MALIO-DEV/Starseed
3
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

feat(catalog) : M7 — StorageProvider + StorageProcessor (liste paginée + filtres, 409 unicité RG-7.01, normalisation numéro) (ERP-213)

Browse Source
This commit is contained in:
Autin
2026-06-29 16:43:19 +02:00
parent 8c4c34c1a3
commit 0aa97b5975
7 changed files with 866 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/Module/Catalog/Api/AbstractStorageApiTestCase.php
+202
View File
@@ -0,0 +1,202 @@
<?php
declare(strict_types=1);
namespace App\Tests\Module\Catalog\Api;
use ApiPlatform\Symfony\Bundle\Test\Client;
use App\Module\Catalog\Domain\Entity\Storage;
use App\Module\Catalog\Domain\Entity\StorageType;
use App\Module\Sites\Domain\Entity\Site;
use DateTimeImmutable;
use Symfony\Contracts\HttpClient\ResponseInterface;
/**
* Classe de base des tests fonctionnels de l'entite Storage (M7, module Catalog).
*
* Etend la base Catalog (helpers d'auth + personas metier) et ajoute ce qu'il faut
* pour exercer l'API stockage de bout en bout :
* - `seedStorageType()` : type de stockage de test (code prefixe pour cleanup).
* - `firstSite()` / `siteByCode()` : sites fixtures (86 / 17 / 82).
* - `authView()` : user non-admin portant la permission `catalog.storages.view`.
* - `validStoragePayload()` : payload POST de reference (IRIs site / storageType),
* surchargeable par cle.
* - `seedStorageEntity()` : seede un stockage via l'EM (id existant, soft-deleted).
* - `iri()` / `memberById()` / `violationPaths()` : utilitaires Hydra.
*
* Cleanup : on purge les stockages (toute la table — aucune fixture stockage en env
* test) AVANT le parent, car storage reference site / storage_type en FK ON DELETE
* RESTRICT. Les types de stockage de test (prefixe code) sont purges dans la foulee.
*
* @internal
*/
abstract class AbstractStorageApiTestCase extends AbstractCatalogApiTestCase
{
protected const string LD = 'application/ld+json';
protected const string MERGE = 'application/merge-patch+json';
/** Prefixe des codes de StorageType seedes par ces tests (purge ciblee). */
protected const string TEST_STORAGE_TYPE_PREFIX = 'TESTSTO';
protected function tearDown(): void
{
$em = $this->getEm();
// Stockages d'abord : ils referencent site / storage_type en FK RESTRICT.
$em->createQuery('DELETE FROM '.Storage::class)->execute();
// Types de stockage de test (prefixe code).
$em->createQuery('DELETE FROM '.StorageType::class.' s WHERE s.code LIKE :prefix')
->setParameter('prefix', self::TEST_STORAGE_TYPE_PREFIX.'%')
->execute()
;
parent::tearDown();
}
/**
* Cree un type de stockage de test (code prefixe TESTSTO pour le cleanup).
*/
protected function seedStorageType(string $label = 'Cellule test'): StorageType
{
$em = $this->getEm();
$storageType = new StorageType();
$storageType->setCode($this->uniqueCode(self::TEST_STORAGE_TYPE_PREFIX));
$storageType->setLabel($label);
$em->persist($storageType);
$em->flush();
return $storageType;
}
protected function siteByCode(string $code): Site
{
$site = $this->getEm()->getRepository(Site::class)->findOneBy(['code' => $code]);
self::assertInstanceOf(Site::class, $site, sprintf('Le site de code "%s" doit etre seede.', $code));
return $site;
}
protected function firstSite(): Site
{
$site = $this->getEm()->getRepository(Site::class)->findOneBy([]);
self::assertInstanceOf(Site::class, $site, 'Un site fixture est requis (SitesFixtures).');
return $site;
}
/**
* Client non-admin portant seulement `catalog.storages.view`.
*/
protected function authView(): Client
{
$creds = $this->createUserWithPermission('catalog.storages.view');
return $this->authenticatedClient($creds['username'], $creds['password']);
}
/**
* Payload POST de reference : un stockage valide (1 site, 1 type, 1 numero,
* 1 etat). Surchargeable par cle via $overrides (ex: ['numero' => 'A1']).
*
* @param array<string, mixed> $overrides
*
* @return array<string, mixed>
*/
protected function validStoragePayload(array $overrides = []): array
{
$site = $this->firstSite();
$storageType = $this->seedStorageType();
$base = [
'site' => $this->iri('sites', (int) $site->getId()),
'storageType' => $this->iri('storage_types', (int) $storageType->getId()),
'numero' => $this->uniqueCode('NUM'),
'states' => [Storage::STATE_RECEPTION],
];
return array_replace($base, $overrides);
}
/**
* Seede un stockage directement via l'EM (bypass Processor/Validator). Utile pour
* disposer d'un id existant (RBAC item, PATCH) ou d'un stockage soft-deleted
* (reutilisation du triplet — RG-7.01). Le site / le type manquants sont crees
* a la volee.
