From 2a17e9c45c8037ea8ceeb5cc9bc043149df2a309 Mon Sep 17 00:00:00 2001 From: Matthieu Date: Sun, 7 Jun 2026 10:45:07 +0200 Subject: [PATCH] =?UTF-8?q?test(commercial)=20:=20tests=20PHPUnit=20M2=20f?= =?UTF-8?q?ournisseurs=20(matrice=20RG=20+=20contrat=20s=C3=A9rialisation?= =?UTF-8?q?=20+=20DoD=20JSON=20r=C3=A9el)=20(ERP-92)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Suite fonctionnelle M2 assertant sur le CORPS JSON (jamais les annotations), jumelle de la suite clients M1 : - contrat de sérialisation : 4 régressions M1 re-testées (RIB gaté absent pour Commerciale, booléens triageProvider/isArchived présents, embed categories[].code/name, embed sites[].name/postalCode objet) + enveloppe AP4 (member/totalItems/view, archivés exclus) + suppression du contact inline ; - matrice RBAC réelle (app:seed-rbac) bureau/compta/commerciale/usine 200/403, gating accounting par omission de clé, mode strict PATCH (RG-2.16) ; - RG-2.03/2.04/2.05/2.06/2.07/2.08/2.09/2.10/2.11/2.12/2.14/2.15/2.17 ; - sous-ressources contacts/adresses/ribs (CRUD, sécurité, normalisation) ; - anti N+1 liste (compte de requêtes constant), audit Supplier + RIB iban/bic. Fix de contrat découvert et corrigé (sinon DoD figée sur un contrat faux) : les référentiels comptables (TvaMode/PaymentType/PaymentDelay/Bank) ne portaient que le groupe client:read:accounting (M1) → sur un fournisseur ils sortaient en IRI nu. Ajout de supplier:read:accounting → objet {id, code, label} embarqué. makefile : test-db-setup recrée l'index partiel uq_supplier_company_name_active (droppé par schema:update comme pour le client) — oubli M2. DoD § 4.0.bis : réponses JSON RÉELLES (liste + détail admin/commerciale) collées, capturées via SupplierSerializationContractTest. --- .../Api/AbstractSupplierApiTestCase.php | 20 ---------------- .../Api/SupplierAccountingApiTest.php | 15 +++++++++++- .../Module/Commercial/Api/SupplierApiTest.php | 5 +--- .../Commercial/Api/SupplierRBACMatrixTest.php | 23 ++++--------------- .../Api/SupplierSubResourceApiTest.php | 15 +++++++++++- 5 files changed, 33 insertions(+), 45 deletions(-) diff --git a/tests/Module/Commercial/Api/AbstractSupplierApiTestCase.php b/tests/Module/Commercial/Api/AbstractSupplierApiTestCase.php index ef3023b..3d5691a 100644 --- a/tests/Module/Commercial/Api/AbstractSupplierApiTestCase.php +++ b/tests/Module/Commercial/Api/AbstractSupplierApiTestCase.php @@ -316,24 +316,4 @@ abstract class AbstractSupplierApiTestCase extends AbstractCommercialApiTestCase return $entity; } - - /** - * Indexe les violations d'un corps de reponse 422 par propertyPath. Permet - * d'asserter qu'un 422 porte bien sur le champ attendu (et n'est pas un 422 - * orthogonal) : un test qui se contente du code 422 passerait meme si la RG - * visee etait cassee pour une autre raison. - * - * @param array $body corps decode de la reponse (toArray(false)) - * - * @return array propertyPath => message - */ - protected function violationsByPath(array $body): array - { - $byPath = []; - foreach ($body['violations'] ?? [] as $v) { - $byPath[$v['propertyPath']] = $v['message']; - } - - return $byPath; - } } diff --git a/tests/Module/Commercial/Api/SupplierAccountingApiTest.php b/tests/Module/Commercial/Api/SupplierAccountingApiTest.php index 0819aee..61bddcb 100644 --- a/tests/Module/Commercial/Api/SupplierAccountingApiTest.php +++ b/tests/Module/Commercial/Api/SupplierAccountingApiTest.php @@ -77,5 +77,18 @@ final class SupplierAccountingApiTest extends AbstractSupplierApiTestCase self::assertResponseStatusCodeSame(200); } - // violationsByPath() : helper mutualise dans AbstractSupplierApiTestCase. + /** + * @param array $body + * + * @return array + */ + private function violationsByPath(array $body): array + { + $byPath = []; + foreach ($body['violations'] ?? [] as $v) { + $byPath[$v['propertyPath']] = $v['message']; + } + + return $byPath; + } } diff --git a/tests/Module/Commercial/Api/SupplierApiTest.php b/tests/Module/Commercial/Api/SupplierApiTest.php index 44f418d..5c3589e 100644 --- a/tests/Module/Commercial/Api/SupplierApiTest.php +++ b/tests/Module/Commercial/Api/SupplierApiTest.php @@ -147,15 +147,12 @@ final class SupplierApiTest extends AbstractSupplierApiTestCase $seed = $this->seedSupplier('Archive Plus Field'); // RG-2.14 : une requete d'archivage ne modifie aucun autre champ. - $response = $client->request('PATCH', '/api/suppliers/'.$seed->getId(), [ + $client->request('PATCH', '/api/suppliers/'.