Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 gitea-actions
|
9507664bd0 | ||
 matthieu
|
0c9b563cae | ||
|
matthieu
|
b495e4030a | ||
|
matthieu
|
56cf492dcc |
@@ -103,13 +103,6 @@ return [
|
||||
'label' => 'sidebar.commercial.section',
|
||||
'icon' => 'mdi:account-arrow-left-outline',
|
||||
'items' => [
|
||||
[
|
||||
'label' => 'sidebar.commercial.clients',
|
||||
'to' => '/clients',
|
||||
'icon' => 'mdi:account-group-outline',
|
||||
'module' => 'commercial',
|
||||
'permission' => 'commercial.clients.view',
|
||||
],
|
||||
[
|
||||
'label' => 'sidebar.commercial.suppliers',
|
||||
'to' => '/suppliers',
|
||||
|
||||
+1
-1
@@ -1,2 +1,2 @@
|
||||
parameters:
|
||||
app.version: '0.1.58'
|
||||
app.version: '0.1.59'
|
||||
|
||||
@@ -23,7 +23,6 @@
|
||||
},
|
||||
"commercial": {
|
||||
"section": "Commercial",
|
||||
"clients": "Répertoire clients",
|
||||
"suppliers": "Répertoire fournisseurs"
|
||||
},
|
||||
"core": {
|
||||
|
||||
@@ -65,16 +65,6 @@ export const personas: Record<PersonaKey, Persona> = {
|
||||
'sites.bypass_scope',
|
||||
'catalog.categories.view',
|
||||
'catalog.categories.manage',
|
||||
// Commercial — Repertoire clients (M1). Mappe ici sur le persona
|
||||
// "tout" en attendant les vrais roles metier (bureau/compta/
|
||||
// commerciale/usine) seedes par ERP-74. Pas de nouveau persona
|
||||
// (regle ABSOLUE n°7). commercial.clients.view n'ajoute pas de lien
|
||||
// dans la section Administration, donc expectedAdminLinks reste inchange.
|
||||
'commercial.clients.view',
|
||||
'commercial.clients.manage',
|
||||
'commercial.clients.accounting.view',
|
||||
'commercial.clients.accounting.manage',
|
||||
'commercial.clients.archive',
|
||||
],
|
||||
expectedAdminLinks: ['users', 'roles', 'sites', 'categories', 'audit-log'],
|
||||
},
|
||||
|
||||
@@ -9,36 +9,4 @@ final class CommercialModule
|
||||
public const string ID = 'commercial';
|
||||
public const string LABEL = 'Commercial';
|
||||
public const bool REQUIRED = false;
|
||||
|
||||
/**
|
||||
* Liste declarative des permissions RBAC exposees par le module Commercial.
|
||||
*
|
||||
* Consommee par la commande `app:sync-permissions` (SyncPermissionsCommand)
|
||||
* qui se charge d'upserter ces entrees dans la table `permission`, de
|
||||
* reactiver les codes precedemment marques orphelins et de marquer comme
|
||||
* orphelins ceux qui ont disparu du code source.
|
||||
*
|
||||
* La cle `module` est auto-injectee par le sync command a partir de
|
||||
* `self::ID`, il est donc inutile de la repeter dans chaque entree.
|
||||
*
|
||||
* Convention de nommage des codes : `module.resource[.sub].action` en
|
||||
* snake_case, le prefixe module devant correspondre exactement a
|
||||
* `self::ID` (verifie par la commande de synchronisation).
|
||||
*
|
||||
* Granularite alignee sur Core/Catalog (view + manage), plus deux
|
||||
* permissions dediees a l'onglet Comptabilite et a l'archivage
|
||||
* (cf. spec-back M1 § 2.7).
|
||||
*
|
||||
* @return array<int, array{code: string, label: string}>
|
||||
*/
|
||||
public static function permissions(): array
|
||||
{
|
||||
return [
|
||||
['code' => 'commercial.clients.view', 'label' => 'Voir les clients'],
|
||||
['code' => 'commercial.clients.manage', 'label' => 'Créer / modifier les clients (hors onglet Comptabilité)'],
|
||||
['code' => 'commercial.clients.accounting.view', 'label' => 'Voir l\'onglet Comptabilité d\'un client'],
|
||||
['code' => 'commercial.clients.accounting.manage', 'label' => 'Modifier l\'onglet Comptabilité d\'un client'],
|
||||
['code' => 'commercial.clients.archive', 'label' => 'Archiver / restaurer un client'],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,9 +4,6 @@ declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrineBankRepository;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
@@ -16,29 +13,10 @@ use Symfony\Component\Serializer\Attribute\Groups;
|
||||
* CIC, Credit Agricole) : referentiel statique seede par la migration M1 et
|
||||
* re-seede en dev/test par CommercialReferentialFixtures.
