Matthieu
808a290845
LST-69 (3.2) phase 1. New ClientPortal module + security foundations for the client portal (spec docs/superpowers/specs/2026-03-15-client-portal-design.md). - Security: User::getRoles() no longer adds ROLE_USER to ROLE_CLIENT users; role_hierarchy ROLE_ADMIN: [ROLE_USER, ROLE_CLIENT]. Existing Task/Project/ Client/TimeEntry/metadata endpoints already required ROLE_USER -> a pure ROLE_CLIENT is walled off (verified: 403). - User (Core): client (ManyToOne ClientInterface, SET NULL) + allowedProjects (ManyToMany ProjectInterface). UserInterface extended (getClient/ getAllowedProjects). - New ClientTicket entity (module ClientPortal) + enums + repository + API with per-client isolation (ClientTicketProvider: own tickets ∩ allowedProjects), per-project numbering under advisory lock (rejects if user.client null), status transition rules. ClientTicketInterface contract for Task/TaskDocument. - TaskDocument generalized: task nullable + clientTicket (CASCADE) + CHECK; per-role access. Task.clientTicket exposed in task:read. - Additive migration; demo client fixtures. - Tenancy tests assert the isolation invariant (a client never sees another client's tickets) rather than brittle absolute counts (shared test DB). 178 tests green, mapping valid, cs-fixer clean.
20 lines
567 B
PHP
20 lines
567 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Module\ClientPortal\Domain\Repository;
|
|
|
|
use App\Module\ClientPortal\Domain\Entity\ClientTicket;
|
|
|
|
interface ClientTicketRepositoryInterface
|
|
{
|
|
public function findById(int $id): ?ClientTicket;
|
|
|
|
/**
|
|
* Highest ticket number currently used on a given project, behind a
|
|
* PostgreSQL advisory transaction lock so concurrent inserts serialize.
|
|
* Returns 0 if the project has no ticket yet. Must run inside a transaction.
|
|
*/
|
|
public function findMaxNumberByProjectForUpdate(int $projectId): int;
|
|
}
|