Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 gitea-actions
|
865180e648 | ||
 matthieu
|
0e3299300f | ||
|
gitea-actions
|
8d50f1fbe7 | ||
|
matthieu
|
120058049c | ||
|
gitea-actions
|
9507664bd0 | ||
|
matthieu
|
0c9b563cae | ||
|
matthieu
|
b495e4030a | ||
|
matthieu
|
56cf492dcc | ||
|
gitea-actions
|
d9023ec9b9 | ||
|
matthieu
|
ddf874a4e1 | ||
|
gitea-actions
|
a25ddac466 | ||
 tristan
|
df8e44fcfa |
@@ -3,7 +3,7 @@
|
||||
## Contexte
|
||||
CRM/ERP en architecture **modular monolith DDD**. Le backend est la source de verite unique (modules actifs, sidebar). Le frontend scanne `frontend/modules/*/` comme layers Nuxt et consomme l'API pour la navigation. Multi-tenant : chaque module est activable/desactivable.
|
||||
|
||||
Doc humaine : @README.md — Spec audit : @doc/audit-log.md
|
||||
Doc humaine : `README.md` — Spec audit : `doc/audit-log.md` (à lire à la demande, non chargés en permanence).
|
||||
|
||||
## Stack
|
||||
- Backend : PHP 8.4, Symfony 8, API Platform 4, Doctrine ORM, PostgreSQL 16 (port 5437)
|
||||
@@ -26,6 +26,7 @@ Doc humaine : @README.md — Spec audit : @doc/audit-log.md
|
||||
11. **Migrations d'initialisation au namespace racine** `DoctrineMigrations` dans `migrations/` (setup user, RBAC, seed de base). Les migrations modulaires (`src/Module/*/Infrastructure/Doctrine/Migrations/`) sont reservees aux evolutions post-schema (ajout de colonnes, index) — cf. @.claude/rules/architecture.md pour la raison.
|
||||
12. **Toujours documenter chaque colonne BDD via `COMMENT ON COLUMN`** dans la migration qui la cree ou la modifie. Description en francais, courte (≤ 200 caracteres), explique la semantique metier + contraintes implicites (unicite partielle, FK importante, lien RG). Garde-fou : `tests/Architecture/ColumnsHaveSqlCommentTest` echoue si une colonne `public` n'a pas de description (`col_description IS NULL`). Details et exemples : @.claude/rules/backend.md § Migrations Doctrine.
|
||||
13. **Toujours paginer toute collection exposee par l'API.** Aucun retour de collection complete (pas de provider qui retourne un array brut). Standard pose dans `config/packages/api_platform.yaml` : 10 items par defaut, max 50, le client peut basculer entre 10/25/50 et peut envoyer `?pagination=false` pour alimenter un select. Garde-fou : `tests/Architecture/CollectionsArePaginatedTest` echoue si une `GetCollection` desactive la pagination sans whitelist. Details et exemples : @.claude/rules/backend.md § Pagination.
|
||||
14. **`symfony.lock` est versionne** (au meme titre que `composer.lock`) — ne JAMAIS le `.gitignore`. C'est le registre des recipes Flex appliquees : sans lui, chaque `composer require` rejoue toutes les recipes et repollue `.env`, `config/bundles.php`, `docker-compose.yml` et recree du scaffolding parasite (`src/Entity/`, `src/Controller/`...). Le regenerer si besoin via `composer recipes:install --force`.
|
||||
|
||||
## Conventions
|
||||
@.claude/rules/architecture.md
|
||||
@@ -36,7 +37,7 @@ Doc humaine : @README.md — Spec audit : @doc/audit-log.md
|
||||
@.claude/rules/git.md
|
||||
@.claude/rules/workflow.md
|
||||
|
||||
## Commandes (liste complete dans @README.md)
|
||||
## Commandes (liste complete dans `README.md`)
|
||||
|
||||
- Demarrer : `make start`
|
||||
- Dev front (hot reload) : `make dev-nuxt` (port 3004)
|
||||
@@ -69,3 +70,5 @@ Editer uniquement `config/modules.php` (commenter la ligne). Cascade automatique
|
||||
## Credentials (dev)
|
||||
|
||||
`admin` / `admin` (ROLE_ADMIN) ; `alice` / `alice`, `bob` / `bob` (ROLE_USER).
|
||||
|
||||
Comptes demo des roles metier (seedes par `RbacDemoFixtures` / `app:seed-rbac --with-demo-users`, mot de passe `demo`) : `bureau` / `demo`, `compta` / `demo`, `commerciale` / `demo`, `usine` / `demo`. Matrice RBAC § 2.7 (M1 Clients) attachee aux roles correspondants.
|
||||
|
||||
@@ -169,13 +169,41 @@ Secrets requis dans Gitea :
|
||||
- `RELEASE_TOKEN` — PAT avec droits `write:repository`
|
||||
- `REGISTRY_TOKEN` — token pour le registry Docker
|
||||
|
||||
## Déploiement — seed RBAC (recette / prod)
|
||||
|
||||
Le RBAC métier (rôles `bureau` / `compta` / `commerciale` / `usine` + matrice § 2.7)
|
||||
est seedé par une **commande applicative idempotente** (présente dans le build prod,
|
||||
contrairement aux fixtures Doctrine en `require-dev`). À jouer dans l'étape de release,
|
||||
**après** les migrations et la synchronisation des permissions :
|
||||
|
||||
```bash
|
||||
php bin/console doctrine:migrations:migrate --no-interaction
|
||||
php bin/console app:sync-permissions # pose les permissions commercial.clients.*
|
||||
php bin/console app:seed-rbac # PROD : rôles + matrice § 2.7 (sans comptes démo)
|
||||
```
|
||||
|
||||
En **recette / staging**, ajouter le flag pour disposer de logins de test (mot de passe
|
||||
fourni explicitement, jamais en dur) :
|
||||
|
||||
```bash
|
||||
php bin/console app:seed-rbac --with-demo-users --password='<mot-de-passe>'
|
||||
# ou via la variable d'env RBAC_DEMO_PASSWORD
|
||||
```
|
||||
|
||||
La commande est rejouable sans effet de bord (aucun doublon de rôle, de lien ou de compte).
|
||||
En dev, `make db-reset` produit le même résultat (rôles + matrice + comptes démo).
|
||||
|
||||
## Credentials (dev)
|
||||
|
||||
| Username | Password | Role |
|
||||
|----------|----------|------|
|
||||
| admin | admin | ROLE_ADMIN |
|
||||
| alice | alice | ROLE_USER |
|
||||
| bob | bob | ROLE_USER |
|
||||
| Username | Password | Role | RBAC métier |
|
||||
|----------|----------|------|-------------|
|
||||
| admin | admin | ROLE_ADMIN | bypass (is_admin) |
|
||||
| alice | alice | ROLE_USER | — |
|
||||
| bob | bob | ROLE_USER | — |
|
||||
| bureau | demo | ROLE_USER | clients : view + manage |
|
||||
| compta | demo | ROLE_USER | clients : view + accounting.view/manage |
|
||||
| commerciale | demo | ROLE_USER | clients : view + manage (Information obligatoire — RG-1.04) |
|
||||
| usine | demo | ROLE_USER | aucun accès clients |
|
||||
|
||||
## Conventions
|
||||
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
"nelmio/cors-bundle": "^2.6",
|
||||
"nyholm/psr7": "^1.8",
|
||||
"phpdocumentor/reflection-docblock": "^5.6|^6.0",
|
||||
"phpoffice/phpspreadsheet": "^5.7",
|
||||
"phpstan/phpdoc-parser": "^2.3",
|
||||
"symfony/asset": "8.0.*",
|
||||
"symfony/console": "8.0.*",
|
||||
@@ -23,6 +24,7 @@
|
||||
"symfony/expression-language": "8.0.*",
|
||||
"symfony/flex": "^2",
|
||||
"symfony/framework-bundle": "8.0.*",
|
||||
"symfony/intl": "8.0.*",
|
||||
"symfony/mime": "8.0.*",
|
||||
"symfony/monolog-bundle": "^4.0",
|
||||
"symfony/property-access": "8.0.*",
|
||||
|
||||
Generated
+514
-80
@@ -4,7 +4,7 @@
|
||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "d65a546151abb6b977fbf7f1c86d14fe",
|
||||
"content-hash": "aada2e60fd7563f1498b5505b37e3f4b",
|
||||
"packages": [
|
||||
{
|
||||
"name": "api-platform/doctrine-common",
|
||||
@@ -1160,6 +1160,85 @@
|
||||
},
|
||||
"time": "2026-03-17T15:23:21+00:00"
|
||||
},
|
||||
{
|
||||
"name": "composer/pcre",
|
||||
"version": "3.3.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/composer/pcre.git",
|
||||
"reference": "b2bed4734f0cc156ee1fe9c0da2550420d99a21e"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/composer/pcre/zipball/b2bed4734f0cc156ee1fe9c0da2550420d99a21e",
|
||||
"reference": "b2bed4734f0cc156ee1fe9c0da2550420d99a21e",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^7.4 || ^8.0"
|
||||
},
|
||||
"conflict": {
|
||||
"phpstan/phpstan": "<1.11.10"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpstan/phpstan": "^1.12 || ^2",
|
||||
"phpstan/phpstan-strict-rules": "^1 || ^2",
|
||||
"phpunit/phpunit": "^8 || ^9"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"phpstan": {
|
||||
"includes": [
|
||||
"extension.neon"
|
||||
]
|
||||
},
|
||||
"branch-alias": {
|
||||
"dev-main": "3.x-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Composer\\Pcre\\": "src"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Jordi Boggiano",
|
||||
"email": "j.boggiano@seld.be",
|
||||
"homepage": "http://seld.be"
|
||||
}
|
||||
],
|
||||
"description": "PCRE wrapping library that offers type-safe preg_* replacements.",
|
||||
"keywords": [
|
||||
"PCRE",
|
||||
"preg",
|
||||
"regex",
|
||||
"regular expression"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/composer/pcre/issues",
|
||||
"source": "https://github.com/composer/pcre/tree/3.3.2"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
"url": "https://packagist.com",
|
||||
"type": "custom"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/composer",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://tidelift.com/funding/github/packagist/composer/composer",
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2024-11-12T16:29:46+00:00"
|
||||
},
|
||||
{
|
||||
"name": "composer/semver",
|
||||
"version": "3.4.4",
|
||||
@@ -2630,6 +2709,191 @@
|
||||
],
|
||||
"time": "2025-12-20T17:47:00+00:00"
|
||||
},
|
||||
{
|
||||
"name": "maennchen/zipstream-php",
|
||||
"version": "3.2.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/maennchen/ZipStream-PHP.git",
|
||||
"reference": "77bebeb4c6c340bb3c11c843b2cffd8bbfde4d5e"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/maennchen/ZipStream-PHP/zipball/77bebeb4c6c340bb3c11c843b2cffd8bbfde4d5e",
|
||||
"reference": "77bebeb4c6c340bb3c11c843b2cffd8bbfde4d5e",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ext-mbstring": "*",
|
||||
"ext-zlib": "*",
|
||||
"php-64bit": "^8.3"
|
||||
},
|
||||
"require-dev": {
|
||||
"brianium/paratest": "^7.7",
|
||||
"ext-zip": "*",
|
||||
"friendsofphp/php-cs-fixer": "^3.86",
|
||||
"guzzlehttp/guzzle": "^7.5",
|
||||
"mikey179/vfsstream": "^1.6",
|
||||
"php-coveralls/php-coveralls": "^2.5",
|
||||
"phpunit/phpunit": "^12.0",
|
||||
"vimeo/psalm": "^6.0"
|
||||
},
|
||||
"suggest": {
|
||||
"guzzlehttp/psr7": "^2.4",
|
||||
"psr/http-message": "^2.0"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"ZipStream\\": "src/"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Paul Duncan",
|
||||
"email": "pabs@pablotron.org"
|
||||
},
|
||||
{
|
||||
"name": "Jonatan Männchen",
|
||||
"email": "jonatan@maennchen.ch"
|
||||
},
|
||||
{
|
||||
"name": "Jesse Donat",
|
||||
"email": "donatj@gmail.com"
|
||||
},
|
||||
{
|
||||
"name": "András Kolesár",
|
||||
"email": "kolesar@kolesar.hu"
|
||||
}
|
||||
],
|
||||
"description": "ZipStream is a library for dynamically streaming dynamic zip files from PHP without writing to the disk at all on the server.",
|
||||
"keywords": [
|
||||
"stream",
|
||||
"zip"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/maennchen/ZipStream-PHP/issues",
|
||||
"source": "https://github.com/maennchen/ZipStream-PHP/tree/3.2.2"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
"url": "https://github.com/maennchen",
|
||||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2026-04-11T18:38:28+00:00"
|
||||
},
|
||||
{
|
||||
"name": "markbaker/complex",
|
||||
"version": "3.0.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/MarkBaker/PHPComplex.git",
|
||||
"reference": "95c56caa1cf5c766ad6d65b6344b807c1e8405b9"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/MarkBaker/PHPComplex/zipball/95c56caa1cf5c766ad6d65b6344b807c1e8405b9",
|
||||
"reference": "95c56caa1cf5c766ad6d65b6344b807c1e8405b9",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^7.2 || ^8.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"dealerdirect/phpcodesniffer-composer-installer": "dev-master",
|
||||
"phpcompatibility/php-compatibility": "^9.3",
|
||||
"phpunit/phpunit": "^7.0 || ^8.0 || ^9.0",
|
||||
"squizlabs/php_codesniffer": "^3.7"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Complex\\": "classes/src/"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Mark Baker",
|
||||
"email": "mark@lange.demon.co.uk"
|
||||
}
|
||||
],
|
||||
"description": "PHP Class for working with complex numbers",
|
||||
"homepage": "https://github.com/MarkBaker/PHPComplex",
|
||||
"keywords": [
|
||||
"complex",
|
||||
"mathematics"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/MarkBaker/PHPComplex/issues",
|
||||
"source": "https://github.com/MarkBaker/PHPComplex/tree/3.0.2"
|
||||
},
|
||||
"time": "2022-12-06T16:21:08+00:00"
|
||||
},
|
||||
{
|
||||
"name": "markbaker/matrix",
|
||||
"version": "3.0.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/MarkBaker/PHPMatrix.git",
|
||||
"reference": "728434227fe21be27ff6d86621a1b13107a2562c"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/MarkBaker/PHPMatrix/zipball/728434227fe21be27ff6d86621a1b13107a2562c",
|
||||
"reference": "728434227fe21be27ff6d86621a1b13107a2562c",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^7.1 || ^8.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"dealerdirect/phpcodesniffer-composer-installer": "dev-master",
|
||||
"phpcompatibility/php-compatibility": "^9.3",
|
||||
"phpdocumentor/phpdocumentor": "2.*",
|
||||
"phploc/phploc": "^4.0",
|
||||
"phpmd/phpmd": "2.*",
|
||||
"phpunit/phpunit": "^7.0 || ^8.0 || ^9.0",
|
||||
"sebastian/phpcpd": "^4.0",
|
||||
"squizlabs/php_codesniffer": "^3.7"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Matrix\\": "classes/src/"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Mark Baker",
|
||||
"email": "mark@demon-angel.eu"
|
||||
}
|
||||
],
|
||||
"description": "PHP Class for working with matrices",
|
||||
"homepage": "https://github.com/MarkBaker/PHPMatrix",
|
||||
"keywords": [
|
||||
"mathematics",
|
||||
"matrix",
|
||||
"vector"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/MarkBaker/PHPMatrix/issues",
|
||||
"source": "https://github.com/MarkBaker/PHPMatrix/tree/3.0.1"
|
||||
},
|
||||
"time": "2022-12-02T22:17:43+00:00"
|
||||
},
|
||||
{
|
||||
"name": "monolog/monolog",
|
||||
"version": "3.10.0",
|
||||
@@ -3052,6 +3316,115 @@
|
||||
},
|
||||
"time": "2026-01-06T21:53:42+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phpoffice/phpspreadsheet",
|
||||
"version": "5.7.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/PHPOffice/PhpSpreadsheet.git",
|
||||
"reference": "9f55d3b9b7bcb1084fda8340e4b7ce4ed10cd0c8"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/PHPOffice/PhpSpreadsheet/zipball/9f55d3b9b7bcb1084fda8340e4b7ce4ed10cd0c8",
|
||||
"reference": "9f55d3b9b7bcb1084fda8340e4b7ce4ed10cd0c8",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"composer/pcre": "^1||^2||^3",
|
||||
"ext-ctype": "*",
|
||||
"ext-dom": "*",
|
||||
"ext-fileinfo": "*",
|
||||
"ext-filter": "*",
|
||||
"ext-gd": "*",
|
||||
"ext-iconv": "*",
|
||||
"ext-libxml": "*",
|
||||
"ext-mbstring": "*",
|
||||
"ext-simplexml": "*",
|
||||
"ext-xml": "*",
|
||||
"ext-xmlreader": "*",
|
||||
"ext-xmlwriter": "*",
|
||||
"ext-zip": "*",
|
||||
"ext-zlib": "*",
|
||||
"maennchen/zipstream-php": "^2.1 || ^3.0",
|
||||
"markbaker/complex": "^3.0",
|
||||
"markbaker/matrix": "^3.0",
|
||||
"php": "^8.1",
|
||||
"psr/simple-cache": "^1.0 || ^2.0 || ^3.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"dealerdirect/phpcodesniffer-composer-installer": "dev-main",
|
||||
"dompdf/dompdf": "^2.0 || ^3.0",
|
||||
"ext-intl": "*",
|
||||
"friendsofphp/php-cs-fixer": "^3.2",
|
||||
"mitoteam/jpgraph": "^10.5",
|
||||
"mpdf/mpdf": "^8.1.1",
|
||||
"phpcompatibility/php-compatibility": "^9.3",
|
||||
"phpstan/phpstan": "^1.1 || ^2.0",
|
||||
"phpstan/phpstan-deprecation-rules": "^1.0 || ^2.0",
|
||||
"phpstan/phpstan-phpunit": "^1.0 || ^2.0",
|
||||
"phpunit/phpunit": "^10.5",
|
||||
"squizlabs/php_codesniffer": "^3.7",
|
||||
"tecnickcom/tcpdf": "^6.5"
|
||||
},
|
||||
"suggest": {
|
||||
"dompdf/dompdf": "Option for rendering PDF with PDF Writer",
|
||||
"ext-intl": "PHP Internationalization Functions, required for NumberFormat Wizard and StringHelper::setLocale()",
|
||||
"mitoteam/jpgraph": "Option for rendering charts, or including charts with PDF or HTML Writers",
|
||||
"mpdf/mpdf": "Option for rendering PDF with PDF Writer",
|
||||
"tecnickcom/tcpdf": "Option for rendering PDF with PDF Writer"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"PhpOffice\\PhpSpreadsheet\\": "src/PhpSpreadsheet"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Maarten Balliauw",
|
||||
"homepage": "https://blog.maartenballiauw.be"
|
||||
},
|
||||
{
|
||||
"name": "Mark Baker",
|
||||
"homepage": "https://markbakeruk.net"
|
||||
},
|
||||
{
|
||||
"name": "Franck Lefevre",
|
||||
"homepage": "https://rootslabs.net"
|
||||
},
|
||||
{
|
||||
"name": "Erik Tilt"
|
||||
},
|
||||
{
|
||||
"name": "Adrien Crivelli"
|
||||
},
|
||||
{
|
||||
"name": "Owen Leibman"
|
||||
}
|
||||
],
|
||||
"description": "PHPSpreadsheet - Read, Create and Write Spreadsheet documents in PHP - Spreadsheet engine",
|
||||
"homepage": "https://github.com/PHPOffice/PhpSpreadsheet",
|
||||
"keywords": [
|
||||
"OpenXML",
|
||||
"excel",
|
||||
"gnumeric",
|
||||
"ods",
|
||||
"php",
|
||||
"spreadsheet",
|
||||
"xls",
|
||||
"xlsx"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/PHPOffice/PhpSpreadsheet/issues",
|
||||
"source": "https://github.com/PHPOffice/PhpSpreadsheet/tree/5.7.0"
|
||||
},
|
||||
"time": "2026-04-20T02:42:17+00:00"
|
||||
},
|
||||
{
|
||||
"name": "phpstan/phpdoc-parser",
|
||||
"version": "2.3.2",
|
||||
@@ -3513,6 +3886,57 @@
|
||||
},
|
||||
"time": "2024-09-11T13:17:53+00:00"
|
||||
},
|
||||
{
|
||||
"name": "psr/simple-cache",
|
||||
"version": "3.0.0",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/php-fig/simple-cache.git",
|
||||
"reference": "764e0b3939f5ca87cb904f570ef9be2d78a07865"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/php-fig/simple-cache/zipball/764e0b3939f5ca87cb904f570ef9be2d78a07865",
|
||||
"reference": "764e0b3939f5ca87cb904f570ef9be2d78a07865",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=8.0.0"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"branch-alias": {
|
||||
"dev-master": "3.0.x-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Psr\\SimpleCache\\": "src/"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "PHP-FIG",
|
||||
"homepage": "https://www.php-fig.org/"
|
||||
}
|
||||
],
|
||||
"description": "Common interfaces for simple caching",
|
||||
"keywords": [
|
||||
"cache",
|
||||
"caching",
|
||||
"psr",
|
||||
"psr-16",
|
||||
"simple-cache"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/php-fig/simple-cache/tree/3.0.0"
|
||||
},
|
||||
"time": "2021-10-29T13:26:27+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/asset",
|
||||
"version": "v8.0.8",
|
||||
@@ -5172,6 +5596,95 @@
|
||||
],
|
||||
"time": "2026-03-31T21:14:05+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/intl",
|
||||
"version": "v8.0.8",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/symfony/intl.git",
|
||||
"reference": "604a1dbbd67471e885e93274379cadd80dc33535"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/symfony/intl/zipball/604a1dbbd67471e885e93274379cadd80dc33535",
|
||||
"reference": "604a1dbbd67471e885e93274379cadd80dc33535",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=8.4"
|
||||
},
|
||||
"conflict": {
|
||||
"symfony/string": "<7.4"
|
||||
},
|
||||
"require-dev": {
|
||||
"symfony/filesystem": "^7.4|^8.0",
|
||||
"symfony/var-exporter": "^7.4|^8.0"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Symfony\\Component\\Intl\\": ""
|
||||
},
|
||||
"exclude-from-classmap": [
|
||||
"/Tests/",
|
||||
"/Resources/data/"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Bernhard Schussek",
|
||||
"email": "bschussek@gmail.com"
|
||||
},
|
||||
{
|
||||
"name": "Eriksen Costa",
|
||||
"email": "eriksen.costa@infranology.com.br"
|
||||
},
|
||||
{
|
||||
"name": "Igor Wiedler",
|
||||
"email": "igor@wiedler.ch"
|
||||
},
|
||||
{
|
||||
"name": "Symfony Community",
|
||||
"homepage": "https://symfony.com/contributors"
|
||||
}
|
||||
],
|
||||
"description": "Provides access to the localization data of the ICU library",
|
||||
"homepage": "https://symfony.com",
|
||||
"keywords": [
|
||||
"i18n",
|
||||
"icu",
|
||||
"internationalization",
|
||||
"intl",
|
||||
"l10n",
|
||||
"localization"
|
||||
],
|
||||
"support": {
|
||||
"source": "https://github.com/symfony/intl/tree/v8.0.8"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
"url": "https://symfony.com/sponsor",
|
||||
"type": "custom"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/fabpot",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/nicolas-grekas",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2026-03-30T15:14:47+00:00"
|
||||
},
|
||||
{
|
||||
"name": "symfony/mime",
|
||||
"version": "v8.0.8",
|
||||
@@ -8263,85 +8776,6 @@
|
||||
],
|
||||
"time": "2022-12-23T10:58:28+00:00"
|
||||
},
|
||||
{
|
||||
"name": "composer/pcre",
|
||||
"version": "3.3.2",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/composer/pcre.git",
|
||||
"reference": "b2bed4734f0cc156ee1fe9c0da2550420d99a21e"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/composer/pcre/zipball/b2bed4734f0cc156ee1fe9c0da2550420d99a21e",
|
||||
"reference": "b2bed4734f0cc156ee1fe9c0da2550420d99a21e",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^7.4 || ^8.0"
|
||||
},
|
||||
"conflict": {
|
||||
"phpstan/phpstan": "<1.11.10"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpstan/phpstan": "^1.12 || ^2",
|
||||
"phpstan/phpstan-strict-rules": "^1 || ^2",
|
||||
"phpunit/phpunit": "^8 || ^9"
|
||||
},
|
||||
"type": "library",
|
||||
"extra": {
|
||||
"phpstan": {
|
||||
"includes": [
|
||||
"extension.neon"
|
||||
]
|
||||
},
|
||||
"branch-alias": {
|
||||
"dev-main": "3.x-dev"
|
||||
}
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"Composer\\Pcre\\": "src"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Jordi Boggiano",
|
||||
"email": "j.boggiano@seld.be",
|
||||
"homepage": "http://seld.be"
|
||||
}
|
||||
],
|
||||
"description": "PCRE wrapping library that offers type-safe preg_* replacements.",
|
||||
"keywords": [
|
||||
"PCRE",
|
||||
"preg",
|
||||
"regex",
|
||||
"regular expression"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/composer/pcre/issues",
|
||||
"source": "https://github.com/composer/pcre/tree/3.3.2"
|
||||
},
|
||||
"funding": [
|
||||
{
|
||||
"url": "https://packagist.com",
|
||||
"type": "custom"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/composer",
|
||||
"type": "github"
|
||||
},
|
||||
{
|
||||
"url": "https://tidelift.com/funding/github/packagist/composer/composer",
|
||||
"type": "tidelift"
|
||||
}
|
||||
],
|
||||
"time": "2024-11-12T16:29:46+00:00"
|
||||
},
|
||||
{
|
||||
"name": "composer/xdebug-handler",
|
||||
"version": "3.0.5",
|
||||
|
||||
@@ -37,6 +37,10 @@ doctrine:
|
||||
# Permet a Shared de referencer UserInterface dans ses ORM mappings sans
|
||||
# importer la classe concrete du module Core (cf. spec-back M0 § 2.8).
|
||||
Symfony\Component\Security\Core\User\UserInterface: App\Module\Core\Domain\Entity\User
|
||||
# Cible des ManyToMany Client.categories / ClientAddress.categories (M1).
|
||||
# Permet au module Commercial de referencer une Category via le contrat
|
||||
# Shared sans importer la classe concrete du module Catalog (regle n°1).
|
||||
App\Shared\Domain\Contract\CategoryInterface: App\Module\Catalog\Domain\Entity\Category
|
||||
mappings:
|
||||
Core:
|
||||
type: attribute
|
||||
@@ -66,6 +70,16 @@ doctrine:
|
||||
dir: '%kernel.project_dir%/src/Module/Catalog/Domain/Entity'
|
||||
prefix: 'App\Module\Catalog\Domain\Entity'
|
||||
alias: Catalog
|
||||
# Mapping inconditionnel du module Commercial (meme logique que Catalog) :
|
||||
# les tables (client, sous-collections, referentiels comptables) creees
|
||||
# par la migration M1 (Version20260601000000) doivent etre connues de
|
||||
# l'ORM. L'activation fonctionnelle passe par config/modules.php.
|
||||
Commercial:
|
||||
type: attribute
|
||||
is_bundle: false
|
||||
dir: '%kernel.project_dir%/src/Module/Commercial/Domain/Entity'
|
||||
prefix: 'App\Module\Commercial\Domain\Entity'
|
||||
alias: Commercial
|
||||
controller_resolver:
|
||||
auto_mapping: false
|
||||
|
||||
|
||||
@@ -103,6 +103,13 @@ return [
|
||||
'label' => 'sidebar.commercial.section',
|
||||
'icon' => 'mdi:account-arrow-left-outline',
|
||||
'items' => [
|
||||
[
|
||||
'label' => 'sidebar.commercial.clients',
|
||||
'to' => '/clients',
|
||||
'icon' => 'mdi:account-group-outline',
|
||||
'module' => 'commercial',
|
||||
'permission' => 'commercial.clients.view',
|
||||
],
|
||||
[
|
||||
'label' => 'sidebar.commercial.suppliers',
|
||||
'to' => '/suppliers',
|
||||
|
||||
+1
-1
@@ -1,2 +1,2 @@
|
||||
parameters:
|
||||
app.version: '0.1.56'
|
||||
app.version: '0.1.61'
|
||||
|
||||
@@ -0,0 +1,79 @@
|
||||
# Cahier de test back — M1 Répertoire clients (ticket ERP-60 / #478)
|
||||
|
||||
Mapping **toutes les RG (§ 7) → test(s) PHPUnit**, à jour après ERP-60.
|
||||
|
||||
Légende source : `ERP-55` `ERP-56` `ERP-57` `ERP-58` = tests écrits par les wagons
|
||||
précédents ; **`ERP-60`** = tests ajoutés par ce ticket (stratégie « combler les
|
||||
trous, zéro duplication »).
|
||||
|
||||
## Stratégie
|
||||
|
||||
ERP-60 n'écrit QUE les tests des RG non déjà couvertes par la stack, et mappe ici
|
||||
l'intégralité des RG (existantes + nouvelles + déléguées). Les tests dépendants
|
||||
des **rôles métier** (matrice RBAC bureau/compta/commerciale/usine + RG-1.04
|
||||
fonctionnel) sont **délégués à ERP-74 (#493)** : ces rôles n'existent qu'après le
|
||||
merge de la stack.
|
||||
|
||||
## Mapping RG → test
|
||||
|
||||
| RG | Intitulé | Test(s) | Source |
|
||||
|----|----------|---------|--------|
|
||||
| RG-1.01 | Prénom OU nom obligatoire → 422 | `ClientApiTest::testPostWithoutFirstOrLastNameReturns422` ; `ClientProcessorTest` (unit) | ERP-55 |
|
||||
| RG-1.02 | phoneSecondary persisté ; max 2 téléphones | `ClientFormulaireMainTest::testPostPersistsSecondaryPhoneNormalized` ; `::testThirdPhoneFieldIsIgnored` | **ERP-60** |
|
||||
| RG-1.03 | distributor/broker exclusifs + type catégorie | `ClientApiTest::testPostWithDistributorAndBrokerReturns422` ; `::testPostDistributorReferencingNonDistributorReturns422` ; `::testPostValidDistributorReturns201` ; `ClientProcessorTest` (unit) | ERP-55 |
|
||||
| RG-1.04 | Onglet Information obligatoire pour rôle Commerciale | `ClientProcessorTest::testCommercialeIncompleteInformationIsUnprocessable` ; `::testNonCommercialeSkipsInformationCompleteness` (unit, dormant). **Test fonctionnel + durcissement → ERP-74** | ERP-55 / **ERP-74** |
|
||||
| RG-1.05 | Contact : prénom OU nom → 422 (CHECK) | `ClientSubResourceApiTest::testPostContactWithoutNameReturns422` | ERP-57 |
|
||||
| RG-1.06/07/08 | Adresse prospect exclusive de livraison/facturation (CHECK) | `ClientAddressTest::testProspectAddressCannotBeDelivery` ; `::testProspectAddressCannotBeBilling` | **ERP-60** |
|
||||
| RG-1.09 | Code postal `^[0-9]{4,5}$` → 422 | `ClientSubResourceApiTest::testPostAddressWithInvalidPostalCodeReturns422` | ERP-57 |
|
||||
| RG-1.10 | ≥ 1 site sur adresse → 422 | `ClientSubResourceApiTest::testPostAddressWithoutSiteReturns422` | ERP-57 |
|
||||
| RG-1.11 | billingEmail obligatoire ssi isBilling (CHECK) | `ClientAddressTest::testBillingAddressRequiresBillingEmail` ; `::testNonBillingAddressRejectsBillingEmail` | **ERP-60** |
|
||||
| RG-1.12 | Virement → banque obligatoire → 422 | `ClientProcessorTest::testVirementWithoutBankIsUnprocessable` ; `::testVirementWithBankPasses` (unit) | ERP-55 |
|
||||
| RG-1.13 | LCR → ≥ 1 RIB ; DELETE dernier RIB en LCR → 409 | `ClientProcessorTest::testLcrWithoutRibIsUnprocessable` / `::testLcrWithRibPasses` (unit) ; `ClientSubResourceApiTest::testDeleteLastRibUnderLcrReturns409` / `::testDeleteRibNonLcrReturns204` | ERP-55 / ERP-57 |
|
||||
| RG-1.14 | ≥ 1 bloc Contact pour finaliser l'onglet | **Front-driven (pas de state machine back).** Back voisin : `ClientSubResourceApiTest::testDeleteLastContactReturns409` | ERP-57 |
|
||||
| RG-1.15 | ~~Unicité SIREN~~ supprimée (Q4) — SIREN partageable | `ClientUniquenessTest::testDuplicateSirenIsAllowed` ; `ClientMigrationTest::testNoSirenOrEmailUniqueIndex` | **ERP-60** |
|
||||
| RG-1.16 | companyName unique (case-insensitive) parmi actifs → 409 | `ClientApiTest::testPostDuplicateCompanyNameReturns409` ; `ClientMigrationTest::testCompanyNameActivePartialIndexExistsExactlyOnce` | ERP-55 / **ERP-60** |
|
||||
| RG-1.17 | ~~Unicité email~~ supprimée (Q4) — email partageable | `ClientUniquenessTest::testDuplicateEmailIsAllowed` ; `ClientMigrationTest::testNoSirenOrEmailUniqueIndex` | **ERP-60** |
|
||||
| RG-1.18 | companyName upper-cased serveur | `ClientApiTest::testPostNormalizesTextFields` ; `ClientFieldNormalizerTest::testCompanyNameIsUppercased` (unit) | ERP-55 |
|
||||
| RG-1.19 | firstName/lastName capitalize serveur | `ClientApiTest::testPostNormalizesTextFields` ; `ClientFieldNormalizerTest::testPersonNameIsTitleCased` (unit) ; `ClientSubResourceApiTest::testPostContactNormalizesFields` | ERP-55 / ERP-57 |
|
||||
| RG-1.20 | Téléphones chiffres-seuls serveur | `ClientApiTest::testPostNormalizesTextFields` ; `ClientFieldNormalizerTest::testPhoneKeepsOnlyDigits` (unit) ; `ClientFormulaireMainTest::testPostPersistsSecondaryPhoneNormalized` (secondary) | ERP-55 / **ERP-60** |
|
||||
| RG-1.21 | email lowercase serveur | `ClientApiTest::testPostNormalizesTextFields` ; `ClientFieldNormalizerTest::testEmailIsLowercased` (unit) ; `ClientSubResourceApiTest::testPostContactNormalizesFields` / `::testPostAddressNormalizesBillingEmail` | ERP-55 / ERP-57 |
|
||||
| RG-1.22 | Archive : permission `archive` + archivedAt + aucun autre champ | `ClientApiTest::testPatchArchiveSetsArchivedAtThenRestore` ; `::testPatchArchiveWithOtherFieldReturns422` ; `ClientProcessorTest` (unit, gating archive) | ERP-55 |
|
||||
| RG-1.23 | Restauration : archivedAt=null ; **409 si conflit d'unicité** | `ClientApiTest::testPatchArchiveSetsArchivedAtThenRestore` (cas nominal) ; **`ClientArchiveTest::testRestoreConflictReturns409`** (409 restauration, gap P1) | ERP-55 / **ERP-60** |
|
||||
| RG-1.24 | Liste exclut les archivés par défaut | `ClientApiTest::testListSortedByCompanyNameAscAndExcludesArchived` | ERP-55 |
|
||||
| RG-1.25 | `?includeArchived=true` inclut les archivés | `ClientApiTest::testListIncludeArchivedReturnsArchived` | ERP-55 |
|
||||
| RG-1.26 | Tri par défaut companyName ASC | `ClientApiTest::testListSortedByCompanyNameAscAndExcludesArchived` | ERP-55 |
|
||||
| RG-1.27 | Timestampable/Blamable : created* figés, updated* mis à jour | `ClientAuditTest::testCreatedFrozenAndUpdatedByReflectsModifier` | **ERP-60** |
|
||||
| RG-1.28 | PATCH multi-groupes sans permission → 403 strict (tout le payload) | `ClientProcessorTest::testStrictMixWithAccountingFieldIsForbidden` / `::testAccountingFieldWithoutPermissionIsForbidden` (unit) ; **`ClientPatchStrictTest::testMixedGroupsPatchWithoutAccountingPermissionIsForbidden`** (fonctionnel) | ERP-55 / **ERP-60** |
|
||||
| RG-1.29 | Catégorie d'adresse limitée aux types SECTEUR/AUTRE | **Filtrage LECTURE = front-driven** (SearchFilter `GET /api/categories?categoryType.code[]=…`). **Validation ÉCRITURE (POST/PATPH catégorie DISTRIBUTEUR/COURTIER → 422) NON IMPLÉMENTÉE côté back au M1** (absente du `ClientAddressProcessor` et de la liste § 8.1). → voir « Gaps & suivi » | — (gap) |
|
||||
|
||||
## Couvertures transverses
|
||||
|
||||
| Sujet | Test(s) | Source |
|
||||
|-------|---------|--------|
|
||||
| Audit iban/bic présents dans le diff (pas d'`#[AuditIgnore]`) | `ClientAuditTest::testRibCreateAuditIncludesIbanAndBic` | **ERP-60** |
|
||||
| Sécurité générique : 401 anonyme + 403 sans `commercial.clients.view` | `ClientSecurityTest` (collection + détail) ; `ClientExportControllerTest::testForbiddenWithoutClientsViewPermission` / `::testUnauthorizedWhenAnonymous` | **ERP-60** / ERP-58 |
|
||||
| Migration : index partiel unique présent (1 seul), pas de siren/email unique | `ClientMigrationTest` | **ERP-60** |
|
||||
| Référentiels comptables read-only (405 écriture, 401/403) | `ReferentialApiTest` | ERP-56 |
|
||||
| Export XLSX (colonnes accounting selon permission, 401/403) | `ClientExportControllerTest` | ERP-58 |
|
||||
|
||||
## Délégué à ERP-74 (#493) — NE PAS faire dans ERP-60
|
||||
|
||||
- **Matrice RBAC différenciée** par rôle métier (Bureau / Compta / Commerciale /
|
||||
Usine) : 200/403 par verbe et par onglet selon le rôle.
|
||||
- **RG-1.04 fonctionnel** : PATCH onglet Information par une Commerciale avec
|
||||
champs incomplets → 422 ; même PATCH par Admin → 200 (+ durcissement code/spec).
|
||||
- Raison : ces rôles métier ne sont seedés qu'après le merge de la stack M1.
|
||||
|
||||
## Gaps & suivi
|
||||
|
||||
- **RG-1.29 (validation écriture)** : refuser une catégorie de type
|
||||
`DISTRIBUTEUR`/`COURTIER` sur une `ClientAddress` (→ 422, violation
|
||||
`categories`) n'est pas implémenté au M1. La spec § 8.1 ne le liste pas comme
|
||||
cas de test back ; le filtrage de lecture est front-driven. **Suggestion** :
|
||||
ouvrir un follow-up (durcissement `ClientAddressProcessor`) ou l'intégrer à
|
||||
ERP-74. Aucune invention de feature dans ERP-60 (ticket test-only).
|
||||
- **Violations CHECK → statut HTTP** : les CHECK d'adresse (RG-1.06/07/08/11)
|
||||
sont aujourd'hui rejetées par la base (statut ≥ 400) mais sans mapping fin
|
||||
vers 422 (pas d'`exception_to_status` ni de listener DBAL→HTTP). Les tests
|
||||
ERP-60 assertent donc le **rejet** (≥ 400). Un mapping explicite vers 422
|
||||
serait une amélioration UX d'API (follow-up possible).
|
||||
@@ -235,7 +235,9 @@ Le **formatage `XX XX XX XX XX`** est fait à l'affichage côté front (filter V
|
||||
|
||||
### 3.2 Migration Doctrine — SQL Postgres
|
||||
|
||||
Namespace : `App\Module\Commercial\Infrastructure\Doctrine\Migrations` (modulaire, post-init). Fichier : `Version20260601000000.php` (à dater par le dev).
|
||||
Namespace : **`DoctrineMigrations` (racine `migrations/`)** — fichier `migrations/Version20260601000000.php` (à dater par le dev).
|
||||
|
||||
> **Décision 29/05/2026 (vérifiée empiriquement en dev)** : cette migration crée un **schéma avec FK cross-module** (`user`, `category`, `site`) → elle a la même dépendance d'ordre que les migrations d'init. Le namespace modulaire `App\Module\Commercial\…` casse `make db-reset` : Doctrine Migrations 3.x trie par **FQCN alphabétique** (`App\…` < `DoctrineMigrations\…`), donc la migration client tournerait AVANT `user`/`category`/`site` et ses FK échoueraient. Elle relève donc de l'**exception racine** de la règle ABSOLUE n°11 (même choix que la migration cross-module ERP-67). Le namespace modulaire reste réservé aux évolutions post-schéma (ajout de colonnes/index). La correction long-terme (MigrationsComparator custom, tri par timestamp) est un ticket archi dédié, hors scope M1.
|
||||
|
||||
```sql
|
||||
-- =====================================================================
|
||||
@@ -475,7 +477,14 @@ INSERT INTO category_type (code, label, position) VALUES
|
||||
('AUTRE', 'Autre', 99);
|
||||
```
|
||||
|
||||
> **Note** : le CRUD admin de `CategoryType` reste HP (cf. M0). Le seed est fait via migration ou fixture déclenchée à chaque `make db-reset`.
|
||||
> **Note** : le CRUD admin de `CategoryType` reste HP (cf. M0).
|
||||
>
|
||||
> **Seed en DEUX endroits (décision 29/05, vérifiée empiriquement)** : le `make db-reset` lance les fixtures, dont le purger Doctrine **vide `category_type`** (entité M0 mappée) avant `load()` → un seed posé uniquement en migration disparaît en dev/test. Donc :
|
||||
> 1. **Migration** (`ON CONFLICT (code) DO NOTHING`) → sert en **prod** (pas de fixtures).
|
||||
> 2. **Fixture Commercial idempotente** (ex. `CommercialReferentialFixtures`) re-seedant les 4 types → survit au `db-reset`, satisfait le critère « 4 types présents après db-reset ».
