matthieu
8313c759c6
Auto Tag Develop / tag (push) Successful in 9s
## Migration modular monolith DDD — Lesstime (0.1 → 3.3) Cette MR regroupe l'intégralité de la refonte en monolithe modulaire (strangler progressif, additif). Elle remplace les MR stackées de Phase 1 (#12–#16), désormais incluses ici. **Ne pas merger avant validation fonctionnelle** : branche destinée à être testée telle quelle. ### Périmètre — 9 modules sous `src/Module/` | Phase | Module | Contenu | |------|--------|---------| | 0.1 | (socle) | infrastructure modulaire, `ModuleInterface`, mapping Doctrine par module | | 0.2 | (socle front) | auto-détection des layers Nuxt sous `frontend/modules/*` | | 1.1 | **Core** | Identité (User/Auth), Notifications, Notifier | | 1.2 | Core | RBAC fin (permissions `module.resource.action`, sidebar gated) | | 1.3 | Core | Audit log (`#[Auditable]`, listener, provider DBAL) | | 2.1 | **TimeTracking** | TimeEntry + MCP + export | | 2.2 | **ProjectManagement** | cœur métier Projets/Tâches + 38 MCP tools | | 2.3 | **Absence** | demandes, soldes, policies, justificatifs | | 2.4 | **Directory** | Clients (migrés) + **Prospects** (nouveau, conversion → Client) | | 2.5 | **Mail** | intégration IMAP OVH + liens tâches | | 2.6 | **Integration** | Gitea / BookStack / Zimbra / Share | | 3.1 | **Reporting** | rapports transverses (DBAL read-only, 0 import inter-module) | | 3.2 | **ClientPortal** | portail client (ROLE_CLIENT cloisonné, tickets, notifications) | | 3.3 | (finition) | nettoyage legacy — `src/Entity` vide, app 100% modulaire | ### Architecture - Découplage inter-modules par **contrats** (`UserInterface`, `ProjectInterface`, `TaskInterface`, `TaskTagInterface`, `ClientInterface`, `ClientTicketInterface`, `LeaveProfileInterface`) + `resolve_target_entities` 100% modulaire (aucune cible legacy). - Repositories : interface `Domain/Repository` + implémentation `Infrastructure/Doctrine`, bindées. - Reporting en DBAL read-only pur (aucun import d'entité d'un autre module). - Chaque migration de module : déplacement à comportement préservé (API publique et noms d'outils MCP inchangés), migrations **additives** uniquement (zéro destructif). ### Sécurité - ROLE_CLIENT cloisonné : un utilisateur client n'accède qu'à `/portal` et à ses propres tickets (filtrés par `allowedProjects`), interdit sur toute l'API interne. - Correctif : interdiction pour un client de créer un lien vers le partage SMB (upload uniquement). ### QA non-régression (branche reconstruite from scratch) - Migrations from scratch + fixtures : OK. - Compilation dev + prod : OK. - **180 tests PHPUnit verts**, php-cs-fixer clean, ~96 routes, **66 outils MCP** tous sous `App\Module\*`. - Smoke test runtime multi-rôles (admin / ROLE_USER / ROLE_CLIENT) : 44 vérifications HTTP, **0 écart**, cloisonnement client étanche. - Build Nuxt OK, 9 layers, 0 import legacy résiduel. ### Points à arbitrer (hors périmètre de cette migration) - Durcissement MCP/IDOR pré-existant (`userId` explicite sans scoping sur certains tools TimeTracking/Absence/TaskDocument) — ticket dédié recommandé. - Validation fonctionnelle de **Prospect** et **ClientPortal** (conçus depuis les specs disque). - **Harmonisation visuelle Malio finale** (3.3) — finition esthétique inter-modules laissée au PO. --- ## ⚠️ Déploiement / migration des données — à ne pas oublier ### 1. Resynchroniser les séquences PostgreSQL après tout import/restore de dump Si la prod (ou tout environnement) est **montée depuis un dump** (`pg_restore` / `COPY`), les lignes sont chargées avec leurs `id` explicites **sans avancer les séquences** → au premier `INSERT` : `duplicate key value violates unique constraint "..._pkey"` (constaté en local sur `notification`, `task`, `time_entry`…). À lancer **juste après chaque restore/import** : ```sql DO $$ DECLARE r RECORD; maxid BIGINT; seq TEXT; BEGIN FOR r IN SELECT table_name, column_name FROM information_schema.columns WHERE table_schema='public' LOOP seq := pg_get_serial_sequence(quote_ident(r.table_name), r.column_name); IF seq IS NOT NULL THEN EXECUTE format('SELECT COALESCE(MAX(%I),0) FROM %I', r.column_name, r.table_name) INTO maxid; PERFORM setval(seq, GREATEST(maxid,1), maxid > 0); END IF; END LOOP; END $$; ``` > Ne concerne **pas** une prod qui tourne déjà (séquences avancées organiquement) — uniquement le cas restore/import. Idempotent, sans risque. ### 2. Fix dénormalisation des collections typées-contrat (code, inclus dans la branche) Les relations **to-many** typées par une interface `Shared\Domain\Contract\*` (`TimeEntry::tags` → `TaskTagInterface`, `Task::collaborators` → `UserInterface`) étaient **indénormalisables par API Platform** (mono-valué OK via IRI, collection KO) → **tout POST/PATCH portant une telle collection renvoyait 400/500**. Corrigé par un dénormaliseur générique `ContractRelationDenormalizer` (réutilise `resolve_target_entities`, zéro couplage par-entité) + test fonctionnel de non-régression. --------- Co-authored-by: Matthieu <contact@malio.fr> Reviewed-on: #17
252 lines
9.5 KiB
PHP
252 lines
9.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Tests\Functional\Mcp;
|
|
|
|
use App\Module\Absence\Application\Service\AbsenceBalanceService;
|
|
use App\Module\Absence\Domain\Entity\AbsenceBalance;
|
|
use App\Module\Absence\Domain\Entity\AbsencePolicy;
|
|
use App\Module\Absence\Domain\Enum\AbsenceType;
|
|
use App\Module\Absence\Domain\Service\AbsenceDayCalculator;
|
|
use App\Module\Absence\Infrastructure\Doctrine\DoctrineAbsenceBalanceRepository;
|
|
use App\Module\Absence\Infrastructure\Doctrine\DoctrineAbsencePolicyRepository;
|
|
use App\Module\Absence\Infrastructure\Doctrine\DoctrineAbsenceRequestRepository;
|
|
use App\Module\Absence\Infrastructure\Mcp\Tool\CancelAbsenceRequestTool;
|
|
use App\Module\Absence\Infrastructure\Mcp\Tool\CreateAbsenceRequestTool;
|
|
use App\Module\Absence\Infrastructure\Mcp\Tool\ReviewAbsenceRequestTool;
|
|
use App\Module\Core\Domain\Entity\User;
|
|
use App\Module\Core\Infrastructure\Doctrine\DoctrineUserRepository;
|
|
use Doctrine\ORM\EntityManagerInterface;
|
|
use InvalidArgumentException;
|
|
use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
|
|
use Symfony\Bundle\SecurityBundle\Security;
|
|
|
|
/**
|
|
* @internal
|
|
*/
|
|
class AbsenceRequestLifecycleTest extends KernelTestCase
|
|
{
|
|
private EntityManagerInterface $em;
|
|
private User $employee;
|
|
private User $admin;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
self::bootKernel();
|
|
$this->em = self::getContainer()->get(EntityManagerInterface::class);
|
|
|
|
// Employé dédié au test.
|
|
$this->employee = new User();
|
|
$this->employee->setUsername('mcp-test-employee-'.uniqid());
|
|
$this->employee->setPassword('x');
|
|
$this->employee->setRoles(['ROLE_USER']);
|
|
$this->employee->setIsEmployee(true);
|
|
$this->employee->setReferencePeriodStart('06-01');
|
|
$this->em->persist($this->employee);
|
|
|
|
$this->admin = new User();
|
|
$this->admin->setUsername('mcp-test-admin-'.uniqid());
|
|
$this->admin->setPassword('x');
|
|
$this->admin->setRoles(['ROLE_ADMIN']);
|
|
$this->em->persist($this->admin);
|
|
|
|
// Policy CP active (créée si absente — findOneByType peut déjà exister via fixtures).
