matthieu
e4fc34b90f
Backend: - Add MCP Serializer to centralize entity-to-array conversion (~300 lines deduped) - Fix race condition in task/ticket number generation (SELECT FOR UPDATE + transaction) - Add unique constraint on task (project_id, number) with migration - Fix MIME type validation: use server-detected finfo instead of client-supplied type - Add allowlist of permitted MIME types for uploads - Fix TaskDocumentDownloadController: allow ROLE_CLIENT access, add priority:1 - Fix notification sent even when ticket status unchanged - Remove redundant exception constructors - Simplify services (BookStackApi double fetch, TokenEncryptor, GiteaApi) - Consolidate duplicate checks in processors Frontend: - Fix useApi isHandlingUnauthorized scope (module-level to prevent double 401 redirect) - Fix client-tickets toast key copy-paste bug - Merge duplicated tasks service methods (getByProject + getByProjectArchived) - Extract shared uploadWithRelation helper in task-documents service - Extract formatFileSize utility from duplicated component code - Extract status transition logic into useClientTicketHelpers composable - Remove dead code (unused router, handleLogout, empty script blocks) - Merge duplicate watchers and onMounted calls - Normalize arrow functions to function declarations per convention Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
75 lines
2.4 KiB
PHP
75 lines
2.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\State;
|
|
|
|
use ApiPlatform\Metadata\Operation;
|
|
use ApiPlatform\State\ProcessorInterface;
|
|
use App\Entity\ClientTicket;
|
|
use App\Service\NotificationService;
|
|
use DateTimeImmutable;
|
|
use Doctrine\ORM\EntityManagerInterface;
|
|
use Symfony\Bundle\SecurityBundle\Security;
|
|
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
|
|
|
/**
|
|
* @implements ProcessorInterface<ClientTicket, ClientTicket>
|
|
*/
|
|
final readonly class ClientTicketStatusProcessor implements ProcessorInterface
|
|
{
|
|
private const FORBIDDEN_TRANSITIONS = [
|
|
'done' => ['new'],
|
|
'rejected' => ['new'],
|
|
];
|
|
|
|
public function __construct(
|
|
private EntityManagerInterface $entityManager,
|
|
private NotificationService $notificationService,
|
|
private Security $security,
|
|
) {}
|
|
|
|
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): ClientTicket
|
|
{
|
|
assert($data instanceof ClientTicket);
|
|
|
|
$originalData = $context['previous_data'] ?? null;
|
|
|
|
$statusChanged = false;
|
|
|
|
if ($originalData instanceof ClientTicket) {
|
|
// ROLE_CLIENT: can only edit content fields, not status
|
|
if (!$this->security->isGranted('ROLE_ADMIN')) {
|
|
$data->setStatus($originalData->getStatus());
|
|
$data->setStatusComment($originalData->getStatusComment());
|
|
}
|
|
|
|
$oldStatus = $originalData->getStatus();
|
|
$newStatus = $data->getStatus();
|
|
|
|
if ($oldStatus !== $newStatus) {
|
|
$statusChanged = true;
|
|
$forbidden = self::FORBIDDEN_TRANSITIONS[$oldStatus] ?? [];
|
|
if (in_array($newStatus, $forbidden, true)) {
|
|
throw new BadRequestHttpException(sprintf('Transition from "%s" to "%s" is not allowed.', $oldStatus, $newStatus));
|
|
}
|
|
|
|
if ('rejected' === $newStatus && (null === $data->getStatusComment() || '' === trim($data->getStatusComment()))) {
|
|
throw new BadRequestHttpException('A comment is required when rejecting a ticket.');
|
|
}
|
|
}
|
|
}
|
|
|
|
$data->setUpdatedAt(new DateTimeImmutable());
|
|
|
|
$this->entityManager->persist($data);
|
|
$this->entityManager->flush();
|
|
|
|
if ($statusChanged) {
|
|
$this->notificationService->createForStatusChange($data);
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
}
|