MALIO-DEV/Lesstime
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 32 Wiki Activity

Migration modular monolith DDD (0.1 → 3.3) (#17)
Auto Tag Develop / tag (push) Successful in 9s
Details

Browse Source 
## Migration modular monolith DDD — Lesstime (0.1 → 3.3)

Cette MR regroupe l'intégralité de la refonte en monolithe modulaire (strangler progressif, additif). Elle remplace les MR stackées de Phase 1 (#12–#16), désormais incluses ici.

**Ne pas merger avant validation fonctionnelle** : branche destinée à être testée telle quelle.

### Périmètre — 9 modules sous `src/Module/`
| Phase | Module | Contenu |
|------|--------|---------|
| 0.1 | (socle) | infrastructure modulaire, `ModuleInterface`, mapping Doctrine par module |
| 0.2 | (socle front) | auto-détection des layers Nuxt sous `frontend/modules/*` |
| 1.1 | **Core** | Identité (User/Auth), Notifications, Notifier |
| 1.2 | Core | RBAC fin (permissions `module.resource.action`, sidebar gated) |
| 1.3 | Core | Audit log (`#[Auditable]`, listener, provider DBAL) |
| 2.1 | **TimeTracking** | TimeEntry + MCP + export |
| 2.2 | **ProjectManagement** | cœur métier Projets/Tâches + 38 MCP tools |
| 2.3 | **Absence** | demandes, soldes, policies, justificatifs |
| 2.4 | **Directory** | Clients (migrés) + **Prospects** (nouveau, conversion → Client) |
| 2.5 | **Mail** | intégration IMAP OVH + liens tâches |
| 2.6 | **Integration** | Gitea / BookStack / Zimbra / Share |
| 3.1 | **Reporting** | rapports transverses (DBAL read-only, 0 import inter-module) |
| 3.2 | **ClientPortal** | portail client (ROLE_CLIENT cloisonné, tickets, notifications) |
| 3.3 | (finition) | nettoyage legacy — `src/Entity` vide, app 100% modulaire |

### Architecture
- Découplage inter-modules par **contrats** (`UserInterface`, `ProjectInterface`, `TaskInterface`, `TaskTagInterface`, `ClientInterface`, `ClientTicketInterface`, `LeaveProfileInterface`) + `resolve_target_entities` 100% modulaire (aucune cible legacy).
- Repositories : interface `Domain/Repository` + implémentation `Infrastructure/Doctrine`, bindées.
- Reporting en DBAL read-only pur (aucun import d'entité d'un autre module).
- Chaque migration de module : déplacement à comportement préservé (API publique et noms d'outils MCP inchangés), migrations **additives** uniquement (zéro destructif).

### Sécurité
- ROLE_CLIENT cloisonné : un utilisateur client n'accède qu'à `/portal` et à ses propres tickets (filtrés par `allowedProjects`), interdit sur toute l'API interne.
- Correctif : interdiction pour un client de créer un lien vers le partage SMB (upload uniquement).

### QA non-régression (branche reconstruite from scratch)
- Migrations from scratch + fixtures : OK.
- Compilation dev + prod : OK.
- **180 tests PHPUnit verts**, php-cs-fixer clean, ~96 routes, **66 outils MCP** tous sous `App\Module\*`.
- Smoke test runtime multi-rôles (admin / ROLE_USER / ROLE_CLIENT) : 44 vérifications HTTP, **0 écart**, cloisonnement client étanche.
- Build Nuxt OK, 9 layers, 0 import legacy résiduel.

### Points à arbitrer (hors périmètre de cette migration)
- Durcissement MCP/IDOR pré-existant (`userId` explicite sans scoping sur certains tools TimeTracking/Absence/TaskDocument) — ticket dédié recommandé.
- Validation fonctionnelle de **Prospect** et **ClientPortal** (conçus depuis les specs disque).
- **Harmonisation visuelle Malio finale** (3.3) — finition esthétique inter-modules laissée au PO.

---

## ⚠️ Déploiement / migration des données — à ne pas oublier

### 1. Resynchroniser les séquences PostgreSQL après tout import/restore de dump
Si la prod (ou tout environnement) est **montée depuis un dump** (`pg_restore` / `COPY`), les lignes sont chargées avec leurs `id` explicites **sans avancer les séquences** → au premier `INSERT` : `duplicate key value violates unique constraint "..._pkey"` (constaté en local sur `notification`, `task`, `time_entry`…).

