Matthieu
808a290845
LST-69 (3.2) phase 1. New ClientPortal module + security foundations for the client portal (spec docs/superpowers/specs/2026-03-15-client-portal-design.md). - Security: User::getRoles() no longer adds ROLE_USER to ROLE_CLIENT users; role_hierarchy ROLE_ADMIN: [ROLE_USER, ROLE_CLIENT]. Existing Task/Project/ Client/TimeEntry/metadata endpoints already required ROLE_USER -> a pure ROLE_CLIENT is walled off (verified: 403). - User (Core): client (ManyToOne ClientInterface, SET NULL) + allowedProjects (ManyToMany ProjectInterface). UserInterface extended (getClient/ getAllowedProjects). - New ClientTicket entity (module ClientPortal) + enums + repository + API with per-client isolation (ClientTicketProvider: own tickets ∩ allowedProjects), per-project numbering under advisory lock (rejects if user.client null), status transition rules. ClientTicketInterface contract for Task/TaskDocument. - TaskDocument generalized: task nullable + clientTicket (CASCADE) + CHECK; per-role access. Task.clientTicket exposed in task:read. - Additive migration; demo client fixtures. - Tenancy tests assert the isolation invariant (a client never sees another client's tickets) rather than brittle absolute counts (shared test DB). 178 tests green, mapping valid, cs-fixer clean.
146 lines
4.2 KiB
PHP
146 lines
4.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Tests\Unit\Shared\Doctrine;
|
|
|
|
use App\Shared\Application\CurrentUserProviderInterface;
|
|
use App\Shared\Domain\Contract\BlamableInterface;
|
|
use App\Shared\Domain\Contract\ClientInterface;
|
|
use App\Shared\Domain\Contract\TimestampableInterface;
|
|
use App\Shared\Domain\Contract\UserInterface;
|
|
use App\Shared\Domain\Trait\TimestampableBlamableTrait;
|
|
use App\Shared\Infrastructure\Doctrine\TimestampableBlamableSubscriber;
|
|
use DateTimeImmutable;
|
|
use Doctrine\Common\Collections\ArrayCollection;
|
|
use Doctrine\Common\Collections\Collection;
|
|
use PHPUnit\Framework\TestCase;
|
|
use stdClass;
|
|
|
|
/**
|
|
* @internal
|
|
*/
|
|
final class TimestampableBlamableSubscriberTest extends TestCase
|
|
{
|
|
public function testApplyOnCreateSetsTimestampsAndAuthor(): void
|
|
{
|
|
$user = $this->makeUser(7);
|
|
$subscriber = new TimestampableBlamableSubscriber($this->providerReturning($user));
|
|
$entity = $this->makeEntity();
|
|
|
|
$subscriber->applyOnCreate($entity);
|
|
|
|
self::assertInstanceOf(DateTimeImmutable::class, $entity->getCreatedAt());
|
|
self::assertInstanceOf(DateTimeImmutable::class, $entity->getUpdatedAt());
|
|
self::assertSame($user, $entity->getCreatedBy());
|
|
self::assertSame($user, $entity->getUpdatedBy());
|
|
}
|
|
|
|
public function testApplyOnUpdateLeavesCreatedUntouched(): void
|
|
{
|
|
$creator = $this->makeUser(1);
|
|
$editor = $this->makeUser(2);
|
|
$entity = $this->makeEntity();
|
|
|
|
new TimestampableBlamableSubscriber($this->providerReturning($creator))->applyOnCreate($entity);
|
|
$createdAt = $entity->getCreatedAt();
|
|
|
|
new TimestampableBlamableSubscriber($this->providerReturning($editor))->applyOnUpdate($entity);
|
|
|
|
self::assertSame($createdAt, $entity->getCreatedAt());
|
|
self::assertSame($creator, $entity->getCreatedBy());
|
|
self::assertSame($editor, $entity->getUpdatedBy());
|
|
}
|
|
|
|
public function testApplyOnCreateIgnoresNonTimestampableEntities(): void
|
|
{
|
|
$subscriber = new TimestampableBlamableSubscriber($this->providerReturning(null));
|
|
|
|
// Must not throw.
|
|
$subscriber->applyOnCreate(new stdClass());
|
|
$this->addToAssertionCount(1);
|
|
}
|
|
|
|
private function providerReturning(?UserInterface $user): CurrentUserProviderInterface
|
|
{
|
|
return new class($user) implements CurrentUserProviderInterface {
|
|
public function __construct(private ?UserInterface $user) {}
|
|
|
|
public function getCurrentUser(): ?UserInterface
|
|
{
|
|
return $this->user;
|
|
}
|
|
};
|
|
}
|
|
|
|
private function makeUser(int $id): UserInterface
|
|
{
|
|
return new class($id) implements UserInterface {
|
|
public function __construct(private int $id) {}
|
|
|
|
public function getId(): ?int
|
|
{
|
|
return $this->id;
|
|
}
|
|
|
|
public function getUserIdentifier(): string
|
|
{
|
|
return 'user-'.$this->id;
|
|
}
|
|
|
|
public function getUsername(): ?string
|
|
{
|
|
return 'user-'.$this->id;
|
|
}
|
|
|
|
/** @return list<string> */
|
|
public function getRoles(): array
|
|
{
|
|
return ['ROLE_USER'];
|
|
}
|
|
|
|
public function getFirstName(): ?string
|
|
{
|
|
return null;
|
|
}
|
|
|
|
public function getLastName(): ?string
|
|
{
|
|
return null;
|
|
}
|
|
|
|
public function getAvatarUrl(): ?string
|
|
{
|
|
return null;
|
|
}
|
|
|
|
public function getIsEmployee(): bool
|
|
{
|
|
return false;
|
|
}
|
|
|
|
public function getEffectivePermissions(): array
|
|
{
|
|
return [];
|
|
}
|
|
|
|
public function getClient(): ?ClientInterface
|
|
{
|
|
return null;
|
|
}
|
|
|
|
public function getAllowedProjects(): Collection
|
|
{
|
|
return new ArrayCollection();
|
|
}
|
|
};
|
|
}
|
|
|
|
private function makeEntity(): object
|
|
{
|
|
return new class implements TimestampableInterface, BlamableInterface {
|
|
use TimestampableBlamableTrait;
|
|
};
|
|
}
|
|
}
|