Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Matthieu
|
216f38847b | ||
 tristan
|
4046910a9d | ||
|
gitea-actions
|
9613857650 | ||
|
tristan
|
2a0918bbfe | ||
|
gitea-actions
|
8e31e1759c | ||
 matthieu
|
4824690923 |
@@ -73,12 +73,20 @@ jobs:
|
||||
run: vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.dist.php --allow-risky=yes --dry-run --diff
|
||||
|
||||
- name: Bootstrap test database
|
||||
# Aligne sur la cible `test-db-setup` du makefile : apres
|
||||
# `schema:update --force`, on RECREE manuellement l'index unique
|
||||
# partiel `uq_category_name_type_active` car Doctrine ORM ne sait
|
||||
# pas exprimer les index fonctionnels partiels (LOWER(name) + WHERE
|
||||
# deleted_at IS NULL) et `schema:update` les considere comme
|
||||
# orphelins et les DROP — collisions non detectees, tests d'unicite
|
||||
# qui attendent 409 recoivent 201.
|
||||
run: |
|
||||
php bin/console doctrine:database:create --env=test --if-not-exists --no-interaction
|
||||
php bin/console doctrine:migrations:migrate --env=test --no-interaction
|
||||
php bin/console doctrine:schema:update --env=test --force --no-interaction
|
||||
php bin/console doctrine:fixtures:load --env=test --no-interaction
|
||||
php bin/console app:sync-permissions --env=test --no-interaction
|
||||
php bin/console --env=test dbal:run-sql "CREATE UNIQUE INDEX IF NOT EXISTS uq_category_name_type_active ON category (LOWER(name), category_type_id) WHERE deleted_at IS NULL"
|
||||
|
||||
- name: Run PHPUnit
|
||||
run: php -d memory_limit=512M vendor/bin/phpunit
|
||||
|
||||
+1
-1
@@ -1,2 +1,2 @@
|
||||
parameters:
|
||||
app.version: '0.1.43'
|
||||
app.version: '0.1.49'
|
||||
|
||||
@@ -1,9 +1,17 @@
|
||||
<!--
|
||||
Valeurs en dur issues de la maquette Figma (design Starseed) :
|
||||
- sidebar depliee : 232px (w-[232px], repli laisse par defaut 72px)
|
||||
- marge horizontale du contenu sur desktop : 170px (xl:px-[170px])
|
||||
- bande blanche sticky sous la navbar : 47px (h-[47px])
|
||||
A faire evoluer uniquement avec une mise a jour de maquette.
|
||||
-->
|
||||
<template>
|
||||
<div class="h-screen overflow-hidden">
|
||||
<div class="flex h-full">
|
||||
<MalioSidebar
|
||||
v-model="ui.sidebarCollapsed"
|
||||
:sections="translatedSections"
|
||||
:sidebar-class="ui.sidebarCollapsed ? '' : 'w-[232px]'"
|
||||
>
|
||||
<template #logo>
|
||||
<img src="/LOGO_MALIO.png" alt="Malio"/>
|
||||
@@ -16,10 +24,10 @@
|
||||
<div class="h-full flex-1 flex flex-col min-h-0 min-w-0">
|
||||
<SiteSelector v-if="showSiteSelector"/>
|
||||
<main
|
||||
class="flex flex-1 flex-col overflow-y-auto overflow-x-hidden bg-white px-4 pb-24 sm:px-8 lg:px-16">
|
||||
class="flex flex-1 flex-col overflow-y-auto overflow-x-hidden bg-white px-4 pb-10 sm:px-6 lg:px-12 xl:px-[170px]">
|
||||
<div
|
||||
aria-hidden="true"
|
||||
class="pointer-events-none sticky top-0 z-30 h-8 flex-shrink-0 bg-white sm:h-12"/>
|
||||
class="pointer-events-none sticky top-0 z-30 h-[47px] flex-shrink-0 bg-white"/>
|
||||
<slot/>
|
||||
</main>
|
||||
</div>
|
||||
|
||||
@@ -88,12 +88,19 @@
|
||||
},
|
||||
"empty": "Aucune activité enregistrée",
|
||||
"no_results": "Aucun résultat pour ces filtres",
|
||||
"error": {
|
||||
"title": "Erreur",
|
||||
"message": "Impossible de charger le journal d'audit. Vérifiez les filtres ou réessayez."
|
||||
},
|
||||
"timeline": {
|
||||
"empty": "Aucun historique",
|
||||
"load_more": "Voir plus"
|
||||
},
|
||||
"filters": {
|
||||
"title": "Filtres",
|
||||
"apply": "Voir les résultats",
|
||||
"reset": "Réinitialiser",
|
||||
"date_range": "Date à date",
|
||||
"date_from": "Du",
|
||||
"date_to": "Au",
|
||||
"entity_type": "Type d'entité",
|
||||
@@ -223,6 +230,39 @@
|
||||
"updated": "Site mis à jour avec succès",
|
||||
"deleted": "Site supprimé avec succès"
|
||||
}
|
||||
},
|
||||
"categories": {
|
||||
"title": "Gestion des catégories",
|
||||
"newCategory": "Ajouter",
|
||||
"editCategory": "Modifier la catégorie",
|
||||
"createCategory": "Créer une catégorie",
|
||||
"viewCategory": "Détail de la catégorie",
|
||||
"noCategories": "Aucune catégorie pour l'instant.",
|
||||
"table": {
|
||||
"name": "Nom",
|
||||
"type": "Type"
|
||||
},
|
||||
"form": {
|
||||
"name": "Nom",
|
||||
"type": "Type de catégorie",
|
||||
"typePlaceholder": "Sélectionner un type"
|
||||
},
|
||||
"validation": {
|
||||
"nameRequired": "Le nom est obligatoire.",
|
||||
"nameLength": "Le nom doit faire entre 2 et 120 caractères.",
|
||||
"typeRequired": "Le type de catégorie est obligatoire."
|
||||
},
|
||||
"delete": {
|
||||
"title": "Supprimer la catégorie",
|
||||
"message": "Êtes-vous sûr de vouloir supprimer la catégorie \"{name}\" ? Cette action est irréversible."
|
||||
},
|
||||
"toast": {
|
||||
"created": "Catégorie créée avec succès",
|
||||
"updated": "Catégorie mise à jour avec succès",
|
||||
"deleted": "Catégorie supprimée avec succès",
|
||||
"duplicate": "Une catégorie nommée « {name} » existe déjà pour ce type.",
|
||||
"typesLoadFailed": "Impossible de charger les types de catégorie. Réessayez."
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,76 @@
|
||||
<template>
|
||||
<Teleport to="body">
|
||||
<Transition name="fade">
|
||||
<div
|
||||
v-if="modelValue"
|
||||
class="fixed inset-0 z-50 flex items-center justify-center bg-black/50"
|
||||
@click.self="cancel"
|
||||
>
|
||||
<div class="w-full max-w-md rounded-lg bg-white p-6 shadow-xl">
|
||||
<h3 class="text-lg font-semibold text-neutral-900">
|
||||
{{ t('admin.categories.delete.title') }}
|
||||
</h3>
|
||||
<p class="mt-3 text-sm text-neutral-600">
|
||||
{{ t('admin.categories.delete.message', { name: categoryName }) }}
|
||||
</p>
|
||||
<div class="mt-6 flex justify-end gap-3">
|
||||
<MalioButton
|
||||
:label="t('common.cancel')"
|
||||
variant="secondary"
|
||||
@click="cancel"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.delete')"
|
||||
variant="danger"
|
||||
icon-name="mdi:delete-outline"
|
||||
icon-position="left"
|
||||
:disabled="loading"
|
||||
@click="confirm"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</Transition>
|
||||
</Teleport>
|
||||
</template>
|
||||
|
||||
<script setup lang="ts">
|
||||
const { t } = useI18n()
|
||||
|
||||
defineProps<{
|
||||
modelValue: boolean
|
||||
categoryName: string
|
||||
loading: boolean
|
||||
}>()
|
||||
|
||||
const emit = defineEmits<{
|
||||
'update:modelValue': [value: boolean]
|
||||
confirm: []
|
||||
}>()
|
||||
|
||||
function cancel() {
|
||||
emit('update:modelValue', false)
|
||||
}
|
||||
|
||||
function confirm() {
|
||||
emit('confirm')
|
||||
}
|
||||
|
||||
function onKeydown(e: KeyboardEvent) {
|
||||
if (e.key === 'Escape') cancel()
|
||||
}
|
||||
|
||||
onMounted(() => document.addEventListener('keydown', onKeydown))
|
||||
onUnmounted(() => document.removeEventListener('keydown', onKeydown))
|
||||
</script>
|
||||
|
||||
<style scoped>
|
||||
.fade-enter-active,
|
||||
.fade-leave-active {
|
||||
transition: opacity 0.2s ease;
|
||||
}
|
||||
.fade-enter-from,
|
||||
.fade-leave-to {
|
||||
opacity: 0;
|
||||
}
|
||||
</style>
|
||||
@@ -0,0 +1,370 @@
|
||||
<template>
|
||||
<MalioDrawer
|
||||
:model-value="modelValue"
|
||||
drawer-class="w-full max-w-lg"
|
||||
header-class="border-b border-black"
|
||||
footer-class="justify-between border-t border-black p-6"
|
||||
@update:model-value="emit('update:modelValue', $event)"
|
||||
>
|
||||
<template #header>
|
||||
<h2 class="text-[24px] font-bold">
|
||||
{{ headerLabel }}
|
||||
</h2>
|
||||
</template>
|
||||
|
||||
<form class="flex flex-col gap-4 py-4" @submit.prevent="handleSave">
|
||||
<!-- Nom (RG-1.02 obligatoire / RG-1.04 longueur 2-120 apres trim).
|
||||
Erreur miroir client + erreurs server-side (422) mappees sur ce champ. -->
|
||||
<MalioInputText
|
||||
v-model="form.name"
|
||||
:label="t('admin.categories.form.name')"
|
||||
input-class="w-full"
|
||||
:max-length="120"
|
||||
:error="errors.name"
|
||||
required
|
||||
/>
|
||||
|
||||
<!-- Type (RG-1.05 obligatoire). MalioSelect porte la valeur en
|
||||
number (categoryType id) ; conversion en IRI au moment du save. -->
|
||||
<MalioSelect
|
||||
v-model="form.categoryTypeId"
|
||||
:options="categoryTypeOptions"
|
||||
:label="t('admin.categories.form.type')"
|
||||
:empty-option-label="t('admin.categories.form.typePlaceholder')"
|
||||
:error="errors.categoryType"
|
||||
:disabled="loadingTypes"
|
||||
/>
|
||||
|
||||
<!-- Erreur transverse (typiquement reseau / 5xx) — separe des
|
||||
erreurs de validation par champ. -->
|
||||
<p v-if="errors._global" class="text-sm text-red-600">
|
||||
{{ errors._global }}
|
||||
</p>
|
||||
</form>
|
||||
|
||||
<!-- Footer fixe : depuis 1.7.1 le slot #footer est un frere du body
|
||||
scrollable (shrink-0), donc reellement fige sans sticky. -->
|
||||
<template #footer>
|
||||
<MalioButton
|
||||
v-if="canShowDelete"
|
||||
:label="t('common.delete')"
|
||||
variant="danger"
|
||||
icon-name="mdi:delete-outline"
|
||||
icon-position="left"
|
||||
button-class="w-[150px]"
|
||||
@click="emit('delete')"
|
||||
/>
|
||||
<MalioButton
|
||||
v-else
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
button-class="w-[150px]"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
v-if="canShowSave"
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
button-class="w-[150px]"
|
||||
:disabled="saving || loadingTypes"
|
||||
@click="handleSave"
|
||||
/>
|
||||
</template>
|
||||
</MalioDrawer>
|
||||
</template>
|
||||
|
||||
<script setup lang="ts">
|
||||
import type { Category, CategoryType } from '~/modules/catalog/types/category'
|
||||
import type { HydraCollection } from '~/shared/utils/api'
|
||||
|
||||
const { t } = useI18n()
|
||||
const api = useApi()
|
||||
const { can } = usePermissions()
|
||||
|
||||
const props = defineProps<{
|
||||
modelValue: boolean
|
||||
category: Category | null
|
||||
}>()
|
||||
|
||||
const emit = defineEmits<{
|
||||
'update:modelValue': [value: boolean]
|
||||
saved: []
|
||||
delete: []
|
||||
}>()
|
||||
|
||||
/**
|
||||
* Mode du drawer :
|
||||
* - 'create' : pas de category prop, formulaire vide, POST au save.
|
||||
* - 'view' : category prop set, formulaire pre-rempli, save MASQUE
|
||||
* jusqu'a ce que l'utilisateur modifie un champ.
|
||||
* - 'edit' : category prop set et formulaire « dirty » (au moins un
|
||||
* champ different de l'original), PATCH au save.
|
||||
*
|
||||
* La bascule view → edit est automatique des qu'un champ change (cf. watch
|
||||
* sur form). Le label du header suit le mode courant.
|
||||
*/
|
||||
type DrawerMode = 'create' | 'view' | 'edit'
|
||||
|
||||
const saving = ref(false)
|
||||
const loadingTypes = ref(false)
|
||||
const categoryTypes = ref<CategoryType[]>([])
|
||||
|
||||
const form = ref({
|
||||
name: '',
|
||||
categoryTypeId: null as number | null,
|
||||
})
|
||||
|
||||
// Snapshot des valeurs initiales pour detecter le « dirty » (view → edit).
|
||||
const initial = ref({
|
||||
name: '',
|
||||
categoryTypeId: null as number | null,
|
||||
})
|
||||
|
||||
// Erreurs par champ + erreur transverse globale. Pattern propre pour mapper
|
||||
// les violations 422 sur les MalioInputText / MalioSelect.
|
||||
const errors = ref<{
|
||||
name: string
|
||||
categoryType: string
|
||||
_global: string
|
||||
}>({
|
||||
name: '',
|
||||
categoryType: '',
|
||||
_global: '',
|
||||
})
|
||||
|
||||
const isCreateMode = computed(() => props.category === null)
|
||||
|
||||
const isDirty = computed(
|
||||
() =>
|
||||
form.value.name !== initial.value.name
|
||||
|| form.value.categoryTypeId !== initial.value.categoryTypeId,
|
||||
)
|
||||
|
||||
const mode = computed<DrawerMode>(() => {
|
||||
if (isCreateMode.value) return 'create'
|
||||
return isDirty.value ? 'edit' : 'view'
|
||||
})
|
||||
|
||||
const headerLabel = computed(() => {
|
||||
if (mode.value === 'create') return t('admin.categories.createCategory')
|
||||
if (mode.value === 'edit') return t('admin.categories.editCategory')
|
||||
return t('admin.categories.viewCategory')
|
||||
})
|
||||
|
||||
// Le bouton Supprimer n'est visible qu'en consultation/edition d'une categorie
|
||||
// existante et seulement pour les users ayant la permission manage. En mode
|
||||
// creation on affiche un bouton Annuler a la place.
|
||||
const canShowDelete = computed(
|
||||
() => !isCreateMode.value && can('catalog.categories.manage'),
|
||||
)
|
||||
|
||||
// Save : visible en creation, ou en edition (apres modification d'un champ).
|
||||
// Masque en view tant que rien n'a change.
|
||||
const canShowSave = computed(
|
||||
() => mode.value === 'create' || mode.value === 'edit',
|
||||
)
|
||||
|
||||
const categoryTypeOptions = computed(() =>
|
||||
categoryTypes.value.map(ct => ({
|
||||
label: ct.label,
|
||||
value: ct.id,
|
||||
})),
|
||||
)
|
||||
|
||||
/**
|
||||
* Charge le referentiel CategoryType. Appele a chaque ouverture du drawer
|
||||
* (pas seulement au mount) pour rester a jour si un type est ajoute en
|
||||
* arriere-plan. Volontairement sans toast en cas d'echec : on affiche un
|
||||
* message inline via `errors._global` pour ne pas spammer.
|
||||
*/
|
||||
async function loadCategoryTypes(): Promise<void> {
|
||||
loadingTypes.value = true
|
||||
try {
|
||||
const data = await api.get<HydraCollection<CategoryType>>(
|
||||
'/category_types',
|
||||
{ itemsPerPage: 999 },
|
||||
{ toast: false },
|
||||
)
|
||||
categoryTypes.value = data.member ?? []
|
||||
} catch {
|
||||
categoryTypes.value = []
|
||||
errors.value._global = t('admin.categories.toast.typesLoadFailed')
|
||||
} finally {
|
||||
loadingTypes.value = false
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Re-initialise le formulaire a partir de la prop `category`. Aussi appele
|
||||
* a l'ouverture du drawer pour repartir d'un etat propre.
