fix(commercial) : corrections ajout fournisseur — addressType en select, 422 inline (addressType/catégorie/compta complète/LCR sur paymentType), Information facultative (RG-2.03 retirée, miroir client) (ERP-94)
This commit is contained in:
@@ -152,7 +152,8 @@ abstract class AbstractSupplierApiTestCase extends AbstractCommercialApiTestCase
|
||||
$supplier->setCompanyName(mb_strtoupper($companyName.' '.$suffix, 'UTF-8'));
|
||||
$supplier->addCategory($this->supplierCategory('NEGOCIANT'));
|
||||
|
||||
// Onglet Information complet (RG-2.03 : exige pour la Commerciale).
|
||||
// Onglet Information complet : donnees de reference pour les tests de
|
||||
// lecture / serialisation / comptabilite (l'Information est facultative).
|
||||
$supplier->setDescription('Fournisseur de test complet.');
|
||||
$supplier->setCompetitors('Concurrent A, Concurrent B');
|
||||
$supplier->setFoundedAt(new DateTimeImmutable('2008-04-01'));
|
||||
|
||||
@@ -49,7 +49,7 @@ final class SupplierAccountingApiTest extends AbstractSupplierApiTestCase
|
||||
|
||||
// === RG-2.08 : LCR impose au moins un RIB ===
|
||||
|
||||
public function testLcrWithoutRibReturns422OnRibsPath(): void
|
||||
public function testLcrWithoutRibReturns422OnPaymentTypePath(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Lcr No Rib');
|
||||
@@ -60,7 +60,9 @@ final class SupplierAccountingApiTest extends AbstractSupplierApiTestCase
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('ribs', $this->violationsByPath($response->toArray(false)));
|
||||
// Miroir client : violation portee sur `paymentType` (select « Type de
|
||||
// règlement »), `ribs` n'ayant pas de champ de formulaire pour l'ancrer.
|
||||
self::assertArrayHasKey('paymentType', $this->violationsByPath($response->toArray(false)));
|
||||
}
|
||||
|
||||
public function testLcrWithRibReturns200(): void
|
||||
@@ -77,5 +79,58 @@ final class SupplierAccountingApiTest extends AbstractSupplierApiTestCase
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
// === Completude de l'onglet Comptabilite (six scalaires obligatoires) ===
|
||||
|
||||
/**
|
||||
* spec-front M2 § Onglet Comptabilite : a la validation COMPLETE de l'onglet
|
||||
* (les six champs requis presents dans le payload), chacun vide doit renvoyer
|
||||
* une 422 sur son propre propertyPath (mapping inline front, ERP-101). Miroir
|
||||
* du comportement client (ClientAccountingCompletenessValidator).
|
||||
*/
|
||||
public function testIncompleteAccountingTabReturns422OnEachField(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Accounting Incomplete');
|
||||
|
||||
$response = $client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE, 'Accept' => self::LD],
|
||||
'json' => [
|
||||
'siren' => null,
|
||||
'accountNumber' => null,
|
||||
'tvaMode' => null,
|
||||
'nTva' => null,
|
||||
'paymentDelay' => null,
|
||||
'paymentType' => null,
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
$paths = $this->violationsByPath($response->toArray(false));
|
||||
self::assertArrayHasKey('siren', $paths);
|
||||
self::assertArrayHasKey('accountNumber', $paths);
|
||||
self::assertArrayHasKey('tvaMode', $paths);
|
||||
self::assertArrayHasKey('nTva', $paths);
|
||||
self::assertArrayHasKey('paymentDelay', $paths);
|
||||
self::assertArrayHasKey('paymentType', $paths);
|
||||
}
|
||||
|
||||
/**
|
||||
* Un PATCH ciblant un sous-ensemble de champs comptables n'est PAS une
|
||||
* validation d'onglet : la completude ne se declenche pas (edition ponctuelle
|
||||
* preservee, cf. validateAccountingCompleteness).
|
||||
*/
|
||||
public function testPartialAccountingPatchSkipsCompleteness(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Accounting Partial');
|
||||
|
||||
$client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['nTva' => 'FR12345678901'],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
// violationsByPath() : helper mutualise dans AbstractSupplierApiTestCase.
|
||||
}
|
||||
|
||||
@@ -13,8 +13,8 @@ use Symfony\Component\Console\Output\NullOutput;
|
||||
/**
|
||||
* Matrice RBAC complete du repertoire fournisseurs par role metier (spec-back M2
|
||||
* § 2.9 + ERP-90). Valide 200/403 par verbe et par onglet pour
|
||||
* bureau / compta / commerciale / usine, le gating des champs comptables en
|
||||
* lecture (omission de cle) et le durcissement RG-2.03 (Commerciale) au POST/PATCH.
|
||||
* bureau / compta / commerciale / usine et le gating des champs comptables en
|
||||
* lecture (omission de cle).