|
||||
>
|
||||
> ⚠ **À venir en ERP-54** : `tva_mode` / `payment_delay` / `payment_type` / `bank` ne sont pas encore des entités mappées au M1.0 → le purger ne les touche pas, leur seed migration survit. **Dès qu'ERP-54 crée leurs entités, ils seront purgés au db-reset** → il faudra les ajouter à la même fixture référentielle.
|
||||
> 🔗 **Coordination ERP-68** : ERP-53 pose la fixture référentielle minimale (4 category_types). ERP-68 l'**étend** (clients de démo, ~12-15) sans la dupliquer.
|
||||
|
||||
### 3.4 Entité `Client` — squelette
|
||||
|
||||
@@ -876,7 +885,8 @@ Cf. § 2.6. Pattern Shared standard.
|
||||
|
||||
### Onglet Information
|
||||
|
||||
- **RG-1.04** : Pour un utilisateur portant le rôle métier **Commerciale**, **tous** les champs de l'onglet Information (`description`, `competitors`, `foundedAt`, `employeesCount`, `revenueAmount`, `directorName`, `profitAmount`) deviennent obligatoires lors d'un PATCH sur le groupe `client:write:information`. Pour les autres rôles, ces champs restent optionnels. Implémenté via un validator custom `ClientInformationCompletenessValidator` invoqué par le `ClientProcessor` quand le user porte le rôle Commerciale.
|
||||
- **RG-1.04** _(durcie — ERP-74)_ : Pour un utilisateur portant le rôle métier **Commerciale**, **tous** les champs de l'onglet Information (`description`, `competitors`, `foundedAt`, `employeesCount`, `revenueAmount`, `directorName`, `profitAmount`) sont obligatoires sur **POST et sur tout PATCH**, **indépendamment des champs réellement envoyés** (la condition d'intersection avec `client:write:information` a été retirée). Pour les autres rôles, ces champs restent optionnels. Implémenté via un validator custom `ClientInformationCompletenessValidator` invoqué systématiquement par le `ClientProcessor` quand le user porte le rôle Commerciale.
|
||||
- **Conséquence** : le POST n'exposant que le groupe `client:write:main`, l'onglet Information n'y est pas renseignable → une Commerciale obtient **422** sur tout POST (cf. § 8.1). La complétude se fait donc via les PATCH `client:write:information` ultérieurs. Un Admin (non gaté) crée normalement (201).
|
||||
|
||||
### Onglet Contact
|
||||
|
||||
@@ -971,7 +981,7 @@ Cf. § 2.6. Pattern Shared standard.
|
||||
- [ ] **Compta POST création** : Compta → 403 (pas de `manage` global)
|
||||
- [ ] **PATCH mix groupes** : Bureau envoie payload avec `companyName` (write:main) + `siren` (write:accounting) → **403 sur tout le payload** (strict, RG-1.28)
|
||||
- [ ] **Audit** : POST + PATCH + archive → audit_log avec entity_type='Client', `changes` correct ; **iban/bic présents dans le diff** (pas d'AuditIgnore, cf. § 6.1)
|
||||
- [ ] **Migration** : `make db-reset` → schéma OK, seed des 4 référentiels + CategoryType (DISTRIBUTEUR/COURTIER/SECTEUR/AUTRE) présent ; index partiel unique `uq_client_company_name_active` présent (un seul — cf. Q4)
|
||||
- [ ] **Migration** : `make db-reset` → schéma OK ; migration en racine `migrations/` (namespace `DoctrineMigrations`, ordre garanti) ; 4 référentiels comptables seedés ; **4 CategoryType présents APRÈS db-reset** (via fixture idempotente, car le purger vide category_type) ; index partiel unique `uq_client_company_name_active` présent (un seul — cf. Q4)
|
||||
|
||||
### 8.2 Cas à couvrir (front — Vitest)
|
||||
|
||||
|
||||
@@ -24,10 +24,10 @@
|
||||
<div class="h-full flex-1 flex flex-col min-h-0 min-w-0">
|
||||
<SiteSelector v-if="showSiteSelector"/>
|
||||
<main
|
||||
class="flex flex-1 flex-col overflow-y-auto overflow-x-hidden bg-white px-4 pb-10 sm:px-6 lg:px-12 xl:px-[170px]">
|
||||
class="flex flex-1 flex-col overflow-y-auto overflow-x-hidden bg-white px-4 pb-10 sm:px-6 lg:px-12 xl:px-11">
|
||||
<div
|
||||
aria-hidden="true"
|
||||
class="pointer-events-none sticky top-0 z-30 h-[47px] flex-shrink-0 bg-white"/>
|
||||
class="pointer-events-none sticky top-0 z-30 h-11 flex-shrink-0 bg-white"/>
|
||||
<slot/>
|
||||
</main>
|
||||
</div>
|
||||
|
||||
@@ -23,6 +23,7 @@
|
||||
},
|
||||
"commercial": {
|
||||
"section": "Commercial",
|
||||
"clients": "Répertoire clients",
|
||||
"suppliers": "Répertoire fournisseurs"
|
||||
},
|
||||
"core": {
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
</h2>
|
||||
</template>
|
||||
|
||||
<form class="flex flex-col gap-4 py-4" @submit.prevent="handleSave">
|
||||
<form class="flex flex-col py-4 gap-2" @submit.prevent="handleSave">
|
||||
<!-- Nom (RG-1.02 obligatoire / RG-1.04 longueur 2-120 apres trim).
|
||||
Erreur miroir client + erreurs server-side (422) mappees sur ce champ. -->
|
||||
<MalioInputText
|
||||
@@ -52,21 +52,21 @@
|
||||
variant="danger"
|
||||
icon-name="mdi:delete-outline"
|
||||
icon-position="left"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
@click="emit('delete')"
|
||||
/>
|
||||
<MalioButton
|
||||
v-else
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
v-if="canShowSave"
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
:disabled="form.submitting.value || loadingTypes"
|
||||
@click="handleSave"
|
||||
/>
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
:title="`${group.module} (${selectedCountFor(group)}/${group.permissions.length})`"
|
||||
header-class="capitalize"
|
||||
>
|
||||
<div class="flex flex-col gap-3">
|
||||
<div class="flex flex-col">
|
||||
<!-- Tout selectionner pour ce module -->
|
||||
<MalioCheckbox
|
||||
:id="`${idPrefix}-group-${group.module}`"
|
||||
@@ -20,7 +20,7 @@
|
||||
label-class="font-semibold text-sm text-neutral-700"
|
||||
@update:model-value="(val: boolean) => emit('toggle-all', group.module, val)"
|
||||
/>
|
||||
<div class="flex flex-col gap-2">
|
||||
<div class="flex flex-col">
|
||||
<MalioCheckbox
|
||||
v-for="perm in group.permissions"
|
||||
:id="`${idPrefix}-perm-${perm.id}`"
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
{{ isEditMode ? t('admin.roles.editRole') : t('admin.roles.createRole') }}
|
||||
</h2>
|
||||
</template>
|
||||
<form class="flex flex-col gap-4 py-4" @submit.prevent="handleSave">
|
||||
<form class="flex flex-col py-4 gap-2" @submit.prevent="handleSave">
|
||||
<!-- Champs du role -->
|
||||
<MalioInputText
|
||||
v-model="form.label"
|
||||
@@ -71,7 +71,7 @@
|
||||
variant="danger"
|
||||
icon-name="mdi:delete-outline"
|
||||
icon-position="left"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
:disabled="role?.isSystem"
|
||||
@click="emit('delete')"
|
||||
/>
|
||||
@@ -79,13 +79,13 @@
|
||||
v-else
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
:disabled="saving || permissionsLoadFailed"
|
||||
@click="handleSave"
|
||||
/>
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
{{ t('admin.users.drawer.title', { username: user?.username ?? '' }) }}
|
||||
</h2>
|
||||
</template>
|
||||
<div class="flex flex-col gap-4 py-4">
|
||||
<div class="flex flex-col space-y-4 py-4">
|
||||
<!-- Etat d'erreur de chargement des referentiels : bloque la
|
||||
sauvegarde pour empecher un ecrasement silencieux des droits. -->
|
||||
<div
|
||||
@@ -41,11 +41,13 @@
|
||||
/>
|
||||
|
||||
<!-- Section Roles -->
|
||||
<div>
|
||||
<!-- !mt-0 : la MalioCheckbox au-dessus expose son slot message (16px),
|
||||
qui couvre deja l'ecart attendu — pas besoin du space-y-4 ici. -->
|
||||
<div class="!mt-0">
|
||||
<h4 class="mb-3 text-sm font-semibold text-neutral-700">
|
||||
{{ t('admin.users.drawer.rolesSection') }}
|
||||
</h4>
|
||||
<div class="flex flex-col gap-2">
|
||||
<div class="flex flex-col">
|
||||
<MalioCheckbox
|
||||
v-for="role in allRoles"
|
||||
:key="role.id"
|
||||
@@ -84,7 +86,7 @@
|
||||
<div v-if="allSites.length === 0" class="text-sm text-neutral-400">
|
||||
{{ t('admin.sites.noSites') }}
|
||||
</div>
|
||||
<div class="flex flex-col gap-2">
|
||||
<div class="flex flex-col">
|
||||
<MalioCheckbox
|
||||
v-for="site in allSites"
|
||||
:id="`site-${site.id}`"
|
||||
@@ -113,13 +115,13 @@
|
||||
<MalioButton
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
:disabled="saving || loadFailed"
|
||||
@click="handleSave"
|
||||
/>
|
||||
|
||||
@@ -66,15 +66,18 @@
|
||||
<MalioAccordion>
|
||||
<!-- Dates : deux champs date+heure Du / Au (champs datetime a l'origine) -->
|
||||
<MalioAccordionItem :title="t('audit.filters.date_range')" value="dates">
|
||||
<div class="grid grid-cols-[auto_1fr] items-center gap-x-3 gap-y-4">
|
||||
<span>{{ t('audit.filters.date_from') }}</span>
|
||||
<!-- pb-4 sur les labels Du/Au : simule le slot message
|
||||
du MalioDateTime voisin pour qu'items-center recentre
|
||||
le label sur le centre visible du champ. -->
|
||||
<div class="grid grid-cols-[auto_1fr] items-center gap-x-3">
|
||||
<span class="pb-4">{{ t('audit.filters.date_from') }}</span>
|
||||
<!-- Borne le picker "Du" par la valeur "Au" pour interdire une plage
|
||||
inversee a la saisie (le backend renverrait silencieusement 0 ligne). -->
|
||||
<MalioDateTime
|
||||
v-model="draftDateFrom"
|
||||
:max="draftDateTo ?? undefined"
|
||||
/>
|
||||
<span>{{ t('audit.filters.date_to') }}</span>
|
||||
<span class="pb-4">{{ t('audit.filters.date_to') }}</span>
|
||||
<MalioDateTime
|
||||
v-model="draftDateTo"
|
||||
:min="draftDateFrom ?? undefined"
|
||||
@@ -84,7 +87,7 @@
|
||||
|
||||
<!-- Type d'entite : cases a cocher (multi-selection) -->
|
||||
<MalioAccordionItem :title="t('audit.filters.entity_type')" value="entity">
|
||||
<div class="flex flex-col gap-4">
|
||||
<div class="flex flex-col">
|
||||
<MalioCheckbox
|
||||
v-for="opt in entityTypeOptions"
|
||||
:id="`filter-entity-${opt.value}`"
|
||||
@@ -105,6 +108,7 @@
|
||||
name="audit-action"
|
||||
:value="opt.value"
|
||||
:label="opt.label"
|
||||
group-class="mt-0"
|
||||
/>
|
||||
</MalioAccordionItem>
|
||||
|
||||
@@ -121,7 +125,7 @@
|
||||
<MalioButton
|
||||
variant="tertiary"
|
||||
:label="t('audit.filters.reset')"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
@click="resetFilters"
|
||||
/>
|
||||
<MalioButton
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
<img src="/LOGO_MALIO.png" alt="Logo" class="w-[150px]"/>
|
||||
</span>
|
||||
<form
|
||||
class="mt-8 space-y-6 rounded-lg border border-neutral-200 bg-white p-6 shadow-sm"
|
||||
class="mt-8 rounded-lg border border-neutral-200 bg-white p-6 shadow-sm"
|
||||
@submit.prevent="handleSubmit"
|
||||
>
|
||||
<MalioInputText
|
||||
@@ -30,7 +30,7 @@
|
||||
type="submit"
|
||||
:disabled="isSubmitting"
|
||||
/>
|
||||
<p class="font-bold">v{{ version }}</p>
|
||||
<p class="mt-6 font-bold">v{{ version }}</p>
|
||||
</form>
|
||||
</div>
|
||||
</template>
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
{{ isEditMode ? t('admin.sites.editSite') : t('admin.sites.createSite') }}
|
||||
</h2>
|
||||
</template>
|
||||
<form class="flex flex-col gap-4 py-4" @submit.prevent="handleSave">
|
||||
<form class="flex flex-col py-4 gap-2" @submit.prevent="handleSave">
|
||||
<MalioInputText
|
||||
v-model="form.name"
|
||||
:label="t('admin.sites.form.name')"
|
||||
@@ -65,11 +65,16 @@
|
||||
input-class="w-full font-mono"
|
||||
required
|
||||
/>
|
||||
<span
|
||||
:style="{ backgroundColor: isValidHex ? form.color : 'transparent' }"
|
||||
class="inline-block size-10 shrink-0 rounded-lg border border-neutral-200"
|
||||
:class="{ 'border-dashed': !isValidHex }"
|
||||
/>
|
||||
<!-- pb-4 sur le wrapper : simule le slot message du
|
||||
MalioInputText voisin pour qu'items-center recentre
|
||||
la puce sur le centre visible de l'input. -->
|
||||
<div class="shrink-0 pb-4">
|
||||
<span
|
||||
:style="{ backgroundColor: isValidHex ? form.color : 'transparent' }"
|
||||
class="inline-block size-10 rounded-lg border border-neutral-200"
|
||||
:class="{ 'border-dashed': !isValidHex }"
|
||||
/>
|
||||
</div>
|
||||
</div>
|
||||
<p v-if="form.color && !isValidHex" class="mt-1 text-xs text-red-600">
|
||||
{{ t('admin.sites.form.colorInvalid') }}
|
||||
@@ -87,20 +92,20 @@
|
||||
variant="danger"
|
||||
icon-name="mdi:delete-outline"
|
||||
icon-position="left"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
@click="emit('delete')"
|
||||
/>
|
||||
<MalioButton
|
||||
v-else
|
||||
:label="t('common.cancel')"
|
||||
variant="tertiary"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
@click="emit('update:modelValue', false)"
|
||||
/>
|
||||
<MalioButton
|
||||
:label="t('common.save')"
|
||||
variant="primary"
|
||||
button-class="w-[150px]"
|
||||
button-class="w-m-btn-action"
|
||||
:disabled="saving || !isValidHex"
|
||||
@click="handleSave"
|
||||
/>
|
||||
|
||||
Generated
+4
-4
@@ -7,7 +7,7 @@
|
||||
"name": "starseed-frontend",
|
||||
"hasInstallScript": true,
|
||||
"dependencies": {
|
||||
"@malio/layer-ui": "^1.7.1",
|
||||
"@malio/layer-ui": "^1.7.3",
|
||||
"@nuxt/icon": "^2.2.1",
|
||||
"@nuxtjs/i18n": "^10.2.3",
|
||||
"@nuxtjs/tailwindcss": "^6.14.0",
|
||||
@@ -1866,9 +1866,9 @@
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@malio/layer-ui": {
|
||||
"version": "1.7.1",
|
||||
"resolved": "https://gitea.malio.fr/api/packages/MALIO-DEV/npm/%40malio%2Flayer-ui/-/1.7.1/layer-ui-1.7.1.tgz",
|
||||
"integrity": "sha512-RYMMappWt/fgjD+BM7//h2O6kxD6WH9Fui8hoC29xtKySRQsqD61XKTdR7BRRkpktbxKmV39q/hblyAFBqV5yw==",
|
||||
"version": "1.7.3",
|
||||
"resolved": "https://gitea.malio.fr/api/packages/MALIO-DEV/npm/%40malio%2Flayer-ui/-/1.7.3/layer-ui-1.7.3.tgz",
|
||||
"integrity": "sha512-jw3ka0Az6Jf0F9ifsooknkwXph8TNgoe6H3CjF8tbBxl8oND8HLHjlZ04ooUCoOUEIlsQ1Mm2hFFlQRCB04qdA==",
|
||||
"dependencies": {
|
||||
"@nuxt/icon": "^2.2.1",
|
||||
"@nuxtjs/tailwindcss": "^6.14.0",
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
"test:e2e:ui": "playwright test --ui"
|
||||
},
|
||||
"dependencies": {
|
||||
"@malio/layer-ui": "^1.7.1",
|
||||
"@malio/layer-ui": "^1.7.3",
|
||||
"@nuxt/icon": "^2.2.1",
|
||||
"@nuxtjs/i18n": "^10.2.3",
|
||||
"@nuxtjs/tailwindcss": "^6.14.0",
|
||||
|
||||
@@ -65,6 +65,16 @@ export const personas: Record<PersonaKey, Persona> = {
|
||||
'sites.bypass_scope',
|
||||
'catalog.categories.view',
|
||||
'catalog.categories.manage',
|
||||
// Commercial — Repertoire clients (M1). Mappe ici sur le persona
|
||||
// "tout" en attendant les vrais roles metier (bureau/compta/
|
||||
// commerciale/usine) seedes par ERP-74. Pas de nouveau persona
|
||||
// (regle ABSOLUE n°7). commercial.clients.view n'ajoute pas de lien
|
||||
// dans la section Administration, donc expectedAdminLinks reste inchange.
|
||||
'commercial.clients.view',
|
||||
'commercial.clients.manage',
|
||||
'commercial.clients.accounting.view',
|
||||
'commercial.clients.accounting.manage',
|
||||
'commercial.clients.archive',
|
||||
],
|
||||
expectedAdminLinks: ['users', 'roles', 'sites', 'categories', 'audit-log'],
|
||||
},
|
||||
|
||||
@@ -198,15 +198,19 @@ migration-migrate:
|
||||
# doctrine:fixtures:load essaie de DELETE toutes les tables connues
|
||||
# via les mappings — si fake_site_aware_entity est mappe mais absent
|
||||
# en DB, le purger crash.
|
||||
# 3. fixtures -> sync-permissions : fixtures:load purge la table permission,
|
||||
# donc sync doit passer apres.
|
||||
# 4. recreation index `uq_category_name_type_active` : schema:update drop
|
||||
# les index orphelins du mapping ORM. L'index partiel (LOWER + WHERE) du
|
||||
# M0 Catalog n'est pas exprimable via les attributs Doctrine ORM 3
|
||||
# (fonctionnel + partiel), donc il disparait apres schema:update. On le
|
||||
# recree par dbal:run-sql pour que les tests RG-1.07 (unicite
|
||||
# case-insensitive) voient bien la contrainte SQL. Sans ce restore, les
|
||||
# POST doublons remontent 201 au lieu de 409.
|
||||
# 3. fixtures -> sync-permissions -> seed-rbac : fixtures:load purge la table
|
||||
# permission, donc sync doit passer apres. seed-rbac (matrice RBAC § 2.7)
|
||||
# passe ensuite, car attachMatrix() exige les permissions en base. Les
|
||||
# comptes demo sont crees par RbacDemoFixtures au load (sans la matrice,
|
||||
# attachee ici). Cf. ERP-74.
|
||||
# 4. recreation des index partiels uniques : schema:update drop les index
|
||||
# orphelins du mapping ORM. Les index partiels (LOWER + WHERE) ne sont pas
|
||||
# exprimables via les attributs Doctrine ORM (fonctionnel + partiel), donc
|
||||
# ils disparaissent apres schema:update. On les recree par dbal:run-sql :
|
||||
# - `uq_category_name_type_active` (M0 Catalog) : tests RG-1.07.
|
||||
# - `uq_client_company_name_active` (M1 Commercial) : unicite nom societe
|
||||
# parmi actifs non archives/non supprimes (RG-1.16), tests ERP-55.
|
||||
# Sans ces restores, les POST doublons remontent 201 au lieu de 409.
|
||||
# 5. app:apply-column-comments : meme cause, schema:update drop les COMMENT
|
||||
# ON COLUMN/TABLE des tables managees par l'ORM (le mapping PHP ne porte
|
||||
# pas d'attribut options['comment']). On rejoue le catalogue partage
|
||||
@@ -219,7 +223,9 @@ test-db-setup:
|
||||
$(SYMFONY_CONSOLE) --env=test --no-interaction app:apply-column-comments
|
||||
$(SYMFONY_CONSOLE) --env=test --no-interaction doctrine:fixtures:load
|
||||
$(SYMFONY_CONSOLE) --env=test --no-interaction app:sync-permissions
|
||||
$(SYMFONY_CONSOLE) --env=test --no-interaction app:seed-rbac
|
||||
$(SYMFONY_CONSOLE) --env=test dbal:run-sql "CREATE UNIQUE INDEX IF NOT EXISTS uq_category_name_type_active ON category (LOWER(name), category_type_id) WHERE deleted_at IS NULL"
|
||||
$(SYMFONY_CONSOLE) --env=test dbal:run-sql "CREATE UNIQUE INDEX IF NOT EXISTS uq_client_company_name_active ON client (LOWER(company_name)) WHERE is_archived = FALSE AND deleted_at IS NULL"
|
||||
|
||||
fixtures:
|
||||
$(SYMFONY_CONSOLE) --no-interaction doctrine:fixtures:load
|
||||
@@ -229,6 +235,15 @@ fixtures:
|
||||
sync-permissions:
|
||||
$(SYMFONY_CONSOLE) --no-interaction app:sync-permissions
|
||||
|
||||
# Seed RBAC metier : roles (bureau/compta/commerciale/usine) + matrice § 2.7
|
||||
# (+ comptes demo en dev). Idempotent et NON destructif. A lancer APRES
|
||||
# sync-permissions (attachMatrix exige les permissions en base). Les comptes
|
||||
# demo dev sont deja crees par RbacDemoFixtures (make fixtures) ; ici on attache
|
||||
# la matrice (les permissions etaient purgees au moment du load fixtures).
|
||||
# En recette/prod, c'est cette commande (avec/sans --with-demo-users) qui seede.
|
||||
seed-rbac:
|
||||
$(SYMFONY_CONSOLE) --no-interaction app:seed-rbac
|
||||
|
||||
# Attention, supprime votre bdd local
|
||||
db-reset:
|
||||
$(DOCKER_COMPOSE) down -v
|
||||
@@ -238,6 +253,7 @@ db-reset:
|
||||
$(MAKE) migration-migrate
|
||||
$(MAKE) fixtures
|
||||
$(MAKE) sync-permissions
|
||||
$(MAKE) seed-rbac
|
||||
$(MAKE) test-db-setup
|
||||
|
||||
# Restart la bdd
|
||||
|
||||
@@ -39,7 +39,19 @@ final class Version20260528120000 extends AbstractMigration
|
||||
|
||||
public function up(Schema $schema): void
|
||||
{
|
||||
foreach (ColumnCommentsCatalog::toSqlStatements() as $sql) {
|
||||
// Ne commente que les tables deja presentes a ce stade de la chaine de
|
||||
// migrations. Les modules crees plus tard (ex: M1 Commercial, 06-01)
|
||||
// figurent desormais dans le catalogue partage mais leurs tables
|
||||
// n'existent pas encore ici : elles posent leurs propres COMMENT dans
|
||||
// leur migration dediee (regle ABSOLUE n°12). Garde-fou indispensable,
|
||||
// sinon l'ajout d'un module au catalogue casse ce retrofit avec un
|
||||
// "relation X does not exist".