|
||||
*/
|
||||
function resetForm(): void {
|
||||
errors.value = { name: '', categoryType: '', _global: '' }
|
||||
if (props.category) {
|
||||
form.value.name = props.category.name
|
||||
form.value.categoryTypeId = props.category.categoryType.id
|
||||
initial.value.name = props.category.name
|
||||
initial.value.categoryTypeId = props.category.categoryType.id
|
||||
} else {
|
||||
form.value.name = ''
|
||||
form.value.categoryTypeId = null
|
||||
initial.value.name = ''
|
||||
initial.value.categoryTypeId = null
|
||||
}
|
||||
}
|
||||
|
||||
// Re-initialiser quand la categorie selectionnee change (clic sur une autre
|
||||
// ligne sans fermer le drawer entre-temps).
|
||||
watch(() => props.category, resetForm, { immediate: true })
|
||||
|
||||
// A chaque ouverture du drawer : reset + chargement frais des types. Pas
|
||||
// d'optimisation cache au M0 — le referentiel est petit et statique.
|
||||
watch(
|
||||
() => props.modelValue,
|
||||
(open) => {
|
||||
if (open) {
|
||||
resetForm()
|
||||
loadCategoryTypes()
|
||||
}
|
||||
},
|
||||
)
|
||||
|
||||
/**
|
||||
* Validation client-side miroir des RG back. Renvoie true si tout passe et
|
||||
* peuple `errors` sinon. Le serveur valide aussi (defense en profondeur) ;
|
||||
* la validation client sert juste a eviter l'aller-retour evitable.
|
||||
*/
|
||||
function validate(): boolean {
|
||||
errors.value = { name: '', categoryType: '', _global: '' }
|
||||
const trimmedName = form.value.name.trim()
|
||||
|
||||
// RG-1.02 — name obligatoire (vide / whitespace-only).
|
||||
if (trimmedName === '') {
|
||||
errors.value.name = t('admin.categories.validation.nameRequired')
|
||||
} else if (trimmedName.length < 2 || trimmedName.length > 120) {
|
||||
// RG-1.04 — longueur 2-120 apres trim.
|
||||
errors.value.name = t('admin.categories.validation.nameLength')
|
||||
}
|
||||
|
||||
// RG-1.05 — categoryType obligatoire.
|
||||
if (form.value.categoryTypeId === null) {
|
||||
errors.value.categoryType = t('admin.categories.validation.typeRequired')
|
||||
}
|
||||
|
||||
return errors.value.name === '' && errors.value.categoryType === ''
|
||||
}
|
||||
|
||||
/**
|
||||
* Mappe une reponse 422 d'API Platform sur le state `errors`. API Platform 4
|
||||
* retourne soit `violations: [{ propertyPath, message }]` soit
|
||||
* `hydra:violations` selon la negociation de format.
|
||||
*/
|
||||
function mapServerViolations(data: unknown): boolean {
|
||||
if (!data || typeof data !== 'object') return false
|
||||
const record = data as Record<string, unknown>
|
||||
const rawViolations = record.violations ?? record['hydra:violations']
|
||||
if (!Array.isArray(rawViolations)) return false
|
||||
|
||||
let mapped = false
|
||||
for (const v of rawViolations) {
|
||||
if (!v || typeof v !== 'object') continue
|
||||
const violation = v as Record<string, unknown>
|
||||
const path = String(violation.propertyPath ?? '')
|
||||
const message = String(violation.message ?? '')
|
||||
if (path === 'name') {
|
||||
errors.value.name = message
|
||||
mapped = true
|
||||
} else if (path === 'categoryType') {
|
||||
errors.value.categoryType = message
|
||||
mapped = true
|
||||
}
|
||||
}
|
||||
return mapped
|
||||
}
|
||||
|
||||
/**
|
||||
* Extrait un message d'erreur HTTP au format API Platform / Hydra.
|
||||
*/
|
||||
function extractErrorMessage(data: unknown): string {
|
||||
if (!data || typeof data !== 'object') return ''
|
||||
const record = data as Record<string, unknown>
|
||||
return (
|
||||
(record['hydra:description'] as string)
|
||||
?? (record.detail as string)
|
||||
?? (record.description as string)
|
||||
?? ''
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Sauvegarde la categorie (POST en mode create, PATCH en mode edit).
|
||||
* Trim cote client (miroir RG-1.03), conversion ID → IRI pour categoryType,
|
||||
* mapping des erreurs server.
|
||||
*/
|
||||
async function handleSave(): Promise<void> {
|
||||
if (!validate()) return
|
||||
saving.value = true
|
||||
errors.value._global = ''
|
||||
|
||||
// Trim cote client (miroir RG-1.03). Le serveur retrim de toute facon.
|
||||
const payload = {
|
||||
name: form.value.name.trim(),
|
||||
categoryType: `/api/category_types/${form.value.categoryTypeId}`,
|
||||
}
|
||||
|
||||
try {
|
||||
if (mode.value === 'create') {
|
||||
await api.post('/categories', payload, {
|
||||
toastSuccessMessage: t('admin.categories.toast.created'),
|
||||
toast: false, // gestion fine des erreurs ci-dessous
|
||||
})
|
||||
} else if (mode.value === 'edit' && props.category) {
|
||||
await api.patch(`/categories/${props.category.id}`, payload, {
|
||||
toastSuccessMessage: t('admin.categories.toast.updated'),
|
||||
toast: false,
|
||||
})
|
||||
}
|
||||
|
||||
// Succes : toast manuel (car on a desactive le toast du composable
|
||||
// pour gerer finement les erreurs) + propagation au parent.
|
||||
useToast().success({
|
||||
title: 'Succès',
|
||||
message:
|
||||
mode.value === 'create'
|
||||
? t('admin.categories.toast.created')
|
||||
: t('admin.categories.toast.updated'),
|
||||
})
|
||||
emit('saved')
|
||||
emit('update:modelValue', false)
|
||||
} catch (err: unknown) {
|
||||
const error = err as { response?: { status?: number, _data?: unknown } }
|
||||
const status = error?.response?.status
|
||||
const data = error?.response?._data
|
||||
|
||||
if (status === 409) {
|
||||
// RG-1.07 — doublon (name, categoryType). Toast custom + erreur
|
||||
// mappee sur le champ name (origine du conflit).
|
||||
const duplicateMessage = t('admin.categories.toast.duplicate', {
|
||||
name: payload.name,
|
||||
})
|
||||
errors.value.name = duplicateMessage
|
||||
useToast().error({
|
||||
title: 'Erreur',
|
||||
message: duplicateMessage,
|
||||
})
|
||||
} else if (status === 422 && mapServerViolations(data)) {
|
||||
// Violations mappees sur les champs concernes — pas de toast,
|
||||
// l'utilisateur voit l'erreur directement sous le champ.
|
||||
} else {
|
||||
const extracted = extractErrorMessage(data)
|
||||
errors.value._global = extracted || 'Une erreur est survenue.'
|
||||
useToast().error({
|
||||
title: 'Erreur',
|
||||
message: errors.value._global,
|
||||
})
|
||||
}
|
||||
} finally {
|
||||
saving.value = false
|
||||
}
|
||||
}
|
||||
</script>
|
||||
@@ -0,0 +1 @@
|
||||
export default defineNuxtConfig({})
|
||||
@@ -0,0 +1,162 @@
|
||||
<template>
|
||||
<div>
|
||||
<PageHeader>
|
||||
{{ t('admin.categories.title') }}
|
||||
<template #actions>
|
||||
<MalioButton
|
||||
v-if="canManage"
|
||||
:label="t('admin.categories.newCategory')"
|
||||
icon-name="mdi:add-bold"
|
||||
icon-position="left"
|
||||
@click="openCreateDrawer"
|
||||
/>
|
||||
</template>
|
||||
</PageHeader>
|
||||
|
||||
<!-- Table des categories : tri par defaut sur Nom ASC (RG-1.10).
|
||||
Tri serveur applique a la requete + tri client en miroir pour
|
||||
la pagination front (volumetrie cible <= 300, cf. spec § 4.1). -->
|
||||
<MalioDataTable
|
||||
:columns="columns"
|
||||
:items="categoryItems"
|
||||
:total-items="categories.length"
|
||||
:row-clickable="true"
|
||||
:empty-message="t('admin.categories.noCategories')"
|
||||
@row-click="onRowClick"
|
||||
/>
|
||||
|
||||
<!-- Drawer creation / consultation / edition. -->
|
||||
<CategoryDrawer
|
||||
v-model="drawerOpen"
|
||||
:category="selectedCategory"
|
||||
@saved="onCategorySaved"
|
||||
@delete="onDeleteRequest"
|
||||
/>
|
||||
|
||||
<!-- Modale de confirmation suppression (soft delete cote serveur). -->
|
||||
<CategoryDeleteModal
|
||||
v-model="deleteModalOpen"
|
||||
:category-name="categoryToDelete?.name ?? ''"
|
||||
:loading="deleting"
|
||||
@confirm="handleDelete"
|
||||
/>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
<script setup lang="ts">
|
||||
import type { Category } from '~/modules/catalog/types/category'
|
||||
import type { HydraCollection } from '~/shared/utils/api'
|
||||
|
||||
const { t } = useI18n()
|
||||
const api = useApi()
|
||||
const { can } = usePermissions()
|
||||
|
||||
useHead({ title: t('admin.categories.title') })
|
||||
|
||||
const canManage = computed(() => can('catalog.categories.manage'))
|
||||
|
||||
const categories = ref<Category[]>([])
|
||||
const loading = ref(false)
|
||||
const drawerOpen = ref(false)
|
||||
const selectedCategory = ref<Category | null>(null)
|
||||
const deleteModalOpen = ref(false)
|
||||
const categoryToDelete = ref<Category | null>(null)
|
||||
const deleting = ref(false)
|
||||
|
||||
// Colonnes du datatable. Le type est embarque cote API (cf. spec-back § 3.4) —
|
||||
// on aplatit en label lisible pour l'affichage.
|
||||
const columns = [
|
||||
{ key: 'name', label: t('admin.categories.table.name') },
|
||||
{ key: 'typeLabel', label: t('admin.categories.table.type') },
|
||||
]
|
||||
|
||||
const categoryItems = computed(() =>
|
||||
categories.value.map(cat => ({
|
||||
id: cat.id,
|
||||
name: cat.name,
|
||||
typeLabel: cat.categoryType?.label ?? '',
|
||||
})),
|
||||
)
|
||||
|
||||
function getCategoryById(id: number): Category | undefined {
|
||||
return categories.value.find(c => c.id === id)
|
||||
}
|
||||
|
||||
function onRowClick(item: Record<string, unknown>) {
|
||||
const category = getCategoryById(item.id as number)
|
||||
if (category) openEditDrawer(category)
|
||||
}
|
||||
|
||||
/**
|
||||
* Charge la liste des categories. Le serveur exclut les soft-deleted par
|
||||
* defaut (RG-1.08) et trie par name ASC (RG-1.10). Pas de pagination
|
||||
* serveur (RG : volumetrie ≤ 300, pagination front via MalioDataTable).
|
||||
*
|
||||
* Logique inline volontaire au M0 (decision prompt ERP-49) : extraction
|
||||
* en composable `useCategoriesAdmin` au ticket 0.8 (ERP-50).
|
||||
*/
|
||||
async function loadCategories(): Promise<void> {
|
||||
loading.value = true
|
||||
try {
|
||||
const data = await api.get<HydraCollection<Category>>(
|
||||
'/categories',
|
||||
{ itemsPerPage: 999 },
|
||||
{ toast: false },
|
||||
)
|
||||
categories.value = data.member ?? []
|
||||
} catch {
|
||||
// Reset sur echec pour ne pas afficher de donnees stale. Pas de
|
||||
// toast : un user sans permission view recoit 403 et voit une
|
||||
// liste vide propre — le mecanisme de gating se fait cote sidebar.
|
||||
categories.value = []
|
||||
} finally {
|
||||
loading.value = false
|
||||
}
|
||||
}
|
||||
|
||||
function openCreateDrawer() {
|
||||
selectedCategory.value = null
|
||||
drawerOpen.value = true
|
||||
}
|
||||
|
||||
function openEditDrawer(category: Category) {
|
||||
selectedCategory.value = category
|
||||
drawerOpen.value = true
|
||||
}
|
||||
|
||||
function onDeleteRequest() {
|
||||
if (!selectedCategory.value) return
|
||||
categoryToDelete.value = selectedCategory.value
|
||||
deleteModalOpen.value = true
|
||||
}
|
||||
|
||||
/**
|
||||
* DELETE /api/categories/{id} → soft delete (RG-1.12). Le serveur pose
|
||||
* `deleted_at = now()` et retourne 204. Refresh de la liste a la fin
|
||||
* pour retirer la ligne (l'index unique partiel autorise une recreation
|
||||
* ulterieure avec le meme couple (name, type) — RG-1.07).
|
||||
*/
|
||||
async function handleDelete(): Promise<void> {
|
||||
if (!categoryToDelete.value) return
|
||||
deleting.value = true
|
||||
try {
|
||||
await api.delete(`/categories/${categoryToDelete.value.id}`, {}, {
|
||||
toastSuccessMessage: t('admin.categories.toast.deleted'),
|
||||
})
|
||||
deleteModalOpen.value = false
|
||||
categoryToDelete.value = null
|
||||
drawerOpen.value = false
|
||||
await loadCategories()
|
||||
} finally {
|
||||
deleting.value = false
|
||||
}
|
||||
}
|
||||
|
||||
function onCategorySaved() {
|
||||
loadCategories()
|
||||
}
|
||||
|
||||
onMounted(() => {
|
||||
loadCategories()
|
||||
})
|
||||
</script>
|
||||
@@ -0,0 +1,71 @@
|
||||
/**
|
||||
* Types front du module Catalog (M0 — Gestion des categories).
|
||||
*
|
||||
* Contrats API consommes :
|
||||
* - GET /api/categories → HydraCollection<Category>
|
||||
* - GET /api/categories/{id} → Category
|
||||
* - POST /api/categories → body { name, categoryType: IRI }
|
||||
* - PATCH /api/categories/{id} → body partiel { name?, categoryType?: IRI }
|
||||
* - DELETE /api/categories/{id} → 204 (soft delete via CategoryProcessor)
|
||||
* - GET /api/category_types → HydraCollection<CategoryType>
|
||||
*
|
||||
* Notes :
|
||||
* - Les IRI sont envoyes en POST/PATCH (ex. "/api/category_types/3").
|
||||
* - `categoryType` est embarque (groupe Serializer `category:read` sur les
|
||||
* proprietes de CategoryType, cf. spec-back § 3.4).
|
||||
* - `createdBy` / `updatedBy` peuvent etre `null` (hors contexte HTTP,
|
||||
* ON DELETE SET NULL en BDD). Affichage : libelle "Systeme" si null.
|
||||
*/
|
||||
|
||||
/**
|
||||
* Reference legere d'un user, telle qu'embarquee dans Category.createdBy /
|
||||
* updatedBy. Volontairement minimaliste : on n'a besoin que de l'identifiant
|
||||
* et de l'username pour l'affichage courant.
|
||||
*/
|
||||
export interface User {
|
||||
id: number
|
||||
username: string
|
||||
}
|
||||
|
||||
/**
|
||||
* Reference du referentiel CategoryType (lecture seule au M0).
|
||||
*/
|
||||
export interface CategoryType {
|
||||
id: number
|
||||
code: string
|
||||
label: string
|
||||
}
|
||||
|
||||
/**
|
||||
* Categorie metier — telle qu'elle est lue depuis l'API. L'entite porte le
|
||||
* pattern Timestampable+Blamable (cf. spec-back § 2.8).
|
||||
*/
|
||||
export interface Category {
|
||||
id: number
|
||||
name: string
|
||||
categoryType: CategoryType
|
||||
/** Soft delete : null = active, valeur = supprimee logiquement le {date}. */
|
||||
deletedAt: string | null
|
||||
createdAt: string
|
||||
updatedAt: string
|
||||
createdBy: User | null
|
||||
updatedBy: User | null
|
||||
}
|
||||
|
||||
/**
|
||||
* Payload accepte en POST /api/categories. `categoryType` est envoye en
|
||||
* IRI Hydra (ex. `/api/category_types/3`).
|
||||
*/
|
||||
export interface CategoryCreateInput {
|
||||
name: string
|
||||
categoryType: string
|
||||
}
|
||||
|
||||
/**
|
||||
* Payload accepte en PATCH /api/categories/{id}. Tous les champs sont
|
||||
* optionnels (modification partielle).
