite(): void
|
|
{
|
|
// alice n'a que Chatellerault. Tenter Pommevic → 403.
|
|
$em = $this->getEm();
|
|
$pommevic = $em->getRepository(Site::class)->findOneBy(['name' => 'Pommevic']);
|
|
self::assertNotNull($pommevic);
|
|
|
|
$client = $this->authenticatedClient('alice', 'alice');
|
|
$client->request('PATCH', '/api/me/current-site', [
|
|
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
|
'json' => ['site' => '/api/sites/'.$pommevic->getId()],
|
|
]);
|
|
|
|
self::assertResponseStatusCodeSame(403);
|
|
}
|
|
|
|
public function testSwitchWithMissingSiteFieldReturns400(): void
|
|
{
|
|
$client = $this->authenticatedClient('alice', 'alice');
|
|
$client->request('PATCH', '/api/me/current-site', [
|
|
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
|
'json' => [],
|
|
]);
|
|
|
|
self::assertResponseStatusCodeSame(400);
|
|
}
|
|
|
|
public function testAnonymousUserCannotSwitch(): void
|
|
{
|
|
$client = self::createClient();
|
|
$client->request('PATCH', '/api/me/current-site', [
|
|
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
|
'json' => ['site' => '/api/sites/1'],
|
|
]);
|
|
|
|
self::assertResponseStatusCodeSame(401);
|
|
}
|
|
|
|
public function testSwitchWithNonExistentSiteIriReturnsErrorStatus(): void
|
|
{
|
|
// IRI vers un site qui n'existe pas en base : API Platform leve un
|
|
// 400 Bad Request a la denormalisation (l'IriConverter ne peut pas
|
|
// resoudre l'IRI). On grave le code de retour reel pour eviter
|
|
// qu'une regression silencieuse passe inapercue.
|
|
$client = $this->authenticatedClient('alice', 'alice');
|
|
$client->request('PATCH', '/api/me/current-site', [
|
|
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
|
'json' => ['site' => '/api/sites/999999'],
|
|
]);
|
|
|
|
self::assertResponseStatusCodeSame(400);
|
|
}
|
|
}
|