|
||||
*
|
||||
* Lecture seule au M1 (HP-M2-2) : GetCollection + Get uniquement (ERP-56),
|
||||
* permission commercial.clients.view ; POST/PATCH/DELETE -> 405. Pas de
|
||||
* Timestampable/Blamable (referentiel statique whiteliste dans
|
||||
* EntitiesAreTimestampableBlamableTest::EXCLUDED). Le groupe
|
||||
* `client:read:accounting` permet l'embarquement dans la reponse Client.
|
||||
* Lecture seule au M1 (HP-M2-2). Pas de Timestampable/Blamable (referentiel
|
||||
* statique whiteliste dans EntitiesAreTimestampableBlamableTest::EXCLUDED). Le
|
||||
* groupe `client:read:accounting` permet l'embarquement dans la reponse Client.
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new GetCollection(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['bank:read']],
|
||||
// Tri par defaut spec M1 § 4.7 : position ASC puis label ASC.
|
||||
order: ['position' => 'ASC', 'label' => 'ASC'],
|
||||
// ERP-72 : pagination serveur + toggle ?pagination=false (cf. TvaMode).
|
||||
paginationClientEnabled: true,
|
||||
),
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['bank:read']],
|
||||
),
|
||||
],
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrineBankRepository::class)]
|
||||
#[ORM\Table(name: 'bank')]
|
||||
#[ORM\UniqueConstraint(name: 'uq_bank_code', columns: ['code'])]
|
||||
|
||||
@@ -4,9 +4,6 @@ declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrinePaymentDelayRepository;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
@@ -16,29 +13,10 @@ use Symfony\Component\Serializer\Attribute\Groups;
|
||||
* referentiel statique seede par la migration M1 et re-seede en dev/test par
|
||||
* CommercialReferentialFixtures.
|
||||
*
|
||||
* Lecture seule au M1 (HP-M2-2) : GetCollection + Get uniquement (ERP-56),
|
||||
* permission commercial.clients.view ; POST/PATCH/DELETE -> 405. Pas de
|
||||
* Timestampable/Blamable (referentiel statique whiteliste dans
|
||||
* EntitiesAreTimestampableBlamableTest::EXCLUDED). Le groupe
|
||||
* `client:read:accounting` permet l'embarquement dans la reponse Client.
|
||||
* Lecture seule au M1 (HP-M2-2). Pas de Timestampable/Blamable (referentiel
|
||||
* statique whiteliste dans EntitiesAreTimestampableBlamableTest::EXCLUDED). Le
|
||||
* groupe `client:read:accounting` permet l'embarquement dans la reponse Client.
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new GetCollection(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['payment_delay:read']],
|
||||
// Tri par defaut spec M1 § 4.7 : position ASC puis label ASC.
|
||||
order: ['position' => 'ASC', 'label' => 'ASC'],
|
||||
// ERP-72 : pagination serveur + toggle ?pagination=false (cf. TvaMode).
|
||||
paginationClientEnabled: true,
|
||||
),
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['payment_delay:read']],
|
||||
),
|
||||
],
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrinePaymentDelayRepository::class)]
|
||||
#[ORM\Table(name: 'payment_delay')]
|
||||
#[ORM\UniqueConstraint(name: 'uq_payment_delay_code', columns: ['code'])]
|
||||
|
||||
@@ -4,9 +4,6 @@ declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrinePaymentTypeRepository;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
@@ -19,29 +16,10 @@ use Symfony\Component\Serializer\Attribute\Groups;
|
||||
* Le `code` porte une semantique metier : VIREMENT impose une banque (RG-1.12),
|
||||
* LCR impose au moins un RIB (RG-1.13).
|
||||
*
|
||||
* Lecture seule au M1 (HP-M2-2) : GetCollection + Get uniquement (ERP-56),
|
||||
* permission commercial.clients.view ; POST/PATCH/DELETE -> 405. Pas de
|
||||
* Timestampable/Blamable (referentiel statique whiteliste dans
|
||||
* EntitiesAreTimestampableBlamableTest::EXCLUDED). Le groupe
|
||||
* `client:read:accounting` permet l'embarquement dans la reponse Client.
|
||||
* Lecture seule au M1 (HP-M2-2). Pas de Timestampable/Blamable (referentiel
|
||||
* statique whiteliste dans EntitiesAreTimestampableBlamableTest::EXCLUDED). Le
|
||||
* groupe `client:read:accounting` permet l'embarquement dans la reponse Client.