|
||||
*/
|
||||
export interface CategoryUpdateInput {
|
||||
name?: string
|
||||
categoryType?: string
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
<template>
|
||||
<div>
|
||||
<h1 class="text-xl font-bold text-primary-500 sm:text-2xl">{{ $t('commercial.title') }}</h1>
|
||||
<p class="mt-4 text-neutral-500">{{ $t('commercial.welcome') }}</p>
|
||||
<PageHeader>{{ $t('commercial.title') }}</PageHeader>
|
||||
<p class="text-neutral-500">{{ $t('commercial.welcome') }}</p>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
|
||||
@@ -0,0 +1,71 @@
|
||||
<template>
|
||||
<!-- Accordeon de permissions groupees par module : un panneau par module,
|
||||
avec compteur (selectionnees/total) dans le titre, case "Tout selectionner"
|
||||
et liste des permissions individuelles. Source unique de cette UX, utilisee
|
||||
par RoleDrawer (permissions du role) et UserRbacDrawer (permissions directes). -->
|
||||
<MalioAccordion v-model="openModules">
|
||||
<MalioAccordionItem
|
||||
v-for="group in groupsByModule"
|
||||
:key="group.module"
|
||||
:value="group.module"
|
||||
:title="`${group.module} (${selectedCountFor(group)}/${group.permissions.length})`"
|
||||
header-class="capitalize"
|
||||
>
|
||||
<div class="flex flex-col gap-3">
|
||||
<!-- Tout selectionner pour ce module -->
|
||||
<MalioCheckbox
|
||||
:id="`${idPrefix}-group-${group.module}`"
|
||||
:label="t('admin.roles.permissions.selectAll')"
|
||||
:model-value="allSelectedFor(group)"
|
||||
label-class="font-semibold text-sm text-neutral-700"
|
||||
@update:model-value="(val: boolean) => emit('toggle-all', group.module, val)"
|
||||
/>
|
||||
<div class="flex flex-col gap-2">
|
||||
<MalioCheckbox
|
||||
v-for="perm in group.permissions"
|
||||
:id="`${idPrefix}-perm-${perm.id}`"
|
||||
:key="perm.id"
|
||||
:label="perm.label"
|
||||
:model-value="selectedIds.has(perm.id)"
|
||||
label-class="text-sm text-neutral-600"
|
||||
@update:model-value="(val: boolean) => emit('toggle', perm.id, val)"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
</MalioAccordionItem>
|
||||
</MalioAccordion>
|
||||
</template>
|
||||
|
||||
<script setup lang="ts">
|
||||
import type { PermissionModule } from '~/shared/types/rbac'
|
||||
|
||||
const { t } = useI18n()
|
||||
|
||||
const props = defineProps<{
|
||||
/** Groupes de permissions a afficher, un par module. */
|
||||
groupsByModule: PermissionModule[]
|
||||
/** Ids des permissions actuellement selectionnees. */
|
||||
selectedIds: Set<number>
|
||||
/** Prefixe pour les ids HTML : evite les collisions si plusieurs accordeons coexistent (ex: "role" vs "direct"). */
|
||||
idPrefix: string
|
||||
}>()
|
||||
|
||||
const emit = defineEmits<{
|
||||
toggle: [permissionId: number, selected: boolean]
|
||||
'toggle-all': [module: string, selected: boolean]
|
||||
}>()
|
||||
|
||||
// Modules ouverts dans l'accordeon (mode multiple). Etat local : chaque instance
|
||||
// du composant garde sa propre liste, pas de partage entre drawers.
|
||||
const openModules = ref<string[]>([])
|
||||
|
||||
// Nombre de permissions selectionnees pour un module donne.
|
||||
function selectedCountFor(group: PermissionModule): number {
|
||||
return group.permissions.filter(p => props.selectedIds.has(p.id)).length
|
||||
}
|
||||
|
||||
// Vrai si toutes les permissions du module sont selectionnees.
|
||||
function allSelectedFor(group: PermissionModule): boolean {
|
||||
return group.permissions.length > 0 && selectedCountFor(group) === group.permissions.length
|
||||
}
|
||||
</script>
|
||||
@@ -1,66 +0,0 @@
|
||||
<template>
|
||||
<div class="rounded-lg border border-neutral-200 overflow-hidden">
|
||||
<!-- En-tete du groupe avec checkbox "tout selectionner" -->
|
||||
<div class="flex items-center gap-3 bg-neutral-50 px-4 py-3 border-b border-neutral-200">
|
||||
<MalioCheckbox
|
||||
:id="`group-${module}`"
|
||||
:label="moduleLabel"
|
||||
:model-value="allSelected"
|
||||
label-class="font-semibold text-sm text-neutral-700 capitalize"
|
||||
@update:model-value="toggleAll"
|
||||
/>
|
||||
<span class="ml-auto text-xs text-neutral-400">
|
||||
{{ selectedCount }}/{{ permissions.length }}
|
||||
</span>
|
||||
</div>
|
||||
|
||||
<!-- Liste des permissions individuelles -->
|
||||
<div class="grid grid-cols-1 gap-1 p-3 sm:grid-cols-2">
|
||||
<MalioCheckbox
|
||||
v-for="perm in permissions"
|
||||
:key="perm.id"
|
||||
:id="`perm-${perm.id}`"
|
||||
:label="perm.label"
|
||||
:model-value="selectedIds.has(perm.id)"
|
||||
label-class="text-sm text-neutral-600"
|
||||
@update:model-value="(val: boolean) => togglePermission(perm.id, val)"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
<script setup lang="ts">
|
||||
import type { Permission } from '~/shared/types/rbac'
|
||||
|
||||
const props = defineProps<{
|
||||
module: string
|
||||
moduleLabel: string
|
||||
permissions: Permission[]
|
||||
selectedIds: Set<number>
|
||||
}>()
|
||||
|
||||
const emit = defineEmits<{
|
||||
toggle: [permissionId: number, selected: boolean]
|
||||
toggleAll: [module: string, selected: boolean]
|
||||
}>()
|
||||
|
||||
// Nombre de permissions selectionnees dans ce groupe
|
||||
const selectedCount = computed(() =>
|
||||
props.permissions.filter(p => props.selectedIds.has(p.id)).length
|
||||
)
|
||||
|
||||
// Vrai si toutes les permissions du groupe sont selectionnees
|
||||
const allSelected = computed(() =>
|
||||
props.permissions.length > 0 && selectedCount.value === props.permissions.length
|
||||
)
|
||||
|
||||
// Emet l'evenement de bascule pour une permission individuelle
|
||||
function togglePermission(id: number, selected: boolean) {
|
||||
emit('toggle', id, selected)
|
||||
}
|
||||
|
||||
// Emet l'evenement de bascule pour toutes les permissions du groupe
|
||||
function toggleAll(selected: boolean) {
|
||||
emit('toggleAll', props.module, selected)
|
||||
}
|
||||
</script>
|
||||
@@ -1,11 +1,17 @@
|
||||
<template>
|
||||
<MalioDrawer
|
||||
:model-value="modelValue"
|
||||
:title="isEditMode ? t('admin.roles.editRole') : t('admin.roles.createRole')"
|
||||
drawer-class="w-full max-w-lg"
|
||||
header-class="border-b border-black"
|
||||
footer-class="justify-between border-t border-black p-6"
|
||||
@update:model-value="emit('update:modelValue', $event)"
|
||||
>
|
||||
<form class="flex flex-col gap-6 p-4" @submit.prevent="handleSave">
|
||||
<template #header>
|
||||
<h2 class="text-[24px] font-bold">
|
||||
{{ isEditMode ? t('admin.roles.editRole') : t('admin.roles.createRole') }}
|
||||
</h2>
|
||||
</template>
|
||||
<form class="flex flex-col gap-4 py-4" @submit.prevent="handleSave">
|
||||
<!-- Champs du role -->
|
||||
<MalioInputText
|
||||
v-model="form.label"
|
||||
@@ -44,55 +50,51 @@
|
||||
<div v-else-if="permissionsByModule.length === 0" class="text-sm text-neutral-400">
|
||||
{{ t('admin.roles.permissions.noPermissions') }}
|
||||
</div>
|
||||
<div class="flex flex-col gap-4">
|
||||
<PermissionGroup
|
||||
v-for="group in permissionsByModule"
|
||||
:key="group.module"
|
||||
:module="group.module"
|
||||
:module-label="group.module"
|
||||
:permissions="group.permissions"
|
||||
:selected-ids="selectedPermissionIds"
|
||||
@toggle="handleTogglePermission"
|
||||
@toggle-all="handleToggleAll"
|
||||
/>
|
||||
</div>
|
||||
<PermissionAccordion
|
||||
v-else
|
||||
:groups-by-module="permissionsByModule"
|
||||
:selected-ids="selectedPermissionIds"
|
||||
id-prefix="role"
|
||||
@toggle="handleTogglePermission"
|
||||
@toggle-all="handleToggleAll"
|
||||
/>
|
||||
</div>
|
||||
|
||||
<!-- Boutons -->
|
||||
<div class="flex justify-end gap-3 border-t border-neutral-200 pt-4">
|
||||
<MalioButton
|
||||
v-if="isEditMode"
|
||||
:label="t('common.delete')"
|
||||
variant="danger"
|
||||
icon-name="mdi:delete-outline"
|
||||
icon-position="left"
|
||||
:disabled="role?.isSystem"
|
||||
@click="emit('delete')"
|
||||
/>
|
||||
<MalioButton
|
||||
v-else
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
:disabled="saving || permissionsLoadFailed"
|
||||
@click="handleSave"
|
||||
/>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<!-- Footer fixe : depuis la 1.7.1 le slot #footer est un frere du body
|
||||
scrollable (shrink-0), donc reellement fige sans sticky. -->
|
||||
<template #footer>
|
||||
<MalioButton
|
||||
v-if="isEditMode"
|
||||
:label="t('common.delete')"
|
||||
variant="danger"
|
||||
icon-name="mdi:delete-outline"
|
||||
icon-position="left"
|
||||
button-class="w-[150px]"
|
||||
:disabled="role?.isSystem"
|
||||
@click="emit('delete')"
|
||||
/>
|
||||
<MalioButton
|
||||
v-else
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
button-class="w-[150px]"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
button-class="w-[150px]"
|
||||
:disabled="saving || permissionsLoadFailed"
|
||||
@click="handleSave"
|
||||
/>
|
||||
</template>
|
||||
</MalioDrawer>
|
||||
</template>
|
||||
|
||||
<script setup lang="ts">
|
||||
import type { Permission, Role } from '~/shared/types/rbac'
|
||||
|
||||
interface PermissionModule {
|
||||
module: string
|
||||
permissions: Permission[]
|
||||
}
|
||||
import type { Permission, PermissionModule, Role } from '~/shared/types/rbac'
|
||||
|
||||
const { t } = useI18n()
|
||||
const api = useApi()
|
||||
|
||||
@@ -1,11 +1,17 @@
|
||||
<template>
|
||||
<MalioDrawer
|
||||
:model-value="modelValue"
|
||||
:title="t('admin.users.drawer.title', { username: user?.username ?? '' })"
|
||||
drawer-class="w-full max-w-lg"
|
||||
drawer-class="w-full max-w-[450px]"
|
||||
header-class="border-b border-black"
|
||||
footer-class="justify-between border-t border-black p-6"
|
||||
@update:model-value="emit('update:modelValue', $event)"
|
||||
>
|
||||
<div class="flex flex-col gap-6 p-4">
|
||||
<template #header>
|
||||
<h2 class="text-[24px] font-bold">
|
||||
{{ t('admin.users.drawer.title', { username: user?.username ?? '' }) }}
|
||||
</h2>
|
||||
</template>
|
||||
<div class="flex flex-col gap-4 py-4">
|
||||
<!-- Etat d'erreur de chargement des referentiels : bloque la
|
||||
sauvegarde pour empecher un ecrasement silencieux des droits. -->
|
||||
<div
|
||||
@@ -60,18 +66,14 @@
|
||||
<div v-if="permissionsByModule.length === 0" class="text-sm text-neutral-400">
|
||||
{{ t('admin.roles.permissions.noPermissions') }}
|
||||
</div>
|
||||
<div class="flex flex-col gap-4">
|
||||
<PermissionGroup
|
||||
v-for="group in permissionsByModule"
|
||||
:key="group.module"
|
||||
:module="group.module"
|
||||
:module-label="group.module"
|
||||
:permissions="group.permissions"
|
||||
:selected-ids="selectedDirectPermissionIds"
|
||||
@toggle="handleTogglePermission"
|
||||
@toggle-all="handleToggleAll"
|
||||
/>
|
||||
</div>
|
||||
<PermissionAccordion
|
||||
v-else
|
||||
:groups-by-module="permissionsByModule"
|
||||
:selected-ids="selectedDirectPermissionIds"
|
||||
id-prefix="direct"
|
||||
@toggle="handleTogglePermission"
|
||||
@toggle-all="handleToggleAll"
|
||||
/>
|
||||
</div>
|
||||
|
||||
<!-- Section Sites autorises (ticket 2 module Sites) -->
|
||||
@@ -103,33 +105,32 @@
|
||||
<EffectivePermissions :permissions="effectivePermissions" />
|
||||
</div>
|
||||
|
||||
<!-- Boutons -->
|
||||
<div class="flex justify-end gap-3 border-t border-neutral-200 pt-4">
|
||||
<MalioButton
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
:disabled="saving || loadFailed"
|
||||
@click="handleSave"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Footer fixe : depuis la 1.7.1 le slot #footer est un frere du body
|
||||
scrollable (shrink-0), donc reellement fige sans sticky. -->
|
||||
<template #footer>
|
||||
<MalioButton
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
button-class="w-[150px]"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
button-class="w-[150px]"
|
||||
:disabled="saving || loadFailed"
|
||||
@click="handleSave"
|
||||
/>
|
||||
</template>
|
||||
</MalioDrawer>
|
||||
</template>
|
||||
|
||||
<script setup lang="ts">
|
||||
import type { Permission, Role, UserListItem, UserRbacDetail, EffectivePermission } from '~/shared/types/rbac'
|
||||
import type { Permission, PermissionModule, Role, UserListItem, UserRbacDetail, EffectivePermission } from '~/shared/types/rbac'
|
||||
import type { Site } from '~/shared/types/sites'
|
||||
|
||||
interface PermissionModule {
|
||||
module: string
|
||||
permissions: Permission[]
|
||||
}
|
||||
|
||||
const { t } = useI18n()
|
||||
const api = useApi()
|
||||
const auth = useAuthStore()
|
||||
|
||||
@@ -1,95 +1,22 @@
|
||||
<template>
|
||||
<div>
|
||||
<div class="flex items-center justify-between">
|
||||
<h1 class="text-xl font-bold text-primary-500 sm:text-2xl">
|
||||
{{ t('admin.auditLog.title') }}
|
||||
</h1>
|
||||
</div>
|
||||
|
||||
<!-- Filtres -->
|
||||
<section class="mt-4 rounded border border-gray-200 bg-white p-4">
|
||||
<!-- Labels uniformes au-dessus : les composants Malio sont utilises sans
|
||||
leur `label` flottant interne pour ne pas mixer deux patterns de label.
