fix : retours métier ERP-193 (4 répertoires) (#139)
Auto Tag Develop / tag (push) Successful in 11s
Auto Tag Develop / tag (push) Successful in 11s
Lot de retours métier **ERP-193** (« Fix tous les retours starseed »), transverse aux 4 répertoires (clients, fournisseurs, prestataires, transporteurs).
## Contenu
- **Pagination** : défaut à 25 items/page sur les 4 répertoires.
- **Libellé** : colonne « Dernière activité » → « Dernière modification ».
- **Consultation** : masquage des onglets vides (coquilles « à venir » + onglets de données sans donnée).
- **Chiffre d'affaires** : plafonné à 999 999 999 999,99 (clamp front + `Assert\LessThanOrEqual` back).
- **Date de création** : interdiction des dates futures (`:max` MalioDate + `Assert\LessThanOrEqual('today')` back).
- **Caractères spéciaux** : blocage des caractères parasites (`²³§~#|…`) dans les champs texte via une allow-list par profil (nom de personne / texte libre / adresse / code alphanumérique) — filtrage front à la frappe + `Assert\Regex` back autoritaire. Email/IBAN/BIC/TVA conservent leurs validateurs de format.
- **UI** : champs en consultation et onglets validés grisés (`readonly` → `disabled`).
- **UI** : boutons « Archiver » en rouge (variant `danger`).
## Tests
- Back : nouveaux tests RG (plafond CA, dates futures, caractères spéciaux) + garde-fou contraintes — suite complète verte (813 tests).
- Front : nouveaux tests unitaires (sanitizers, helpers date/montant) — 615 tests verts, eslint clean.
---------
Co-authored-by: THOLOT DECHENE Matthieu <matthieu@yuno.malio.fr>
Reviewed-on: #139
Co-authored-by: tristan <tristan@yuno.malio.fr>
Co-committed-by: tristan <tristan@yuno.malio.fr>
This commit was merged in pull request #139.
This commit is contained in:
@@ -0,0 +1,85 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use DateTimeImmutable;
|
||||
|
||||
/**
|
||||
* Validation back-autoritative de la date de creation (foundedAt) sur Client ET
|
||||
* Fournisseur — retour metier ERP-193 : une date dans le futur est refusee.
|
||||
*
|
||||
* Le front (MalioDate `:max`) plafonne deja le calendrier a aujourd'hui, mais le
|
||||
* back reste la couche autoritaire : `Assert\LessThanOrEqual('today')` rejette une
|
||||
* date future (ISO valide) avec une 422 portee sur `foundedAt` (mappable inline par
|
||||
* useFormErrors). Une date passee ou egale a aujourd'hui reste acceptee.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class FoundedAtFutureTest extends AbstractSupplierApiTestCase
|
||||
{
|
||||
/** Client : date de creation future -> 422 portee sur foundedAt. */
|
||||
public function testClientFoundedAtFuturEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Founded Future SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['foundedAt' => $this->futureDate()],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('foundedAt', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** Client : date de creation passee -> acceptee (200). */
|
||||
public function testClientFoundedAtPasseEst200(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Founded Past SARL');
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['foundedAt' => '2000-06-15'],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
/** Fournisseur : date de creation future -> 422 portee sur foundedAt. */
|
||||
public function testSupplierFoundedAtFuturEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Founded Future Fournisseur SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['foundedAt' => $this->futureDate()],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('foundedAt', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** Fournisseur : date de creation passee -> acceptee (200). */
|
||||
public function testSupplierFoundedAtPasseEst200(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Founded Past Fournisseur SARL');
|
||||
|
||||
$client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['foundedAt' => '2000-06-15'],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
/** Date ISO clairement dans le futur. */
|
||||
private function futureDate(): string
|
||||
{
|
||||
return new DateTimeImmutable('+1 year')->format('Y-m-d');
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,81 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
/**
|
||||
* Validation back-autoritative du plafond du chiffre d'affaires (revenueAmount,
|
||||
* onglet Information) sur Client ET Fournisseur — retour metier ERP-193.