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new GetCollection(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['payment_type:read']],
|
||||
// Tri par defaut spec M1 § 4.7 : position ASC puis label ASC.
|
||||
order: ['position' => 'ASC', 'label' => 'ASC'],
|
||||
// ERP-72 : pagination serveur + toggle ?pagination=false (cf. TvaMode).
|
||||
paginationClientEnabled: true,
|
||||
),
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['payment_type:read']],
|
||||
),
|
||||
],
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrinePaymentTypeRepository::class)]
|
||||
#[ORM\Table(name: 'payment_type')]
|
||||
#[ORM\UniqueConstraint(name: 'uq_payment_type_code', columns: ['code'])]
|
||||
|
||||
@@ -4,9 +4,6 @@ declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrineTvaModeRepository;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
@@ -16,35 +13,15 @@ use Symfony\Component\Serializer\Attribute\Groups;
|
||||
* referentiel statique seede par la migration M1 (Version20260601000000) et
|
||||
* re-seede en dev/test par CommercialReferentialFixtures.
|
||||
*
|
||||
* Lecture seule au M1 (HP-M2-2) : seules GetCollection et Get sont exposees
|
||||
* (ERP-56), sous la permission commercial.clients.view ; aucune ecriture
|
||||
* declaree -> POST/PATCH/DELETE renvoient 405.
|
||||
* Lecture seule au M1 : pas de POST/PATCH/DELETE (HP-M2-2). L'ApiResource
|
||||
* (GetCollection + Get, tri position ASC) est branche au ticket dedie des
|
||||
* referentiels lecture seule.
|
||||
*
|
||||
* Referentiel statique : pas de Timestampable/Blamable (whiteliste dans
|
||||
* EntitiesAreTimestampableBlamableTest::EXCLUDED, comme CategoryType). Le
|
||||
* groupe `client:read:accounting` permet d'embarquer le mode dans la reponse
|
||||
* d'un Client (onglet Comptabilite) au lieu d'un IRI.
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new GetCollection(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['tva_mode:read']],
|
||||
// Tri par defaut spec M1 § 4.7 : position ASC puis label ASC
|
||||
// (ordre des selecteurs comptables) — provider Doctrine par defaut.
|
||||
order: ['position' => 'ASC', 'label' => 'ASC'],
|
||||
// ERP-72 : pagination serveur sur toute collection autonome. Le
|
||||
// toggle client est desactive globalement, on l'active ici pour
|
||||
// permettre ?pagination=false (alimenter un <MalioSelect> entier).
|
||||
paginationClientEnabled: true,
|
||||
),
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['tva_mode:read']],
|
||||
),
|
||||
],
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrineTvaModeRepository::class)]
|
||||
#[ORM\Table(name: 'tva_mode')]
|
||||
#[ORM\UniqueConstraint(name: 'uq_tva_mode_code', columns: ['code'])]
|
||||
|
||||
@@ -186,15 +186,6 @@ final class SeedE2ECommand extends Command
|
||||
'sites.bypass_scope',
|
||||
'catalog.categories.view',
|
||||
'catalog.categories.manage',
|
||||
// Commercial — Repertoire clients (M1). Mappe ici sur le
|
||||
// persona "tout" en attendant les vrais roles metier
|
||||
// (bureau/compta/commerciale/usine) seedes par ERP-74.
|
||||
// Miroir de frontend/tests/e2e/_fixtures/personas.ts.
|
||||
'commercial.clients.view',
|
||||
'commercial.clients.manage',
|
||||
'commercial.clients.accounting.view',
|
||||
'commercial.clients.accounting.manage',
|
||||
'commercial.clients.archive',
|
||||
],
|
||||
],
|
||||
[
|
||||
|
||||
@@ -1,253 +0,0 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\TvaMode;
|
||||
use PHPUnit\Framework\Attributes\DataProvider;
|
||||
|
||||
/**
|
||||
* Tests fonctionnels des 4 referentiels comptables lecture seule (ERP-56) :
|
||||
* tva_mode, payment_delay, payment_type, bank. Cf. spec-back M1 § 4.7.
|
||||
*
|
||||
* Couvre les criteres d'acceptation du ticket :
|
||||
* - les 4 GetCollection repondent 200 avec le seed (CommercialReferentialFixtures) ;
|
||||
* - tri par defaut position ASC puis label ASC ;
|
||||
* - POST / PATCH / DELETE -> 405 (aucune operation d'ecriture declaree) ;
|
||||
* - user authentifie sans commercial.clients.view -> 403 ;
|
||||
* - anonyme -> 401 ;
|
||||
* - pagination serveur active (ERP-72) + echappatoire ?pagination=false.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ReferentialApiTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
|
||||
/**
|
||||
* Endpoint => codes attendus dans le seed (sous-ensemble verifie present).