|
||||
A revoir une fois le composant calendar Malio développé -->
|
||||
<div class="grid grid-cols-1 items-start gap-3 md:grid-cols-5">
|
||||
<!-- TODO(malio-ui): remplacer par un composant Malio quand la lib
|
||||
exposera un datetime picker. Cf. exception documentee dans
|
||||
CLAUDE.md (section "Composants formulaires"). -->
|
||||
<div>
|
||||
<label class="mb-1 block text-xs font-medium text-gray-600">
|
||||
{{ t('audit.filters.date_from') }}
|
||||
</label>
|
||||
<input
|
||||
v-model="filters.performedAtAfter"
|
||||
type="datetime-local"
|
||||
class="h-[40px] w-full rounded-md border border-m-muted bg-white px-3 text-sm outline-none focus-visible:border-2 focus-visible:border-m-primary"
|
||||
>
|
||||
</div>
|
||||
<!-- TODO(malio-ui): idem ci-dessus. -->
|
||||
<div>
|
||||
<label class="mb-1 block text-xs font-medium text-gray-600">
|
||||
{{ t('audit.filters.date_to') }}
|
||||
</label>
|
||||
<input
|
||||
v-model="filters.performedAtBefore"
|
||||
type="datetime-local"
|
||||
class="h-[40px] w-full rounded-md border border-m-muted bg-white px-3 text-sm outline-none focus-visible:border-2 focus-visible:border-m-primary"
|
||||
>
|
||||
</div>
|
||||
<div>
|
||||
<label class="mb-1 block text-xs font-medium text-gray-600">
|
||||
{{ t('audit.filters.entity_type') }}
|
||||
</label>
|
||||
<div class="[&>div>div]:!mt-0">
|
||||
<MalioSelectCheckbox
|
||||
v-model="selectedEntityTypes"
|
||||
:options="entityTypeOptions"
|
||||
:display-select-all="true"
|
||||
:display-tag="true"
|
||||
min-width="w-full"
|
||||
text-field="text-sm"
|
||||
text-value="text-sm"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
<div>
|
||||
<label class="mb-1 block text-xs font-medium text-gray-600">
|
||||
{{ t('audit.filters.user') }}
|
||||
</label>
|
||||
<MalioInputText
|
||||
v-model="performedByInput"
|
||||
icon-name="mdi:account-search"
|
||||
input-class="text-sm"
|
||||
/>
|
||||
</div>
|
||||
<div>
|
||||
<label class="mb-1 block text-xs font-medium text-gray-600">
|
||||
{{ t('audit.filters.action') }}
|
||||
</label>
|
||||
<div class="[&>div>div]:!mt-0">
|
||||
<MalioSelect
|
||||
v-model="actionValue"
|
||||
:options="actionOptions"
|
||||
text-field="text-sm"
|
||||
text-value="text-sm"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="mt-3 flex justify-end">
|
||||
<PageHeader>
|
||||
{{ t('admin.auditLog.title') }}
|
||||
<template #actions>
|
||||
<MalioButton
|
||||
variant="tertiary"
|
||||
:label="t('audit.filters.reset')"
|
||||
button-class="text-xs"
|
||||
@click="resetFilters"
|
||||
:label="t('audit.filters.title')"
|
||||
icon-name="mdi:tune"
|
||||
icon-position="left"
|
||||
icon-size="24"
|
||||
button-class="w-[184px] justify-start gap-4 text-black"
|
||||
@click="openFilters"
|
||||
/>
|
||||
</div>
|
||||
</section>
|
||||
</template>
|
||||
</PageHeader>
|
||||
|
||||
<!-- Tableau -->
|
||||
<MalioDataTable
|
||||
class="mt-4"
|
||||
:columns="columns"
|
||||
:items="rows"
|
||||
:total-items="totalItems"
|
||||
@@ -123,12 +50,99 @@
|
||||
</template>
|
||||
</MalioDataTable>
|
||||
|
||||
<!-- Drawer de filtres : etat brouillon, applique uniquement au clic sur
|
||||
"Voir les resultats". `body-class="p-0"` pour que l'accordeon aille
|
||||
bord a bord (les items portent leur propre px-7). -->
|
||||
<MalioDrawer
|
||||
v-model="filterDrawerOpen"
|
||||
drawer-class="max-w-[450px]"
|
||||
body-class="p-0"
|
||||
footer-class="justify-between border-t border-black p-6"
|
||||
>
|
||||
<template #header>
|
||||
<h2 class="text-[24px] font-bold uppercase">{{ t('audit.filters.title') }}</h2>
|
||||
</template>
|
||||
|
||||
<MalioAccordion>
|
||||
<!-- Dates : deux champs date+heure Du / Au (champs datetime a l'origine) -->
|
||||
<MalioAccordionItem :title="t('audit.filters.date_range')" value="dates">
|
||||
<div class="grid grid-cols-[auto_1fr] items-center gap-x-3 gap-y-4">
|
||||
<span>{{ t('audit.filters.date_from') }}</span>
|
||||
<!-- Borne le picker "Du" par la valeur "Au" pour interdire une plage
|
||||
inversee a la saisie (le backend renverrait silencieusement 0 ligne). -->
|
||||
<MalioDateTime
|
||||
v-model="draftDateFrom"
|
||||
:max="draftDateTo ?? undefined"
|
||||
/>
|
||||
<span>{{ t('audit.filters.date_to') }}</span>
|
||||
<MalioDateTime
|
||||
v-model="draftDateTo"
|
||||
:min="draftDateFrom ?? undefined"
|
||||
/>
|
||||
</div>
|
||||
</MalioAccordionItem>
|
||||
|
||||
<!-- Type d'entite : cases a cocher (multi-selection) -->
|
||||
<MalioAccordionItem :title="t('audit.filters.entity_type')" value="entity">
|
||||
<div class="flex flex-col gap-4">
|
||||
<MalioCheckbox
|
||||
v-for="opt in entityTypeOptions"
|
||||
:id="`filter-entity-${opt.value}`"
|
||||
:key="opt.value"
|
||||
:label="opt.label"
|
||||
:model-value="draftEntityTypes.includes(opt.value)"
|
||||
@update:model-value="(val: boolean) => toggleEntity(opt.value, val)"
|
||||
/>
|
||||
</div>
|
||||
</MalioAccordionItem>
|
||||
|
||||
<!-- Action : boutons radio (selection unique, '' = toutes) -->
|
||||
<MalioAccordionItem :title="t('audit.filters.action')" value="action">
|
||||
<MalioRadioButton
|
||||
v-for="opt in actionOptions"
|
||||
:key="opt.value"
|
||||
v-model="draftAction"
|
||||
name="audit-action"
|
||||
:value="opt.value"
|
||||
:label="opt.label"
|
||||
/>
|
||||
</MalioAccordionItem>
|
||||
|
||||
<!-- Utilisateur : recherche texte (ILIKE partiel cote backend) -->
|
||||
<MalioAccordionItem :title="t('audit.filters.user')" value="user">
|
||||
<MalioInputText
|
||||
v-model="draftPerformedBy"
|
||||
icon-name="mdi:account-search"
|
||||
/>
|
||||
</MalioAccordionItem>
|
||||
</MalioAccordion>
|
||||
|
||||
<template #footer>
|
||||
<MalioButton
|
||||
variant="tertiary"
|
||||
:label="t('audit.filters.reset')"
|
||||
button-class="w-[150px]"
|
||||
@click="resetFilters"
|
||||
/>
|
||||
<MalioButton
|
||||
variant="primary"
|
||||
:label="t('audit.filters.apply')"
|
||||
button-class="w-[170px]"
|
||||
@click="applyFilters"
|
||||
/>
|
||||
</template>
|
||||
</MalioDrawer>
|
||||
|
||||
<!-- Drawer detail : diff courant + timeline complete de l'entite -->
|
||||
<MalioDrawer
|
||||
v-model="drawerOpen"
|
||||
:title="drawerTitle"
|
||||
drawer-class="max-w-2xl"
|
||||
>
|
||||
<template #header>
|
||||
<h2 class="text-[24px] font-bold">
|
||||
{{ drawerTitle }}
|
||||
</h2>
|
||||
</template>
|
||||
<div v-if="selectedEntry">
|
||||
<AuditLogDetail :entry="selectedEntry" />
|
||||
<div class="mt-4 border-t border-gray-200 pt-3">
|
||||
@@ -149,12 +163,13 @@
|
||||
</template>
|
||||
|
||||
<script setup lang="ts">
|
||||
import { computed, nextTick, onMounted, reactive, ref, watch } from 'vue'
|
||||
import { computed, onMounted, reactive, ref } from 'vue'
|
||||
import type { AuditLogEntry, AuditLogFilters } from '~/shared/types'
|
||||
|
||||
const { t, te } = useI18n()
|
||||
const { can } = usePermissions()
|
||||
const { fetchLogsCached, fetchEntityTypes } = useAuditLog()
|
||||
const toast = useToast()
|
||||
|
||||
// Traduit un identifiant `module.Entity` (ex: `core.User`, `sites.Site`) en
|
||||
// libelle lisible via la cle i18n `audit.entity.<module>_<entity>`. Si aucune
|
||||
@@ -173,8 +188,11 @@ if (!can('core.audit_log.view')) {
|
||||
|
||||
useHead({ title: t('admin.auditLog.title') })
|
||||
|
||||
// Etat des filtres : local uniquement, JAMAIS persiste dans l'URL (cf. regle
|
||||
// CLAUDE.md "Tableau : pas de persistance URL").
|
||||
// Etat des filtres APPLIQUES : pilote `loadEntries`. Local uniquement, JAMAIS
|
||||
// persiste dans l'URL (cf. regle CLAUDE.md "Tableau : pas de persistance URL").
|
||||
// `performedAtAfter`/`performedAtBefore` stockent une date+heure ISO naive
|
||||
// (`YYYY-MM-DDTHH:MM:00`, fournie par MalioDateTime), convertie en ISO UTC
|
||||
// au moment du fetch.
|
||||
const filters = reactive<AuditLogFilters>({
|
||||
performedAtAfter: undefined,
|
||||
performedAtBefore: undefined,
|
||||
@@ -185,26 +203,23 @@ const filters = reactive<AuditLogFilters>({
|
||||
itemsPerPage: 10,
|
||||
})
|
||||
|
||||
// Multi-selection entity_type : bind dedie au MalioSelectCheckbox.
|
||||
// Attention : les composants Malio attendent `{ label, value }` (pas `{ text }`).
|
||||
const selectedEntityTypes = ref<(string | number)[]>([])
|
||||
// Etat BROUILLON du drawer de filtres : edite librement, recopie dans `filters`
|
||||
// uniquement au clic sur "Voir les resultats". Permet d'annuler une saisie en
|
||||
// fermant le drawer sans relancer de requete.
|
||||
const filterDrawerOpen = ref(false)
|
||||
const draftDateFrom = ref<string | null>(null)
|
||||
const draftDateTo = ref<string | null>(null)
|
||||
const draftEntityTypes = ref<string[]>([])
|
||||
const draftAction = ref<string>('')
|
||||
const draftPerformedBy = ref<string>('')
|
||||
|
||||
// Liste des entity types (distincts) pour alimenter les cases a cocher.
|
||||
const entityTypes = ref<string[]>([])
|
||||
// On garde l'identifiant technique comme `value` pour l'envoi API, mais on
|
||||
// affiche le libelle traduit quand il existe (fallback: identifiant brut).
|
||||
const entityTypeOptions = computed(() =>
|
||||
entityTypes.value.map(type => ({ value: type, label: formatEntityType(type) })),
|
||||
)
|
||||
|
||||
// Bind champ performedBy : MalioInputText attend `string | null`, on ne peut
|
||||
// pas binder directement un `string | undefined` reactive.
|
||||
const performedByInput = ref<string>('')
|
||||
|
||||
// Action : '' = "toutes les actions". On declare l'option dans `actionOptions`
|
||||
// plutot que via `emptyOptionLabel` (qui n'inclut pas l'option vide dans
|
||||
// `props.options`, donc `selectedLabel` reste vide). On evite aussi `value: null`
|
||||
// car MalioSelect grise visuellement les options dont la valeur est `null`
|
||||
// (Select.vue:137) — on utilise donc une chaine vide comme sentinelle.
|
||||
const actionValue = ref<string>('')
|
||||
// Actions : '' = "toutes". Sert d'options aux boutons radio.
|
||||
const actionOptions = [
|
||||
{ value: '', label: t('audit.filters.all_actions') },
|
||||
{ value: 'create', label: t('audit.action.create') },
|
||||
@@ -259,29 +274,55 @@ const isFiltered = computed(() =>
|
||||
// (reseau lent) n'ecrase les resultats d'une requete ulterieure.
|
||||
let requestToken = 0
|
||||
|
||||
// Pendant un reset, on suspend temporairement les watchers pour ne pas
|
||||
// declencher 4 fetchs paralleles (un par champ mute). Les watchers Vue 3
|
||||
// sont asynchrones (microtask) : il faut attendre un `nextTick` avant de
|
||||
// les relacher, sinon le flag est deja `false` au moment ou ils s'executent
|
||||
// et les fetchs partent quand meme. Un seul loadEntries() est appele
|
||||
// explicitement apres la liberation.
|
||||
let watchersSuspended = false
|
||||
// Ouvre le drawer en recopiant l'etat applique vers le brouillon, pour que la
|
||||
// reouverture reflete les filtres actifs.
|
||||
function openFilters(): void {
|
||||
draftDateFrom.value = filters.performedAtAfter ?? null
|
||||
draftDateTo.value = filters.performedAtBefore ?? null
|
||||
draftEntityTypes.value = Array.isArray(filters.entityType)
|
||||
? [...filters.entityType]
|
||||
: (filters.entityType ? [filters.entityType] : [])
|
||||
draftAction.value = filters.action ?? ''
|
||||
draftPerformedBy.value = filters.performedBy ?? ''
|
||||
filterDrawerOpen.value = true
|
||||
}
|
||||
|
||||
// Bascule un type d'entite dans le brouillon (multi-selection). Les valeurs
|
||||
// sont uniques par construction (v-for sur entityTypeOptions), pas besoin de Set.
|
||||
function toggleEntity(value: string, selected: boolean): void {
|
||||
draftEntityTypes.value = selected
|
||||
? [...draftEntityTypes.value, value]
|
||||
: draftEntityTypes.value.filter(v => v !== value)
|
||||
}
|
||||
|
||||
// "Reinitialiser" : vide le brouillon ET les filtres actifs, puis recharge.
|
||||
// La remise a zero s'applique immediatement (la table revient a la liste
|
||||
// complete) ; le drawer reste ouvert pour montrer le formulaire vide.
|
||||
function resetFilters(): void {
|
||||
draftDateFrom.value = null
|
||||
draftDateTo.value = null
|
||||
draftEntityTypes.value = []
|
||||
draftAction.value = ''
|
||||
draftPerformedBy.value = ''
|
||||
|
||||
async function resetFilters(): Promise<void> {
|
||||
watchersSuspended = true
|
||||
filters.performedAtAfter = undefined
|
||||
filters.performedAtBefore = undefined
|
||||
filters.entityType = undefined
|
||||
filters.performedBy = undefined
|
||||
filters.action = undefined
|
||||
filters.performedBy = undefined
|
||||
filters.page = 1
|
||||
selectedEntityTypes.value = []
|
||||
performedByInput.value = ''
|
||||
actionValue.value = ''
|
||||
// Les watchers mute de Vue 3 se planifient en microtask : on attend
|
||||
// leur execution avec le flag `true`, puis on libere.
|
||||
await nextTick()
|
||||
watchersSuspended = false
|
||||
loadEntries()
|
||||
}
|
||||
|
||||
// "Voir les resultats" : applique le brouillon, recharge et ferme le drawer.
|
||||
function applyFilters(): void {
|
||||
filters.performedAtAfter = draftDateFrom.value ?? undefined
|
||||
filters.performedAtBefore = draftDateTo.value ?? undefined
|
||||
filters.entityType = draftEntityTypes.value.length > 0 ? [...draftEntityTypes.value] : undefined
|
||||
filters.action = draftAction.value === '' ? undefined : draftAction.value
|
||||
filters.performedBy = draftPerformedBy.value.trim() === '' ? undefined : draftPerformedBy.value.trim()
|
||||
filters.page = 1
|
||||
filterDrawerOpen.value = false
|
||||
loadEntries()
|
||||
}
|
||||
|
||||
@@ -291,7 +332,8 @@ async function loadEntries(): Promise<void> {
|
||||
try {
|
||||
const data = await fetchLogsCached({
|
||||
...filters,
|
||||
// Convertit datetime-local (YYYY-MM-DDTHH:MM) en ISO pour l'API.
|
||||
// MalioDateTime fournit une date+heure sans fuseau (heure locale) ;
|
||||
// on la convertit en ISO UTC pour l'API (bornes exactes, intervalle inclusif).
|
||||
performedAtAfter: filters.performedAtAfter ? toIso(filters.performedAtAfter) : undefined,
|
||||
performedAtBefore: filters.performedAtBefore ? toIso(filters.performedAtBefore) : undefined,
|
||||
})
|
||||
@@ -300,13 +342,19 @@ async function loadEntries(): Promise<void> {
|
||||
if (token !== requestToken) return
|
||||
entries.value = data.member ?? []
|
||||
totalItems.value = data.totalItems ?? 0
|
||||
} catch {
|
||||
// En cas d'echec (reseau, 403, 500...), on reset l'etat pour ne pas
|
||||
// laisser l'utilisateur croire que les donnees affichees sont a jour.
|
||||
// Le toast d'erreur est deja emis par `useApi()` via useAuditLog.
|
||||
} catch (err) {
|
||||
// useAuditLog appelle useApi avec { toast: false } pour ne pas multiplier
|
||||
// les toasts, donc c'est ici qu'on fait remonter l'erreur. Sans ce log+toast,
|
||||
// une RangeError de `toIso` (date invalide) ou une 500 API laissait l'utilisateur
|
||||
// devant une table vide indistinguable d'un filtre a zero resultat.