|
|
$policy = $this->em->getRepository(AbsencePolicy::class)->findOneBy(['type' => AbsenceType::PaidLeave]);
|
|
if (null === $policy) {
|
|
$policy = new AbsencePolicy();
|
|
$policy->setType(AbsenceType::PaidLeave);
|
|
$policy->setCountWorkingDaysOnly(true);
|
|
$policy->setActive(true);
|
|
$this->em->persist($policy);
|
|
} else {
|
|
$policy->setActive(true);
|
|
}
|
|
|
|
// Entitlement so CP requests can be approved without breaching the
|
|
// no-negative-balance guard (period of the June 2026 test requests).
|
|
$balance = new AbsenceBalance();
|
|
$balance->setUser($this->employee);
|
|
$balance->setType(AbsenceType::PaidLeave);
|
|
$balance->setPeriod('2026-2027');
|
|
$balance->setAcquired(25.0);
|
|
$this->em->persist($balance);
|
|
|
|
$this->em->flush();
|
|
}
|
|
|
|
public function testCreateReservesPendingDays(): void
|
|
{
|
|
$tool = $this->createTool($this->admin);
|
|
|
|
// Lundi 2026-06-01 → vendredi 2026-06-05 = 5 jours ouvrés.
|
|
$json = ($tool)(
|
|
$this->employee->getId(),
|
|
'cp',
|
|
'2026-06-01',
|
|
'2026-06-05',
|
|
);
|
|
$data = json_decode($json, true);
|
|
|
|
self::assertSame('pending', $data['status']);
|
|
// JSON ne préserve pas le type float pour un entier (5.0 -> 5) : on compare la valeur.
|
|
self::assertSame(5.0, (float) $data['countedDays']);
|
|
self::assertSame($this->employee->getId(), $data['user']['id']);
|
|
|
|
$balance = self::getContainer()->get(DoctrineAbsenceBalanceRepository::class)
|
|
->findOneForPeriod($this->employee, AbsenceType::PaidLeave, '2026-2027')
|
|
;
|
|
self::assertNotNull($balance);
|
|
self::assertSame(5.0, $balance->getPending());
|
|
}
|
|
|
|
public function testApproveMovesPendingToTaken(): void
|
|
{
|
|
$created = json_decode(
|
|
($this->createTool($this->admin))($this->employee->getId(), 'cp', '2026-06-01', '2026-06-05'),
|
|
true,
|
|
);
|
|
|
|
$json = ($this->reviewTool($this->admin))($created['id'], 'approve');
|
|
$data = json_decode($json, true);
|
|
|
|
self::assertSame('approved', $data['status']);
|
|
self::assertSame($this->admin->getId(), $data['reviewedBy']['id']);
|
|
|
|
$balance = self::getContainer()->get(DoctrineAbsenceBalanceRepository::class)
|
|
->findOneForPeriod($this->employee, AbsenceType::PaidLeave, '2026-2027')
|
|
;
|
|
self::assertSame(0.0, $balance->getPending());
|
|
self::assertSame(5.0, $balance->getTaken());
|
|
}
|
|
|
|
public function testApproveBeyondAvailableBalanceIsBlocked(): void
|
|
{
|
|
$created = json_decode(
|
|
($this->createTool($this->admin))($this->employee->getId(), 'cp', '2026-06-01', '2026-06-05'),
|
|
true,
|
|
);
|
|
|
|
// Shrink the entitlement below the 5 requested days.
|
|
$balance = self::getContainer()->get(DoctrineAbsenceBalanceRepository::class)
|
|
->findOneForPeriod($this->employee, AbsenceType::PaidLeave, '2026-2027')
|
|
;
|
|
$balance->setAcquired(2.0);
|
|
$balance->setAcquiring(0.0);
|
|
$this->em->flush();
|
|
|
|
try {
|
|
($this->reviewTool($this->admin))($created['id'], 'approve');
|
|
self::fail('Expected approval to be blocked when it would breach the balance.');
|
|
} catch (InvalidArgumentException $e) {
|
|
self::assertStringContainsString('below zero', $e->getMessage());
|
|
}
|
|
|
|
// Approval bailed out before mutating: nothing moved to taken, days stay reserved.