|
||||
*
|
||||
* Les comptes demo et la matrice sont seedes via la commande reelle
|
||||
* `app:seed-rbac --with-demo-users` (le MEME chemin qu'en recette), idempotente —
|
||||
@@ -23,7 +23,7 @@ use Symfony\Component\Console\Output\NullOutput;
|
||||
* Matrice § 2.9 (ERP-90) — rappel :
|
||||
* - bureau : suppliers.view + manage (ni accounting, ni archive)
|
||||
* - compta : suppliers.view + accounting.view + accounting.manage (PAS manage)
|
||||
* - commerciale : suppliers.view + manage (PAS accounting), durcie RG-2.03
|
||||
* - commerciale : suppliers.view + manage (PAS accounting)
|
||||
* - usine : aucune permission (403 partout)
|
||||
* - archive : admin seul (aucun role metier)
|
||||
*
|
||||
@@ -93,7 +93,7 @@ final class SupplierRBACMatrixTest extends AbstractSupplierApiTestCase
|
||||
$client->request('GET', '/api/suppliers', ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
// manage : creation OK (bureau n'est pas gate par RG-2.03)
|
||||
// manage : creation OK
|
||||
$client->request('POST', '/api/suppliers', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('Bureau Created', $cat->getId()),
|
||||
@@ -211,15 +211,13 @@ final class SupplierRBACMatrixTest extends AbstractSupplierApiTestCase
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
// manage : la creation passe la security d'operation (pas un 403 comme
|
||||
// Compta) mais bute sur RG-2.03 (onglet Information incomplet) -> 422.
|
||||
$response = $client->request('POST', '/api/suppliers', [
|
||||
// Compta) -> 201. L'onglet Information est facultatif (RG-2.03 retiree,
|
||||
// miroir client M1) : une Commerciale cree avec le seul onglet principal.
|
||||
$client->request('POST', '/api/suppliers', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('Commerciale Post'),
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
// Le 422 doit bien etre celui de RG-2.03 (onglet Information) et non un
|
||||
// 422 orthogonal : on exige une violation sur un champ de completude.
|
||||
self::assertArrayHasKey('description', $this->violationsByPath($response->toArray(false)));
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
|
||||
// PAS accounting : edition onglet Comptabilite refusee
|
||||
$client->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
@@ -251,50 +249,6 @@ final class SupplierRBACMatrixTest extends AbstractSupplierApiTestCase
|
||||
self::assertArrayNotHasKey('ribs', $data);
|
||||
}
|
||||
|
||||
public function testRG203CommercialePostIncompleteIs422AdminIs201(): void
|
||||
{
|
||||
$cat = $this->supplierCategory('NEGOCIANT');
|
||||
|
||||
// RG-2.03 : Commerciale POST sans onglet Information complet -> 422.
|
||||
$commerciale = $this->authAs('commerciale');
|
||||
$response = $commerciale->request('POST', '/api/suppliers', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('RG203 Commerciale', $cat->getId()),
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('description', $this->violationsByPath($response->toArray(false)));
|
||||
|
||||
// Meme payload par un Admin (non gate par RG-2.03) -> 201.
|
||||
$admin = $this->createAdminClient();
|
||||
$admin->request('POST', '/api/suppliers', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('RG203 Admin', $cat->getId()),
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
}
|
||||
|
||||
public function testRG203CommercialePatchIncompleteIs422(): void
|
||||
{
|
||||
// RG-2.03 : tout PATCH par une Commerciale exige l'Information complete.
|
||||
// Le fournisseur seede a une Information vide -> meme un PATCH du nom -> 422.
|
||||
$seed = $this->seedSupplier('Commerciale Patch Incomplete');
|
||||
$commerciale = $this->authAs('commerciale');
|
||||
|
||||
$response = $commerciale->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'Commerciale Renamed'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
self::assertArrayHasKey('description', $this->violationsByPath($response->toArray(false)));
|
||||
|
||||
// Le meme PATCH par un Admin passe (non gate par RG-2.03) -> 200.
|
||||
$admin = $this->createAdminClient();
|
||||
$admin->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'Admin Renamed'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
private function authAs(string $role): Client
|
||||
{
|
||||
|
||||
@@ -172,8 +172,9 @@ final class SupplierSubResourceApiTest extends AbstractSupplierApiTestCase
|
||||
public function testPostAddressWithIncoherentCityAndPostalCodeReturns201(): void
|
||||
{
|
||||
$this->skipIfSitesModuleDisabled();
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Address Incoherent');
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Address Incoherent');
|
||||
$category = $this->supplierCategory('NEGOCIANT');
|
||||
|
||||
// RG-2.05 : pas de controle strict de coherence CP/ville cote serveur.
|
||||
$client->request('POST', '/api/suppliers/'.$seed->getId().'/addresses', [
|
||||
@@ -184,6 +185,7 @@ final class SupplierSubResourceApiTest extends AbstractSupplierApiTestCase
|
||||
'city' => 'Marseille',
|
||||
'street' => '1 rue du Test',
|
||||
'sites' => [$this->firstSiteIri()],
|
||||
'categories' => ['/api/categories/'.$category->getId()],
|
||||
],
|
||||
]);
|
||||
|
||||
@@ -217,9 +219,10 @@ final class SupplierSubResourceApiTest extends AbstractSupplierApiTestCase
|
||||
public function testPostAddressWithEachValidTypeReturns201(): void
|
||||
{
|
||||
$this->skipIfSitesModuleDisabled();
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Address Types');
|
||||
$siteIri = $this->firstSiteIri();
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedSupplier('Address Types');
|
||||
$siteIri = $this->firstSiteIri();
|
||||
$category = $this->supplierCategory('NEGOCIANT');
|
||||
|
||||
foreach (['PROSPECT', 'DEPART', 'RENDU'] as $type) {
|
||||
$client->request('POST', '/api/suppliers/'.$seed->getId().'/addresses', [
|
||||
@@ -230,6 +233,7 @@ final class SupplierSubResourceApiTest extends AbstractSupplierApiTestCase
|
||||
'city' => 'Châtellerault',
|
||||
'street' => '1 rue du Test',
|
||||
'sites' => [$siteIri],
|
||||
'categories' => ['/api/categories/'.$category->getId()],
|
||||
],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(201, sprintf('addressType=%s doit etre accepte.', $type));
|
||||
|
||||
Reference in New Issue
Block a user