*
* @param list<string> $states
*/
protected function seedStorageEntity(
?string $numero = null,
array $states = [Storage::STATE_RECEPTION],
?DateTimeImmutable $deletedAt = null,
?Site $site = null,
?StorageType $storageType = null,
): Storage {
$em = $this->getEm();
$site ??= $this->firstSite();
$storage = new Storage();
$storage->setSite($em->getReference(Site::class, (int) $site->getId()));
$storage->setStorageType($storageType ?? $this->seedStorageType('Seed'));
$storage->setNumero($numero ?? $this->uniqueCode('NUM'));
$storage->setStates($states);
$storage->setDeletedAt($deletedAt);
$em->persist($storage);
$em->flush();
return $storage;
}
/**
* Construit un IRI API Platform (`/api/{resource}/{id}`).
*/
protected function iri(string $resource, int $id): string
{
return sprintf('/api/%s/%d', $resource, $id);
}
/**
* Identifiant unique de test (prefixe + nonce), deja en MAJUSCULE.
*/
protected function uniqueCode(string $prefix): string
{
return $prefix.'_'.strtoupper(substr(bin2hex(random_bytes(5)), 0, 10));
}
/**
* Extrait les `propertyPath` des violations d'une reponse 422.
*
* @return list<string>
*/
protected function violationPaths(ResponseInterface $response): array
{
$body = $response->toArray(false);
return array_values(array_map(
static fn (array $violation): string => (string) ($violation['propertyPath'] ?? ''),
$body['violations'] ?? [],
));
}
/**
* Retrouve un membre d'une collection Hydra par son id (ou null).
*
* @param array<string, mixed> $list
*
* @return null|array<string, mixed>
*/
protected function memberById(array $list, int $id): ?array
{
foreach ($list['member'] ?? [] as $member) {
if (($member['id'] ?? null) === $id) {
return $member;
}
}
return null;
}
}
tests/Module/Catalog/Api/StorageApiTest.php
+204
View File
@@ -0,0 +1,204 @@
<?php
declare(strict_types=1);
namespace App\Tests\Module\Catalog\Api;
use App\Module\Catalog\Domain\Entity\Storage;
use DateTimeImmutable;
/**
* Tests fonctionnels de l'API stockage (M7, spec-back § 4) — StorageProvider +
* StorageProcessor (ERP-213).
*
* Couvre : collection paginee Hydra + contrat de serialisation (site / storageType
* embarques, displayName), creation, normalisation serveur du numero (trim, RG-7.06),
* unicite metier (site, type, numero) parmi les actifs -> 409 (RG-7.01), reutilisation
* du triplet apres soft-delete, soft-delete jamais expose (§ 2.8), et la matrice RBAC
* admin-only (view lit mais ne gere pas ; personas metier 403 partout).
*
* RG-7.03 (« type disponible sur le site choisi ») n'est PAS testee : le concept
* type<->site a ete retire du modele en M6 (StorageType plat), c'est Storage qui le
* porte desormais — aucun referentiel a interroger (cf. StorageProcessor).
*
* @internal
*/
final class StorageApiTest extends AbstractStorageApiTestCase
{
/** Personas metier sans permission stockage (admin-only — ERP-210). */
private const array PERSONAS = ['Bureau', 'Compta', 'Commerciale', 'Usine'];
public function testCollectionIsPaginatedHydraWithEmbeddedRelations(): void
{
$site = $this->firstSite();
$type = $this->seedStorageType('Cellule');
$seed = $this->seedStorageEntity('C3', site: $site, storageType: $type);
$client = $this->createAdminClient();
$response = $client->request('GET', '/api/storages', ['headers' => ['Accept' => self::LD]]);
self::assertResponseStatusCodeSame(200);
$body = $response->toArray();
// Enveloppe Hydra (regle ABSOLUE n°13 : collection paginee, jamais d'array brut).
self::assertArrayHasKey('totalItems', $body);
self::assertArrayHasKey('member', $body);
$member = $this->memberById($body, (int) $seed->getId());
self::assertIsArray($member, 'Le stockage seede doit figurer dans la collection.');
// Contrat de serialisation (§ 4.0.bis) : site / storageType en OBJETS embarques
// (pas un IRI nu), displayName present (RG-7.05).
self::assertIsArray($member['site'], 'site doit etre un objet embarque.');
self::assertSame($site->getCode(), $member['site']['code'] ?? null);
self::assertIsArray($member['storageType'], 'storageType doit etre un objet embarque.');
self::assertSame('Cellule', $member['storageType']['label'] ?? null);
self::assertSame('Cellule C3', $member['displayName'] ?? null);
}
public function testAdminCanCreateStorage(): void
{
$client = $this->createAdminClient();
$client->request('POST', '/api/storages', [
'headers' => ['Content-Type' => self::LD],
'json' => $this->validStoragePayload(),
]);
self::assertResponseStatusCodeSame(201);
}
public function testNumeroIsTrimmedServerSide(): void
{
$client = $this->createAdminClient();
$response = $client->request('POST', '/api/storages', [
'headers' => ['Content-Type' => self::LD],
'json' => $this->validStoragePayload(['numero' => ' Z9 ']),
]);
self::assertResponseStatusCodeSame(201);
// RG-7.06 : trim serveur, sans changement de casse (HP-M7-05).
