MALIO-DEV/Starseed
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(audit-log) : applique fixes code review PR #9

Browse Source 
Resout les 5 findings de la review automatique + couverture ManyToMany
annoncee dans CLAUDE.md :

- AuditListener : resolution de la classe via ClassMetadata plutot que
  `$entity::class` direct (defense proxy Doctrine : sous ORM 2 les lazies
  sont des `Proxies\__CG__\...`). Test de regression via getReference().
- AuditListener : capture des modifications de collections to-many
  (OneToMany / ManyToMany) via getScheduledCollectionUpdates /
  getScheduledCollectionDeletions. Les diffs sont mergees dans le
  changeset existant ou creent une entree "update" dediee.
- AuditLogResource + Provider : filtre multi-valeurs
  `entity_type[]=X&entity_type[]=Y` (IN clause DBAL via
  ArrayParameterType::STRING), endpoint `/audit-log-entity-types` pour
  alimenter le MalioSelectCheckbox cote front.
- audit-log.vue : refonte complete. Passage a `MalioDataTable`,
  composants `Malio*` (MalioInputText, MalioSelectCheckbox, MalioButton),
  suppression complete de la persistance URL (`readQuery` / `syncQuery`
  / `route.query`). `datetime-local` conserve avec TODO pointant
  l'exception CLAUDE.md.
- AuditTimeline : fix du saut d'items 11-30. `PAGE_SIZE = 10` aligne
  avec un `itemsPerPage=10` passe au backend. Token anti-race pour
  ignorer les reponses tardives quand l'entite affichee change.
- AuditLogDetail : affichage des diffs de collections to-many (+ / -)
  dans le tableau field/old/new existant.
- logout.vue : ajout du `resetAuditLog()` au logout pour eviter qu'un
  user suivant (meme onglet) voie l'etat audit de l'ancien.
- Permission / Role / Site : marquage `#[Auditable]`.
- Version bump 0.1.32 → 0.1.34.

Tests : 228 / 228 (221 assertions → 851, dont regressions proxy + M2M).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matthieu
2026-04-21 16:28:44 +02:00
parent a95bb6c629
commit 1505e84926
19 changed files with 1004 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
tests/Module/Core/Infrastructure/Doctrine/AuditListenerTest.php
View File