À lancer **juste après chaque restore/import** :

```sql
DO $$
DECLARE r RECORD; maxid BIGINT; seq TEXT;
BEGIN
  FOR r IN SELECT table_name, column_name FROM information_schema.columns WHERE table_schema='public'
  LOOP
    seq := pg_get_serial_sequence(quote_ident(r.table_name), r.column_name);
    IF seq IS NOT NULL THEN
      EXECUTE format('SELECT COALESCE(MAX(%I),0) FROM %I', r.column_name, r.table_name) INTO maxid;
      PERFORM setval(seq, GREATEST(maxid,1), maxid > 0);
    END IF;
  END LOOP;
END $$;
```

> Ne concerne **pas** une prod qui tourne déjà (séquences avancées organiquement) — uniquement le cas restore/import. Idempotent, sans risque.

### 2. Fix dénormalisation des collections typées-contrat (code, inclus dans la branche)
Les relations **to-many** typées par une interface `Shared\Domain\Contract\*` (`TimeEntry::tags` → `TaskTagInterface`, `Task::collaborators` → `UserInterface`) étaient **indénormalisables par API Platform** (mono-valué OK via IRI, collection KO) → **tout POST/PATCH portant une telle collection renvoyait 400/500**. Corrigé par un dénormaliseur générique `ContractRelationDenormalizer` (réutilise `resolve_target_entities`, zéro couplage par-entité) + test fonctionnel de non-régression.