|
||||
$existingTables = array_values(array_filter(
|
||||
array_keys(ColumnCommentsCatalog::comments()),
|
||||
static fn (string $table): bool => $schema->hasTable($table),
|
||||
));
|
||||
|
||||
foreach (ColumnCommentsCatalog::toSqlStatements($existingTables) as $sql) {
|
||||
$this->addSql($sql);
|
||||
}
|
||||
}
|
||||
@@ -47,6 +59,13 @@ final class Version20260528120000 extends AbstractMigration
|
||||
public function down(Schema $schema): void
|
||||
{
|
||||
foreach (ColumnCommentsCatalog::comments() as $table => $entries) {
|
||||
// Symetrie avec up() : on n'efface que les commentaires des tables
|
||||
// presentes (les tables des modules ulterieurs sont gerees par leur
|
||||
// propre migration).
|
||||
if (!$schema->hasTable($table)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$quotedTable = '"'.str_replace('"', '""', $table).'"';
|
||||
foreach ($entries as $column => $_) {
|
||||
if ('_table' === $column) {
|
||||
|
||||
@@ -0,0 +1,554 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace DoctrineMigrations;
|
||||
|
||||
use App\Shared\Infrastructure\Database\ColumnCommentsCatalog;
|
||||
use Doctrine\DBAL\Schema\Schema;
|
||||
use Doctrine\Migrations\AbstractMigration;
|
||||
|
||||
/**
|
||||
* M1 — Repertoire clients (ERP-53) : creation de toute la structure BDD du
|
||||
* module Commercial (clients + sous-collections + referentiels comptables).
|
||||
*
|
||||
* Tables creees :
|
||||
* - Referentiels comptables (statiques, seedes ici) : tva_mode, payment_delay,
|
||||
* payment_type, bank.
|
||||
* - Table principale : client (formulaire + Information + Comptabilite +
|
||||
* archive + soft-delete + Timestampable/Blamable).
|
||||
* - Sous-collections : client_category (M2M), client_contact (1:n),
|
||||
* client_address (1:n), client_rib (1:n).
|
||||
* - Jointures de client_address : client_address_site, client_address_contact,
|
||||
* client_address_category.
|
||||
*
|
||||
* Seed `category_type` (extension M0) : DISTRIBUTEUR / COURTIER / SECTEUR /
|
||||
* AUTRE, en `ON CONFLICT (code) DO NOTHING` (idempotent — la table peut deja
|
||||
* porter des donnees en prod). En dev/test, les fixtures purgent et re-seedent
|
||||
* ces 4 types (cf. CategoryTypeFixtures) ; ce seed migration couvre la prod ou
|
||||
* les fixtures ne tournent pas.
|
||||
*
|
||||
* Namespace racine `DoctrineMigrations` (regle ABSOLUE Starseed n°11) et NON
|
||||
* `App\Module\Commercial\...` : avec plusieurs migrations_paths, Doctrine
|
||||
* Migrations 3.x trie par FQCN alphabetique (AlphabeticalComparator → strcmp).
|
||||
* Un namespace `App\Module\Commercial\...` trierait AVANT `DoctrineMigrations\...`
|
||||
* et la migration s'executerait avant la creation de user/category/site sur
|
||||
* base vide → echec des FK. Le namespace racine garantit l'ordre par timestamp.
|
||||
*
|
||||
* Style DDL aligne sur la migration M0 (Version20260527164000) plutot que sur
|
||||
* le pseudo-SQL de la spec § 3.2 : `INT GENERATED BY DEFAULT AS IDENTITY` (et
|
||||
* non SERIAL), `TIMESTAMP(0) WITHOUT TIME ZONE` (et non TIMESTAMPTZ, car le
|
||||
* `TimestampableBlamableTrait` mappe `datetime_immutable`). Garantit que
|
||||
* `schema:update` restera un no-op quand les entites arriveront (ticket ERP-54).
|
||||
*
|
||||
* Decision Q4 (29/05/2026) : unicite metier sur le NOM DE SOCIETE uniquement.
|
||||
* Pas d'index unique sur siren ni email (RG-1.15 / RG-1.17 supprimees).
|
||||
*
|
||||
* Chaque colonne porte un `COMMENT ON COLUMN` (regle ABSOLUE n°12, garde-fou
|
||||
* ColumnsHaveSqlCommentTest). Les tables n'etant pas encore mappees par l'ORM,
|
||||
* ces commentaires survivent au `schema:update --force` du setup de test.
|
||||
*/
|
||||
final class Version20260601000000 extends AbstractMigration
|
||||
{
|
||||
public function getDescription(): string
|
||||
{
|
||||
return 'ERP-53 (M1) : tables client + sous-collections + referentiels comptables + seed category_type.';
|
||||
}
|
||||
|
||||
public function up(Schema $schema): void
|
||||
{
|
||||
$this->createAccountingReferentials();
|
||||
$this->createClientTable();
|
||||
$this->createClientCategory();
|
||||
$this->createClientContact();
|
||||
$this->createClientAddress();
|
||||
$this->createClientAddressJoinTables();
|
||||
$this->createClientRib();
|
||||
$this->seedCategoryTypes();
|
||||
}
|
||||
|
||||
public function down(Schema $schema): void
|
||||
{
|
||||
// Ordre inverse des dependances FK : on supprime d'abord les jointures
|
||||
// et sous-collections, puis client, puis les referentiels.
|
||||
$this->addSql('DROP TABLE client_address_category');
|
||||
$this->addSql('DROP TABLE client_address_contact');
|
||||
$this->addSql('DROP TABLE client_address_site');
|
||||
$this->addSql('DROP TABLE client_rib');
|
||||
$this->addSql('DROP TABLE client_address');
|
||||
$this->addSql('DROP TABLE client_contact');
|
||||
$this->addSql('DROP TABLE client_category');
|
||||
$this->addSql('DROP TABLE client');
|
||||
$this->addSql('DROP TABLE bank');
|
||||
$this->addSql('DROP TABLE payment_type');
|
||||
$this->addSql('DROP TABLE payment_delay');
|
||||
$this->addSql('DROP TABLE tva_mode');
|
||||
|
||||
// Retire uniquement les 4 types seedes par cette migration ET restes
|
||||
// orphelins (aucune `category` ne les reference). Sans la clause
|
||||
// NOT EXISTS, le DELETE casse sur la FK RESTRICT category.category_type_id
|
||||
// des qu'une categorie pointe sur l'un d'eux. Symetrique du
|
||||
// `ON CONFLICT (code) DO NOTHING` du up() : on ne defait que ce qu'on a
|
||||
// reellement cree et qui n'est pas reutilise.
|
||||
$this->addSql(<<<'SQL'
|
||||
DELETE FROM category_type
|
||||
WHERE code IN ('DISTRIBUTEUR', 'COURTIER', 'SECTEUR', 'AUTRE')
|
||||
AND NOT EXISTS (
|
||||
SELECT 1 FROM category c WHERE c.category_type_id = category_type.id
|
||||
)
|
||||
SQL);
|
||||
}
|
||||
|
||||
// =================================================================
|
||||
// Referentiels comptables (4 tables statiques, memes colonnes)
|
||||
// =================================================================
|
||||
|
||||
private function createAccountingReferentials(): void
|
||||
{
|
||||
$referentials = [
|
||||
'tva_mode' => 'Referentiel des modes de TVA appliques a un client (France, Export, Intracom).',
|
||||
'payment_delay' => 'Referentiel des delais de reglement (15 jours, 30 jours, a reception).',
|
||||
'payment_type' => 'Referentiel des types de reglement (virement, LCR, cheque, non soumise).',
|
||||
'bank' => 'Referentiel des banques selectionnables pour le reglement par virement.',
|
||||
];
|
||||
|
||||
foreach ($referentials as $table => $tableComment) {
|
||||
$this->addSql(sprintf(<<<'SQL'
|
||||
CREATE TABLE %s (
|
||||
id INT GENERATED BY DEFAULT AS IDENTITY NOT NULL,
|
||||
code VARCHAR(30) NOT NULL,
|
||||
label VARCHAR(120) NOT NULL,
|
||||
position INT DEFAULT 0 NOT NULL,
|
||||
PRIMARY KEY (id)
|
||||
)
|
||||
SQL, $table));
|
||||
$this->addSql(sprintf('CREATE UNIQUE INDEX uq_%s_code ON %s (code)', $table, $table));
|
||||
|
||||
$this->comment($table, '_table', $tableComment);
|
||||
$this->comment($table, 'id', 'Identifiant interne auto-incremente.');
|
||||
$this->comment($table, 'code', 'Code technique stable (UPPER_SNAKE, ≤ 30 caracteres) — unique, utilise par le code metier.');
|
||||
$this->comment($table, 'label', 'Libelle affichable (FR, ≤ 120 caracteres).');
|
||||
$this->comment($table, 'position', 'Ordre d affichage croissant dans les selecteurs (tri position ASC puis label ASC).');
|
||||
}
|
||||
|
||||
// Seed initial (cf. spec § 3.2). Tables fraichement creees donc vides :
|
||||
// INSERT direct sans ON CONFLICT.
|
||||
$this->addSql(<<<'SQL'
|
||||
INSERT INTO tva_mode (code, label, position) VALUES
|
||||
('FRANCE_VENTES', 'France (ventes)', 10),
|
||||
('EXPORT_VENTES', 'Export (ventes)', 20),
|
||||
('INTRACOM_VENTES', 'Intracom (ventes)', 30)
|
||||
SQL);
|
||||
$this->addSql(<<<'SQL'
|
||||
INSERT INTO payment_delay (code, label, position) VALUES
|
||||
('J15', '15 jours', 10),
|
||||
('J30', '30 jours', 20),
|
||||
('A_RECEPTION', 'À réception', 30)
|
||||
SQL);
|
||||
$this->addSql(<<<'SQL'
|
||||
INSERT INTO payment_type (code, label, position) VALUES
|
||||
('VIREMENT', 'Virement', 10),
|
||||
('LCR', 'LCR', 20),
|
||||
('NON_SOUMISE', 'Non soumise', 30),
|
||||
('CHEQUE', 'Chèque', 40)
|
||||
SQL);
|
||||
$this->addSql(<<<'SQL'
|
||||
INSERT INTO bank (code, label, position) VALUES
|
||||
('SG', 'Société Générale', 10),
|
||||
('CIC', 'CIC', 20),
|
||||
('CA', 'Crédit Agricole', 30)
|
||||
SQL);
|
||||
}
|
||||
|
||||
// =================================================================
|
||||
// Table principale `client`
|
||||
// =================================================================
|
||||
|
||||
private function createClientTable(): void
|
||||
{
|
||||
$this->addSql(<<<'SQL'
|
||||
CREATE TABLE client (
|
||||
id INT GENERATED BY DEFAULT AS IDENTITY NOT NULL,
|
||||
company_name VARCHAR(180) NOT NULL,
|
||||
first_name VARCHAR(120) DEFAULT NULL,
|
||||
last_name VARCHAR(120) DEFAULT NULL,
|
||||
phone_primary VARCHAR(20) NOT NULL,
|
||||
phone_secondary VARCHAR(20) DEFAULT NULL,
|
||||
email VARCHAR(180) NOT NULL,
|
||||
distributor_id INT DEFAULT NULL,
|
||||
broker_id INT DEFAULT NULL,
|
||||
triage_service BOOLEAN DEFAULT FALSE NOT NULL,
|
||||
description TEXT DEFAULT NULL,
|
||||
competitors VARCHAR(255) DEFAULT NULL,
|
||||
founded_at DATE DEFAULT NULL,
|
||||
employees_count INT DEFAULT NULL,
|
||||
revenue_amount NUMERIC(15, 2) DEFAULT NULL,
|
||||
director_name VARCHAR(120) DEFAULT NULL,
|
||||
profit_amount NUMERIC(15, 2) DEFAULT NULL,
|
||||
siren VARCHAR(20) DEFAULT NULL,
|
||||
account_number VARCHAR(40) DEFAULT NULL,
|
||||
tva_mode_id INT DEFAULT NULL,
|
||||
n_tva VARCHAR(40) DEFAULT NULL,
|
||||
payment_delay_id INT DEFAULT NULL,
|
||||
payment_type_id INT DEFAULT NULL,
|
||||
bank_id INT DEFAULT NULL,
|
||||
is_archived BOOLEAN DEFAULT FALSE NOT NULL,
|
||||
archived_at TIMESTAMP(0) WITHOUT TIME ZONE DEFAULT NULL,
|
||||
deleted_at TIMESTAMP(0) WITHOUT TIME ZONE DEFAULT NULL,
|
||||
created_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL,
|
||||
updated_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL,
|
||||
created_by INT DEFAULT NULL,
|
||||
updated_by INT DEFAULT NULL,
|
||||
PRIMARY KEY (id),
|
||||
CONSTRAINT chk_client_distrib_or_broker
|
||||
CHECK (NOT (distributor_id IS NOT NULL AND broker_id IS NOT NULL)),
|
||||
CONSTRAINT fk_client_distributor
|
||||
FOREIGN KEY (distributor_id) REFERENCES client (id) ON DELETE SET NULL,
|
||||
CONSTRAINT fk_client_broker
|
||||
FOREIGN KEY (broker_id) REFERENCES client (id) ON DELETE SET NULL,
|
||||
CONSTRAINT fk_client_tva_mode
|
||||
FOREIGN KEY (tva_mode_id) REFERENCES tva_mode (id) ON DELETE RESTRICT,
|
||||
CONSTRAINT fk_client_payment_delay
|
||||
FOREIGN KEY (payment_delay_id) REFERENCES payment_delay (id) ON DELETE RESTRICT,
|
||||
CONSTRAINT fk_client_payment_type
|
||||
FOREIGN KEY (payment_type_id) REFERENCES payment_type (id) ON DELETE RESTRICT,
|
||||
CONSTRAINT fk_client_bank
|
||||
FOREIGN KEY (bank_id) REFERENCES bank (id) ON DELETE RESTRICT,
|
||||
CONSTRAINT fk_client_created_by
|
||||
FOREIGN KEY (created_by) REFERENCES "user" (id) ON DELETE SET NULL,
|
||||
CONSTRAINT fk_client_updated_by
|
||||
FOREIGN KEY (updated_by) REFERENCES "user" (id) ON DELETE SET NULL
|
||||
)
|
||||
SQL);
|
||||
|
||||
$this->addSql('CREATE INDEX idx_client_is_archived ON client (is_archived)');
|
||||
$this->addSql('CREATE INDEX idx_client_deleted_at ON client (deleted_at)');
|
||||
$this->addSql('CREATE INDEX idx_client_distributor_id ON client (distributor_id)');
|
||||
$this->addSql('CREATE INDEX idx_client_broker_id ON client (broker_id)');
|
||||
$this->addSql('CREATE INDEX idx_client_created_by ON client (created_by)');
|
||||
$this->addSql('CREATE INDEX idx_client_updated_by ON client (updated_by)');
|
||||
|
||||
// Index sur les FK des referentiels comptables — coherence avec les autres
|
||||
// FK deja indexees ci-dessus (Postgres n'indexe pas automatiquement les
|
||||
// colonnes portant une FOREIGN KEY).
|
||||
$this->addSql('CREATE INDEX idx_client_tva_mode_id ON client (tva_mode_id)');
|
||||
$this->addSql('CREATE INDEX idx_client_payment_delay_id ON client (payment_delay_id)');
|
||||
$this->addSql('CREATE INDEX idx_client_payment_type_id ON client (payment_type_id)');
|
||||
$this->addSql('CREATE INDEX idx_client_bank_id ON client (bank_id)');
|
||||
|
||||
// Unicite metier partielle (Q4) : nom de societe insensible a la casse,
|
||||
// parmi les non-archives ET non soft-deletes uniquement. Pas d'index
|
||||
// unique sur siren ni email.
