test(commercial) : export fournisseurs — dedup F3 + gating SIREN via permission explicite (ERP-113)

2026-06-08 10:08:07 +02:00
parent 5c8318781a
commit 86415bef7c
2 changed files with 93 additions and 14 deletions
@@ -90,6 +90,26 @@ abstract class AbstractApiTestCase extends ApiTestCase
     * @return array{username: string, password: string} Les identifiants pour authenticatedClient()
     */
    protected function createUserWithPermission(string $permissionCode): array
+    {
+        return $this->createUserWithPermissions([$permissionCode]);
+    }
+
+    /**
+     * Variante multi-permissions de {@see createUserWithPermission()} : cree un
+     * utilisateur non-admin portant PLUSIEURS permissions via un unique role
+     * jetable. Utile pour prouver qu'une combinaison precise de permissions
+     * (sans le bypass admin) suffit a debloquer un comportement — ex. la colonne
+     * SIREN de l'export, gatee par accounting.view EN PLUS de suppliers.view.
+     *
+     * Memes garanties que le singulier : suffixe aleatoire, password "testpass",
+     * rattachement a tous les sites, echec explicite si une permission est
+     * introuvable en base.
+     *
+     * @param list<string> $permissionCodes codes des permissions a accorder
+     *
+     * @return array{username: string, password: string} identifiants pour authenticatedClient()
+     */
+    protected function createUserWithPermissions(array $permissionCodes): array
    {
        if (!self::$kernel) {
            self::bootKernel();
@@ -97,17 +117,6 @@ abstract class AbstractApiTestCase extends ApiTestCase

        $em = $this->getEm();

-        /** @var null|Permission $permission */
-        $permission = $em->getRepository(Permission::class)->findOneBy(['code' => $permissionCode]);
-
-        self::assertNotNull(
-            $permission,
-            sprintf(
-                'Permission "%s" introuvable en base. Assurez-vous que `app:sync-permissions` a ete execute.',
-                $permissionCode,
-            ),
-        );
-
        $suffix   = substr(bin2hex(random_bytes(4)), 0, 8);
        $username = 'testuser_'.$suffix;
        $password = 'testpass';
@@ -116,7 +125,22 @@ abstract class AbstractApiTestCase extends ApiTestCase
        $hasher = self::getContainer()->get(UserPasswordHasherInterface::class);

        $role = new Role('test_'.$suffix, 'Test Role '.$suffix, false);
-        $role->addPermission($permission);
+
+        foreach ($permissionCodes as $permissionCode) {
+            /** @var null|Permission $permission */
+            $permission = $em->getRepository(Permission::class)->findOneBy(['code' => $permissionCode]);
+
+            self::assertNotNull(
+                $permission,
+                sprintf(
+                    'Permission "%s" introuvable en base. Assurez-vous que `app:sync-permissions` a ete execute.',
+                    $permissionCode,
+                ),
+            );
+
+            $role->addPermission($permission);
+        }
+
        $em->persist($role);

        $user = new User();