|
||||
*
|
||||
* @var array<string, list<string>>
|
||||
*/
|
||||
private const SEED = [
|
||||
'/api/tva_modes' => ['FRANCE_VENTES', 'EXPORT_VENTES', 'INTRACOM_VENTES'],
|
||||
'/api/payment_delays' => ['J15', 'J30', 'A_RECEPTION'],
|
||||
'/api/payment_types' => ['VIREMENT', 'LCR', 'NON_SOUMISE', 'CHEQUE'],
|
||||
'/api/banks' => ['SG', 'CIC', 'CA'],
|
||||
];
|
||||
|
||||
/**
|
||||
* Purge les eventuelles lignes de test inserees dans tva_mode (tri label).
|
||||
* Les codes du seed ne commencent jamais par TEST_, donc cette purge ne
|
||||
* touche pas les referentiels metier.
|
||||
*/
|
||||
protected function tearDown(): void
|
||||
{
|
||||
$this->getEm()
|
||||
->createQuery('DELETE FROM '.TvaMode::class.' t WHERE t.code LIKE :prefix')
|
||||
->setParameter('prefix', 'TEST\_%')
|
||||
->execute()
|
||||
;
|
||||
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : chaque endpoint repond 200 et expose le seed (id, code, label,
|
||||
* position) sous le groupe de lecture du referentiel.
|
||||
*
|
||||
* @param list<string> $expectedCodes
|
||||
*/
|
||||
#[DataProvider('endpointProvider')]
|
||||
public function testCollectionReturns200WithSeed(string $endpoint, array $expectedCodes): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('GET', $endpoint.'?pagination=false', ['headers' => ['Accept' => self::LD]]);
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
$members = $response->toArray()['member'];
|
||||
$codes = array_map(static fn (array $m): string => $m['code'], $members);
|
||||
|
||||
foreach ($expectedCodes as $expected) {
|
||||
self::assertContains($expected, $codes, $endpoint.' doit exposer le code seede '.$expected);
|
||||
}
|
||||
|
||||
// Le DTO de lecture expose bien id / code / label / position.
|
||||
$first = $members[0];
|
||||
self::assertArrayHasKey('id', $first);
|
||||
self::assertArrayHasKey('label', $first);
|
||||
self::assertArrayHasKey('position', $first);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : GET item repond 200 (recupere via un id reel de la collection).
|
||||
*/
|
||||
public function testGetItemReturns200(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$first = $client->request('GET', '/api/tva_modes?pagination=false', ['headers' => ['Accept' => self::LD]])
|
||||
->toArray()['member'][0]
|
||||
;
|
||||
|
||||
$client->request('GET', '/api/tva_modes/'.$first['id'], ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : tri par defaut position ASC. Le seed tva_mode est ordonne
|
||||
* FRANCE_VENTES (10) < EXPORT_VENTES (20) < INTRACOM_VENTES (30).
|
||||
*/
|
||||
public function testDefaultSortByPositionAsc(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$codes = array_map(
|
||||
static fn (array $m): string => $m['code'],
|
||||
$client->request('GET', '/api/tva_modes?pagination=false', ['headers' => ['Accept' => self::LD]])->toArray()['member'],
|
||||
);
|
||||
|
||||
$expectedOrder = ['FRANCE_VENTES', 'EXPORT_VENTES', 'INTRACOM_VENTES'];
|
||||
$filtered = array_values(array_intersect($codes, $expectedOrder));
|
||||
|
||||
self::assertSame(
|
||||
$expectedOrder,
|
||||
$filtered,
|
||||
'Les modes de TVA doivent etre tries position ASC (§ 4.7).',
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : a position egale, tri label ASC (departage). On insere deux
|
||||
* lignes de test partageant la meme position, labels volontairement dans le
|
||||
* desordre alphabetique ; le tearDown les purge ensuite.