|
||||
$this->addSql(<<<'SQL'
|
||||
CREATE UNIQUE INDEX uq_client_company_name_active
|
||||
ON client (LOWER(company_name))
|
||||
WHERE is_archived = FALSE AND deleted_at IS NULL
|
||||
SQL);
|
||||
|
||||
$this->comment('client', '_table', 'Repertoire clients (M1 Commercial) — entites archivables (is_archived) et soft-deletables (deleted_at, HP M2).');
|
||||
$this->comment('client', 'id', 'Identifiant interne auto-incremente.');
|
||||
$this->comment('client', 'company_name', 'Raison sociale (stockee en MAJUSCULES, RG-1.18). Unique case-insensitive parmi les actifs non archives/non supprimes (RG-1.16, uq_client_company_name_active).');
|
||||
$this->comment('client', 'first_name', 'Prenom du contact principal (capitalise serveur, RG-1.19). first_name OU last_name obligatoire (RG-1.01).');
|
||||
$this->comment('client', 'last_name', 'Nom du contact principal (capitalise serveur, RG-1.19). first_name OU last_name obligatoire (RG-1.01).');
|
||||
$this->comment('client', 'phone_primary', 'Telephone principal — stocke en chiffres uniquement (RG-1.20). Obligatoire.');
|
||||
$this->comment('client', 'phone_secondary', 'Telephone secondaire optionnel — chiffres uniquement (RG-1.20).');
|
||||
$this->comment('client', 'email', 'Email principal (lowercase serveur, RG-1.21). NON unique (RG-1.17 supprimee, Q4).');
|
||||
$this->comment('client', 'distributor_id', 'FK auto-referente vers un client porteur de la categorie DISTRIBUTEUR — exclusive avec broker_id (RG-1.03, chk_client_distrib_or_broker). FK -> client.id, ON DELETE SET NULL.');
|
||||
$this->comment('client', 'broker_id', 'FK auto-referente vers un client porteur de la categorie COURTIER — exclusive avec distributor_id (RG-1.03). FK -> client.id, ON DELETE SET NULL.');
|
||||
$this->comment('client', 'triage_service', 'Drapeau service triage active pour le client. Faux par defaut.');
|
||||
$this->comment('client', 'description', 'Onglet Information : description libre. Obligatoire pour le role Commerciale (RG-1.04), optionnel sinon.');
|
||||
$this->comment('client', 'competitors', 'Onglet Information : concurrents identifies (texte libre ≤ 255). Obligatoire role Commerciale (RG-1.04).');
|
||||
$this->comment('client', 'founded_at', 'Onglet Information : date de creation de l entreprise. Obligatoire role Commerciale (RG-1.04).');
|
||||
$this->comment('client', 'employees_count', 'Onglet Information : effectif (entier >= 0). Obligatoire role Commerciale (RG-1.04).');
|
||||
$this->comment('client', 'revenue_amount', 'Onglet Information : chiffre d affaires (NUMERIC 15,2). Obligatoire role Commerciale (RG-1.04).');
|
||||
$this->comment('client', 'director_name', 'Onglet Information : nom du dirigeant. Obligatoire role Commerciale (RG-1.04).');
|
||||
$this->comment('client', 'profit_amount', 'Onglet Information : resultat / benefice (NUMERIC 15,2). Obligatoire role Commerciale (RG-1.04).');
|
||||
$this->comment('client', 'siren', 'Onglet Comptabilite : SIREN (9 chiffres attendus). NON unique — peut etre partage entre etablissements (RG-1.15 supprimee, Q4).');
|
||||
$this->comment('client', 'account_number', 'Onglet Comptabilite : numero de compte comptable du client.');
|
||||
$this->comment('client', 'tva_mode_id', 'Onglet Comptabilite : mode de TVA applique — FK -> tva_mode.id, ON DELETE RESTRICT.');
|
||||
$this->comment('client', 'n_tva', 'Onglet Comptabilite : numero de TVA intracommunautaire.');
|
||||
$this->comment('client', 'payment_delay_id', 'Onglet Comptabilite : delai de reglement — FK -> payment_delay.id, ON DELETE RESTRICT.');
|
||||
$this->comment('client', 'payment_type_id', 'Onglet Comptabilite : type de reglement — FK -> payment_type.id, ON DELETE RESTRICT. Code LCR impose >= 1 RIB (RG-1.13), VIREMENT impose une banque (RG-1.12).');
|
||||
$this->comment('client', 'bank_id', 'Onglet Comptabilite : banque — FK -> bank.id, ON DELETE RESTRICT. Obligatoire si payment_type = VIREMENT (RG-1.12).');
|
||||
$this->comment('client', 'is_archived', 'Drapeau fonctionnel d archivage — masque par defaut dans la liste. Bascule via permission commercial.clients.archive (RG-1.22/23).');
|
||||
$this->comment('client', 'archived_at', 'Horodatage de l archivage — pose quand is_archived passe a vrai, remis a null a la restauration (RG-1.22/23).');
|
||||
$this->comment('client', 'deleted_at', 'Horodatage du soft-delete technique (HP M2) — non expose par l API au M1. Null = ligne active.');
|
||||
$this->addTimestampableBlamableComments('client');
|
||||
}
|
||||
|
||||
// =================================================================
|
||||
// M2M client <-> category
|
||||
// =================================================================
|
||||
|
||||
private function createClientCategory(): void
|
||||
{
|
||||
$this->addSql(<<<'SQL'
|
||||
CREATE TABLE client_category (
|
||||
client_id INT NOT NULL,
|
||||
category_id INT NOT NULL,
|
||||
PRIMARY KEY (client_id, category_id),
|
||||
CONSTRAINT fk_client_category_client
|
||||
FOREIGN KEY (client_id) REFERENCES client (id) ON DELETE CASCADE,
|
||||
CONSTRAINT fk_client_category_category
|
||||
FOREIGN KEY (category_id) REFERENCES category (id) ON DELETE RESTRICT
|
||||
)
|
||||
SQL);
|
||||
$this->addSql('CREATE INDEX idx_client_category_category ON client_category (category_id)');
|
||||
|
||||
$this->comment('client_category', '_table', 'Jointure M2M client <-> category (Catalog) — categories metier du client (au moins une obligatoire).');
|
||||
$this->comment('client_category', 'client_id', 'FK -> client.id, ON DELETE CASCADE — client porteur de la categorie.');
|
||||
$this->comment('client_category', 'category_id', 'FK -> category.id, ON DELETE RESTRICT — categorie rattachee au client.');
|
||||
}
|
||||
|
||||
// =================================================================
|
||||
// Sous-collection : contacts (1:n)
|
||||
// =================================================================
|
||||
|
||||
private function createClientContact(): void
|
||||
{
|
||||
$this->addSql(<<<'SQL'
|
||||
CREATE TABLE client_contact (
|
||||
id INT GENERATED BY DEFAULT AS IDENTITY NOT NULL,
|
||||
client_id INT NOT NULL,
|
||||
first_name VARCHAR(120) DEFAULT NULL,
|
||||
last_name VARCHAR(120) DEFAULT NULL,
|
||||
job_title VARCHAR(120) DEFAULT NULL,
|
||||
phone_primary VARCHAR(20) DEFAULT NULL,
|
||||
phone_secondary VARCHAR(20) DEFAULT NULL,
|
||||
email VARCHAR(180) DEFAULT NULL,
|
||||
position INT DEFAULT 0 NOT NULL,
|
||||
created_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL,
|
||||
updated_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL,
|
||||
created_by INT DEFAULT NULL,
|
||||
updated_by INT DEFAULT NULL,
|
||||
PRIMARY KEY (id),
|
||||
CONSTRAINT chk_client_contact_name
|
||||
CHECK (first_name IS NOT NULL OR last_name IS NOT NULL),
|
||||
CONSTRAINT fk_client_contact_client
|
||||
FOREIGN KEY (client_id) REFERENCES client (id) ON DELETE CASCADE,
|
||||
CONSTRAINT fk_client_contact_created_by
|
||||
FOREIGN KEY (created_by) REFERENCES "user" (id) ON DELETE SET NULL,
|
||||
CONSTRAINT fk_client_contact_updated_by
|
||||
FOREIGN KEY (updated_by) REFERENCES "user" (id) ON DELETE SET NULL
|
||||
)
|
||||
SQL);
|
||||
$this->addSql('CREATE INDEX idx_client_contact_client ON client_contact (client_id)');
|
||||
|
||||
$this->comment('client_contact', '_table', 'Contacts d un client (1:n) — au moins firstName OU lastName par contact (RG-1.05).');
|
||||
$this->comment('client_contact', 'id', 'Identifiant interne auto-incremente.');
|
||||
$this->comment('client_contact', 'client_id', 'FK -> client.id, ON DELETE CASCADE — client proprietaire du contact.');
|
||||
$this->comment('client_contact', 'first_name', 'Prenom du contact (capitalise serveur). first_name OU last_name obligatoire (RG-1.05, chk_client_contact_name).');
|
||||
$this->comment('client_contact', 'last_name', 'Nom du contact (capitalise serveur). first_name OU last_name obligatoire (RG-1.05, chk_client_contact_name).');
|
||||
$this->comment('client_contact', 'job_title', 'Fonction / intitule de poste du contact (≤ 120 caracteres).');
|
||||
$this->comment('client_contact', 'phone_primary', 'Telephone principal du contact — chiffres uniquement (RG-1.20).');
|
||||
$this->comment('client_contact', 'phone_secondary', 'Telephone secondaire du contact — chiffres uniquement (RG-1.20).');
|
||||
$this->comment('client_contact', 'email', 'Email du contact (lowercase serveur, RG-1.21).');
|
||||
$this->comment('client_contact', 'position', 'Ordre d affichage du contact dans la liste du client (croissant).');
|
||||
$this->addTimestampableBlamableComments('client_contact');
|
||||
}
|
||||
|
||||
// =================================================================
|
||||
// Sous-collection : adresses (1:n)
|
||||
// =================================================================
|
||||
|
||||
private function createClientAddress(): void
|
||||
{
|
||||
$this->addSql(<<<'SQL'
|
||||
CREATE TABLE client_address (
|
||||
id INT GENERATED BY DEFAULT AS IDENTITY NOT NULL,
|
||||
client_id INT NOT NULL,
|
||||
is_prospect BOOLEAN DEFAULT FALSE NOT NULL,
|
||||
is_delivery BOOLEAN DEFAULT FALSE NOT NULL,
|
||||
is_billing BOOLEAN DEFAULT FALSE NOT NULL,
|
||||
country VARCHAR(80) DEFAULT 'France' NOT NULL,
|
||||
postal_code VARCHAR(20) NOT NULL,
|
||||
city VARCHAR(120) NOT NULL,
|
||||
street VARCHAR(255) NOT NULL,
|
||||
street_complement VARCHAR(255) DEFAULT NULL,
|
||||
billing_email VARCHAR(180) DEFAULT NULL,
|
||||
position INT DEFAULT 0 NOT NULL,
|
||||
created_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL,
|
||||
updated_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL,
|
||||
created_by INT DEFAULT NULL,
|
||||
updated_by INT DEFAULT NULL,
|
||||
PRIMARY KEY (id),
|
||||
CONSTRAINT chk_client_address_prospect_exclusive
|
||||
CHECK (NOT (is_prospect = TRUE AND (is_delivery = TRUE OR is_billing = TRUE))),
|
||||
CONSTRAINT chk_client_address_billing_email
|
||||
CHECK ((is_billing = FALSE AND billing_email IS NULL)
|
||||
OR (is_billing = TRUE AND billing_email IS NOT NULL)),
|
||||
CONSTRAINT fk_client_address_client
|
||||
FOREIGN KEY (client_id) REFERENCES client (id) ON DELETE CASCADE,
|
||||
CONSTRAINT fk_client_address_created_by
|
||||
FOREIGN KEY (created_by) REFERENCES "user" (id) ON DELETE SET NULL,
|
||||
CONSTRAINT fk_client_address_updated_by
|
||||
FOREIGN KEY (updated_by) REFERENCES "user" (id) ON DELETE SET NULL
|
||||
)
|
||||
SQL);
|
||||
$this->addSql('CREATE INDEX idx_client_address_client ON client_address (client_id)');
|
||||
|
||||
$this->comment('client_address', '_table', 'Adresses d un client (1:n) — prospect exclusif de livraison/facturation (RG-1.06/07/08), >= 1 site rattache (RG-1.10).');
|
||||
$this->comment('client_address', 'id', 'Identifiant interne auto-incremente.');
|
||||
$this->comment('client_address', 'client_id', 'FK -> client.id, ON DELETE CASCADE — client proprietaire de l adresse.');
|
||||
$this->comment('client_address', 'is_prospect', 'Adresse de prospection — exclusive de is_delivery/is_billing (RG-1.06/07/08, chk_client_address_prospect_exclusive). Faux par defaut.');
|
||||
$this->comment('client_address', 'is_delivery', 'Adresse de livraison. Exclusive de is_prospect. Faux par defaut.');
|
||||
$this->comment('client_address', 'is_billing', 'Adresse de facturation. Exclusive de is_prospect. Impose billing_email (RG-1.11). Faux par defaut.');
|
||||
$this->comment('client_address', 'country', 'Pays de l adresse — defaut France.');
|
||||
$this->comment('client_address', 'postal_code', 'Code postal (4-5 chiffres attendus, RG-1.09).');
|
||||
$this->comment('client_address', 'city', 'Ville — preremplie depuis le code postal via API BAN cote front (RG-1.09).');
|
||||
$this->comment('client_address', 'street', 'Numero et voie de l adresse.');
|
||||
$this->comment('client_address', 'street_complement', 'Complement d adresse (etage, batiment...) — optionnel.');
|
||||
$this->comment('client_address', 'billing_email', 'Email de facturation — obligatoire si is_billing, null sinon (RG-1.11, chk_client_address_billing_email).');
|
||||
$this->comment('client_address', 'position', 'Ordre d affichage de l adresse dans la liste du client (croissant).');
|
||||
$this->addTimestampableBlamableComments('client_address');
|
||||
}
|
||||
|
||||
// =================================================================
|
||||
// Jointures de client_address (M2M)
|
||||
// =================================================================
|
||||
|
||||
private function createClientAddressJoinTables(): void
|
||||
{
|
||||
$this->addSql(<<<'SQL'
|
||||
CREATE TABLE client_address_site (
|
||||
client_address_id INT NOT NULL,
|
||||
site_id INT NOT NULL,
|
||||
PRIMARY KEY (client_address_id, site_id),
|
||||
CONSTRAINT fk_client_address_site_address
|
||||
FOREIGN KEY (client_address_id) REFERENCES client_address (id) ON DELETE CASCADE,
|
||||
CONSTRAINT fk_client_address_site_site
|
||||
FOREIGN KEY (site_id) REFERENCES site (id) ON DELETE RESTRICT
|
||||
)
|
||||
SQL);
|
||||
$this->comment('client_address_site', '_table', 'Jointure M2M client_address <-> site (Sites) — sites desservis par l adresse (>= 1 obligatoire, RG-1.10).');
|
||||
$this->comment('client_address_site', 'client_address_id', 'FK -> client_address.id, ON DELETE CASCADE — adresse concernee.');
|
||||
$this->comment('client_address_site', 'site_id', 'FK -> site.id, ON DELETE RESTRICT — site rattache a l adresse.');
|
||||
|
||||
$this->addSql(<<<'SQL'
|
||||
CREATE TABLE client_address_contact (
|
||||
client_address_id INT NOT NULL,
|
||||
client_contact_id INT NOT NULL,
|
||||
PRIMARY KEY (client_address_id, client_contact_id),
|
||||
CONSTRAINT fk_client_address_contact_address
|
||||
FOREIGN KEY (client_address_id) REFERENCES client_address (id) ON DELETE CASCADE,
|
||||
CONSTRAINT fk_client_address_contact_contact
|
||||
FOREIGN KEY (client_contact_id) REFERENCES client_contact (id) ON DELETE CASCADE
|
||||
)
|
||||
SQL);
|
||||
$this->comment('client_address_contact', '_table', 'Jointure M2M client_address <-> client_contact — contacts associes a une adresse.');
|
||||
$this->comment('client_address_contact', 'client_address_id', 'FK -> client_address.id, ON DELETE CASCADE — adresse concernee.');
|
||||
$this->comment('client_address_contact', 'client_contact_id', 'FK -> client_contact.id, ON DELETE CASCADE — contact associe a l adresse.');
|
||||
|
||||
$this->addSql(<<<'SQL'
|
||||
CREATE TABLE client_address_category (
|
||||
client_address_id INT NOT NULL,
|
||||
category_id INT NOT NULL,
|
||||
PRIMARY KEY (client_address_id, category_id),
|
||||
CONSTRAINT fk_client_address_category_address
|
||||
FOREIGN KEY (client_address_id) REFERENCES client_address (id) ON DELETE CASCADE,
|
||||
CONSTRAINT fk_client_address_category_category
|
||||
FOREIGN KEY (category_id) REFERENCES category (id) ON DELETE RESTRICT
|
||||
)
|
||||
SQL);
|
||||
$this->comment('client_address_category', '_table', 'Jointure M2M client_address <-> category — categories d adresse (types SECTEUR/AUTRE uniquement, RG-1.29).');
|
||||
$this->comment('client_address_category', 'client_address_id', 'FK -> client_address.id, ON DELETE CASCADE — adresse concernee.');
|
||||
$this->comment('client_address_category', 'category_id', 'FK -> category.id, ON DELETE RESTRICT — categorie d adresse (type SECTEUR ou AUTRE, RG-1.29).');
|
||||
}
|
||||
|
||||
// =================================================================
|
||||
// Sous-collection : RIB (1:n)
|
||||
// =================================================================
|
||||
|
||||
private function createClientRib(): void
|
||||
{
|
||||
$this->addSql(<<<'SQL'
|
||||
CREATE TABLE client_rib (
|
||||
id INT GENERATED BY DEFAULT AS IDENTITY NOT NULL,
|
||||
client_id INT NOT NULL,
|
||||
label VARCHAR(120) NOT NULL,
|
||||
bic VARCHAR(20) NOT NULL,
|
||||
iban VARCHAR(34) NOT NULL,
|
||||
position INT DEFAULT 0 NOT NULL,
|
||||
created_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL,
|
||||
updated_at TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL,
|
||||
created_by INT DEFAULT NULL,
|
||||
updated_by INT DEFAULT NULL,
|
||||
PRIMARY KEY (id),
|
||||
CONSTRAINT fk_client_rib_client
|
||||
FOREIGN KEY (client_id) REFERENCES client (id) ON DELETE CASCADE,
|
||||
CONSTRAINT fk_client_rib_created_by
|
||||
FOREIGN KEY (created_by) REFERENCES "user" (id) ON DELETE SET NULL,
|
||||
CONSTRAINT fk_client_rib_updated_by
|
||||
FOREIGN KEY (updated_by) REFERENCES "user" (id) ON DELETE SET NULL
|
||||
)
|
||||
SQL);
|
||||
$this->addSql('CREATE INDEX idx_client_rib_client ON client_rib (client_id)');
|
||||
|
||||
$this->comment('client_rib', '_table', 'Coordonnees bancaires d un client (1:n) — >= 1 RIB obligatoire si payment_type = LCR (RG-1.13). Tous les champs audites (pas d AuditIgnore).');
|
||||
$this->comment('client_rib', 'id', 'Identifiant interne auto-incremente.');
|
||||
$this->comment('client_rib', 'client_id', 'FK -> client.id, ON DELETE CASCADE — client proprietaire du RIB.');
|
||||
$this->comment('client_rib', 'label', 'Libelle du RIB (ex: compte principal).');
|
||||
$this->comment('client_rib', 'bic', 'Code BIC/SWIFT de la banque (8 ou 11 caracteres).');
|
||||
$this->comment('client_rib', 'iban', 'IBAN du compte (≤ 34 caracteres).');
|
||||
$this->comment('client_rib', 'position', 'Ordre d affichage du RIB dans la liste du client (croissant).');
|
||||
$this->addTimestampableBlamableComments('client_rib');
|
||||
}
|
||||
|
||||
// =================================================================
|
||||
// Seed extension category_type (M0)
|
||||
// =================================================================
|
||||
|
||||
private function seedCategoryTypes(): void
|
||||
{
|
||||
// Idempotent : la table category_type peut deja porter des donnees en
|
||||
// prod. ON CONFLICT (code) s appuie sur l index unique uq_category_type_code.
|
||||
// NB : la table M0 n a pas de colonne `position` (id/code/label seulement),
|
||||
// contrairement au pseudo-SQL de la spec § 3.3.
|
||||
$this->addSql(<<<'SQL'
|
||||
INSERT INTO category_type (code, label) VALUES
|
||||
('DISTRIBUTEUR', 'Distributeur'),
|
||||
('COURTIER', 'Courtier'),
|
||||
('SECTEUR', 'Secteur'),
|
||||
('AUTRE', 'Autre')
|
||||
ON CONFLICT (code) DO NOTHING
|
||||
SQL);
|
||||
}
|
||||
|
||||
// =================================================================
|
||||
// Helpers
|
||||
// =================================================================
|
||||
|
||||
/**
|
||||
* Pose les 4 commentaires standardises Timestampable/Blamable sur une table,
|
||||
* en reutilisant le catalogue partage (source unique, cf. ERP-67).
|
||||
*/
|
||||
private function addTimestampableBlamableComments(string $table): void
|
||||
{
|
||||
foreach (ColumnCommentsCatalog::timestampableBlamableComments() as $column => $description) {
|
||||
$this->comment($table, $column, $description);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Emet un `COMMENT ON TABLE` (colonne speciale `_table`) ou
|
||||
* `COMMENT ON COLUMN` en dollar-quoting Postgres ($_$...$_$) pour eviter
|
||||
* tout echappement d apostrophe.
|
||||
*/
|
||||
private function comment(string $table, string $column, string $description): void
|
||||
{
|
||||
$quotedTable = '"'.str_replace('"', '""', $table).'"';
|
||||
|
||||
if ('_table' === $column) {
|
||||
$this->addSql(sprintf('COMMENT ON TABLE %s IS $_$%s$_$', $quotedTable, $description));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$this->addSql(sprintf(
|
||||
'COMMENT ON COLUMN %s.%s IS $_$%s$_$',
|
||||
$quotedTable,
|
||||
'"'.str_replace('"', '""', $column).'"',
|
||||
$description,
|
||||
));
|
||||
}
|
||||
}
|
||||
@@ -15,6 +15,7 @@ use App\Module\Catalog\Infrastructure\ApiPlatform\State\Provider\CategoryProvide
|
||||
use App\Module\Catalog\Infrastructure\Doctrine\DoctrineCategoryRepository;
|
||||
use App\Shared\Domain\Attribute\Auditable;
|
||||
use App\Shared\Domain\Contract\BlamableInterface;
|
||||
use App\Shared\Domain\Contract\CategoryInterface;
|
||||
use App\Shared\Domain\Contract\TimestampableInterface;
|
||||
use App\Shared\Domain\Trait\TimestampableBlamableTrait;
|
||||
use DateTimeImmutable;
|
||||
@@ -82,7 +83,7 @@ use Symfony\Component\Validator\Constraints as Assert;
|
||||
#[ORM\Index(name: 'idx_category_created_by', columns: ['created_by'])]
|
||||
#[ORM\Index(name: 'idx_category_updated_by', columns: ['updated_by'])]
|
||||
#[Auditable]
|
||||
class Category implements TimestampableInterface, BlamableInterface
|
||||
class Category implements TimestampableInterface, BlamableInterface, CategoryInterface
|
||||
{
|
||||
// === Timestampable + Blamable ===
|
||||
// Les 4 colonnes (created_at, updated_at, created_by, updated_by) + leurs
|
||||
@@ -152,6 +153,16 @@ class Category implements TimestampableInterface, BlamableInterface
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implemente CategoryInterface : code du type rattache (ou null). Permet
|
||||
* aux modules tiers de filtrer/valider par type metier sans dependre de
|
||||
* Catalog.