self::assertSame('Z9', $response->toArray()['numero'] ?? null);
}
public function testDuplicateTripletReturns409(): void
{
$site = $this->firstSite();
$type = $this->seedStorageType();
$this->seedStorageEntity('A1', site: $site, storageType: $type);
$client = $this->createAdminClient();
$client->request('POST', '/api/storages', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'site' => $this->iri('sites', (int) $site->getId()),
'storageType' => $this->iri('storage_types', (int) $type->getId()),
'numero' => 'A1',
'states' => [Storage::STATE_RECEPTION],
],
]);
// RG-7.01 : meme (site, type, numero) parmi les actifs -> 409.
self::assertResponseStatusCodeSame(409);
}
public function testSameNumeroDifferentTypeIsAllowed(): void
{
$site = $this->firstSite();
$typeA = $this->seedStorageType();
$typeB = $this->seedStorageType();
$this->seedStorageEntity('A1', site: $site, storageType: $typeA);
$client = $this->createAdminClient();
$client->request('POST', '/api/storages', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'site' => $this->iri('sites', (int) $site->getId()),
'storageType' => $this->iri('storage_types', (int) $typeB->getId()),
'numero' => 'A1',
'states' => [Storage::STATE_RECEPTION],
],
]);
// Unicite portee par le TRIPLET : un meme numero sur un autre type passe.
self::assertResponseStatusCodeSame(201);
}
public function testSoftDeletedTripletCanBeReused(): void
{
$site = $this->firstSite();
$type = $this->seedStorageType();
$this->seedStorageEntity('B2', deletedAt: new DateTimeImmutable(), site: $site, storageType: $type);
$client = $this->createAdminClient();
$client->request('POST', '/api/storages', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'site' => $this->iri('sites', (int) $site->getId()),
'storageType' => $this->iri('storage_types', (int) $type->getId()),
'numero' => 'B2',
'states' => [Storage::STATE_RECEPTION],
],
]);
// RG-7.01 : l'unicite ne porte que sur les ACTIFS -> reutilisation OK.
self::assertResponseStatusCodeSame(201);
}
public function testSoftDeletedIsNotExposed(): void
{
$deleted = $this->seedStorageEntity('SD', deletedAt: new DateTimeImmutable());
$client = $this->createAdminClient();
// § 2.8 : item soft-deleted -> 404.
$client->request('GET', '/api/storages/'.$deleted->getId(), ['headers' => ['Accept' => self::LD]]);
self::assertResponseStatusCodeSame(404);
// … et absent de la collection (RG-7.07).
$response = $client->request('GET', '/api/storages', ['headers' => ['Accept' => self::LD]]);
self::assertNull($this->memberById($response->toArray(), (int) $deleted->getId()));
}
public function testViewPermissionReadsButCannotManage(): void
{
$storage = $this->seedStorageEntity();
$client = $this->authView();
$client->request('GET', '/api/storages', ['headers' => ['Accept' => self::LD]]);
self::assertResponseStatusCodeSame(200);
$client->request('GET', '/api/storages/'.$storage->getId(), ['headers' => ['Accept' => self::LD]]);
self::assertResponseStatusCodeSame(200);
// view sans manage : creation refusee au niveau securite (403).
$client->request('POST', '/api/storages', [
'headers' => ['Content-Type' => self::LD],
'json' => $this->validStoragePayload(),
]);
self::assertResponseStatusCodeSame(403);
}
public function testBusinessPersonasAreForbiddenEverywhere(): void
{
$storage = $this->seedStorageEntity();
$id = (int) $storage->getId();
foreach (self::PERSONAS as $persona) {
$client = $this->createPersonaClient($persona);
$client->request('GET', '/api/storages', ['headers' => ['Accept' => self::LD]]);
self::assertResponseStatusCodeSame(403, $persona.' ne doit pas lister les stockages.');
$client->request('GET', '/api/storages/'.$id, ['headers' => ['Accept' => self::LD]]);
self::assertResponseStatusCodeSame(403, $persona.' ne doit pas consulter un stockage.');
$client->request('POST', '/api/storages', [
'headers' => ['Content-Type' => self::LD],
'json' => $this->validStoragePayload(),
]);
self::assertResponseStatusCodeSame(403, $persona.' ne doit pas creer de stockage.');
$client->request('PATCH', '/api/storages/'.$id, [
'headers' => ['Content-Type' => self::MERGE],
'json' => ['numero' => 'X'],
]);
self::assertResponseStatusCodeSame(403, $persona.' ne doit pas modifier un stockage.');
}
}
}