|
||||
if (token === requestToken) {
|
||||
entries.value = []
|
||||
totalItems.value = 0
|
||||
console.error('[audit-log] loadEntries failed', err)
|
||||
toast.error({
|
||||
title: t('audit.error.title'),
|
||||
message: t('audit.error.message'),
|
||||
})
|
||||
}
|
||||
} finally {
|
||||
if (token === requestToken) {
|
||||
@@ -315,14 +363,9 @@ async function loadEntries(): Promise<void> {
|
||||
}
|
||||
}
|
||||
|
||||
// Debounce auto-importe depuis `frontend/shared/utils/debounce.ts` : evite
|
||||
// un refetch a chaque frappe sur le champ texte performedBy (reseau + SQL)
|
||||
// et laisse l'utilisateur finir sa saisie avant de lancer la requete.
|
||||
const debouncedReload = debounce(() => loadEntries(), 300)
|
||||
|
||||
function toIso(localDateTime: string): string {
|
||||
// datetime-local n'a pas de timezone : on assume heure locale et on
|
||||
// laisse le navigateur generer l'ISO via Date().
|
||||
// MalioDateTime emet une date+heure sans fuseau (heure murale locale) ;
|
||||
// on laisse Date() generer l'ISO UTC correspondant pour l'API.
|
||||
return new Date(localDateTime).toISOString()
|
||||
}
|
||||
|
||||
@@ -368,53 +411,16 @@ function onPerPageChange(value: number): void {
|
||||
loadEntries()
|
||||
}
|
||||
|
||||
// Sync MalioSelectCheckbox -> filters.entityType + reset page 1 + reload.
|
||||
watch(selectedEntityTypes, values => {
|
||||
if (watchersSuspended) return
|
||||
filters.entityType = values.length > 0 ? values.map(v => String(v)) : undefined
|
||||
filters.page = 1
|
||||
loadEntries()
|
||||
})
|
||||
|
||||
// Sync MalioSelect action -> filters.action.
|
||||
watch(actionValue, value => {
|
||||
if (watchersSuspended) return
|
||||
filters.action = value === '' ? undefined : value
|
||||
filters.page = 1
|
||||
loadEntries()
|
||||
})
|
||||
|
||||
// Sync performedBy : frappe utilisateur -> debounce 300ms pour eviter un
|
||||
// refetch par caractere. Le reset passe par debouncedReload egalement pour
|
||||
// coalescer si plusieurs watchers tirent en meme temps.
|
||||
watch(performedByInput, value => {
|
||||
if (watchersSuspended) return
|
||||
filters.performedBy = value === '' ? undefined : value
|
||||
filters.page = 1
|
||||
debouncedReload()
|
||||
})
|
||||
|
||||
// Synchronisation reactive : tout changement de dates declenche un fetch +
|
||||
// reset de la pagination a la page 1.
|
||||
watch(
|
||||
() => [filters.performedAtAfter, filters.performedAtBefore],
|
||||
() => {
|
||||
if (watchersSuspended) return
|
||||
filters.page = 1
|
||||
loadEntries()
|
||||
},
|
||||
)
|
||||
|
||||
onMounted(async () => {
|
||||
// Charge les entity types en parallele de la liste principale : un
|
||||
// echec du premier endpoint (ex: reseau flaky) ne doit pas empecher
|
||||
// le tableau d'audit de s'afficher. En cas d'erreur, on laisse le
|
||||
// filtre vide — l'utilisateur pourra quand meme consulter le journal.
|
||||
try {
|
||||
entityTypes.value = await fetchEntityTypes()
|
||||
} catch {
|
||||
entityTypes.value = []
|
||||
}
|
||||
await loadEntries()
|
||||
// Charge les entity types ET la liste principale en parallele (TTFD divise
|
||||
// par 2 sur un backend lent). Le `.catch` du premier garantit qu'un echec
|
||||
// de /audit-log-entity-types ne bloque pas l'affichage du tableau —
|
||||
// l'utilisateur perd juste le filtre, pas la page entiere.
|
||||
await Promise.all([
|
||||
fetchEntityTypes()
|
||||
.then(types => { entityTypes.value = types })
|
||||
.catch(() => { entityTypes.value = [] }),
|
||||
loadEntries(),
|
||||
])
|
||||
})
|
||||
</script>
|
||||
|
||||
@@ -1,22 +1,20 @@
|
||||
<template>
|
||||
<div>
|
||||
<!-- En-tete -->
|
||||
<div class="flex items-center justify-between">
|
||||
<h1 class="text-xl font-bold text-primary-500 sm:text-2xl">
|
||||
{{ t('admin.roles.title') }}
|
||||
</h1>
|
||||
<MalioButton
|
||||
v-if="can('core.roles.manage')"
|
||||
:label="t('admin.roles.newRole')"
|
||||
icon-name="mdi:add-bold"
|
||||
icon-position="left"
|
||||
@click="openCreateDrawer"
|
||||
/>
|
||||
</div>
|
||||
<PageHeader>
|
||||
{{ t('admin.roles.title') }}
|
||||
<template #actions>
|
||||
<MalioButton
|
||||
v-if="can('core.roles.manage')"
|
||||
:label="t('admin.roles.newRole')"
|
||||
icon-name="mdi:add-bold"
|
||||
icon-position="left"
|
||||
@click="openCreateDrawer"
|
||||
/>
|
||||
</template>
|
||||
</PageHeader>
|
||||
|
||||
<!-- Table des roles -->
|
||||
<MalioDataTable
|
||||
class="mt-6"
|
||||
:columns="columns"
|
||||
:items="roleItems"
|
||||
:total-items="roles.length"
|
||||
|
||||
@@ -1,15 +1,9 @@
|
||||
<template>
|
||||
<div>
|
||||
<!-- En-tete -->
|
||||
<div class="flex items-center justify-between">
|
||||
<h1 class="text-xl font-bold text-primary-500 sm:text-2xl">
|
||||
{{ t('admin.users.title') }}
|
||||
</h1>
|
||||
</div>
|
||||
<PageHeader>{{ t('admin.users.title') }}</PageHeader>
|
||||
|
||||
<!-- Table des utilisateurs -->
|
||||
<MalioDataTable
|
||||
class="mt-6"
|
||||
:columns="columns"
|
||||
:items="userItems"
|
||||
:total-items="users.length"
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<template>
|
||||
<div>
|
||||
<h1 class="text-xl font-bold text-primary-500 sm:text-2xl">{{ $t('dashboard.title') }}</h1>
|
||||
<p class="mt-4 text-neutral-500">{{ $t('dashboard.welcome') }}</p>
|
||||
<PageHeader>{{ $t('dashboard.title') }}</PageHeader>
|
||||
<p class="text-neutral-500">{{ $t('dashboard.welcome') }}</p>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
|
||||
@@ -1,11 +1,17 @@
|
||||
<template>
|
||||
<MalioDrawer
|
||||
:model-value="modelValue"
|
||||
:title="isEditMode ? t('admin.sites.editSite') : t('admin.sites.createSite')"
|
||||
drawer-class="w-full max-w-lg"
|
||||
header-class="border-b border-black"
|
||||
footer-class="justify-between border-t border-black p-6"
|
||||
@update:model-value="emit('update:modelValue', $event)"
|
||||
>
|
||||
<form class="flex flex-col gap-6 p-4" @submit.prevent="handleSave">
|
||||
<template #header>
|
||||
<h2 class="text-[24px] font-bold">
|
||||
{{ isEditMode ? t('admin.sites.editSite') : t('admin.sites.createSite') }}
|
||||
</h2>
|
||||
</template>
|
||||
<form class="flex flex-col gap-4 py-4" @submit.prevent="handleSave">
|
||||
<MalioInputText
|
||||
v-model="form.name"
|
||||
:label="t('admin.sites.form.name')"
|
||||
@@ -70,30 +76,35 @@
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<!-- Boutons -->
|
||||
<div class="flex justify-end gap-3 border-t border-neutral-200 pt-4">
|
||||
<MalioButton
|
||||
v-if="isEditMode"
|
||||
:label="t('common.delete')"
|
||||
variant="danger"
|
||||
icon-name="mdi:delete-outline"
|
||||
icon-position="left"
|
||||
@click="emit('delete')"
|
||||
/>
|
||||
<MalioButton
|
||||
v-else
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
:disabled="saving || !isValidHex"
|
||||
@click="handleSave"
|
||||
/>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<!-- Footer fixe : depuis la 1.7.1 le slot #footer est un frere du body
|
||||
scrollable (shrink-0), donc reellement fige sans sticky. -->
|
||||
<template #footer>
|
||||
<MalioButton
|
||||
v-if="isEditMode"
|
||||
:label="t('common.delete')"
|
||||
variant="danger"
|
||||
icon-name="mdi:delete-outline"
|
||||
icon-position="left"
|
||||
button-class="w-[150px]"
|
||||
@click="emit('delete')"
|
||||
/>
|
||||
<MalioButton
|
||||
v-else
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
button-class="w-[150px]"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
button-class="w-[150px]"
|
||||
:disabled="saving || !isValidHex"
|
||||
@click="handleSave"
|
||||
/>
|
||||
</template>
|
||||
</MalioDrawer>
|
||||
</template>
|
||||
|
||||
|
||||
@@ -1,22 +1,20 @@
|
||||
<template>
|
||||
<div>
|
||||
<!-- En-tete -->
|
||||
<div class="flex items-center justify-between">
|
||||
<h1 class="text-xl font-bold text-primary-500 sm:text-2xl">
|
||||
{{ t('admin.sites.title') }}
|
||||
</h1>
|
||||
<MalioButton
|
||||
v-if="can('sites.manage')"
|
||||
:label="t('admin.sites.newSite')"
|
||||
icon-name="mdi:add-bold"
|
||||
icon-position="left"
|
||||
@click="openCreateDrawer"
|
||||
/>
|
||||
</div>
|
||||
<PageHeader>
|
||||
{{ t('admin.sites.title') }}
|
||||
<template #actions>
|
||||
<MalioButton
|
||||
v-if="can('sites.manage')"
|
||||
:label="t('admin.sites.newSite')"
|
||||
icon-name="mdi:add-bold"
|
||||
icon-position="left"
|
||||
@click="openCreateDrawer"
|
||||
/>
|
||||
</template>
|
||||
</PageHeader>
|
||||
|
||||
<!-- Table des sites -->
|
||||
<MalioDataTable
|
||||
class="mt-6"
|
||||
:columns="columns"
|
||||
:items="siteItems"
|
||||
:total-items="sites.length"
|
||||
|
||||
Generated
+4
-4
@@ -7,7 +7,7 @@
|
||||
"name": "starseed-frontend",
|
||||
"hasInstallScript": true,
|
||||
"dependencies": {
|
||||
"@malio/layer-ui": "^1.5.0",
|
||||
"@malio/layer-ui": "^1.7.1",
|
||||
"@nuxt/icon": "^2.2.1",
|
||||
"@nuxtjs/i18n": "^10.2.3",
|
||||
"@nuxtjs/tailwindcss": "^6.14.0",
|
||||
@@ -1866,9 +1866,9 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@malio/layer-ui": {
|
||||
"version": "1.5.0",
|
||||
"resolved": "https://gitea.malio.fr/api/packages/MALIO-DEV/npm/%40malio%2Flayer-ui/-/1.5.0/layer-ui-1.5.0.tgz",
|
||||
"integrity": "sha512-uVuG8kRakWgpWYQCMUf1LFD+gjx0iRFfNJn/jlqjxiZmZyGZMckcMW2qA9hGZBiheBsTJWw1pRR4ufuyAYPY0A==",
|
||||
"version": "1.7.1",
|
||||
"resolved": "https://gitea.malio.fr/api/packages/MALIO-DEV/npm/%40malio%2Flayer-ui/-/1.7.1/layer-ui-1.7.1.tgz",
|
||||
"integrity": "sha512-RYMMappWt/fgjD+BM7//h2O6kxD6WH9Fui8hoC29xtKySRQsqD61XKTdR7BRRkpktbxKmV39q/hblyAFBqV5yw==",
|
||||
"dependencies": {
|
||||
"@nuxt/icon": "^2.2.1",
|
||||
"@nuxtjs/tailwindcss": "^6.14.0",
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
"test:e2e:ui": "playwright test --ui"
|
||||
},
|
||||
"dependencies": {
|
||||
"@malio/layer-ui": "^1.5.0",
|
||||
"@malio/layer-ui": "^1.7.1",
|
||||
"@nuxt/icon": "^2.2.1",
|
||||
"@nuxtjs/i18n": "^10.2.3",
|
||||
"@nuxtjs/tailwindcss": "^6.14.0",
|
||||
|
||||
@@ -0,0 +1,12 @@
|
||||
<template>
|
||||
<!-- Entete de page standard : source unique du style des titres.
|
||||
Slot par defaut = texte du titre, slot #actions = boutons a droite. -->
|
||||
<div class="mb-[44px] flex items-center justify-between gap-4">
|
||||
<h1 class="text-[32px] font-semibold text-primary-500">
|
||||
<slot/>
|
||||
</h1>
|
||||
<div v-if="$slots.actions" class="shrink-0">
|
||||
<slot name="actions"/>
|
||||
</div>
|
||||
</div>
|
||||
</template>
|
||||
@@ -43,3 +43,12 @@ export interface EffectivePermission {
|
||||
module: string
|
||||
sources: string[]
|
||||
}
|
||||
|
||||
/**
|
||||
* Groupement de permissions par module pour l'affichage en accordeon.
|
||||
* Construit cote consommateur a partir de la liste plate /api/permissions.
|
||||
*/
|
||||
export interface PermissionModule {
|
||||
module: string
|
||||
permissions: Permission[]
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import type { Locator, Page } from '@playwright/test'
|
||||
|
||||
export type AdminLinkSlug = 'users' | 'roles' | 'sites' | 'audit-log'
|
||||
export type AdminLinkSlug = 'users' | 'roles' | 'sites' | 'categories' | 'audit-log'
|
||||
|
||||
/**
|
||||
* Page Object de la sidebar (MalioSidebar), scope sur les items "admin".
|
||||
|
||||
@@ -200,12 +200,20 @@ migration-migrate:
|
||||
# en DB, le purger crash.
|
||||
# 3. fixtures -> sync-permissions : fixtures:load purge la table permission,
|
||||
# donc sync doit passer apres.
|
||||
# 4. recreation index `uq_category_name_type_active` : schema:update drop
|
||||
# les index orphelins du mapping ORM. L'index partiel (LOWER + WHERE) du
|
||||
# M0 Catalog n'est pas exprimable via les attributs Doctrine ORM 3
|
||||
# (fonctionnel + partiel), donc il disparait apres schema:update. On le
|
||||
# recree par dbal:run-sql pour que les tests RG-1.07 (unicite
|
||||
# case-insensitive) voient bien la contrainte SQL. Sans ce restore, les
|
||||
# POST doublons remontent 201 au lieu de 409.
|
||||
test-db-setup:
|
||||
$(SYMFONY_CONSOLE) doctrine:database:create --env=test --if-not-exists
|
||||
$(SYMFONY_CONSOLE) doctrine:migrations:migrate --env=test --no-interaction
|
||||
$(SYMFONY_CONSOLE) doctrine:schema:update --env=test --force
|
||||
$(SYMFONY_CONSOLE) --env=test --no-interaction doctrine:fixtures:load
|
||||
$(SYMFONY_CONSOLE) --env=test --no-interaction app:sync-permissions
|
||||
$(SYMFONY_CONSOLE) --env=test dbal:run-sql "CREATE UNIQUE INDEX IF NOT EXISTS uq_category_name_type_active ON category (LOWER(name), category_type_id) WHERE deleted_at IS NULL"
|
||||
|
||||
fixtures:
|
||||
$(SYMFONY_CONSOLE) --no-interaction doctrine:fixtures:load
|
||||
|
||||
@@ -97,9 +97,14 @@ class Category implements TimestampableInterface, BlamableInterface
|
||||
#[Groups(['category:read'])]
|
||||
private ?int $id = null;
|
||||
|
||||
// RG-1.02 + RG-1.03 : un name compose uniquement d'espaces doit declencher
|
||||
// NotBlank. Le normalizer 'trim' fait le menage avant validation, alignant
|
||||
// le comportement sur le trim cote Processor (qui s'applique apres) : ainsi
|
||||
// POST {name: " "} -> 422 et POST {name: " Vis "} -> 201 avec "Vis"
|
||||
// persiste, sans contradiction entre l'ordre Validate / Process.
|
||||
#[ORM\Column(length: 120)]
|
||||
#[Assert\NotBlank(message: 'Le nom est obligatoire.')]