|
||||
*
|
||||
* Le CA est plafonne a 999 999 999 999,99 (12 chiffres). La colonne decimal(15,2)
|
||||
* tolererait plus, mais le metier borne la saisie : au-dela, 422 porte sur
|
||||
* `revenueAmount` (mappable inline par useFormErrors). La valeur exactement egale
|
||||
* au plafond reste acceptee. Le front clampe deja la saisie (amountInput.ts), mais
|
||||
* le back reste la couche autoritaire.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class RevenueAmountCapTest extends AbstractSupplierApiTestCase
|
||||
{
|
||||
/** Plafond metier : 12 chiffres + 2 decimales. */
|
||||
private const string MAX = '999999999999.99';
|
||||
|
||||
/** Client : CA au-dela du plafond -> 422 porte sur revenueAmount. */
|
||||
public function testClientRevenueAmountAuDelaDuPlafondEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('CA Cap Client SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['revenueAmount' => '1000000000000.00'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('revenueAmount', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** Client : CA exactement au plafond -> accepte (200). */
|
||||
public function testClientRevenueAmountAuPlafondEst200(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('CA Max Client SARL');
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['revenueAmount' => self::MAX],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
/** Fournisseur : CA au-dela du plafond -> 422 porte sur revenueAmount. */
|
||||
public function testSupplierRevenueAmountAuDelaDuPlafondEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('CA Cap Fournisseur SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['revenueAmount' => '1000000000000.00'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('revenueAmount', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** Fournisseur : CA exactement au plafond -> accepte (200). */
|
||||
public function testSupplierRevenueAmountAuPlafondEst200(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('CA Max Fournisseur SARL');
|
||||
|
||||
$client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['revenueAmount' => self::MAX],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,93 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
/**
|
||||
* Validation back-autoritative des caracteres autorises dans les champs texte
|
||||
* (retour metier ERP-193) : on rejette les caracteres parasites « ²³§~#| … » via
|
||||
* une allow-list par profil (App\Shared\Domain\Validation\TextInputPattern). Le
|
||||
* front filtre deja a la frappe, mais le back reste l'autorite : une 422 portee
|
||||
* sur le champ fautif (mappable inline par useFormErrors).
|
||||
*
|
||||
* On couvre les clients (M1) et les fournisseurs (M2) — meme socle de profils.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class TextInputSanitizationTest extends AbstractSupplierApiTestCase
|
||||
{
|
||||
/** Raison sociale avec exposants ²³ et § -> 422 sur companyName. */
|
||||
public function testClientCompanyNameAvecParasitesEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Parasite Client SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'ACME²³§'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('companyName', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** Raison sociale legitime « Dupont & Fils » (esperluette) -> acceptee (200). */
|
||||
public function testClientCompanyNameLegitimeEst200(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Legit Client SARL');
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'Dupont & Fils (Pôle n°2)'],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
/** Dirigeant avec chiffres -> 422 (profil nom de personne, pas de chiffres). */
|
||||
public function testClientDirectorNameAvecChiffresEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Director Parasite SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['directorName' => 'Jean123'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('directorName', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** N° de compte avec caractere special -> 422 (profil code alphanumerique). */
|
||||
public function testClientAccountNumberAvecParasiteEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Account Parasite SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['accountNumber' => '411#DUP'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('accountNumber', $this->violationsByPath($body));
|
||||
}
|
||||
|
||||
/** Fournisseur : raison sociale avec parasites -> 422 sur companyName. */
|
||||
public function testSupplierCompanyNameAvecParasitesEst422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Parasite Fournisseur SARL');
|
||||
|
||||
$body = $client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'NEGOCE~#|²'],
|
||||
])->toArray(false);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('companyName', $this->violationsByPath($body));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user