---------

Co-authored-by: Matthieu <contact@malio.fr>
Reviewed-on: #17
This commit was merged in pull request #17.
This commit is contained in:
THOLOT DECHENE Matthieu
2026-06-23 13:50:42 +00:00
parent d0a49322e1
commit 8313c759c6
622 changed files with 24802 additions and 2864 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/Unit/Shared/Database/ColumnCommentsCatalogTest.php
+33
View File
@@ -0,0 +1,33 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\Shared\Database;
use App\Shared\Infrastructure\Database\ColumnCommentsCatalog;
use PHPUnit\Framework\TestCase;
/**
* @internal
*/
final class ColumnCommentsCatalogTest extends TestCase
{
public function testTimestampableBlamableCommentsCoverFourColumns(): void
{
$sql = ColumnCommentsCatalog::timestampableBlamableComments('task');
self::assertCount(4, $sql);
self::assertSame(
"COMMENT ON COLUMN task.created_at IS 'Date de creation (UTC). Rempli automatiquement (Timestampable).'",
$sql[0],
);
self::assertStringContainsString('COMMENT ON COLUMN task.created_by IS', $sql[2]);
}
public function testTableNameIsInterpolatedForEveryColumn(): void
{
foreach (ColumnCommentsCatalog::timestampableBlamableComments('time_entry') as $statement) {
self::assertStringContainsString('COMMENT ON COLUMN time_entry.', $statement);
}
}
}
tests/Unit/Shared/Doctrine/TimestampableBlamableSubscriberTest.php
+132
View File
@@ -0,0 +1,132 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\Shared\Doctrine;
use App\Shared\Application\CurrentUserProviderInterface;
use App\Shared\Domain\Contract\BlamableInterface;
use App\Shared\Domain\Contract\TimestampableInterface;
use App\Shared\Domain\Contract\UserInterface;
use App\Shared\Domain\Trait\TimestampableBlamableTrait;
use App\Shared\Infrastructure\Doctrine\TimestampableBlamableSubscriber;
use DateTimeImmutable;
use PHPUnit\Framework\TestCase;
use stdClass;
/**
* @internal
*/
final class TimestampableBlamableSubscriberTest extends TestCase
{
public function testApplyOnCreateSetsTimestampsAndAuthor(): void
{
$user = $this->makeUser(7);
$subscriber = new TimestampableBlamableSubscriber($this->providerReturning($user));
$entity = $this->makeEntity();
$subscriber->applyOnCreate($entity);
self::assertInstanceOf(DateTimeImmutable::class, $entity->getCreatedAt());
self::assertInstanceOf(DateTimeImmutable::class, $entity->getUpdatedAt());
self::assertSame($user, $entity->getCreatedBy());
self::assertSame($user, $entity->getUpdatedBy());
}
public function testApplyOnUpdateLeavesCreatedUntouched(): void
{
$creator = $this->makeUser(1);
$editor = $this->makeUser(2);
$entity = $this->makeEntity();
new TimestampableBlamableSubscriber($this->providerReturning($creator))->applyOnCreate($entity);
$createdAt = $entity->getCreatedAt();
new TimestampableBlamableSubscriber($this->providerReturning($editor))->applyOnUpdate($entity);
self::assertSame($createdAt, $entity->getCreatedAt());
self::assertSame($creator, $entity->getCreatedBy());
self::assertSame($editor, $entity->getUpdatedBy());
}
public function testApplyOnCreateIgnoresNonTimestampableEntities(): void
{
$subscriber = new TimestampableBlamableSubscriber($this->providerReturning(null));
// Must not throw.
$subscriber->applyOnCreate(new stdClass());
$this->addToAssertionCount(1);
}
private function providerReturning(?UserInterface $user): CurrentUserProviderInterface
{
return new class($user) implements CurrentUserProviderInterface {
public function __construct(private ?UserInterface $user) {}
public function getCurrentUser(): ?UserInterface
{
return $this->user;
}
};
}
private function makeUser(int $id): UserInterface
{
return new class($id) implements UserInterface {
public function __construct(private int $id) {}
public function getId(): ?int
{
return $this->id;
}
public function getUserIdentifier(): string
{
return 'user-'.$this->id;
}
public function getUsername(): ?string
{
return 'user-'.$this->id;
}
/** @return list<string> */
public function getRoles(): array
{
return ['ROLE_USER'];
}
public function getFirstName(): ?string
{
return null;
}
public function getLastName(): ?string
{
return null;
}
public function getAvatarUrl(): ?string
{
return null;
}
public function getIsEmployee(): bool
{
return false;
}
public function getEffectivePermissions(): array
{
return [];
}
};
}
private function makeEntity(): object
{
return new class implements TimestampableInterface, BlamableInterface {
use TimestampableBlamableTrait;
};
}
}
tests/Unit/Shared/Module/ModuleRegistryPermissionsTest.php
+29
View File
@@ -0,0 +1,29 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\Shared\Module;
use App\Module\Core\CoreModule;
use App\Shared\Domain\Module\ModuleRegistry;
use PHPUnit\Framework\TestCase;
/**
* @internal
*/
final class ModuleRegistryPermissionsTest extends TestCase
{
public function testAggregatesPermissionsWithModuleId(): void
{
$perms = ModuleRegistry::permissions([CoreModule::class]);
self::assertNotEmpty($perms);
foreach ($perms as $perm) {
self::assertArrayHasKey('code', $perm);
self::assertArrayHasKey('label', $perm);
self::assertArrayHasKey('module', $perm);
self::assertSame('core', $perm['module']);
self::assertStringStartsWith('core.', $perm['code']);
}
}
}
tests/Unit/Shared/Module/ModuleRegistryTest.php
+81
View File
@@ -0,0 +1,81 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\Shared\Module;
use App\Shared\Domain\Module\ModuleInterface;
use App\Shared\Domain\Module\ModuleRegistry;