|
||||
*/
|
||||
public function getCategoryTypeCode(): ?string
|
||||
{
|
||||
return $this->categoryType?->getCode();
|
||||
}
|
||||
|
||||
public function getDeletedAt(): ?DateTimeImmutable
|
||||
{
|
||||
return $this->deletedAt;
|
||||
|
||||
@@ -0,0 +1,63 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Catalog\Infrastructure\DataFixtures;
|
||||
|
||||
use App\Module\Catalog\Domain\Entity\CategoryType;
|
||||
use App\Module\Catalog\Domain\Repository\CategoryTypeRepositoryInterface;
|
||||
use Doctrine\Bundle\FixturesBundle\Fixture;
|
||||
use Doctrine\Persistence\ObjectManager;
|
||||
|
||||
/**
|
||||
* Fixtures du module Catalog : seed des types de categorie metier (M1).
|
||||
*
|
||||
* La table `category_type` est creee vide au M0 ; le M1 la peuple avec les 4
|
||||
* types DISTRIBUTEUR / COURTIER / SECTEUR / AUTRE (cf. spec M1 § 3.3).
|
||||
*
|
||||
* Pourquoi une fixture EN PLUS du seed de la migration (Version20260601000000) :
|
||||
* `category_type` est une entite managee par l ORM, donc le purger Doctrine la
|
||||
* vide avant chaque `doctrine:fixtures:load`. Sans cette fixture, les 4 types
|
||||
* seedes par la migration disparaitraient apres `make db-reset` / setup de test.
|
||||
* Le seed migration couvre la prod (ou les fixtures ne tournent pas) ; cette
|
||||
* fixture re-aligne dev et test. Les deux chemins produisent un etat identique.
|
||||
*
|
||||
* Idempotence : lookup par `code` parmi les types existants avant insertion,
|
||||
* sur le modele d AppFixtures::ensureSystemRole. Rejouable sans doublon meme
|
||||
* si le purger est desactive.
|
||||
*/
|
||||
class CategoryTypeFixtures extends Fixture
|
||||
{
|
||||
/**
|
||||
* Source unique des 4 types metier : code technique => libelle FR.
|
||||
* Doit rester aligne sur le seed de la migration Version20260601000000.
|
||||
*/
|
||||
private const TYPES = [
|
||||
'DISTRIBUTEUR' => 'Distributeur',
|
||||
'COURTIER' => 'Courtier',
|
||||
'SECTEUR' => 'Secteur',
|
||||
'AUTRE' => 'Autre',
|
||||
];
|
||||
|
||||
public function __construct(
|
||||
private readonly CategoryTypeRepositoryInterface $categoryTypeRepository,
|
||||
) {}
|
||||
|
||||
public function load(ObjectManager $manager): void
|
||||
{
|
||||
// Index des types deja presents par code, pour ne pas creer de doublon.
|
||||
$existingByCode = [];
|
||||
foreach ($this->categoryTypeRepository->findAllOrderedByLabel() as $type) {
|
||||
$existingByCode[$type->getCode()] = $type;
|
||||
}
|
||||
|
||||
foreach (self::TYPES as $code => $label) {
|
||||
$type = $existingByCode[$code] ?? new CategoryType();
|
||||
$type->setCode($code);
|
||||
$type->setLabel($label);
|
||||
$manager->persist($type);
|
||||
}
|
||||
|
||||
$manager->flush();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,80 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Application\Service;
|
||||
|
||||
/**
|
||||
* Normalisation serveur des champs texte d'un Client / ClientContact, appliquee
|
||||
* par le ClientProcessor (et plus tard le ClientContactProcessor) AVANT
|
||||
* persistance. Cf. spec-back M1 § 2.9 + RG-1.18 a RG-1.21.
|
||||
*
|
||||
* - companyName : UPPERCASE integral (RG-1.18)
|
||||
* - firstName / lastName (personnes) : Title Case (RG-1.19)
|
||||
* - phone* : chiffres uniquement, ex "06.12.34.56.78" -> "0612345678" (RG-1.20).
|
||||
* Le formatage d'affichage "XX XX XX XX XX" est de la responsabilite du front.
|
||||
* - email : lowercase integral (RG-1.21)
|
||||
*
|
||||
* Toutes les methodes sont null-safe et trim-ent l'entree ; une chaine vide
|
||||
* apres trim devient null (evite de persister "" dans des colonnes nullable).
|
||||
*/
|
||||
final class ClientFieldNormalizer
|
||||
{
|
||||
/**
|
||||
* Nom de societe en majuscules (RG-1.18). Conserve null tel quel ; une
|
||||
* chaine non vide est trim + upper. Une chaine vide reste "" (champ
|
||||
* obligatoire : c'est l'Assert\NotBlank qui rejette, pas le normalizer).
|
||||
*/
|
||||
public function normalizeCompanyName(?string $value): ?string
|
||||
{
|
||||
if (null === $value) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return mb_strtoupper(trim($value), 'UTF-8');
|
||||
}
|
||||
|
||||
/**
|
||||
* Nom/prenom de personne en Title Case (RG-1.19) : "JEAN dupont" ->
|
||||
* "Jean Dupont". Une chaine vide apres trim devient null.
|
||||
*/
|
||||
public function normalizePersonName(?string $value): ?string
|
||||
{
|
||||
if (null === $value) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$value = trim($value);
|
||||
|
||||
return '' === $value ? null : mb_convert_case($value, MB_CASE_TITLE, 'UTF-8');
|
||||
}
|
||||
|
||||
/**
|
||||
* Email en minuscules (RG-1.21). Une chaine vide apres trim devient null.
|
||||
*/
|
||||
public function normalizeEmail(?string $value): ?string
|
||||
{
|
||||
if (null === $value) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$value = trim($value);
|
||||
|
||||
return '' === $value ? null : mb_strtolower($value, 'UTF-8');
|
||||
}
|
||||
|
||||
/**
|
||||
* Telephone reduit aux chiffres (RG-1.20) : "06.12.34.56.78" ->
|
||||
* "0612345678". Une valeur sans aucun chiffre devient null.
|
||||
*/
|
||||
public function normalizePhone(?string $value): ?string
|
||||
{
|
||||
if (null === $value) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$digits = preg_replace('/\D+/', '', $value) ?? '';
|
||||
|
||||
return '' === $digits ? null : $digits;
|
||||
}
|
||||
}
|
||||
+74
@@ -0,0 +1,74 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Application\Validator;
|
||||
|
||||
use ApiPlatform\Validator\Exception\ValidationException;
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use Symfony\Component\Validator\ConstraintViolation;
|
||||
use Symfony\Component\Validator\ConstraintViolationList;
|
||||
|
||||
/**
|
||||
* Validator metier RG-1.04 (durcie ERP-74) : pour un utilisateur portant le
|
||||
* role metier Commerciale, TOUS les champs de l'onglet Information sont
|
||||
* obligatoires sur POST comme sur tout PATCH, independamment des champs
|
||||
* reellement envoyes.
|
||||
*
|
||||
* Invoque par le ClientProcessor des que l'utilisateur courant porte le role
|
||||
* Commerciale (plus de condition d'intersection avec l'onglet Information).
|
||||
* Pour les autres roles, ces champs restent optionnels — le validator n'est
|
||||
* pas appele.
|
||||
*
|
||||
* Leve une ValidationException (HTTP 422) listant chaque champ manquant, par
|
||||
* coherence avec les violations Symfony rendues par API Platform.
|
||||
*/
|
||||
final class ClientInformationCompletenessValidator
|
||||
{
|
||||
public function validate(Client $client): void
|
||||
{
|
||||
// Map champ -> valeur courante de l'onglet Information.
|
||||
$fields = [
|
||||
'description' => $client->getDescription(),
|
||||
'competitors' => $client->getCompetitors(),
|
||||
'foundedAt' => $client->getFoundedAt(),
|
||||
'employeesCount' => $client->getEmployeesCount(),
|
||||
'revenueAmount' => $client->getRevenueAmount(),
|
||||
'directorName' => $client->getDirectorName(),
|
||||
'profitAmount' => $client->getProfitAmount(),
|
||||
];
|
||||
|
||||
$violations = new ConstraintViolationList();
|
||||
|
||||
foreach ($fields as $property => $value) {
|
||||
if ($this->isMissing($value)) {
|
||||
$violations->add(new ConstraintViolation(
|
||||
sprintf('Ce champ est obligatoire pour le role Commerciale (champ "%s").', $property),
|
||||
null,
|
||||
[],
|
||||
$client,
|
||||
$property,
|
||||
$value,
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
if (count($violations) > 0) {
|
||||
throw new ValidationException($violations);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Une valeur est manquante si null ou, pour une chaine, vide apres trim.
|
||||
* Les zeros numeriques (employeesCount = 0, profitAmount = "0.00") sont des
|
||||
* valeurs valides : on ne les considere pas manquants.
|
||||
*/
|
||||
private function isMissing(mixed $value): bool
|
||||
{
|
||||
if (null === $value) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return is_string($value) && '' === trim($value);
|
||||
}
|
||||
}
|
||||
@@ -9,4 +9,36 @@ final class CommercialModule
|
||||
public const string ID = 'commercial';
|
||||
public const string LABEL = 'Commercial';
|
||||
public const bool REQUIRED = false;
|
||||
|
||||
/**
|
||||
* Liste declarative des permissions RBAC exposees par le module Commercial.
|
||||
*
|
||||
* Consommee par la commande `app:sync-permissions` (SyncPermissionsCommand)
|
||||
* qui se charge d'upserter ces entrees dans la table `permission`, de
|
||||
* reactiver les codes precedemment marques orphelins et de marquer comme
|
||||
* orphelins ceux qui ont disparu du code source.
|
||||
*
|
||||
* La cle `module` est auto-injectee par le sync command a partir de
|
||||
* `self::ID`, il est donc inutile de la repeter dans chaque entree.
|
||||
*
|
||||
* Convention de nommage des codes : `module.resource[.sub].action` en
|
||||
* snake_case, le prefixe module devant correspondre exactement a
|
||||
* `self::ID` (verifie par la commande de synchronisation).
|
||||
*
|
||||
* Granularite alignee sur Core/Catalog (view + manage), plus deux
|
||||
* permissions dediees a l'onglet Comptabilite et a l'archivage
|
||||
* (cf. spec-back M1 § 2.7).
|
||||
*
|
||||
* @return array<int, array{code: string, label: string}>
|
||||
*/
|
||||
public static function permissions(): array
|
||||
{
|
||||
return [
|
||||
['code' => 'commercial.clients.view', 'label' => 'Voir les clients'],
|
||||
['code' => 'commercial.clients.manage', 'label' => 'Créer / modifier les clients (hors onglet Comptabilité)'],
|
||||
['code' => 'commercial.clients.accounting.view', 'label' => 'Voir l\'onglet Comptabilité d\'un client'],
|
||||
['code' => 'commercial.clients.accounting.manage', 'label' => 'Modifier l\'onglet Comptabilité d\'un client'],
|
||||
['code' => 'commercial.clients.archive', 'label' => 'Archiver / restaurer un client'],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,105 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrineBankRepository;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
|
||||
/**
|
||||
* Banque selectionnable pour le reglement par virement (Societe Generale,
|
||||
* CIC, Credit Agricole) : referentiel statique seede par la migration M1 et
|
||||
* re-seede en dev/test par CommercialReferentialFixtures.
|
||||
*
|
||||
* Lecture seule au M1 (HP-M2-2) : GetCollection + Get uniquement (ERP-56),
|
||||
* permission commercial.clients.view ; POST/PATCH/DELETE -> 405. Pas de
|
||||
* Timestampable/Blamable (referentiel statique whiteliste dans
|
||||
* EntitiesAreTimestampableBlamableTest::EXCLUDED). Le groupe
|
||||
* `client:read:accounting` permet l'embarquement dans la reponse Client.
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new GetCollection(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['bank:read']],
|
||||
// Tri par defaut spec M1 § 4.7 : position ASC puis label ASC.
|
||||
order: ['position' => 'ASC', 'label' => 'ASC'],
|
||||
// ERP-72 : pagination serveur + toggle ?pagination=false (cf. TvaMode).
|
||||
paginationClientEnabled: true,
|
||||
),
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['bank:read']],
|
||||
),
|
||||
],
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrineBankRepository::class)]
|
||||
#[ORM\Table(name: 'bank')]
|
||||
#[ORM\UniqueConstraint(name: 'uq_bank_code', columns: ['code'])]
|
||||
class Bank
|
||||
{
|
||||
#[ORM\Id]
|
||||
#[ORM\GeneratedValue]
|
||||
#[ORM\Column]
|
||||
#[Groups(['bank:read', 'client:read:accounting'])]
|
||||
private ?int $id = null;
|
||||
|
||||
#[ORM\Column(length: 30)]
|
||||
#[Groups(['bank:read', 'client:read:accounting'])]
|
||||
private ?string $code = null;
|
||||
|
||||
#[ORM\Column(length: 120)]
|
||||
#[Groups(['bank:read', 'client:read:accounting'])]
|
||||
private ?string $label = null;
|
||||
|
||||
#[ORM\Column(options: ['default' => 0])]
|
||||
#[Groups(['bank:read'])]
|
||||
private int $position = 0;
|
||||
|
||||
public function getId(): ?int
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public function getCode(): ?string
|
||||
{
|
||||
return $this->code;
|
||||
}
|
||||
|
||||
public function setCode(string $code): static
|
||||
{
|
||||
$this->code = $code;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getLabel(): ?string
|
||||
{
|
||||
return $this->label;
|
||||
}
|
||||
|
||||
public function setLabel(string $label): static
|
||||
{
|
||||
$this->label = $label;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPosition(): int
|
||||
{
|
||||
return $this->position;
|
||||
}
|
||||
|
||||
public function setPosition(int $position): static
|
||||
{
|
||||
$this->position = $position;
|
||||
|
||||
return $this;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,719 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use ApiPlatform\Metadata\Patch;
|
||||
use ApiPlatform\Metadata\Post;
|
||||
use App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor\ClientProcessor;
|
||||
use App\Module\Commercial\Infrastructure\ApiPlatform\State\Provider\ClientProvider;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrineClientRepository;
|
||||
use App\Shared\Domain\Attribute\Auditable;
|
||||
use App\Shared\Domain\Contract\BlamableInterface;
|
||||
use App\Shared\Domain\Contract\CategoryInterface;
|
||||
use App\Shared\Domain\Contract\TimestampableInterface;
|
||||
use App\Shared\Domain\Trait\TimestampableBlamableTrait;
|
||||
use DateTimeImmutable;
|
||||
use Doctrine\Common\Collections\ArrayCollection;
|
||||
use Doctrine\Common\Collections\Collection;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
use Symfony\Component\Serializer\Attribute\SerializedName;
|
||||
use Symfony\Component\Validator\Constraints as Assert;
|
||||
|
||||
/**
|
||||
* Client (M1 Commercial) — entite racine du repertoire clients. Porte le
|
||||
* formulaire principal, l'onglet Information, l'onglet Comptabilite, le
|
||||
* mecanisme d'archivage (is_archived / archived_at) et le soft-delete technique
|
||||
* prepare mais non expose au M1 (deleted_at, HP-M2-1).
|
||||
*
|
||||
* Decisions structurantes :
|
||||
* - Audit complet (#[Auditable]) sur tous les champs (M2M categories audite
|
||||
* automatiquement). Timestampable/Blamable via le trait Shared.
|
||||
* - PAS de #[ORM\UniqueConstraint] : l'unicite du nom de societe (RG-1.16) est
|
||||
* portee par l'index partiel fonctionnel uq_client_company_name_active
|
||||
* (LOWER(company_name) WHERE is_archived = FALSE AND deleted_at IS NULL),
|
||||
* inexprimable en attribut ORM, donc possede par la seule migration. Le SIREN
|
||||
* et l'email NE SONT PAS uniques (RG-1.15/1.17 supprimees, decision Q4).
|
||||
* - distributor / broker : 2 FK auto-referentes mutuellement exclusives
|
||||
* (RG-1.03, CHECK chk_client_distrib_or_broker en base).
|
||||
* - categories : M2M vers Category (module Catalog) via le contrat
|
||||
* CategoryInterface + resolve_target_entities (regle n°1, pas d'import direct).
|
||||
*
|
||||
* Operations API (Provider + Processor) branchees en ERP-55 :
|
||||
* - GetCollection / Get : security commercial.clients.view. La liste expose le
|
||||
* groupe client:read ; le detail embarque en plus contacts/adresses/ribs
|
||||
* (groupe client:item:read). Les champs comptables (client:read:accounting)
|
||||
* sont ajoutes DYNAMIQUEMENT par ClientReadGroupContextBuilder si l'user a
|
||||
* la permission accounting.view (§ 2.7 / § 4.1 / § 4.2).
|
||||
* - Post / Patch : security commercial.clients.manage ; le ClientProcessor
|
||||
* applique normalisation, gating accounting/archive et regles metier.
|
||||
* - Pas de Delete au M1 (HP-M2-1) : l'archivage passe par PATCH isArchived.
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new GetCollection(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['client:read', 'default:read']],
|
||||
provider: ClientProvider::class,
|
||||
),
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
// Detail : client + sous-collections embarquees. Le groupe
|
||||
// client:read:accounting est ajoute par le context builder selon la
|
||||
// permission, donc absent ici volontairement.
|
||||
normalizationContext: ['groups' => [
|
||||
'client:read',
|
||||
'client:item:read',
|
||||
'client_contact:read',
|
||||
'client_address:read',
|
||||
'client_rib:read',
|
||||
'default:read',
|
||||
]],
|
||||
provider: ClientProvider::class,
|
||||
),
|
||||
new Post(
|
||||
security: "is_granted('commercial.clients.manage')",
|
||||
normalizationContext: ['groups' => ['client:read', 'default:read']],
|
||||
denormalizationContext: ['groups' => ['client:write:main']],
|
||||
processor: ClientProcessor::class,
|
||||
),
|
||||
new Patch(
|
||||
// Security elargie (ERP-74) : `manage` OU `accounting.manage`. Le
|
||||
// role Compta n'a pas `manage` mais doit pouvoir editer l'onglet
|
||||
// Comptabilite d'un client existant (§ 2.7). Le ClientProcessor
|
||||
// re-gate ensuite onglet par onglet :
|
||||
// - champs accounting -> accounting.manage (guardAccounting, RG-1.28) ;
|
||||
// - champs main/information -> manage (guardManage : empeche Compta
|
||||
// d'editer les autres onglets) ;
|
||||
// - isArchived -> archive (guardArchive, RG-1.22).
|
||||
security: "is_granted('commercial.clients.manage') or is_granted('commercial.clients.accounting.manage')",
|
||||
// Le ClientProcessor inspecte les champs reellement envoyes pour
|
||||
// autoriser/refuser onglet par onglet (RG-1.22 / RG-1.28) : les
|
||||
// champs accounting exigent accounting.manage, isArchived exige
|
||||
// archive, le reste (main/information) exige manage.
|
||||
normalizationContext: ['groups' => ['client:read', 'default:read']],
|
||||
denormalizationContext: ['groups' => [
|
||||
'client:write:main',
|
||||
'client:write:information',
|
||||
'client:write:accounting',
|
||||
'client:write:archive',
|
||||
]],
|
||||
provider: ClientProvider::class,
|
||||
processor: ClientProcessor::class,
|
||||
),
|
||||
],
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrineClientRepository::class)]
|
||||
#[ORM\Table(name: 'client')]
|
||||
// Index nommes pour matcher la migration (Version20260601000000). L'index
|
||||
// unique partiel uq_client_company_name_active reste possede par la migration :
|
||||
// Doctrine ORM ne sait pas exprimer un index fonctionnel (LOWER) + partiel
|
||||
// (WHERE) via attribut. Pas de #[ORM\UniqueConstraint] (decision Q4).
|
||||
#[ORM\Index(name: 'idx_client_is_archived', columns: ['is_archived'])]
|
||||
#[ORM\Index(name: 'idx_client_deleted_at', columns: ['deleted_at'])]
|
||||
#[ORM\Index(name: 'idx_client_distributor_id', columns: ['distributor_id'])]
|
||||
#[ORM\Index(name: 'idx_client_broker_id', columns: ['broker_id'])]
|
||||
#[ORM\Index(name: 'idx_client_created_by', columns: ['created_by'])]
|
||||
#[ORM\Index(name: 'idx_client_updated_by', columns: ['updated_by'])]
|
||||
#[Auditable]
|
||||
class Client implements TimestampableInterface, BlamableInterface
|
||||
{
|
||||
use TimestampableBlamableTrait;
|
||||
|
||||
#[ORM\Id]
|
||||
#[ORM\GeneratedValue]
|
||||
#[ORM\Column]
|
||||
#[Groups(['client:read'])]
|
||||
private ?int $id = null;
|
||||
|
||||
// === Formulaire principal ===
|
||||
#[ORM\Column(length: 180)]
|
||||
#[Assert\NotBlank(message: 'Le nom de l\'entreprise est obligatoire.', normalizer: 'trim')]
|
||||
#[Assert\Length(min: 2, max: 180, normalizer: 'trim')]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private ?string $companyName = null;
|
||||
|
||||
// RG-1.01 : firstName OU lastName obligatoire (validation au futur Processor).