|
||||
#[Assert\Length(min: 2, max: 120)]
|
||||
#[Assert\NotBlank(message: 'Le nom est obligatoire.', normalizer: 'trim')]
|
||||
#[Assert\Length(min: 2, max: 120, normalizer: 'trim')]
|
||||
#[Groups(['category:read', 'category:write'])]
|
||||
private ?string $name = null;
|
||||
|
||||
|
||||
@@ -0,0 +1,213 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Catalog\Api;
|
||||
|
||||
use ApiPlatform\Symfony\Bundle\Test\Client;
|
||||
use App\Module\Catalog\Domain\Entity\Category;
|
||||
use App\Module\Catalog\Domain\Entity\CategoryType;
|
||||
use App\Module\Core\Domain\Entity\Role;
|
||||
use App\Module\Core\Domain\Entity\User;
|
||||
use App\Module\Sites\Domain\Entity\Site;
|
||||
use App\Tests\Module\Core\Api\AbstractApiTestCase;
|
||||
use DateTimeImmutable;
|
||||
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
||||
|
||||
/**
|
||||
* Classe de base pour les tests fonctionnels du module Catalog.
|
||||
*
|
||||
* Etend la base Core :
|
||||
* - factories `createCategoryType()` et `createCategory()` pour seeder vite
|
||||
* les referentiels et les entites metier dans les tests ;
|
||||
* - helpers d'authentification specifiques au M0 : `createAdminClient()`,
|
||||
* `createManageClient()`, `createViewClient()` et un helper persona
|
||||
* `createPersonaClient($label)` simulant les 4 roles MALIO sans permission
|
||||
* catalog (Bureau / Compta / Commerciale / Usine).
|
||||
*
|
||||
* Cleanup : les noms de Category sont prefixes `test_cat_` et les codes de
|
||||
* CategoryType sont prefixes `TEST_`. Le tearDown purge ces lignes, ainsi
|
||||
* que les users / roles `test_*` crees par `createUserWithPermission` et
|
||||
* `createPersonaClient`. Pas de DAMA en local, donc purge manuelle obligatoire.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
abstract class AbstractCatalogApiTestCase extends AbstractApiTestCase
|
||||
{
|
||||
protected const string TEST_CATEGORY_PREFIX = 'test_cat_';
|
||||
protected const string TEST_CATEGORY_TYPE_PREFIX = 'TEST_';
|
||||
protected const string TEST_USER_PREFIX = 'test_';
|
||||
protected const string TEST_ROLE_PREFIX = 'test_';
|
||||
|
||||
protected function tearDown(): void
|
||||
{
|
||||
$this->cleanupCatalogTestData();
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
/**
|
||||
* Cree un CategoryType de test. Le code est prefixe `TEST_` pour le
|
||||
* cleanup, suffixe par un nonce aleatoire pour eviter les collisions
|
||||
* inter-tests.
|
||||
*/
|
||||
protected function createCategoryType(?string $code = null, ?string $label = null): CategoryType
|
||||
{
|
||||
$em = $this->getEm();
|
||||
|
||||
$suffix = substr(bin2hex(random_bytes(4)), 0, 8);
|
||||
$type = new CategoryType();
|
||||
$type->setCode($code ?? self::TEST_CATEGORY_TYPE_PREFIX.strtoupper($suffix));
|
||||
$type->setLabel($label ?? 'Test Type '.$suffix);
|
||||
|
||||
$em->persist($type);
|
||||
$em->flush();
|
||||
|
||||
return $type;
|
||||
}
|
||||
|
||||
/**
|
||||
* Cree une Category de test. Le nom est prefixe `test_cat_` pour le
|
||||
* cleanup. Si aucun type n'est fourni, un nouveau CategoryType est cree.
|
||||
* Le flag $deletedAt permet de seeder directement une categorie
|
||||
* soft-deleted (pour les tests RG-1.08 / RG-1.11).
|
||||
*/
|
||||
protected function createCategory(
|
||||
?string $name = null,
|
||||
?CategoryType $type = null,
|
||||
?DateTimeImmutable $deletedAt = null,
|
||||
): Category {
|
||||
$em = $this->getEm();
|
||||
|
||||
$type ??= $this->createCategoryType();
|
||||
|
||||
$suffix = substr(bin2hex(random_bytes(4)), 0, 8);
|
||||
$category = new Category();
|
||||
$category->setName($name ?? self::TEST_CATEGORY_PREFIX.$suffix);
|
||||
$category->setCategoryType($type);
|
||||
if (null !== $deletedAt) {
|
||||
$category->setDeletedAt($deletedAt);
|
||||
}
|
||||
|
||||
$em->persist($category);
|
||||
$em->flush();
|
||||
|
||||
return $category;
|
||||
}
|
||||
|
||||
/**
|
||||
* Client authentifie en tant qu'admin fixture (bypass via isAdmin).
|
||||
*/
|
||||
protected function createAdminClient(): Client
|
||||
{
|
||||
return $this->authenticatedClient('admin', 'admin');
|
||||
}
|
||||
|
||||
/**
|
||||
* Client non-admin portant la permission `catalog.categories.manage`.
|
||||
* Utilise pour prouver qu'un non-admin avec la permission obtient 200 /
|
||||
* 201 / 204 sur POST / PATCH / DELETE.
|
||||
*
|
||||
* @return array{client: Client, credentials: array{username: string, password: string}}
|
||||
*/
|
||||
protected function createManageClient(): array
|
||||
{
|
||||
$credentials = $this->createUserWithPermission('catalog.categories.manage');
|
||||
$client = $this->authenticatedClient($credentials['username'], $credentials['password']);
|
||||
|
||||
return ['client' => $client, 'credentials' => $credentials];
|
||||
}
|
||||
|
||||
/**
|
||||
* Client non-admin portant la permission `catalog.categories.view`.
|
||||
*/
|
||||
protected function createViewClient(): Client
|
||||
{
|
||||
$credentials = $this->createUserWithPermission('catalog.categories.view');
|
||||
|
||||
return $this->authenticatedClient($credentials['username'], $credentials['password']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Client authentifie en tant qu'un des 4 personas metier MALIO sans
|
||||
* permission catalog. Les 4 roles (Bureau / Compta / Commerciale / Usine)
|
||||
* sont seules creees a la volee dans le test, sans aucune permission
|
||||
* catalog.categories.* attachee. Le user obtient donc systematiquement
|
||||
* 403 sur tous les endpoints `/api/categories*` et `/api/category_types*`.
|
||||
*
|
||||
* Note : ces roles ne sont pas seedes dans AppFixtures (cf. HP-8 de la
|
||||
* spec M0). Les tests les materialisent juste pour prouver que porter
|
||||
* un role metier sans la permission catalog donne bien 403.
|
||||
*/
|
||||
protected function createPersonaClient(string $personaLabel): Client
|
||||
{
|
||||
if (!self::$kernel) {
|
||||
self::bootKernel();
|
||||
}
|
||||
|
||||
$em = $this->getEm();
|
||||
|
||||
$suffix = substr(bin2hex(random_bytes(4)), 0, 8);
|
||||
$username = self::TEST_USER_PREFIX.strtolower($personaLabel).'_'.$suffix;
|
||||
$password = 'testpass';
|
||||
|
||||
/** @var UserPasswordHasherInterface $hasher */
|
||||
$hasher = self::getContainer()->get(UserPasswordHasherInterface::class);
|
||||
|
||||
// Role nomme d'apres le persona MALIO, ZERO permission catalog.
|
||||
$role = new Role(
|
||||
self::TEST_ROLE_PREFIX.strtolower($personaLabel).'_'.$suffix,
|
||||
$personaLabel.' (test)',
|
||||
false,
|
||||
);
|
||||
$em->persist($role);
|
||||
|
||||
$user = new User();
|
||||
$user->setUsername($username);
|
||||
$user->setIsAdmin(false);
|
||||
$user->setPassword($hasher->hashPassword($user, $password));
|
||||
$user->addRbacRole($role);
|
||||
|
||||
// Rattachement aux sites pour rester aligne sur createUserWithPermission.
|
||||
foreach ($em->getRepository(Site::class)->findAll() as $site) {
|
||||
$user->addSite($site);
|
||||
}
|
||||
|
||||
$em->persist($user);
|
||||
$em->flush();
|
||||
$em->clear();
|
||||
|
||||
return $this->authenticatedClient($username, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* Purge des donnees Catalog crees par les tests.
|
||||
*
|
||||
* Strategie : purge complete des tables `category` et `category_type`
|
||||
* (aucune fixture ne les remplit au M0 — la migration cree les tables
|
||||
* vides, cf. spec-back § 1 + HP-1). On evite ainsi les pieges de
|
||||
* cleanup par prefixe quand un test valide le mauvais payload (ex:
|
||||
* name="" persiste sans matcher le LIKE) et laisse des orphelins
|
||||
* bloquant le DELETE category_type par FK violation.
|
||||
*
|
||||
* Ordre :
|
||||
* 1. Categories d'abord (FK ON DELETE RESTRICT vers category_type) ;
|
||||
* 2. CategoryTypes ensuite ;
|
||||
* 3. Users / Roles `test_*` enfin (FK created_by/updated_by sur
|
||||
* category est ON DELETE SET NULL, mais on a deja purge category).
|
||||
*/
|
||||
private function cleanupCatalogTestData(): void
|
||||
{
|
||||
$em = $this->getEm();
|
||||
|
||||
$em->createQuery('DELETE FROM '.Category::class)->execute();
|
||||
$em->createQuery('DELETE FROM '.CategoryType::class)->execute();
|
||||
|
||||
$em->createQuery(
|
||||
'DELETE FROM '.User::class.' u WHERE u.username LIKE :prefix'
|
||||
)->setParameter('prefix', self::TEST_USER_PREFIX.'%')->execute();
|
||||
|
||||
$em->createQuery(
|
||||
'DELETE FROM '.Role::class.' r WHERE r.code LIKE :prefix'
|
||||
)->setParameter('prefix', self::TEST_ROLE_PREFIX.'%')->execute();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,186 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Catalog\Api;
|
||||
|
||||
use App\Module\Catalog\Domain\Entity\Category;
|
||||
use Doctrine\DBAL\Connection;
|
||||
|
||||
/**
|
||||
* Tests Audit : l'attribut `#[Auditable]` porte sur Category, donc chaque
|
||||
* POST / PATCH / DELETE doit produire une ligne dans `audit_log` via le
|
||||
* AuditListener + AuditLogWriter (cf. spec audit-log.md).
|
||||
*
|
||||
* Verifications :
|
||||
* - une ligne `entity_type='catalog.Category'` apparait apres chaque
|
||||
* operation HTTP authentifiee comme admin ;
|
||||
* - l'action est `create` / `update` (le soft delete est trace comme
|
||||
* `update` puisque c'est un UPDATE Doctrine, cf. spec § 6.1) ;
|
||||
* - `performed_by` est le username du user authentifie ;
|
||||
* - `changes` est non vide (snapshot complet pour insert, diff pour update).
|
||||
*
|
||||
* Lecture via la connexion DBAL `audit` (pattern de AuditLogApiTest).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class CategoryAuditTest extends AbstractCatalogApiTestCase
|
||||
{
|
||||
private const string ENTITY_TYPE = 'catalog.Category';
|
||||
|
||||
private ?Connection $auditConnection = null;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
self::bootKernel();
|
||||
|
||||
/** @var Connection $conn */
|
||||
$conn = self::getContainer()->get('doctrine.dbal.audit_connection');
|
||||
$this->auditConnection = $conn;
|
||||
}
|
||||
|
||||
protected function tearDown(): void
|
||||
{
|
||||
if (null !== $this->auditConnection) {
|
||||
$this->auditConnection->close();
|
||||
}
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
public function testAuditLogOnCreate(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$response = $client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'audit_create',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertSame(201, $response->getStatusCode());
|
||||
$createdId = (string) $response->toArray()['id'];
|
||||
|
||||
$rows = $this->fetchAuditRows($createdId, 'create');
|
||||
self::assertCount(1, $rows, 'Un audit_log "create" doit etre genere apres POST.');
|
||||
self::assertSame('admin', $rows[0]['performed_by']);
|
||||
|
||||
$changes = $this->decodeChanges($rows[0]['changes']);
|
||||
// Snapshot complet : au moins le name doit etre dedans.
|
||||
self::assertArrayHasKey('name', $changes);
|
||||
self::assertSame(
|
||||
self::TEST_CATEGORY_PREFIX.'audit_create',
|
||||
$changes['name'] ?? null,
|
||||
'Le snapshot create doit porter le name persiste.',
|
||||
);
|
||||
}
|
||||
|
||||
public function testAuditLogOnUpdate(): void
|
||||
{
|
||||
$category = $this->createCategory();
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$client->request('PATCH', '/api/categories/'.$category->getId(), [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['name' => self::TEST_CATEGORY_PREFIX.'audit_patched'],
|
||||
]);
|
||||
self::assertResponseIsSuccessful();
|
||||
|
||||
$rows = $this->fetchAuditRows((string) $category->getId(), 'update');
|
||||
self::assertGreaterThanOrEqual(1, count($rows), 'Un audit_log "update" doit etre genere apres PATCH.');
|
||||
// On prend la ligne la plus recente.
|
||||
$latest = $rows[0];
|
||||
self::assertSame('admin', $latest['performed_by']);
|
||||
|
||||
$changes = $this->decodeChanges($latest['changes']);
|
||||
// L'update doit contenir la diff sur `name` : {old: ..., new: 'audit_patched'}.
|
||||
self::assertArrayHasKey('name', $changes);
|
||||
self::assertIsArray($changes['name']);
|
||||
self::assertArrayHasKey('new', $changes['name']);
|
||||
self::assertSame(self::TEST_CATEGORY_PREFIX.'audit_patched', $changes['name']['new']);
|
||||
}
|
||||
|
||||
public function testAuditLogOnSoftDelete(): void
|
||||
{
|
||||
$category = $this->createCategory();
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$client->request('DELETE', '/api/categories/'.$category->getId());
|
||||
self::assertResponseStatusCodeSame(204);
|
||||
|
||||
// Le soft delete = UPDATE Doctrine -> action 'update' en audit, avec
|
||||
// la diff sur deletedAt (RG-1.12 + spec § 6.1).
|
||||
$rows = $this->fetchAuditRows((string) $category->getId(), 'update');
|
||||
self::assertGreaterThanOrEqual(1, count($rows), 'Un audit_log doit tracer le soft delete (en tant qu\'update).');
|
||||
$latest = $rows[0];
|
||||
$changes = $this->decodeChanges($latest['changes']);
|
||||
|
||||
self::assertArrayHasKey('deletedAt', $changes, 'La diff doit contenir deletedAt.');
|
||||
self::assertIsArray($changes['deletedAt']);
|
||||
self::assertArrayHasKey('new', $changes['deletedAt']);
|
||||
self::assertNotNull(
|
||||
$changes['deletedAt']['new'],
|
||||
'deletedAt.new doit etre rempli (timestamp ISO ou tableau Doctrine).',
|
||||
);
|
||||
}
|
||||
|
||||
public function testAuditLogPerformerCarriesAuthenticatedUsername(): void
|
||||
{
|
||||
// Manage user (non-admin) : prouve que performed_by suit l'auth, pas
|
||||
// un mock hardcode "admin".
|
||||
$type = $this->createCategoryType();
|
||||
$manage = $this->createManageClient();
|
||||
$client = $manage['client'];
|
||||
$managerUsername = $manage['credentials']['username'];
|
||||
|
||||
$response = $client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'audit_manager',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertSame(201, $response->getStatusCode());
|
||||
$createdId = (string) $response->toArray()['id'];
|
||||
|
||||
$rows = $this->fetchAuditRows($createdId, 'create');
|
||||
self::assertCount(1, $rows);
|
||||
self::assertSame(
|
||||
$managerUsername,
|
||||
$rows[0]['performed_by'],
|
||||
'performed_by doit refleter le user authentifie (pas l\'admin par defaut).',
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Category::class lookups via entity_id + action
|
||||
*
|
||||
* @return list<array{id: string, entity_type: string, entity_id: string, action: string, changes: string, performed_by: string}>
|
||||
*/
|
||||
private function fetchAuditRows(string $entityId, string $action): array
|
||||
{
|
||||
/** @var list<array<string, string>> $rows */
|
||||
return $this->auditConnection->fetchAllAssociative(
|
||||
'SELECT id, entity_type, entity_id, action, changes, performed_by '
|
||||
.'FROM audit_log '
|
||||
.'WHERE entity_type = :type AND entity_id = :id AND action = :action '
|
||||
.'ORDER BY performed_at DESC',
|
||||
[
|
||||
'type' => self::ENTITY_TYPE,
|
||||
'id' => $entityId,
|
||||
'action' => $action,
|
||||
],
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function decodeChanges(string $raw): array
|
||||
{
|
||||
/** @var array<string, mixed> $decoded */
|
||||
return json_decode($raw, true, flags: JSON_THROW_ON_ERROR);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,107 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Catalog\Api;
|
||||
|
||||
use App\Module\Catalog\Domain\Entity\Category;
|
||||
use DateTimeImmutable;
|
||||
|
||||
/**
|
||||
* Tests RG-1.12 / RG-1.13 : suppression et soft-delete de Category.
|
||||
*
|
||||
* - RG-1.12 : DELETE pose `deletedAt` au lieu d'un hard delete (la ligne
|
||||
* reste en BDD avec `deleted_at IS NOT NULL`) et renvoie 204.
|
||||
* - RG-1.13 : PATCH ne peut pas ecrire `deletedAt` (groupe `category:write`
|
||||
* l'exclut), donc une tentative d'override est silencieusement ignoree.
|
||||
* - Provider sur PATCH/DELETE : 404 si la categorie cible est deja
|
||||
* soft-deleted (cf. CategoryProvider, ticket 0.3).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class CategoryDeleteTest extends AbstractCatalogApiTestCase
|
||||
{
|
||||
public function testDeleteReturns204AndPersistsSoftDelete(): void
|
||||
{
|
||||
$category = $this->createCategory();
|
||||
$categoryId = $category->getId();
|
||||
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('DELETE', '/api/categories/'.$categoryId);
|
||||
|
||||
self::assertResponseStatusCodeSame(204);
|
||||
|
||||
// RG-1.12 : la ligne doit toujours exister en BDD avec deletedAt non null.