|
|
self::assertSame(0.0, $balance->getTaken());
|
|
self::assertSame(5.0, $balance->getPending());
|
|
}
|
|
|
|
public function testAdminCancelApprovedReleasesTaken(): void
|
|
{
|
|
$created = json_decode(
|
|
($this->createTool($this->admin))($this->employee->getId(), 'cp', '2026-06-01', '2026-06-05'),
|
|
true,
|
|
);
|
|
($this->reviewTool($this->admin))($created['id'], 'approve');
|
|
|
|
$data = json_decode(($this->cancelTool($this->admin))($created['id']), true);
|
|
self::assertSame('cancelled', $data['status']);
|
|
|
|
$balance = self::getContainer()->get(DoctrineAbsenceBalanceRepository::class)
|
|
->findOneForPeriod($this->employee, AbsenceType::PaidLeave, '2026-2027')
|
|
;
|
|
self::assertSame(0.0, $balance->getTaken());
|
|
self::assertSame(0.0, $balance->getPending());
|
|
}
|
|
|
|
public function testBereavementRequiresReasonAndDoesNotTouchBalance(): void
|
|
{
|
|
// Ensure an active bereavement policy exists (no fixed entitlement).
|
|
$policy = $this->em->getRepository(AbsencePolicy::class)->findOneBy(['type' => AbsenceType::Bereavement]);
|
|
if (null === $policy) {
|
|
$policy = new AbsencePolicy();
|
|
$policy->setType(AbsenceType::Bereavement);
|
|
$policy->setCountWorkingDaysOnly(true);
|
|
$this->em->persist($policy);
|
|
}
|
|
$policy->setActive(true);
|
|
$this->em->flush();
|
|
|
|
$tool = $this->createTool($this->admin);
|
|
|
|
// Without a reason → rejected.
|
|
try {
|
|
($tool)($this->employee->getId(), 'deces', '2026-06-10', '2026-06-12');
|
|
self::fail('Expected an exception for bereavement without a reason.');
|
|
} catch (InvalidArgumentException $e) {
|
|
self::assertStringContainsString('reason', $e->getMessage());
|
|
}
|
|
|
|
// With a reason → accepted, and no balance row is created (per-event right).
|
|
$data = json_decode(
|
|
($tool)($this->employee->getId(), 'deces', '2026-06-10', '2026-06-12', null, null, 'Décès grand-parent'),
|
|
true,
|
|
);
|
|
self::assertSame('pending', $data['status']);
|
|
|
|
$balance = self::getContainer()->get(DoctrineAbsenceBalanceRepository::class)
|
|
->findOneForPeriod($this->employee, AbsenceType::Bereavement, '2026')
|
|
;
|
|
self::assertNull($balance, 'Bereavement must not create or touch any balance.');
|
|
}
|
|
|
|
private function securityFor(User $user): Security
|
|
{
|
|
$security = $this->createMock(Security::class);
|
|
$security->method('isGranted')->willReturn(true);
|
|
$security->method('getUser')->willReturn($user);
|
|
|
|
return $security;
|
|
}
|
|
|
|
private function createTool(User $actor): CreateAbsenceRequestTool
|
|
{
|
|
$c = self::getContainer();
|
|
|
|
return new CreateAbsenceRequestTool(
|
|
$c->get(EntityManagerInterface::class),
|
|
$c->get(DoctrineUserRepository::class),
|
|
$c->get(DoctrineAbsencePolicyRepository::class),
|
|
$c->get(DoctrineAbsenceRequestRepository::class),
|
|
$c->get(AbsenceDayCalculator::class),
|
|
$c->get(AbsenceBalanceService::class),
|
|
$this->securityFor($actor),
|
|
);
|
|
}
|
|
|
|
private function reviewTool(User $actor): ReviewAbsenceRequestTool
|
|
{
|
|
$c = self::getContainer();
|
|
|
|
return new ReviewAbsenceRequestTool(
|
|
$c->get(EntityManagerInterface::class),
|
|
$c->get(DoctrineAbsenceRequestRepository::class),
|
|
$c->get(AbsenceBalanceService::class),
|
|
$this->securityFor($actor),
|
|
);
|
|
}
|
|
|
|
private function cancelTool(User $actor): CancelAbsenceRequestTool
|
|
{
|
|
$c = self::getContainer();
|
|
|
|
return new CancelAbsenceRequestTool(
|
|
$c->get(EntityManagerInterface::class),
|
|
$c->get(DoctrineAbsenceRequestRepository::class),
|
|
$c->get(AbsenceBalanceService::class),
|
|
$this->securityFor($actor),
|
|
);
|
|
}
|
|
}
|