|
||||
#[ORM\Column(length: 120, nullable: true)]
|
||||
#[Assert\Length(max: 120, normalizer: 'trim')]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private ?string $firstName = null;
|
||||
|
||||
#[ORM\Column(length: 120, nullable: true)]
|
||||
#[Assert\Length(max: 120, normalizer: 'trim')]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private ?string $lastName = null;
|
||||
|
||||
#[ORM\Column(length: 20)]
|
||||
#[Assert\NotBlank]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private ?string $phonePrimary = null;
|
||||
|
||||
#[ORM\Column(length: 20, nullable: true)]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private ?string $phoneSecondary = null;
|
||||
|
||||
#[ORM\Column(length: 180)]
|
||||
#[Assert\NotBlank]
|
||||
#[Assert\Email]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private ?string $email = null;
|
||||
|
||||
// RG-1.03 : distributor / broker auto-references mutuellement exclusives
|
||||
// (CHECK chk_client_distrib_or_broker en base).
|
||||
#[ORM\ManyToOne(targetEntity: self::class)]
|
||||
#[ORM\JoinColumn(name: 'distributor_id', referencedColumnName: 'id', nullable: true, onDelete: 'SET NULL')]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private ?Client $distributor = null;
|
||||
|
||||
#[ORM\ManyToOne(targetEntity: self::class)]
|
||||
#[ORM\JoinColumn(name: 'broker_id', referencedColumnName: 'id', nullable: true, onDelete: 'SET NULL')]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private ?Client $broker = null;
|
||||
|
||||
#[ORM\Column(name: 'triage_service', options: ['default' => false])]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private bool $triageService = false;
|
||||
|
||||
// RG : au moins une categorie (Count min 1). M2M vers Category via le contrat
|
||||
// CategoryInterface (resolve_target_entities -> Category).
|
||||
/** @var Collection<int, CategoryInterface> */
|
||||
#[ORM\ManyToMany(targetEntity: CategoryInterface::class)]
|
||||
#[ORM\JoinTable(name: 'client_category')]
|
||||
#[ORM\JoinColumn(name: 'client_id', referencedColumnName: 'id', onDelete: 'CASCADE')]
|
||||
#[ORM\InverseJoinColumn(name: 'category_id', referencedColumnName: 'id', onDelete: 'RESTRICT')]
|
||||
#[Assert\Count(min: 1, minMessage: 'Au moins une catégorie est obligatoire.')]
|
||||
#[Groups(['client:read', 'client:write:main'])]
|
||||
private Collection $categories;
|
||||
|
||||
// === Onglet Information ===
|
||||
#[ORM\Column(type: 'text', nullable: true)]
|
||||
#[Groups(['client:read', 'client:write:information'])]
|
||||
private ?string $description = null;
|
||||
|
||||
#[ORM\Column(length: 255, nullable: true)]
|
||||
#[Groups(['client:read', 'client:write:information'])]
|
||||
private ?string $competitors = null;
|
||||
|
||||
#[ORM\Column(type: 'date_immutable', nullable: true)]
|
||||
#[Groups(['client:read', 'client:write:information'])]
|
||||
private ?DateTimeImmutable $foundedAt = null;
|
||||
|
||||
#[ORM\Column(nullable: true)]
|
||||
#[Assert\PositiveOrZero]
|
||||
#[Groups(['client:read', 'client:write:information'])]
|
||||
private ?int $employeesCount = null;
|
||||
|
||||
#[ORM\Column(type: 'decimal', precision: 15, scale: 2, nullable: true)]
|
||||
#[Groups(['client:read', 'client:write:information'])]
|
||||
private ?string $revenueAmount = null;
|
||||
|
||||
#[ORM\Column(length: 120, nullable: true)]
|
||||
#[Groups(['client:read', 'client:write:information'])]
|
||||
private ?string $directorName = null;
|
||||
|
||||
#[ORM\Column(type: 'decimal', precision: 15, scale: 2, nullable: true)]
|
||||
#[Groups(['client:read', 'client:write:information'])]
|
||||
private ?string $profitAmount = null;
|
||||
|
||||
// === Onglet Comptabilite ===
|
||||
// Lecture conditionnee via le groupe `client:read:accounting` (ajoute par le
|
||||
// futur Provider si l'user a la permission accounting.view). Ecriture via
|
||||
// `client:write:accounting` (le futur Processor exige accounting.manage).
|
||||
#[ORM\Column(length: 20, nullable: true)]
|
||||
#[Groups(['client:read:accounting', 'client:write:accounting'])]
|
||||
private ?string $siren = null;
|
||||
|
||||
#[ORM\Column(length: 40, nullable: true)]
|
||||
#[Groups(['client:read:accounting', 'client:write:accounting'])]
|
||||
private ?string $accountNumber = null;
|
||||
|
||||
#[ORM\ManyToOne(targetEntity: TvaMode::class)]
|
||||
#[ORM\JoinColumn(name: 'tva_mode_id', referencedColumnName: 'id', nullable: true, onDelete: 'RESTRICT')]
|
||||
#[Groups(['client:read:accounting', 'client:write:accounting'])]
|
||||
private ?TvaMode $tvaMode = null;
|
||||
|
||||
#[ORM\Column(length: 40, nullable: true)]
|
||||
#[Groups(['client:read:accounting', 'client:write:accounting'])]
|
||||
private ?string $nTva = null;
|
||||
|
||||
#[ORM\ManyToOne(targetEntity: PaymentDelay::class)]
|
||||
#[ORM\JoinColumn(name: 'payment_delay_id', referencedColumnName: 'id', nullable: true, onDelete: 'RESTRICT')]
|
||||
#[Groups(['client:read:accounting', 'client:write:accounting'])]
|
||||
private ?PaymentDelay $paymentDelay = null;
|
||||
|
||||
#[ORM\ManyToOne(targetEntity: PaymentType::class)]
|
||||
#[ORM\JoinColumn(name: 'payment_type_id', referencedColumnName: 'id', nullable: true, onDelete: 'RESTRICT')]
|
||||
#[Groups(['client:read:accounting', 'client:write:accounting'])]
|
||||
private ?PaymentType $paymentType = null;
|
||||
|
||||
#[ORM\ManyToOne(targetEntity: Bank::class)]
|
||||
#[ORM\JoinColumn(name: 'bank_id', referencedColumnName: 'id', nullable: true, onDelete: 'RESTRICT')]
|
||||
#[Groups(['client:read:accounting', 'client:write:accounting'])]
|
||||
private ?Bank $bank = null;
|
||||
|
||||
// === Sous-collections (exposees via sous-ressources API dediees, ulterieur) ===
|
||||
/** @var Collection<int, ClientContact> */
|
||||
#[ORM\OneToMany(mappedBy: 'client', targetEntity: ClientContact::class, cascade: ['persist', 'remove'], orphanRemoval: true)]
|
||||
private Collection $contacts;
|
||||
|
||||
/** @var Collection<int, ClientAddress> */
|
||||
#[ORM\OneToMany(mappedBy: 'client', targetEntity: ClientAddress::class, cascade: ['persist', 'remove'], orphanRemoval: true)]
|
||||
private Collection $addresses;
|
||||
|
||||
/** @var Collection<int, ClientRib> */
|
||||
#[ORM\OneToMany(mappedBy: 'client', targetEntity: ClientRib::class, cascade: ['persist', 'remove'], orphanRemoval: true)]
|
||||
private Collection $ribs;
|
||||
|
||||
// === Archive / Soft delete ===
|
||||
// Groupe d'ECRITURE uniquement sur la propriete (denormalisation PATCH
|
||||
// archive). Le groupe de LECTURE est declare sur le getter isArchived()
|
||||
// avec SerializedName('isArchived') : sans cela, Symfony strip le prefixe
|
||||
// "is" et exposerait la cle JSON "archived" (meme pattern que User::isAdmin
|
||||
// et Role::isSystem).
|
||||
#[ORM\Column(name: 'is_archived', options: ['default' => false])]
|
||||
#[Groups(['client:write:archive'])]
|
||||
private bool $isArchived = false;
|
||||
|
||||
#[ORM\Column(type: 'datetime_immutable', nullable: true)]
|
||||
#[Groups(['client:read'])]
|
||||
private ?DateTimeImmutable $archivedAt = null;
|
||||
|
||||
// Soft delete technique (HP-M2-1) : non expose en lecture/ecriture au M1.
|
||||
#[ORM\Column(type: 'datetime_immutable', nullable: true)]
|
||||
private ?DateTimeImmutable $deletedAt = null;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->categories = new ArrayCollection();
|
||||
$this->contacts = new ArrayCollection();
|
||||
$this->addresses = new ArrayCollection();
|
||||
$this->ribs = new ArrayCollection();
|
||||
}
|
||||
|
||||
public function getId(): ?int
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public function getCompanyName(): ?string
|
||||
{
|
||||
return $this->companyName;
|
||||
}
|
||||
|
||||
public function setCompanyName(string $companyName): static
|
||||
{
|
||||
$this->companyName = $companyName;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getFirstName(): ?string
|
||||
{
|
||||
return $this->firstName;
|
||||
}
|
||||
|
||||
public function setFirstName(?string $firstName): static
|
||||
{
|
||||
$this->firstName = $firstName;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getLastName(): ?string
|
||||
{
|
||||
return $this->lastName;
|
||||
}
|
||||
|
||||
public function setLastName(?string $lastName): static
|
||||
{
|
||||
$this->lastName = $lastName;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPhonePrimary(): ?string
|
||||
{
|
||||
return $this->phonePrimary;
|
||||
}
|
||||
|
||||
public function setPhonePrimary(string $phonePrimary): static
|
||||
{
|
||||
$this->phonePrimary = $phonePrimary;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPhoneSecondary(): ?string
|
||||
{
|
||||
return $this->phoneSecondary;
|
||||
}
|
||||
|
||||
public function setPhoneSecondary(?string $phoneSecondary): static
|
||||
{
|
||||
$this->phoneSecondary = $phoneSecondary;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getEmail(): ?string
|
||||
{
|
||||
return $this->email;
|
||||
}
|
||||
|
||||
public function setEmail(string $email): static
|
||||
{
|
||||
$this->email = $email;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getDistributor(): ?Client
|
||||
{
|
||||
return $this->distributor;
|
||||
}
|
||||
|
||||
public function setDistributor(?Client $distributor): static
|
||||
{
|
||||
$this->distributor = $distributor;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getBroker(): ?Client
|
||||
{
|
||||
return $this->broker;
|
||||
}
|
||||
|
||||
public function setBroker(?Client $broker): static
|
||||
{
|
||||
$this->broker = $broker;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function isTriageService(): bool
|
||||
{
|
||||
return $this->triageService;
|
||||
}
|
||||
|
||||
public function setTriageService(bool $triageService): static
|
||||
{
|
||||
$this->triageService = $triageService;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/** @return Collection<int, CategoryInterface> */
|
||||
public function getCategories(): Collection
|
||||
{
|
||||
return $this->categories;
|
||||
}
|
||||
|
||||
public function addCategory(CategoryInterface $category): static
|
||||
{
|
||||
if (!$this->categories->contains($category)) {
|
||||
$this->categories->add($category);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function removeCategory(CategoryInterface $category): static
|
||||
{
|
||||
$this->categories->removeElement($category);
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getDescription(): ?string
|
||||
{
|
||||
return $this->description;
|
||||
}
|
||||
|
||||
public function setDescription(?string $description): static
|
||||
{
|
||||
$this->description = $description;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getCompetitors(): ?string
|
||||
{
|
||||
return $this->competitors;
|
||||
}
|
||||
|
||||
public function setCompetitors(?string $competitors): static
|
||||
{
|
||||
$this->competitors = $competitors;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getFoundedAt(): ?DateTimeImmutable
|
||||
{
|
||||
return $this->foundedAt;
|
||||
}
|
||||
|
||||
public function setFoundedAt(?DateTimeImmutable $foundedAt): static
|
||||
{
|
||||
$this->foundedAt = $foundedAt;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getEmployeesCount(): ?int
|
||||
{
|
||||
return $this->employeesCount;
|
||||
}
|
||||
|
||||
public function setEmployeesCount(?int $employeesCount): static
|
||||
{
|
||||
$this->employeesCount = $employeesCount;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getRevenueAmount(): ?string
|
||||
{
|
||||
return $this->revenueAmount;
|
||||
}
|
||||
|
||||
public function setRevenueAmount(?string $revenueAmount): static
|
||||
{
|
||||
$this->revenueAmount = $revenueAmount;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getDirectorName(): ?string
|
||||
{
|
||||
return $this->directorName;
|
||||
}
|
||||
|
||||
public function setDirectorName(?string $directorName): static
|
||||
{
|
||||
$this->directorName = $directorName;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getProfitAmount(): ?string
|
||||
{
|
||||
return $this->profitAmount;
|
||||
}
|
||||
|
||||
public function setProfitAmount(?string $profitAmount): static
|
||||
{
|
||||
$this->profitAmount = $profitAmount;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getSiren(): ?string
|
||||
{
|
||||
return $this->siren;
|
||||
}
|
||||
|
||||
public function setSiren(?string $siren): static
|
||||
{
|
||||
$this->siren = $siren;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getAccountNumber(): ?string
|
||||
{
|
||||
return $this->accountNumber;
|
||||
}
|
||||
|
||||
public function setAccountNumber(?string $accountNumber): static
|
||||
{
|
||||
$this->accountNumber = $accountNumber;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getTvaMode(): ?TvaMode
|
||||
{
|
||||
return $this->tvaMode;
|
||||
}
|
||||
|
||||
public function setTvaMode(?TvaMode $tvaMode): static
|
||||
{
|
||||
$this->tvaMode = $tvaMode;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getNTva(): ?string
|
||||
{
|
||||
return $this->nTva;
|
||||
}
|
||||
|
||||
public function setNTva(?string $nTva): static
|
||||
{
|
||||
$this->nTva = $nTva;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPaymentDelay(): ?PaymentDelay
|
||||
{
|
||||
return $this->paymentDelay;
|
||||
}
|
||||
|
||||
public function setPaymentDelay(?PaymentDelay $paymentDelay): static
|
||||
{
|
||||
$this->paymentDelay = $paymentDelay;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPaymentType(): ?PaymentType
|
||||
{
|
||||
return $this->paymentType;
|
||||
}
|
||||
|
||||
public function setPaymentType(?PaymentType $paymentType): static
|
||||
{
|
||||
$this->paymentType = $paymentType;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getBank(): ?Bank
|
||||
{
|
||||
return $this->bank;
|
||||
}
|
||||
|
||||
public function setBank(?Bank $bank): static
|
||||
{
|
||||
$this->bank = $bank;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/** @return Collection<int, ClientContact> */
|
||||
#[Groups(['client:item:read'])]
|
||||
public function getContacts(): Collection
|
||||
{
|
||||
return $this->contacts;
|
||||
}
|
||||
|
||||
public function addContact(ClientContact $contact): static
|
||||
{
|
||||
if (!$this->contacts->contains($contact)) {
|
||||
$this->contacts->add($contact);
|
||||
$contact->setClient($this);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function removeContact(ClientContact $contact): static
|
||||
{
|
||||
if ($this->contacts->removeElement($contact) && $contact->getClient() === $this) {
|
||||
$contact->setClient(null);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/** @return Collection<int, ClientAddress> */
|
||||
#[Groups(['client:item:read'])]
|
||||
public function getAddresses(): Collection
|
||||
{
|
||||
return $this->addresses;
|
||||
}
|
||||
|
||||
public function addAddress(ClientAddress $address): static
|
||||
{
|
||||
if (!$this->addresses->contains($address)) {
|
||||
$this->addresses->add($address);
|
||||
$address->setClient($this);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function removeAddress(ClientAddress $address): static
|
||||
{
|
||||
if ($this->addresses->removeElement($address) && $address->getClient() === $this) {
|
||||
$address->setClient(null);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/** @return Collection<int, ClientRib> */
|
||||
#[Groups(['client:item:read'])]
|
||||
public function getRibs(): Collection
|
||||
{
|
||||
return $this->ribs;
|
||||
}
|
||||
|
||||
public function addRib(ClientRib $rib): static
|
||||
{
|
||||
if (!$this->ribs->contains($rib)) {
|
||||
$this->ribs->add($rib);
|
||||
$rib->setClient($this);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function removeRib(ClientRib $rib): static
|
||||
{
|
||||
if ($this->ribs->removeElement($rib) && $rib->getClient() === $this) {
|
||||
$rib->setClient(null);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
// Groupe de lecture + nom serialise explicite : sans SerializedName, Symfony
|
||||
// exposerait la cle "archived" (strip du prefixe "is" sur les getters).
|
||||
#[Groups(['client:read'])]
|
||||
#[SerializedName('isArchived')]
|
||||
public function isArchived(): bool
|
||||
{
|
||||
return $this->isArchived;
|
||||
}
|
||||
|
||||
public function setIsArchived(bool $isArchived): static
|
||||
{
|
||||
$this->isArchived = $isArchived;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getArchivedAt(): ?DateTimeImmutable
|
||||
{
|
||||
return $this->archivedAt;
|
||||
}
|
||||
|
||||
public function setArchivedAt(?DateTimeImmutable $archivedAt): static
|
||||
{
|
||||
$this->archivedAt = $archivedAt;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getDeletedAt(): ?DateTimeImmutable
|
||||
{
|
||||
return $this->deletedAt;
|
||||
}
|
||||
|
||||
public function setDeletedAt(?DateTimeImmutable $deletedAt): static
|
||||
{
|
||||
$this->deletedAt = $deletedAt;
|
||||
|
||||
return $this;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,379 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Delete;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\Link;
|
||||
use ApiPlatform\Metadata\Patch;
|
||||
use ApiPlatform\Metadata\Post;
|
||||
use App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor\ClientAddressProcessor;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrineClientAddressRepository;
|
||||
use App\Shared\Domain\Attribute\Auditable;
|
||||
use App\Shared\Domain\Contract\BlamableInterface;
|
||||
use App\Shared\Domain\Contract\CategoryInterface;
|
||||
use App\Shared\Domain\Contract\SiteInterface;
|
||||
use App\Shared\Domain\Contract\TimestampableInterface;
|
||||
use App\Shared\Domain\Trait\TimestampableBlamableTrait;
|
||||
use Doctrine\Common\Collections\ArrayCollection;
|
||||
use Doctrine\Common\Collections\Collection;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
use Symfony\Component\Validator\Constraints as Assert;
|
||||
|
||||
/**
|
||||
* Adresse d'un client (1:n) — onglet Adresse. Une adresse de prospection
|
||||
* (isProspect) est exclusive d'une adresse de livraison/facturation
|
||||
* (RG-1.06/07/08, CHECK BDD). Un email de facturation est obligatoire ssi
|
||||
* isBilling (RG-1.11, CHECK BDD). Au moins un site doit etre rattache
|
||||
* (RG-1.10, Assert\Count).
|
||||
*
|
||||
* Relations M2M :
|
||||
* - sites : SiteInterface (module Sites) via resolve_target_entities
|
||||
* - contacts : ClientContact (meme module)
|
||||
* - categories : CategoryInterface (module Catalog) via resolve_target_entities
|
||||
* — limitees aux types SECTEUR/AUTRE cote validation (RG-1.29, hors ERP-57)
|
||||
*
|
||||
* Audite (#[Auditable]) + Timestampable/Blamable.
|
||||
*
|
||||
* Sous-ressource API (ERP-57, spec § 4.5) :
|
||||
* - POST /api/clients/{clientId}/addresses : creation rattachee au client parent
|
||||
* (Link toProperty 'client'), security commercial.clients.manage.
|
||||
* - PATCH / DELETE /api/client_addresses/{id} : security commercial.clients.manage.
|
||||
* - GET /api/client_addresses/{id} : lecture unitaire (security view) — la
|
||||
* lecture courante reste via le parent. Pas de GET collection autonome.
|
||||
* Tout passe par le ClientAddressProcessor (normalisation RG-1.21 billingEmail).