|
||||
*/
|
||||
public function testTieBreakSortByLabelAsc(): void
|
||||
{
|
||||
$em = $this->getEm();
|
||||
foreach ([['TEST_TIE_Z', 'ZZZ Tie'], ['TEST_TIE_A', 'AAA Tie']] as [$code, $label]) {
|
||||
$mode = new TvaMode();
|
||||
$mode->setCode($code);
|
||||
$mode->setLabel($label);
|
||||
$mode->setPosition(9000);
|
||||
$em->persist($mode);
|
||||
}
|
||||
$em->flush();
|
||||
|
||||
$client = $this->createAdminClient();
|
||||
$codes = array_map(
|
||||
static fn (array $m): string => $m['code'],
|
||||
$client->request('GET', '/api/tva_modes?pagination=false', ['headers' => ['Accept' => self::LD]])->toArray()['member'],
|
||||
);
|
||||
|
||||
$tie = array_values(array_intersect($codes, ['TEST_TIE_A', 'TEST_TIE_Z']));
|
||||
self::assertSame(
|
||||
['TEST_TIE_A', 'TEST_TIE_Z'],
|
||||
$tie,
|
||||
'A position egale, le tri secondaire doit etre label ASC (§ 4.7).',
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere ERP-72 : la collection est paginee par defaut. Preuve : une page
|
||||
* au-dela des donnees est vide (un provider non pagine ignorerait `page`).
|
||||
* Avec ?pagination=false, le parametre `page` est ignore -> tout revient.
|
||||
*/
|
||||
public function testPaginationActiveAndClientToggle(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
// Page 2 d'un referentiel tenant sur une page : vide -> pagination active.
|
||||
$page2 = $client->request('GET', '/api/tva_modes?page=2', ['headers' => ['Accept' => self::LD]])->toArray();
|
||||
self::assertArrayHasKey('totalItems', $page2);
|
||||
self::assertSame([], $page2['member'], 'La page 2 doit etre vide : pagination serveur active.');
|
||||
|
||||
// ?pagination=false : `page` ignore, le seed complet est renvoye.
|
||||
$all = $client->request('GET', '/api/tva_modes?pagination=false&page=2', ['headers' => ['Accept' => self::LD]])->toArray();
|
||||
self::assertNotEmpty($all['member'], '?pagination=false doit desactiver la pagination (page ignoree).');
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : aucune operation d'ecriture n'est declaree -> POST sur la
|
||||
* collection renvoie 405 Method Not Allowed sur les 4 referentiels.
|
||||
*
|
||||
* @param list<string> $expectedCodes
|
||||
*/
|
||||
#[DataProvider('endpointProvider')]
|
||||
public function testPostReturns405(string $endpoint, array $expectedCodes): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', $endpoint, [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => ['code' => 'X', 'label' => 'X', 'position' => 1],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(405);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : PATCH et DELETE sur un item renvoient 405 (lecture seule).
|
||||
*/
|
||||
public function testPatchAndDeleteReturn405(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$first = $client->request('GET', '/api/tva_modes?pagination=false', ['headers' => ['Accept' => self::LD]])
|
||||
->toArray()['member'][0]
|
||||
;
|
||||
$iri = '/api/tva_modes/'.$first['id'];
|
||||
|
||||
$client->request('PATCH', $iri, [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['label' => 'Renamed'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(405);
|
||||
|
||||
$client->request('DELETE', $iri);
|
||||
self::assertResponseStatusCodeSame(405);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : un utilisateur authentifie sans la permission
|
||||
* commercial.clients.view obtient 403 sur les 4 endpoints.
|
||||
*
|
||||
* @param list<string> $expectedCodes
|
||||
*/
|
||||
#[DataProvider('endpointProvider')]
|
||||
public function testForbiddenWithoutPermission(string $endpoint, array $expectedCodes): void
|
||||
{
|
||||
// User jetable portant une permission SANS rapport (existe en base mais
|
||||
// ne donne pas commercial.clients.view).
|
||||
$creds = $this->createUserWithPermission('core.users.view');
|
||||
$client = $this->authenticatedClient($creds['username'], $creds['password']);
|
||||
|
||||
$client->request('GET', $endpoint, ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : un appel anonyme (non authentifie) obtient 401 sur les 4
|
||||
* endpoints.
|
||||
*
|
||||
* @param list<string> $expectedCodes
|
||||
*/
|
||||
#[DataProvider('endpointProvider')]
|
||||
public function testUnauthorizedWhenAnonymous(string $endpoint, array $expectedCodes): void
|
||||
{
|
||||
$client = self::createClient();
|
||||
$client->request('GET', $endpoint, ['headers' => ['Accept' => self::LD]]);
|
||||
|
||||
self::assertResponseStatusCodeSame(401);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return iterable<string, array{string, list<string>}>
|
||||
*/
|
||||
public static function endpointProvider(): iterable
|
||||
{
|
||||
foreach (self::SEED as $endpoint => $codes) {
|
||||
yield $endpoint => [$endpoint, $codes];
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user