@@ -4,6 +4,8 @@ declare(strict_types=1);
namespace App\Tests\Module\Core\Infrastructure\Doctrine;
use App\Module\Core\Domain\Entity\Permission;
use App\Module\Core\Domain\Entity\Role;
use App\Module\Core\Domain\Entity\User;
use Doctrine\DBAL\Connection;
use Doctrine\ORM\EntityManagerInterface;
@@ -32,6 +34,9 @@ final class AuditListenerTest extends KernelTestCase
/** @var list<int> IDs de users crees par le test (nettoyage en tearDown) */
private array $createdUserIds = [];
/** @var list<int> IDs de roles crees par le test (nettoyage en tearDown) */
private array $createdRoleIds = [];
private string $testRunTag;
protected function setUp(): void
@@ -66,6 +71,24 @@ final class AuditListenerTest extends KernelTestCase
$this->em->flush();
}
if ([] !== $this->createdRoleIds) {
foreach ($this->createdRoleIds as $id) {
$role = $this->em->find(Role::class, $id);
if (null !== $role) {
$this->em->remove($role);
}
}
$this->em->flush();
// Nettoie egalement les lignes audit de ces roles (entity_id est
// une colonne text, on delete en boucle pour simplifier le binding).
foreach ($this->createdRoleIds as $id) {
$this->auditConnection->executeStatement(
'DELETE FROM audit_log WHERE entity_type = \'core.Role\' AND entity_id = :id',
['id' => (string) $id],
);
}
}
$this->auditConnection->executeStatement(
"DELETE FROM audit_log WHERE entity_type = 'core.User' AND changes->>'username' LIKE :tag",
['tag' => $this->testRunTag.'%'],
@@ -154,6 +177,157 @@ final class AuditListenerTest extends KernelTestCase
);
}
/**
* Regression test : une entite recuperee via `getReference()` (proxy /
* ghost object lazy) doit etre auditee avec le FQCN canonique. Sur
* Doctrine ORM 3 + PHP 8.4, les lazy ghosts preservent `::class` reel
* — mais sous Doctrine 2 ou en cas de retour a un `__CG__\` proxy,
* l'audit doit toujours resoudre la classe via `ClassMetadata` et
* jamais aboutir a un `entity_type` de type `Proxies\__CG__\...\User`.
*/
public function testLogsUpdateOnProxyEntity(): void
{
$user = $this->makeUser();
$this->em->persist($user);
$this->em->flush();
$userId = (int) $user->getId();
$this->createdUserIds[] = $userId;
// Detache puis recupere via getReference : sur Doctrine 2, renvoie
// un `Proxies\__CG__\...\User` ; sur Doctrine 3 + PHP 8.4 le ghost
// object reste instance de la classe reelle — dans tous les cas la
// resolution via ClassMetadata doit produire un audit correct.
$this->em->clear();
$proxy = $this->em->getReference(User::class, $userId);
self::assertNotNull($proxy);
// Reset de la baseline : on ne garde que la ligne update du proxy.
$this->auditConnection->executeStatement(
'DELETE FROM audit_log WHERE entity_id = :id AND entity_type = \'core.User\'',
['id' => (string) $userId],
);
$proxy->setIsAdmin(true);
$this->em->flush();
$rows = $this->fetchAuditRows($userId);
self::assertCount(1, $rows, 'La mutation sur un proxy doit etre auditee.');
self::assertSame('update', $rows[0]['action']);
// L'entity_type doit etre le FQCN canonique, pas celui du proxy.
self::assertSame('core.User', $rows[0]['entity_type']);
}
/**
* Verifie que l'ajout d'une permission a un role est bien audite sous
* la forme `{permissions: {added: [id], removed: []}}`. Regression test
* pour le bug "ManyToMany collections ignorees par getEntityChangeSet".
*/
public function testLogsManyToManyCollectionAddition(): void
{
$roleCode = 'audittest_'.bin2hex(random_bytes(3));
$role = new Role($roleCode, 'Test role '.$roleCode);
$this->em->persist($role);
$this->em->flush();
$roleId = (int) $role->getId();
$this->createdRoleIds[] = $roleId;
// Reset baseline : on ne veut que le log de l'update de collection.
$this->auditConnection->executeStatement(
'DELETE FROM audit_log WHERE entity_type = \'core.Role\' AND entity_id = :id',
['id' => (string) $roleId],
);
// Recupere une permission existante (fixtures garantissent core.users.view).
$permission = $this->em->getRepository(Permission::class)->findOneBy(['code' => 'core.users.view']);
self::assertNotNull($permission, 'Fixture core.users.view manquante.');
$role->addPermission($permission);
$this->em->flush();
$rows = $this->fetchRoleAuditRows($roleId);
self::assertCount(1, $rows, 'Une ligne update attendue pour l\'ajout de permission.');
self::assertSame('update', $rows[0]['action']);
$changes = json_decode($rows[0]['changes'], true, 512, JSON_THROW_ON_ERROR);
self::assertArrayHasKey('permissions', $changes, 'Le changeset doit contenir le champ "permissions".');
self::assertSame([], $changes['permissions']['removed']);
self::assertSame([(int) $permission->getId()], $changes['permissions']['added']);
}
/**
* Symetrique : retirer une permission d'un role est audite sous
* `{permissions: {added: [], removed: [id]}}`.
*/
public function testLogsManyToManyCollectionRemoval(): void
{
$permission = $this->em->getRepository(Permission::class)->findOneBy(['code' => 'core.users.view']);
self::assertNotNull($permission);
$roleCode = 'audittest_'.bin2hex(random_bytes(3));
$role = new Role($roleCode, 'Test role '.$roleCode);
$role->addPermission($permission);
$this->em->persist($role);
$this->em->flush();
$roleId = (int) $role->getId();
$this->createdRoleIds[] = $roleId;
// Reset baseline.
$this->auditConnection->executeStatement(
'DELETE FROM audit_log WHERE entity_type = \'core.Role\' AND entity_id = :id',
['id' => (string) $roleId],
);
$role->removePermission($permission);
$this->em->flush();
$rows = $this->fetchRoleAuditRows($roleId);
self::assertCount(1, $rows);
$changes = json_decode($rows[0]['changes'], true, 512, JSON_THROW_ON_ERROR);
self::assertSame([], $changes['permissions']['added']);
self::assertSame([(int) $permission->getId()], $changes['permissions']['removed']);
}
/**
* Regression test : supprimer un role avec des permissions attachees doit
* preserver la liste des permissions dans le snapshot delete. C'etait le
* trou principal du fix ManyToMany initial (reviewer Codex round 2).
*/
public function testDeleteSnapshotIncludesManyToManyIds(): void
{
$permission = $this->em->getRepository(Permission::class)->findOneBy(['code' => 'core.users.view']);
self::assertNotNull($permission);
$roleCode = 'audittest_'.bin2hex(random_bytes(3));
$role = new Role($roleCode, 'Delete test '.$roleCode);
$role->addPermission($permission);
$this->em->persist($role);
$this->em->flush();
$roleId = (int) $role->getId();
$this->em->remove($role);
$this->em->flush();
$rows = $this->fetchRoleAuditRows($roleId);
// create + update (permission ajoutee) + delete attendus.
$actions = array_column($rows, 'action');
self::assertContains('delete', $actions);
$deleteRow = $rows[array_search('delete', $actions, true)];
$changes = json_decode($deleteRow['changes'], true, 512, JSON_THROW_ON_ERROR);
// Le snapshot delete doit contenir la liste des IDs de permissions
// attachees au role au moment de la suppression.
self::assertArrayHasKey('permissions', $changes);
self::assertSame([(int) $permission->getId()], $changes['permissions']);
// Nettoyage manuel (le role est deja supprime, on ne peut plus passer par $this->em).
$this->auditConnection->executeStatement(
'DELETE FROM audit_log WHERE entity_type = \'core.Role\' AND entity_id = :id',
['id' => (string) $roleId],
);
}
/**
* @return list<array{id: string, entity_type: string, entity_id: string, action: string, changes: string}>
*/
@@ -178,4 +352,16 @@ final class AuditListenerTest extends KernelTestCase
return $user;
}
/**
* @return list<array{id: string, entity_type: string, entity_id: string, action: string, changes: string}>
*/
private function fetchRoleAuditRows(int $roleId): array
{
// @var list<array{id: string, entity_type: string, entity_id: string, action: string, changes: string}> $rows
return $this->auditConnection->fetchAllAssociative(
'SELECT id, entity_type, entity_id, action, changes FROM audit_log WHERE entity_type = :type AND entity_id = :id ORDER BY performed_at ASC',
['type' => 'core.Role', 'id' => (string) $roleId],
);
}
}