use PHPUnit\Framework\TestCase;
use stdClass;
/**
* @internal
*/
final class ModuleRegistryTest extends TestCase
{
public function testIdsExtractsDeclaredModuleIds(): void
{
$classes = [FakeAlphaModule::class, FakeBetaModule::class];
self::assertSame(['alpha', 'beta'], ModuleRegistry::ids($classes));
}
public function testIdsIgnoresClassesNotImplementingModuleInterface(): void
{
$classes = [FakeAlphaModule::class, stdClass::class];
self::assertSame(['alpha'], ModuleRegistry::ids($classes));
}
public function testIdsReturnsEmptyArrayForNoModules(): void
{
self::assertSame([], ModuleRegistry::ids([]));
}
}
final class FakeAlphaModule implements ModuleInterface
{
public static function id(): string
{
return 'alpha';
}
public static function label(): string
{
return 'Alpha';
}
public static function isRequired(): bool
{
return false;
}
public static function permissions(): array
{
return [];
}
}
final class FakeBetaModule implements ModuleInterface
{
public static function id(): string
{
return 'beta';
}
public static function label(): string
{
return 'Beta';
}
public static function isRequired(): bool
{
return true;
}
public static function permissions(): array
{
return [];
}
}
tests/Unit/Shared/Sidebar/SidebarFilterTest.php
+130
View File
@@ -0,0 +1,130 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\Shared\Sidebar;
use App\Shared\Domain\Sidebar\SidebarFilter;
use PHPUnit\Framework\TestCase;
/**
* @internal
*/
final class SidebarFilterTest extends TestCase
{
public function testItemWithoutModuleIsAlwaysVisible(): void
{
$sections = [
['label' => 'sidebar.core.section', 'icon' => 'mdi:home', 'items' => [
['label' => 'sidebar.core.dashboard', 'to' => '/', 'icon' => 'mdi:view-dashboard'],
]],
];
$result = SidebarFilter::filter($sections, [], ['ROLE_USER']);
self::assertCount(1, $result['sections']);
self::assertSame('/', $result['sections'][0]['items'][0]['to']);
self::assertSame([], $result['disabledRoutes']);
self::assertArrayNotHasKey('module', $result['sections'][0]['items'][0]);
}
public function testItemWithInactiveModuleIsHiddenAndRouteDisabled(): void
{
$sections = [
['label' => 'sidebar.tt.section', 'icon' => 'mdi:clock', 'items' => [
['label' => 'sidebar.tt.timesheet', 'to' => '/time-tracking', 'icon' => 'mdi:clock', 'module' => 'time_tracking'],
]],
];
$result = SidebarFilter::filter($sections, [], ['ROLE_USER']);
self::assertSame([], $result['sections']);
self::assertSame(['/time-tracking'], $result['disabledRoutes']);
}
public function testItemWithActiveModuleIsVisible(): void
{
$sections = [
['label' => 'sidebar.tt.section', 'icon' => 'mdi:clock', 'items' => [
['label' => 'sidebar.tt.timesheet', 'to' => '/time-tracking', 'icon' => 'mdi:clock', 'module' => 'time_tracking'],
]],
];
$result = SidebarFilter::filter($sections, ['time_tracking'], ['ROLE_USER']);
self::assertCount(1, $result['sections']);
self::assertSame('/time-tracking', $result['sections'][0]['items'][0]['to']);
self::assertSame([], $result['disabledRoutes']);
}
public function testSectionWithRolesIsHiddenWhenRoleMissing(): void
{
$sections = [
['label' => 'sidebar.admin.section', 'icon' => 'mdi:cog', 'roles' => ['ROLE_ADMIN'], 'items' => [
['label' => 'sidebar.admin.admin', 'to' => '/admin', 'icon' => 'mdi:cog'],
]],
];
$result = SidebarFilter::filter($sections, [], ['ROLE_USER']);
self::assertSame([], $result['sections']);
// Filtrage par rôle => PAS de disabledRoutes (réservé au filtrage par module).
self::assertSame([], $result['disabledRoutes']);
}
public function testSectionWithRolesIsVisibleWhenRolePresent(): void
{
$sections = [
['label' => 'sidebar.admin.section', 'icon' => 'mdi:cog', 'roles' => ['ROLE_ADMIN'], 'items' => [
['label' => 'sidebar.admin.admin', 'to' => '/admin', 'icon' => 'mdi:cog'],
]],
];
$result = SidebarFilter::filter($sections, [], ['ROLE_USER', 'ROLE_ADMIN']);
self::assertCount(1, $result['sections']);
self::assertSame('/admin', $result['sections'][0]['items'][0]['to']);
self::assertArrayNotHasKey('roles', $result['sections'][0]);
}
public function testItemWithRolesIsHiddenWhenRoleMissing(): void
{
$sections = [
['label' => 'sidebar.hr.section', 'icon' => 'mdi:calendar', 'items' => [
['label' => 'sidebar.hr.teamAbsences', 'to' => '/team-absences', 'icon' => 'mdi:account-group', 'roles' => ['ROLE_ADMIN']],
['label' => 'sidebar.hr.x', 'to' => '/x', 'icon' => 'mdi:x'],
]],
];
$result = SidebarFilter::filter($sections, [], ['ROLE_USER']);
self::assertCount(1, $result['sections']);
self::assertCount(1, $result['sections'][0]['items']);
self::assertSame('/x', $result['sections'][0]['items'][0]['to']);
self::assertArrayNotHasKey('roles', $result['sections'][0]['items'][0]);
}
public function testItemHiddenWhenPermissionMissing(): void
{
$sections = [[
'label' => 's', 'icon' => 'i',
'items' => [
['label' => 'a', 'to' => '/a', 'icon' => 'i', 'permission' => 'core.users.view'],
['label' => 'b', 'to' => '/b', 'icon' => 'i'],
],
]];
$out = SidebarFilter::filter($sections, [], [], []);
self::assertCount(1, $out['sections'][0]['items']);
self::assertSame('/b', $out['sections'][0]['items'][0]['to']);
}
public function testItemVisibleWhenPermissionGranted(): void
{
$sections = [[
'label' => 's', 'icon' => 'i',
'items' => [['label' => 'a', 'to' => '/a', 'icon' => 'i', 'permission' => 'core.users.view']],
]];
$out = SidebarFilter::filter($sections, [], [], ['core.users.view']);
self::assertCount(1, $out['sections'][0]['items']);
}
}