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
|
||||
/** @var null|Category $reloaded */
|
||||
$reloaded = $em->getRepository(Category::class)->find($categoryId);
|
||||
self::assertNotNull($reloaded, 'La ligne ne doit PAS etre supprimee physiquement (soft delete).');
|
||||
self::assertNotNull($reloaded->getDeletedAt(), 'deletedAt doit etre rempli apres DELETE.');
|
||||
}
|
||||
|
||||
public function testPatchCannotSetDeletedAt(): void
|
||||
{
|
||||
// RG-1.13 : le groupe `category:write` ne contient pas `deletedAt`,
|
||||
// donc une tentative d'override doit etre silencieusement ignoree.
|
||||
$category = $this->createCategory();
|
||||
$categoryId = $category->getId();
|
||||
self::assertNull($category->getDeletedAt());
|
||||
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('PATCH', '/api/categories/'.$categoryId, [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => [
|
||||
'deletedAt' => new DateTimeImmutable()->format(DateTimeImmutable::ATOM),
|
||||
],
|
||||
]);
|
||||
|
||||
// Le code precis depend d'API Platform : 200 (champ ignore) ou 400.
|
||||
// Quoi qu'il arrive, deletedAt en BDD doit rester null.
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
|
||||
/** @var Category $reloaded */
|
||||
$reloaded = $em->getRepository(Category::class)->find($categoryId);
|
||||
self::assertNull(
|
||||
$reloaded->getDeletedAt(),
|
||||
'PATCH ne doit JAMAIS pouvoir ecrire deletedAt (RG-1.13).',
|
||||
);
|
||||
}
|
||||
|
||||
public function testPatchOnSoftDeletedReturns404(): void
|
||||
{
|
||||
// Le Provider est cable sur PATCH (cf. Category::class § Patch). Une
|
||||
// categorie deja soft-deletee n'est pas visible en lecture, donc le
|
||||
// PATCH doit recevoir 404 (route resolved by API Platform retournee
|
||||
// par le provider) — comme un Get unitaire (RG-1.11 etendue).
|
||||
$category = $this->createCategory(
|
||||
null,
|
||||
null,
|
||||
new DateTimeImmutable(),
|
||||
);
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('PATCH', '/api/categories/'.$category->getId(), [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['name' => self::TEST_CATEGORY_PREFIX.'try_patch'],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(404);
|
||||
}
|
||||
|
||||
public function testDeleteOnSoftDeletedReturns404(): void
|
||||
{
|
||||
// Idem PATCH : un DELETE sur une categorie deja soft-deletee est un
|
||||
// 404 (le Provider la masque), pas une operation idempotente silencieuse.
|
||||
$category = $this->createCategory(
|
||||
null,
|
||||
null,
|
||||
new DateTimeImmutable(),
|
||||
);
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('DELETE', '/api/categories/'.$category->getId());
|
||||
|
||||
self::assertResponseStatusCodeSame(404);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Catalog\Api;
|
||||
|
||||
use DateTimeImmutable;
|
||||
|
||||
/**
|
||||
* Tests RG-1.11 : GET /api/categories/{id}.
|
||||
*
|
||||
* - Category soft-deleted sans flag → 404 ;
|
||||
* - Category soft-deleted avec `?includeDeleted=true` → 200 ;
|
||||
* - Category inexistante → 404.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class CategoryGetTest extends AbstractCatalogApiTestCase
|
||||
{
|
||||
public function testGetActiveCategoryReturns200(): void
|
||||
{
|
||||
$category = $this->createCategory();
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('GET', '/api/categories/'.$category->getId());
|
||||
|
||||
self::assertSame(200, $response->getStatusCode());
|
||||
self::assertSame($category->getId(), $response->toArray()['id']);
|
||||
}
|
||||
|
||||
public function testGetSoftDeletedReturns404(): void
|
||||
{
|
||||
$category = $this->createCategory(
|
||||
null,
|
||||
null,
|
||||
new DateTimeImmutable(),
|
||||
);
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('GET', '/api/categories/'.$category->getId());
|
||||
|
||||
self::assertResponseStatusCodeSame(404);
|
||||
}
|
||||
|
||||
public function testGetSoftDeletedWithFlagReturns200(): void
|
||||
{
|
||||
$category = $this->createCategory(
|
||||
null,
|
||||
null,
|
||||
new DateTimeImmutable(),
|
||||
);
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('GET', '/api/categories/'.$category->getId().'?includeDeleted=true');
|
||||
|
||||
self::assertSame(200, $response->getStatusCode());
|
||||
$data = $response->toArray();
|
||||
self::assertSame($category->getId(), $data['id']);
|
||||
self::assertNotNull($data['deletedAt'], 'Le champ deletedAt doit etre expose dans la reponse.');
|
||||
}
|
||||
|
||||
public function testGetNonExistentReturns404(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('GET', '/api/categories/9999999');
|
||||
|
||||
self::assertResponseStatusCodeSame(404);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,112 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Catalog\Api;
|
||||
|
||||
use DateTimeImmutable;
|
||||
|
||||
/**
|
||||
* Tests RG-1.08 / RG-1.09 / RG-1.10 : comportement de GET /api/categories.
|
||||
*
|
||||
* - RG-1.08 : par defaut, les categories soft-deleted sont exclues ;
|
||||
* - RG-1.09 : `?includeDeleted=true` inclut les soft-deleted ;
|
||||
* - RG-1.10 : tri par defaut `name ASC` cote serveur.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class CategoryListTest extends AbstractCatalogApiTestCase
|
||||
{
|
||||
public function testListExcludesSoftDeletedByDefault(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$this->createCategory(self::TEST_CATEGORY_PREFIX.'alpha', $type);
|
||||
$this->createCategory(self::TEST_CATEGORY_PREFIX.'beta', $type);
|
||||
$this->createCategory(
|
||||
self::TEST_CATEGORY_PREFIX.'gone',
|
||||
$type,
|
||||
new DateTimeImmutable(),
|
||||
);
|
||||
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('GET', '/api/categories');
|
||||
self::assertSame(200, $response->getStatusCode());
|
||||
|
||||
$data = $response->toArray();
|
||||
$members = $data['member'];
|
||||
|
||||
// On filtre sur le prefix test_cat_ pour ne pas etre pollue par
|
||||
// d'autres entrees presentes en base (fixtures, autres tests).
|
||||
$names = array_values(array_filter(
|
||||
array_map(fn (array $m): string => $m['name'], $members),
|
||||
fn (string $n): bool => str_starts_with($n, self::TEST_CATEGORY_PREFIX),
|
||||
));
|
||||
|
||||
self::assertContains(self::TEST_CATEGORY_PREFIX.'alpha', $names);
|
||||
self::assertContains(self::TEST_CATEGORY_PREFIX.'beta', $names);
|
||||
self::assertNotContains(
|
||||
self::TEST_CATEGORY_PREFIX.'gone',
|
||||
$names,
|
||||
'Les categories soft-deleted doivent etre exclues par defaut (RG-1.08).',
|
||||
);
|
||||
}
|
||||
|
||||
public function testIncludeDeletedFlagSurfacesSoftDeleted(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$this->createCategory(self::TEST_CATEGORY_PREFIX.'alpha2', $type);
|
||||
$this->createCategory(
|
||||
self::TEST_CATEGORY_PREFIX.'gone2',
|
||||
$type,
|
||||
new DateTimeImmutable(),
|
||||
);
|
||||
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('GET', '/api/categories?includeDeleted=true');
|
||||
self::assertSame(200, $response->getStatusCode());
|
||||
|
||||
$names = array_values(array_filter(
|
||||
array_map(fn (array $m): string => $m['name'], $response->toArray()['member']),
|
||||
fn (string $n): bool => str_starts_with($n, self::TEST_CATEGORY_PREFIX),
|
||||
));
|
||||
|
||||
self::assertContains(self::TEST_CATEGORY_PREFIX.'alpha2', $names);
|
||||
self::assertContains(
|
||||
self::TEST_CATEGORY_PREFIX.'gone2',
|
||||
$names,
|
||||
'?includeDeleted=true doit faire apparaitre les soft-deleted (RG-1.09).',
|
||||
);
|
||||
}
|
||||
|
||||
public function testDefaultSortIsNameAsc(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
// Insertion volontairement dans le desordre pour prouver le tri.
|
||||
$this->createCategory(self::TEST_CATEGORY_PREFIX.'zorro', $type);
|
||||
$this->createCategory(self::TEST_CATEGORY_PREFIX.'alpha_sort', $type);
|
||||
$this->createCategory(self::TEST_CATEGORY_PREFIX.'mid', $type);
|
||||
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('GET', '/api/categories');
|
||||
self::assertSame(200, $response->getStatusCode());
|
||||
|
||||
$names = array_values(array_filter(
|
||||
array_map(fn (array $m): string => $m['name'], $response->toArray()['member']),
|
||||
fn (string $n): bool => str_starts_with($n, self::TEST_CATEGORY_PREFIX),
|
||||
));
|
||||
|
||||
// Verifie que la sous-liste de nos 3 entrees est triee croissante.
|
||||
$expectedSubset = [
|
||||
self::TEST_CATEGORY_PREFIX.'alpha_sort',
|
||||
self::TEST_CATEGORY_PREFIX.'mid',
|
||||
self::TEST_CATEGORY_PREFIX.'zorro',
|
||||
];
|
||||
|
||||
$filtered = array_values(array_intersect($names, $expectedSubset));
|
||||
self::assertSame(
|
||||
$expectedSubset,
|
||||
$filtered,
|
||||
'Les categories doivent etre retournees triees par name ASC (RG-1.10).',
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,207 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Catalog\Api;
|
||||
|
||||
use PHPUnit\Framework\Attributes\DataProvider;
|
||||
|
||||
/**
|
||||
* Tests RG-1.01 : permissions RBAC catalog.categories.view / manage.
|
||||
*
|
||||
* Verifie que :
|
||||
* - les 4 personas metier MALIO (Bureau / Compta / Commerciale / Usine) sans
|
||||
* permission catalog.categories.* obtiennent 403 sur tous les verbes des
|
||||
* endpoints `/api/categories*` et `/api/category_types*` ;
|
||||
* - un utilisateur anonyme (sans JWT) obtient 401 ;
|
||||
* - l'admin (bypass via isAdmin) obtient le code attendu (200 / 201 / 204).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class CategoryPermissionsTest extends AbstractCatalogApiTestCase
|
||||
{
|
||||
// ============ /api/categories — collection ============
|
||||
|
||||
#[DataProvider('personaProvider')]
|
||||
public function testPersonaWithoutCatalogPermissionGets403OnGetCollection(string $personaLabel): void
|
||||
{
|
||||
$client = $this->createPersonaClient($personaLabel);
|
||||
$client->request('GET', '/api/categories');
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testAnonymousGets401OnGetCollection(): void
|
||||
{
|
||||
$client = self::createClient();
|
||||
$client->request('GET', '/api/categories');
|
||||
|
||||
self::assertResponseStatusCodeSame(401);
|
||||
}
|
||||
|
||||
public function testAdminGets200OnGetCollection(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('GET', '/api/categories');
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
public function testUserWithViewPermissionGets200OnGetCollection(): void
|
||||
{
|
||||
$client = $this->createViewClient();
|
||||
$client->request('GET', '/api/categories');
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
// ============ /api/categories — POST ============
|
||||
|
||||
#[DataProvider('personaProvider')]
|
||||
public function testPersonaWithoutManagePermissionGets403OnPost(string $personaLabel): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createPersonaClient($personaLabel);
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'forbidden',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testAnonymousGets401OnPost(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = self::createClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'anon',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(401);
|
||||
}
|
||||
|
||||
public function testAdminGets201OnPost(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'admin_create',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
}
|
||||
|
||||
public function testUserWithOnlyViewPermissionGets403OnPost(): void
|
||||
{
|
||||
// Prouve qu'avoir `view` ne suffit pas a POSTer (manage requis).
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createViewClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'view_only',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
// ============ /api/categories/{id} — PATCH ============
|
||||
|
||||
#[DataProvider('personaProvider')]
|
||||
public function testPersonaWithoutManagePermissionGets403OnPatch(string $personaLabel): void
|
||||
{
|
||||
$category = $this->createCategory();
|
||||
$client = $this->createPersonaClient($personaLabel);
|
||||
$client->request('PATCH', '/api/categories/'.$category->getId(), [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['name' => self::TEST_CATEGORY_PREFIX.'patched'],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
// ============ /api/categories/{id} — DELETE ============
|
||||
|
||||
#[DataProvider('personaProvider')]
|
||||
public function testPersonaWithoutManagePermissionGets403OnDelete(string $personaLabel): void
|
||||
{
|
||||
$category = $this->createCategory();
|
||||
$client = $this->createPersonaClient($personaLabel);
|
||||
$client->request('DELETE', '/api/categories/'.$category->getId());
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testAdminGets204OnDelete(): void
|
||||
{
|
||||
$category = $this->createCategory();
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('DELETE', '/api/categories/'.$category->getId());
|
||||
|
||||
self::assertResponseStatusCodeSame(204);
|
||||
}
|
||||
|
||||
// ============ /api/category_types — referentiel ============
|
||||
|
||||
#[DataProvider('personaProvider')]
|
||||
public function testPersonaWithoutCatalogPermissionGets403OnCategoryTypes(string $personaLabel): void
|
||||
{
|
||||
$client = $this->createPersonaClient($personaLabel);
|
||||
$client->request('GET', '/api/category_types');
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return iterable<string, array{string}>
|
||||
*/
|
||||
public static function personaProvider(): iterable
|
||||
{
|
||||
yield 'Bureau' => ['Bureau'];
|
||||
|
||||
yield 'Compta' => ['Compta'];
|
||||
|
||||
yield 'Commerciale' => ['Commerciale'];
|
||||
|
||||
yield 'Usine' => ['Usine'];
|
||||
}
|
||||
|
||||
public function testAnonymousGets401OnCategoryTypes(): void
|
||||
{
|
||||
$client = self::createClient();
|
||||
$client->request('GET', '/api/category_types');
|
||||
|
||||
self::assertResponseStatusCodeSame(401);
|
||||
}
|
||||
|
||||
public function testAdminGets200OnCategoryTypes(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('GET', '/api/category_types');
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
public function testUserWithViewPermissionGets200OnCategoryTypes(): void
|
||||
{
|
||||
// Le referentiel reutilise la meme permission catalog.categories.view.
|
||||
$client = $this->createViewClient();
|
||||
$client->request('GET', '/api/category_types');
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,239 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Catalog\Api;
|
||||
|
||||
use App\Module\Catalog\Domain\Entity\Category;
|
||||
use App\Module\Core\Domain\Entity\User;
|
||||
use DateTimeImmutable;
|
||||
|
||||
/**
|
||||
* Tests RG-1.15 / RG-1.16 : le TimestampableBlamableSubscriber doit remplir
|
||||
* automatiquement les 4 colonnes au prePersist (RG-1.15) et au preUpdate
|
||||
* (RG-1.16), sans qu'aucun champ ne soit modifiable par l'API client.