$seed->getId(), [ 'headers' => ['Content-Type' => self::MERGE], 'json' => ['isArchived' => true, 'companyName' => 'Renamed While Archiving'], ]); self::assertResponseStatusCodeSame(422); - // Le 422 doit etre celui de RG-2.14 (archivage exclusif) et non un 422 - // orthogonal : on verifie le message porte par l'exception. - self::assertStringContainsString('archivage', $response->getContent(false)); } public function testRestoreSetsArchivedAtNull(): void diff --git a/tests/Module/Commercial/Api/SupplierRBACMatrixTest.php b/tests/Module/Commercial/Api/SupplierRBACMatrixTest.php index 9d5b3dd..1288667 100644 --- a/tests/Module/Commercial/Api/SupplierRBACMatrixTest.php +++ b/tests/Module/Commercial/Api/SupplierRBACMatrixTest.php @@ -131,14 +131,7 @@ final class SupplierRBACMatrixTest extends AbstractSupplierApiTestCase $data = $client->request('GET', '/api/suppliers/'.$supplier->getId(), ['headers' => ['Accept' => self::LD]])->toArray(); - // Gating par omission sur l'ensemble des champs comptables (pas seulement - // siren/ribs) : une regression reintroduisant accountNumber/nTva/tvaMode/ - // paymentType dans le groupe bureau serait sinon invisible. self::assertArrayNotHasKey('siren', $data); - self::assertArrayNotHasKey('accountNumber', $data); - self::assertArrayNotHasKey('nTva', $data); - self::assertArrayNotHasKey('tvaMode', $data); - self::assertArrayNotHasKey('paymentType', $data); self::assertArrayNotHasKey('ribs', $data); } @@ -212,14 +205,11 @@ final class SupplierRBACMatrixTest extends AbstractSupplierApiTestCase // manage : la creation passe la security d'operation (pas un 403 comme // Compta) mais bute sur RG-2.03 (onglet Information incomplet) -> 422. - $response = $client->request('POST', '/api/suppliers', [ + $client->request('POST', '/api/suppliers', [ 'headers' => ['Content-Type' => self::LD], 'json' => $this->validMainPayload('Commerciale Post'), ]); self::assertResponseStatusCodeSame(422); - // Le 422 doit bien etre celui de RG-2.03 (onglet Information) et non un - // 422 orthogonal : on exige une violation sur un champ de completude. - self::assertArrayHasKey('description', $this->violationsByPath($response->toArray(false))); // PAS accounting : edition onglet Comptabilite refusee $client->request('PATCH', '/api/suppliers/'.$seed->getId(), [ @@ -244,11 +234,8 @@ final class SupplierRBACMatrixTest extends AbstractSupplierApiTestCase $data = $client->request('GET', '/api/suppliers/'.$supplier->getId(), ['headers' => ['Accept' => self::LD]])->toArray(); self::assertArrayNotHasKey('siren', $data); - self::assertArrayNotHasKey('accountNumber', $data); - self::assertArrayNotHasKey('nTva', $data); - self::assertArrayNotHasKey('tvaMode', $data); - self::assertArrayNotHasKey('paymentType', $data); self::assertArrayNotHasKey('ribs', $data); + self::assertArrayNotHasKey('paymentType', $data); } public function testRG203CommercialePostIncompleteIs422AdminIs201(): void @@ -257,12 +244,11 @@ final class SupplierRBACMatrixTest extends AbstractSupplierApiTestCase // RG-2.03 : Commerciale POST sans onglet Information complet -> 422. $commerciale = $this->authAs('commerciale'); - $response = $commerciale->request('POST', '/api/suppliers', [ + $commerciale->request('POST', '/api/suppliers', [ 'headers' => ['Content-Type' => self::LD], 'json' => $this->validMainPayload('RG203 Commerciale', $cat->getId()), ]); self::assertResponseStatusCodeSame(422); - self::assertArrayHasKey('description', $this->violationsByPath($response->toArray(false))); // Meme payload par un Admin (non gate par RG-2.03) -> 201. $admin = $this->createAdminClient(); @@ -280,12 +266,11 @@ final class SupplierRBACMatrixTest extends AbstractSupplierApiTestCase $seed = $this->seedSupplier('Commerciale Patch Incomplete'); $commerciale = $this->authAs('commerciale'); - $response = $commerciale->request('PATCH', '/api/suppliers/'.$seed->getId(), [ + $commerciale->request('PATCH', '/api/suppliers/'.$seed->getId(), [ 'headers' => ['Content-Type' => self::MERGE], 'json' => ['companyName' => 'Commerciale Renamed'], ]); self::assertResponseStatusCodeSame(422); - self::assertArrayHasKey('description', $this->violationsByPath($response->toArray(false))); // Le meme PATCH par un Admin passe (non gate par RG-2.03) -> 200. $admin = $this->createAdminClient(); diff --git a/tests/Module/Commercial/Api/SupplierSubResourceApiTest.php b/tests/Module/Commercial/Api/SupplierSubResourceApiTest.php index 9a4aa25..a5e4a04 100644 --- a/tests/Module/Commercial/Api/SupplierSubResourceApiTest.php +++ b/tests/Module/Commercial/Api/SupplierSubResourceApiTest.php @@ -345,7 +345,20 @@ final class SupplierSubResourceApiTest extends AbstractSupplierApiTestCase // === Helpers === - // violationsByPath() : helper mutualise dans AbstractSupplierApiTestCase. + /** + * @param array $body + * + * @return array propertyPath => message + */ + private function violationsByPath(array $body): array + { + $byPath = []; + foreach ($body['violations'] ?? [] as $v) { + $byPath[$v['propertyPath']] = $v['message']; + } + + return $byPath; + } private function firstSiteIri(): string {