|
||||
*
|
||||
* - POST authentifie : createdAt = updatedAt = now, createdBy = updatedBy = user
|
||||
* - Persist hors HTTP (console context) : dates remplies, blame null
|
||||
* - PATCH par un user different : updatedAt + updatedBy changent, createdAt /
|
||||
* createdBy restent figes
|
||||
* - DELETE : deletedAt rempli ET updatedAt + updatedBy mis a jour (UPDATE
|
||||
* Doctrine declenche le subscriber)
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class CategoryTimestampableBlamableTest extends AbstractCatalogApiTestCase
|
||||
{
|
||||
public function testCreatedByAdminOnPost(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
|
||||
/** @var User $admin */
|
||||
$admin = $this->getEm()->getRepository(User::class)->findOneBy(['username' => 'admin']);
|
||||
self::assertNotNull($admin);
|
||||
$adminId = $admin->getId();
|
||||
|
||||
$before = new DateTimeImmutable();
|
||||
// Petit decalage pour absorber les arrondis a la seconde de Postgres.
|
||||
sleep(1);
|
||||
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'tsb_admin',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertSame(201, $response->getStatusCode());
|
||||
$createdId = $response->toArray()['id'];
|
||||
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
|
||||
/** @var Category $reloaded */
|
||||
$reloaded = $em->getRepository(Category::class)->find($createdId);
|
||||
|
||||
// RG-1.15 — dates remplies, egales au prePersist
|
||||
self::assertNotNull($reloaded->getCreatedAt());
|
||||
self::assertNotNull($reloaded->getUpdatedAt());
|
||||
self::assertGreaterThanOrEqual(
|
||||
$before->getTimestamp(),
|
||||
$reloaded->getCreatedAt()->getTimestamp(),
|
||||
'createdAt doit etre post-test-start.',
|
||||
);
|
||||
self::assertSame(
|
||||
$reloaded->getCreatedAt()->getTimestamp(),
|
||||
$reloaded->getUpdatedAt()->getTimestamp(),
|
||||
'Au POST, createdAt et updatedAt doivent etre identiques.',
|
||||
);
|
||||
|
||||
// RG-1.15 — blame remplis avec le user authentifie (admin)
|
||||
self::assertNotNull($reloaded->getCreatedBy());
|
||||
self::assertNotNull($reloaded->getUpdatedBy());
|
||||
self::assertSame($adminId, $reloaded->getCreatedBy()->getId());
|
||||
self::assertSame($adminId, $reloaded->getUpdatedBy()->getId());
|
||||
}
|
||||
|
||||
public function testCreatedByNullInConsoleContext(): void
|
||||
{
|
||||
// RG-1.15 : persist sans contexte HTTP -> Security::getUser() retourne
|
||||
// null -> blame reste null, mais les dates restent remplies.
|
||||
// On utilise la factory createCategory() qui fait un persist Doctrine
|
||||
// direct (pas via le client HTTP).
|
||||
$category = $this->createCategory(self::TEST_CATEGORY_PREFIX.'console');
|
||||
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
|
||||
/** @var Category $reloaded */
|
||||
$reloaded = $em->getRepository(Category::class)->find($category->getId());
|
||||
|
||||
// Dates remplies par le subscriber.
|
||||
self::assertNotNull($reloaded->getCreatedAt());
|
||||
self::assertNotNull($reloaded->getUpdatedAt());
|
||||
|
||||
// Blame null (pas de Security::getUser() dispo hors HTTP).
|
||||
self::assertNull(
|
||||
$reloaded->getCreatedBy(),
|
||||
'createdBy doit etre null hors contexte HTTP (RG-1.15 fallback).',
|
||||
);
|
||||
self::assertNull($reloaded->getUpdatedBy());
|
||||
}
|
||||
|
||||
public function testPatchUpdatesUpdatedFieldsOnly(): void
|
||||
{
|
||||
// Etape 1 : creation par admin pour figer createdBy=admin.
|
||||
$type = $this->createCategoryType();
|
||||
$adminClient = $this->createAdminClient();
|
||||
|
||||
$response = $adminClient->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'tsb_patch',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertSame(201, $response->getStatusCode());
|
||||
$createdId = $response->toArray()['id'];
|
||||
|
||||
// Snapshot des valeurs initiales pour comparaison apres PATCH.
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
|
||||
/** @var Category $initial */
|
||||
$initial = $em->getRepository(Category::class)->find($createdId);
|
||||
$initialCreatedAt = $initial->getCreatedAt();
|
||||
$initialUpdatedAt = $initial->getUpdatedAt();
|
||||
$initialCreatedById = $initial->getCreatedBy()->getId();
|
||||
|
||||
// Decalage temporel suffisant pour que la precision PG (seconde)
|
||||
// capte un updatedAt different.
|
||||
sleep(1);
|
||||
|
||||
// Etape 2 : PATCH par un autre user (manager non-admin) — simule "bob".
|
||||
$manage = $this->createManageClient();
|
||||
$bobClient = $manage['client'];
|
||||
|
||||
/** @var User $bob */
|
||||
$bob = $this->getEm()->getRepository(User::class)->findOneBy(['username' => $manage['credentials']['username']]);
|
||||
$bobId = $bob->getId();
|
||||
self::assertNotSame($initialCreatedById, $bobId, 'Le test exige deux users distincts.');
|
||||
|
||||
$bobClient->request('PATCH', '/api/categories/'.$createdId, [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['name' => self::TEST_CATEGORY_PREFIX.'tsb_patched_by_bob'],
|
||||
]);
|
||||
self::assertResponseIsSuccessful();
|
||||
|
||||
// Etape 3 : verifications RG-1.16
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
|
||||
/** @var Category $patched */
|
||||
$patched = $em->getRepository(Category::class)->find($createdId);
|
||||
|
||||
// createdAt / createdBy figes
|
||||
self::assertSame(
|
||||
$initialCreatedAt->getTimestamp(),
|
||||
$patched->getCreatedAt()->getTimestamp(),
|
||||
'createdAt doit etre fige au PATCH (RG-1.16).',
|
||||
);
|
||||
self::assertSame(
|
||||
$initialCreatedById,
|
||||
$patched->getCreatedBy()->getId(),
|
||||
'createdBy doit etre fige au PATCH (RG-1.16).',
|
||||
);
|
||||
|
||||
// updatedAt / updatedBy mis a jour
|
||||
self::assertGreaterThan(
|
||||
$initialUpdatedAt->getTimestamp(),
|
||||
$patched->getUpdatedAt()->getTimestamp(),
|
||||
'updatedAt doit avancer apres PATCH (RG-1.16).',
|
||||
);
|
||||
self::assertSame(
|
||||
$bobId,
|
||||
$patched->getUpdatedBy()->getId(),
|
||||
'updatedBy doit refleter le user PATCH (RG-1.16).',
|
||||
);
|
||||
}
|
||||
|
||||
public function testSoftDeleteAlsoUpdatesUpdatedFields(): void
|
||||
{
|
||||
// RG-1.16 : le soft delete est un UPDATE Doctrine, donc le subscriber
|
||||
// doit aussi avancer updatedAt et updatedBy en plus de poser deletedAt.
|
||||
$type = $this->createCategoryType();
|
||||
$adminClient = $this->createAdminClient();
|
||||
|
||||
$response = $adminClient->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'tsb_delete',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertSame(201, $response->getStatusCode());
|
||||
$createdId = $response->toArray()['id'];
|
||||
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
|
||||
/** @var Category $initial */
|
||||
$initial = $em->getRepository(Category::class)->find($createdId);
|
||||
$initialUpdatedAt = $initial->getUpdatedAt();
|
||||
|
||||
sleep(1);
|
||||
|
||||
// Soft delete par un manager non-admin.
|
||||
$manage = $this->createManageClient();
|
||||
$bobClient = $manage['client'];
|
||||
|
||||
/** @var User $bob */
|
||||
$bob = $this->getEm()->getRepository(User::class)->findOneBy(['username' => $manage['credentials']['username']]);
|
||||
$bobId = $bob->getId();
|
||||
|
||||
$bobClient->request('DELETE', '/api/categories/'.$createdId);
|
||||
self::assertResponseStatusCodeSame(204);
|
||||
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
|
||||
/** @var Category $deleted */
|
||||
$deleted = $em->getRepository(Category::class)->find($createdId);
|
||||
|
||||
// deletedAt rempli
|
||||
self::assertNotNull($deleted->getDeletedAt(), 'deletedAt doit etre rempli apres DELETE.');
|
||||
|
||||
// updatedAt avance, updatedBy = bob
|
||||
self::assertGreaterThan(
|
||||
$initialUpdatedAt->getTimestamp(),
|
||||
$deleted->getUpdatedAt()->getTimestamp(),
|
||||
'updatedAt doit avancer au soft delete (RG-1.16).',
|
||||
);
|
||||
self::assertSame(
|
||||
$bobId,
|
||||
$deleted->getUpdatedBy()->getId(),
|
||||
'updatedBy doit refleter l\'auteur du soft delete (RG-1.16).',
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,144 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Catalog\Api;
|
||||
|
||||
/**
|
||||
* Tests RG-1.07 : unicite case-insensitive de (LOWER(name), category_type_id)
|
||||
* parmi les categories non soft-deleted. L'index Postgres partiel
|
||||
* `uq_category_name_type_active` est traduit en 409 Conflict par le
|
||||
* CategoryProcessor.
|
||||
*
|
||||
* Cas couverts :
|
||||
* - doublon strict (meme name + meme type) → 409 ;
|
||||
* - doublon case-insensitive (Vis / vis sur meme type) → 409 ;
|
||||
* - meme name sur 2 types differents → les deux passent (pas de doublon) ;
|
||||
* - recreation apres soft delete → 201 (l'index partiel libere le couple).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class CategoryUniqueTest extends AbstractCatalogApiTestCase
|
||||
{
|
||||
public function testDuplicateNameSameTypeReturns409(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
// 1er POST : doit reussir.
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'unique',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
|
||||
// 2eme POST : meme name + meme type → doublon strict.
|
||||
$response = $client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'unique',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertSame(409, $response->getStatusCode());
|
||||
|
||||
// Message attendu par la spec RG-1.07.
|
||||
$payload = $response->toArray(false);
|
||||
$description = $payload['description'] ?? $payload['detail'] ?? $payload['hydra:description'] ?? '';
|
||||
self::assertStringContainsString(
|
||||
'existe déjà pour ce type',
|
||||
$description,
|
||||
'Le message d\'erreur 409 doit citer la spec ("existe deja pour ce type").',
|
||||
);
|
||||
}
|
||||
|
||||
public function testDuplicateNameCaseInsensitiveReturns409(): void
|
||||
{
|
||||
// RG-1.07 : la collision est case-insensitive (index sur LOWER(name)).
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'Vis',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
|
||||
$response = $client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
// Meme prefix mais variation de casse → meme LOWER → collision.
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'VIS',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertSame(409, $response->getStatusCode());
|
||||
}
|
||||
|
||||
public function testSameNameDifferentTypeAllowed(): void
|
||||
{
|
||||
// RG-1.07 : la contrainte est SUR (name, type), pas sur name seul.
|
||||
// Le meme nom doit etre acceptable sur deux types differents.
|
||||
$type1 = $this->createCategoryType();
|
||||
$type2 = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'shared',
|
||||
'categoryType' => '/api/category_types/'.$type1->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'shared',
|
||||
'categoryType' => '/api/category_types/'.$type2->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
}
|
||||
|
||||
public function testRecreateAfterSoftDeleteAllowed(): void
|
||||
{
|
||||
// RG-1.07 : l'index Postgres est partiel (WHERE deleted_at IS NULL).
|
||||
// Apres un soft delete, le couple (name, type) est libere et un
|
||||
// nouveau POST identique doit reussir.
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
// 1) creation
|
||||
$response = $client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'recreate',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertSame(201, $response->getStatusCode());
|
||||
$created = $response->toArray();
|
||||
|
||||
// 2) soft delete
|
||||
$client->request('DELETE', '/api/categories/'.$created['id']);
|
||||
self::assertResponseStatusCodeSame(204);
|
||||
|
||||
// 3) recreation : meme name + meme type → autorise (couple libere).
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'recreate',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,210 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Catalog\Api;
|
||||
|
||||
use App\Module\Catalog\Domain\Entity\Category;
|
||||
|
||||
/**
|
||||
* Tests des regles de validation POST/PATCH sur Category :
|
||||
* - RG-1.02 : `name` obligatoire (NotBlank) ;
|
||||
* - RG-1.03 : `name` trim cote serveur via CategoryProcessor ;
|
||||
* - RG-1.04 : `name` longueur 2..120 (Length) ;
|
||||
* - RG-1.05 : `categoryType` obligatoire ;
|
||||
* - RG-1.06 : `categoryType` doit pointer un type existant.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class CategoryValidationTest extends AbstractCatalogApiTestCase
|
||||
{
|
||||
// ============ RG-1.02 — name NotBlank ============
|
||||
|
||||
public function testNameRequiredReturns422(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
// name absent
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testNameEmptyStringReturns422(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => '',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testNameWhitespaceOnlyReturns422(): void
|
||||
{
|
||||
// Le Processor trim avant la validation : " " devient "" -> NotBlank
|
||||
// doit declencher 422 (RG-1.02 combinee a RG-1.03).
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => ' ',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
// ============ RG-1.03 — name trim cote serveur ============
|
||||
|
||||
public function testNameIsTrimmedOnCreate(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
$payloadName = ' '.self::TEST_CATEGORY_PREFIX.'trim ';
|
||||
$expected = trim($payloadName);
|
||||
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => $payloadName,
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
|
||||
// Verification cote base : la valeur stockee est trimee.
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
$stored = $em->getRepository(Category::class)->findOneBy(['name' => $expected]);
|
||||
self::assertNotNull($stored, 'La categorie trimee doit etre persistee sous "'.$expected.'"');
|
||||
self::assertSame($expected, $stored->getName());
|
||||
}
|
||||
|
||||
// ============ RG-1.04 — longueur 2..120 ============
|
||||
|
||||
public function testNameTooShortReturns422(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => 'A',
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testNameTooLongReturns422(): void
|
||||
{
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => str_repeat('a', 121),
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testNameAtMaxLengthIs201(): void
|
||||
{
|
||||
// Borne haute : 120 caracteres doit passer (l'index est sur LOWER, name
|
||||
// est unique en collision avec d'autres tests donc on prefixe la marque
|
||||
// test_cat_ pour le cleanup et completons jusqu'a 120 caracteres).
|
||||
$prefix = self::TEST_CATEGORY_PREFIX;
|
||||
$name = $prefix.str_repeat('z', 120 - strlen($prefix));
|
||||
self::assertSame(120, strlen($name));
|
||||
|
||||
$type = $this->createCategoryType();
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => $name,
|
||||
'categoryType' => '/api/category_types/'.$type->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
}
|
||||
|
||||
// ============ RG-1.05 — categoryType obligatoire ============
|
||||
|
||||
public function testCategoryTypeRequiredReturns422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'no_type',
|
||||
// categoryType absent
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testCategoryTypeNullIsRejected(): void
|
||||
{
|
||||
// `categoryType: null` echoue a la deserialization IRI (API Platform
|
||||
// renvoie 400) bien avant la validation Assert\NotNull. La spec § 4.3
|
||||
// accepte les deux : on assert le contrat fort "ne passe pas en BDD".
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'null_type',
|
||||
'categoryType' => null,
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertContains(
|
||||
$response->getStatusCode(),
|
||||
[400, 422],
|
||||
'categoryType=null doit etre rejete (400 deserialization ou 422 validation).',
|
||||
);
|
||||
}
|
||||
|
||||
// ============ RG-1.06 — categoryType doit exister ============
|
||||
|
||||
public function testCategoryTypeMustExistReturns4xx(): void
|
||||
{
|
||||
// IRI vers un id qui n'existe pas. API Platform peut renvoyer 400
|
||||
// (resolution IRI echouee) ou 422 (validation NotNull declenchee).
|
||||
// La spec § 4.3 accepte les deux : on assert le contrat "ne passe pas".
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('POST', '/api/categories', [
|
||||
'headers' => ['Content-Type' => 'application/ld+json'],
|
||||
'json' => [
|
||||
'name' => self::TEST_CATEGORY_PREFIX.'ghost_type',
|
||||
'categoryType' => '/api/category_types/9999999',
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertContains(
|
||||
$response->getStatusCode(),
|
||||
[400, 404, 422],
|
||||
'IRI categoryType inexistante doit etre rejetee (400/404/422 selon API Platform).',
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user