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['client_address:read']],
|
||||
),
|
||||
new Post(
|
||||
uriTemplate: '/clients/{clientId}/addresses',
|
||||
uriVariables: [
|
||||
'clientId' => new Link(fromClass: Client::class, toProperty: 'client'),
|
||||
],
|
||||
security: "is_granted('commercial.clients.manage')",
|
||||
normalizationContext: ['groups' => ['client_address:read']],
|
||||
denormalizationContext: ['groups' => ['client_address:write']],
|
||||
processor: ClientAddressProcessor::class,
|
||||
),
|
||||
new Patch(
|
||||
security: "is_granted('commercial.clients.manage')",
|
||||
normalizationContext: ['groups' => ['client_address:read']],
|
||||
denormalizationContext: ['groups' => ['client_address:write']],
|
||||
processor: ClientAddressProcessor::class,
|
||||
),
|
||||
new Delete(
|
||||
security: "is_granted('commercial.clients.manage')",
|
||||
processor: ClientAddressProcessor::class,
|
||||
),
|
||||
],
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrineClientAddressRepository::class)]
|
||||
#[ORM\Table(name: 'client_address')]
|
||||
#[ORM\Index(name: 'idx_client_address_client', columns: ['client_id'])]
|
||||
#[Auditable]
|
||||
class ClientAddress implements TimestampableInterface, BlamableInterface
|
||||
{
|
||||
use TimestampableBlamableTrait;
|
||||
|
||||
#[ORM\Id]
|
||||
#[ORM\GeneratedValue]
|
||||
#[ORM\Column]
|
||||
#[Groups(['client_address:read'])]
|
||||
private ?int $id = null;
|
||||
|
||||
#[ORM\ManyToOne(targetEntity: Client::class, inversedBy: 'addresses')]
|
||||
#[ORM\JoinColumn(name: 'client_id', referencedColumnName: 'id', nullable: false, onDelete: 'CASCADE')]
|
||||
private ?Client $client = null;
|
||||
|
||||
#[ORM\Column(name: 'is_prospect', options: ['default' => false])]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private bool $isProspect = false;
|
||||
|
||||
#[ORM\Column(name: 'is_delivery', options: ['default' => false])]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private bool $isDelivery = false;
|
||||
|
||||
#[ORM\Column(name: 'is_billing', options: ['default' => false])]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private bool $isBilling = false;
|
||||
|
||||
#[ORM\Column(length: 80, options: ['default' => 'France'])]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private string $country = 'France';
|
||||
|
||||
// RG-1.09 : code postal a 4 ou 5 chiffres (pas de controle CP/ville serveur).
|
||||
#[ORM\Column(length: 20)]
|
||||
#[Assert\NotBlank]
|
||||
#[Assert\Regex(pattern: '/^[0-9]{4,5}$/', message: 'Le code postal doit comporter 4 ou 5 chiffres.')]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private ?string $postalCode = null;
|
||||
|
||||
#[ORM\Column(length: 120)]
|
||||
#[Assert\NotBlank]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private ?string $city = null;
|
||||
|
||||
#[ORM\Column(length: 255)]
|
||||
#[Assert\NotBlank]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private ?string $street = null;
|
||||
|
||||
#[ORM\Column(length: 255, nullable: true)]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private ?string $streetComplement = null;
|
||||
|
||||
// RG-1.11 : obligatoire ssi isBilling (CHECK BDD + futur Processor).
|
||||
#[ORM\Column(length: 180, nullable: true)]
|
||||
#[Assert\Email]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private ?string $billingEmail = null;
|
||||
|
||||
#[ORM\Column(options: ['default' => 0])]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private int $position = 0;
|
||||
|
||||
// RG-1.10 : au moins un site rattache a chaque adresse.
|
||||
/** @var Collection<int, SiteInterface> */
|
||||
#[ORM\ManyToMany(targetEntity: SiteInterface::class)]
|
||||
#[ORM\JoinTable(name: 'client_address_site')]
|
||||
#[ORM\JoinColumn(name: 'client_address_id', referencedColumnName: 'id', onDelete: 'CASCADE')]
|
||||
#[ORM\InverseJoinColumn(name: 'site_id', referencedColumnName: 'id', onDelete: 'RESTRICT')]
|
||||
#[Assert\Count(min: 1, minMessage: 'Au moins un site est obligatoire.')]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private Collection $sites;
|
||||
|
||||
/** @var Collection<int, ClientContact> */
|
||||
#[ORM\ManyToMany(targetEntity: ClientContact::class)]
|
||||
#[ORM\JoinTable(name: 'client_address_contact')]
|
||||
#[ORM\JoinColumn(name: 'client_address_id', referencedColumnName: 'id', onDelete: 'CASCADE')]
|
||||
#[ORM\InverseJoinColumn(name: 'client_contact_id', referencedColumnName: 'id', onDelete: 'CASCADE')]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private Collection $contacts;
|
||||
|
||||
// RG-1.29 : categories de type SECTEUR/AUTRE uniquement (filtre au Processor).
|
||||
/** @var Collection<int, CategoryInterface> */
|
||||
#[ORM\ManyToMany(targetEntity: CategoryInterface::class)]
|
||||
#[ORM\JoinTable(name: 'client_address_category')]
|
||||
#[ORM\JoinColumn(name: 'client_address_id', referencedColumnName: 'id', onDelete: 'CASCADE')]
|
||||
#[ORM\InverseJoinColumn(name: 'category_id', referencedColumnName: 'id', onDelete: 'RESTRICT')]
|
||||
#[Groups(['client_address:read', 'client_address:write'])]
|
||||
private Collection $categories;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->sites = new ArrayCollection();
|
||||
$this->contacts = new ArrayCollection();
|
||||
$this->categories = new ArrayCollection();
|
||||
}
|
||||
|
||||
public function getId(): ?int
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public function getClient(): ?Client
|
||||
{
|
||||
return $this->client;
|
||||
}
|
||||
|
||||
public function setClient(?Client $client): static
|
||||
{
|
||||
$this->client = $client;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function isProspect(): bool
|
||||
{
|
||||
return $this->isProspect;
|
||||
}
|
||||
|
||||
public function setIsProspect(bool $isProspect): static
|
||||
{
|
||||
$this->isProspect = $isProspect;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function isDelivery(): bool
|
||||
{
|
||||
return $this->isDelivery;
|
||||
}
|
||||
|
||||
public function setIsDelivery(bool $isDelivery): static
|
||||
{
|
||||
$this->isDelivery = $isDelivery;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function isBilling(): bool
|
||||
{
|
||||
return $this->isBilling;
|
||||
}
|
||||
|
||||
public function setIsBilling(bool $isBilling): static
|
||||
{
|
||||
$this->isBilling = $isBilling;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getCountry(): string
|
||||
{
|
||||
return $this->country;
|
||||
}
|
||||
|
||||
public function setCountry(string $country): static
|
||||
{
|
||||
$this->country = $country;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPostalCode(): ?string
|
||||
{
|
||||
return $this->postalCode;
|
||||
}
|
||||
|
||||
public function setPostalCode(?string $postalCode): static
|
||||
{
|
||||
$this->postalCode = $postalCode;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getCity(): ?string
|
||||
{
|
||||
return $this->city;
|
||||
}
|
||||
|
||||
public function setCity(?string $city): static
|
||||
{
|
||||
$this->city = $city;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getStreet(): ?string
|
||||
{
|
||||
return $this->street;
|
||||
}
|
||||
|
||||
public function setStreet(?string $street): static
|
||||
{
|
||||
$this->street = $street;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getStreetComplement(): ?string
|
||||
{
|
||||
return $this->streetComplement;
|
||||
}
|
||||
|
||||
public function setStreetComplement(?string $streetComplement): static
|
||||
{
|
||||
$this->streetComplement = $streetComplement;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getBillingEmail(): ?string
|
||||
{
|
||||
return $this->billingEmail;
|
||||
}
|
||||
|
||||
public function setBillingEmail(?string $billingEmail): static
|
||||
{
|
||||
$this->billingEmail = $billingEmail;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPosition(): int
|
||||
{
|
||||
return $this->position;
|
||||
}
|
||||
|
||||
public function setPosition(int $position): static
|
||||
{
|
||||
$this->position = $position;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/** @return Collection<int, SiteInterface> */
|
||||
public function getSites(): Collection
|
||||
{
|
||||
return $this->sites;
|
||||
}
|
||||
|
||||
public function addSite(SiteInterface $site): static
|
||||
{
|
||||
if (!$this->sites->contains($site)) {
|
||||
$this->sites->add($site);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function removeSite(SiteInterface $site): static
|
||||
{
|
||||
$this->sites->removeElement($site);
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/** @return Collection<int, ClientContact> */
|
||||
public function getContacts(): Collection
|
||||
{
|
||||
return $this->contacts;
|
||||
}
|
||||
|
||||
public function addContact(ClientContact $contact): static
|
||||
{
|
||||
if (!$this->contacts->contains($contact)) {
|
||||
$this->contacts->add($contact);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function removeContact(ClientContact $contact): static
|
||||
{
|
||||
$this->contacts->removeElement($contact);
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/** @return Collection<int, CategoryInterface> */
|
||||
public function getCategories(): Collection
|
||||
{
|
||||
return $this->categories;
|
||||
}
|
||||
|
||||
public function addCategory(CategoryInterface $category): static
|
||||
{
|
||||
if (!$this->categories->contains($category)) {
|
||||
$this->categories->add($category);
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function removeCategory(CategoryInterface $category): static
|
||||
{
|
||||
$this->categories->removeElement($category);
|
||||
|
||||
return $this;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,222 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Delete;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\Link;
|
||||
use ApiPlatform\Metadata\Patch;
|
||||
use ApiPlatform\Metadata\Post;
|
||||
use App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor\ClientContactProcessor;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrineClientContactRepository;
|
||||
use App\Shared\Domain\Attribute\Auditable;
|
||||
use App\Shared\Domain\Contract\BlamableInterface;
|
||||
use App\Shared\Domain\Contract\TimestampableInterface;
|
||||
use App\Shared\Domain\Trait\TimestampableBlamableTrait;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
use Symfony\Component\Validator\Constraints as Assert;
|
||||
|
||||
/**
|
||||
* Contact d'un client (1:n) — onglet Contact. Au moins firstName OU lastName
|
||||
* doit etre renseigne (RG-1.05) : la contrainte est portee par un CHECK BDD
|
||||
* (chk_client_contact_name) et validee dans le ClientContactProcessor ;
|
||||
* l'entite reste permissive (les deux champs sont nullable).
|
||||
*
|
||||
* Audite (#[Auditable]) + Timestampable/Blamable (pattern Shared standard).
|
||||
*
|
||||
* Sous-ressource API (ERP-57, spec § 4.5) :
|
||||
* - POST /api/clients/{clientId}/contacts : creation rattachee au client parent
|
||||
* (Link toProperty 'client'), security commercial.clients.manage.
|
||||
* - PATCH / DELETE /api/client_contacts/{id} : security commercial.clients.manage.
|
||||
* Le DELETE est physique (sous-collection, pas le client) ; le processor
|
||||
* refuse la suppression du dernier contact (RG-1.14, 409).
|
||||
* - GET /api/client_contacts/{id} : lecture unitaire (security view) — la
|
||||
* lecture courante reste via le parent (client embarque ses contacts). Pas de
|
||||
* GET collection autonome : non concernee par la pagination ERP-72.
|
||||
* Tout passe par le ClientContactProcessor (normalisation RG-1.19/1.20/1.21).
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['client_contact:read']],
|
||||
),
|
||||
new Post(
|
||||
uriTemplate: '/clients/{clientId}/contacts',
|
||||
uriVariables: [
|
||||
'clientId' => new Link(fromClass: Client::class, toProperty: 'client'),
|
||||
],
|
||||
security: "is_granted('commercial.clients.manage')",
|
||||
normalizationContext: ['groups' => ['client_contact:read']],
|
||||
denormalizationContext: ['groups' => ['client_contact:write']],
|
||||
processor: ClientContactProcessor::class,
|
||||
),
|
||||
new Patch(
|
||||
security: "is_granted('commercial.clients.manage')",
|
||||
normalizationContext: ['groups' => ['client_contact:read']],
|
||||
denormalizationContext: ['groups' => ['client_contact:write']],
|
||||
processor: ClientContactProcessor::class,
|
||||
),
|
||||
new Delete(
|
||||
security: "is_granted('commercial.clients.manage')",
|
||||
processor: ClientContactProcessor::class,
|
||||
),
|
||||
],
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrineClientContactRepository::class)]
|
||||
#[ORM\Table(name: 'client_contact')]
|
||||
#[ORM\Index(name: 'idx_client_contact_client', columns: ['client_id'])]
|
||||
#[Auditable]
|
||||
class ClientContact implements TimestampableInterface, BlamableInterface
|
||||
{
|
||||
use TimestampableBlamableTrait;
|
||||
|
||||
#[ORM\Id]
|
||||
#[ORM\GeneratedValue]
|
||||
#[ORM\Column]
|
||||
#[Groups(['client_contact:read'])]
|
||||
private ?int $id = null;
|
||||
|
||||
#[ORM\ManyToOne(targetEntity: Client::class, inversedBy: 'contacts')]
|
||||
#[ORM\JoinColumn(name: 'client_id', referencedColumnName: 'id', nullable: false, onDelete: 'CASCADE')]
|
||||
private ?Client $client = null;
|
||||
|
||||
// RG-1.05 : firstName OU lastName obligatoire (CHECK BDD + Processor). Les
|
||||
// deux restent nullable au niveau ORM.
|
||||
#[ORM\Column(length: 120, nullable: true)]
|
||||
#[Assert\Length(max: 120, normalizer: 'trim')]
|
||||
#[Groups(['client_contact:read', 'client_contact:write'])]
|
||||
private ?string $firstName = null;
|
||||
|
||||
#[ORM\Column(length: 120, nullable: true)]
|
||||
#[Assert\Length(max: 120, normalizer: 'trim')]
|
||||
#[Groups(['client_contact:read', 'client_contact:write'])]
|
||||
private ?string $lastName = null;
|
||||
|
||||
#[ORM\Column(length: 120, nullable: true)]
|
||||
#[Assert\Length(max: 120, normalizer: 'trim')]
|
||||
#[Groups(['client_contact:read', 'client_contact:write'])]
|
||||
private ?string $jobTitle = null;
|
||||
|
||||
#[ORM\Column(length: 20, nullable: true)]
|
||||
#[Groups(['client_contact:read', 'client_contact:write'])]
|
||||
private ?string $phonePrimary = null;
|
||||
|
||||
#[ORM\Column(length: 20, nullable: true)]
|
||||
#[Groups(['client_contact:read', 'client_contact:write'])]
|
||||
private ?string $phoneSecondary = null;
|
||||
|
||||
#[ORM\Column(length: 180, nullable: true)]
|
||||
#[Assert\Email]
|
||||
#[Groups(['client_contact:read', 'client_contact:write'])]
|
||||
private ?string $email = null;
|
||||
|
||||
#[ORM\Column(options: ['default' => 0])]
|
||||
#[Groups(['client_contact:read', 'client_contact:write'])]
|
||||
private int $position = 0;
|
||||
|
||||
public function getId(): ?int
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public function getClient(): ?Client
|
||||
{
|
||||
return $this->client;
|
||||
}
|
||||
|
||||
public function setClient(?Client $client): static
|
||||
{
|
||||
$this->client = $client;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getFirstName(): ?string
|
||||
{
|
||||
return $this->firstName;
|
||||
}
|
||||
|
||||
public function setFirstName(?string $firstName): static
|
||||
{
|
||||
$this->firstName = $firstName;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getLastName(): ?string
|
||||
{
|
||||
return $this->lastName;
|
||||
}
|
||||
|
||||
public function setLastName(?string $lastName): static
|
||||
{
|
||||
$this->lastName = $lastName;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getJobTitle(): ?string
|
||||
{
|
||||
return $this->jobTitle;
|
||||
}
|
||||
|
||||
public function setJobTitle(?string $jobTitle): static
|
||||
{
|
||||
$this->jobTitle = $jobTitle;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPhonePrimary(): ?string
|
||||
{
|
||||
return $this->phonePrimary;
|
||||
}
|
||||
|
||||
public function setPhonePrimary(?string $phonePrimary): static
|
||||
{
|
||||
$this->phonePrimary = $phonePrimary;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPhoneSecondary(): ?string
|
||||
{
|
||||
return $this->phoneSecondary;
|
||||
}
|
||||
|
||||
public function setPhoneSecondary(?string $phoneSecondary): static
|
||||
{
|
||||
$this->phoneSecondary = $phoneSecondary;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getEmail(): ?string
|
||||
{
|
||||
return $this->email;
|
||||
}
|
||||
|
||||
public function setEmail(?string $email): static
|
||||
{
|
||||
$this->email = $email;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPosition(): int
|
||||
{
|
||||
return $this->position;
|
||||
}
|
||||
|
||||
public function setPosition(int $position): static
|
||||
{
|
||||
$this->position = $position;
|
||||
|
||||
return $this;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,178 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Delete;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\Link;
|
||||
use ApiPlatform\Metadata\Patch;
|
||||
use ApiPlatform\Metadata\Post;
|
||||
use App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor\ClientRibProcessor;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrineClientRibRepository;
|
||||
use App\Shared\Domain\Attribute\Auditable;
|
||||
use App\Shared\Domain\Contract\BlamableInterface;
|
||||
use App\Shared\Domain\Contract\TimestampableInterface;
|
||||
use App\Shared\Domain\Trait\TimestampableBlamableTrait;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
use Symfony\Component\Validator\Constraints as Assert;
|
||||
|
||||
/**
|
||||
* Coordonnees bancaires d'un client (1:n) — onglet Comptabilite. Au moins un
|
||||
* RIB est obligatoire si le type de reglement du client est LCR (RG-1.13,
|
||||
* verifie au ClientRibProcessor : refus du DELETE du dernier RIB sous LCR).
|
||||
*
|
||||
* Audit (#[Auditable]) : TOUS les champs sont audites, y compris `iban` et
|
||||
* `bic` — AUCUN #[AuditIgnore] (decision Matthieu en revue MR 29/05/2026 :
|
||||
* l'audit etant admin-only, la tracabilite RIB est necessaire pour le suivi
|
||||
* comptable et la conformite, cf. spec § 2.5 / § 6.1).
|
||||
*
|
||||
* Validation IBAN/BIC : Assert\Iban + Assert\Bic standard Symfony au M1
|
||||
* (HP-M2-14 : pas de controle externe banque reelle). Timestampable/Blamable
|
||||
* standard.
|
||||
*
|
||||
* Sous-ressource API (ERP-57, spec § 4.5) — gating comptable renforce :
|
||||
* - POST /api/clients/{clientId}/ribs : creation rattachee au client parent
|
||||
* (Link toProperty 'client'), security commercial.clients.accounting.manage.
|
||||
* - PATCH / DELETE /api/client_ribs/{id} : security commercial.clients.accounting.manage.
|
||||
* - GET /api/client_ribs/{id} : lecture unitaire, security
|
||||
* commercial.clients.accounting.view (donnees bancaires sensibles). Pas de
|
||||
* GET collection autonome.
|
||||
* Tout passe par le ClientRibProcessor (RG-1.13 sur DELETE).
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.accounting.view')",
|
||||
normalizationContext: ['groups' => ['client_rib:read']],
|
||||
),
|
||||
new Post(
|
||||
uriTemplate: '/clients/{clientId}/ribs',
|
||||
uriVariables: [
|
||||
'clientId' => new Link(fromClass: Client::class, toProperty: 'client'),
|
||||
],
|
||||
security: "is_granted('commercial.clients.accounting.manage')",
|
||||
normalizationContext: ['groups' => ['client_rib:read']],
|
||||
denormalizationContext: ['groups' => ['client_rib:write']],
|
||||
processor: ClientRibProcessor::class,
|
||||
),
|
||||
new Patch(
|
||||
security: "is_granted('commercial.clients.accounting.manage')",
|
||||
normalizationContext: ['groups' => ['client_rib:read']],
|
||||
denormalizationContext: ['groups' => ['client_rib:write']],
|
||||
processor: ClientRibProcessor::class,
|
||||
),
|
||||
new Delete(
|
||||
security: "is_granted('commercial.clients.accounting.manage')",
|
||||
processor: ClientRibProcessor::class,
|
||||
),
|
||||
],
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrineClientRibRepository::class)]
|
||||
#[ORM\Table(name: 'client_rib')]
|
||||
#[ORM\Index(name: 'idx_client_rib_client', columns: ['client_id'])]
|
||||
#[Auditable]
|
||||
class ClientRib implements TimestampableInterface, BlamableInterface
|
||||
{
|
||||
use TimestampableBlamableTrait;
|
||||
|
||||
#[ORM\Id]
|
||||
#[ORM\GeneratedValue]
|
||||
#[ORM\Column]
|
||||
#[Groups(['client_rib:read'])]
|
||||
private ?int $id = null;
|
||||
|
||||
#[ORM\ManyToOne(targetEntity: Client::class, inversedBy: 'ribs')]
|
||||
#[ORM\JoinColumn(name: 'client_id', referencedColumnName: 'id', nullable: false, onDelete: 'CASCADE')]
|
||||
private ?Client $client = null;
|
||||
|
||||
#[ORM\Column(length: 120)]
|
||||
#[Assert\NotBlank]
|
||||
#[Assert\Length(max: 120, normalizer: 'trim')]
|
||||
#[Groups(['client_rib:read', 'client_rib:write'])]
|
||||
private ?string $label = null;
|
||||
|
||||
#[ORM\Column(length: 20)]
|
||||
#[Assert\NotBlank]
|
||||
#[Assert\Bic]
|
||||
#[Groups(['client_rib:read', 'client_rib:write'])]
|
||||
private ?string $bic = null;
|
||||
|
||||
#[ORM\Column(length: 34)]
|
||||
#[Assert\NotBlank]
|
||||
#[Assert\Iban]
|
||||
#[Groups(['client_rib:read', 'client_rib:write'])]
|
||||
private ?string $iban = null;
|
||||
|
||||
#[ORM\Column(options: ['default' => 0])]
|
||||
#[Groups(['client_rib:read', 'client_rib:write'])]
|
||||
private int $position = 0;
|
||||
|
||||
public function getId(): ?int
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public function getClient(): ?Client
|
||||
{
|
||||
return $this->client;
|
||||
}
|
||||
|
||||
public function setClient(?Client $client): static
|
||||
{
|
||||
$this->client = $client;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getLabel(): ?string
|
||||
{
|
||||
return $this->label;
|
||||
}
|
||||
|
||||
public function setLabel(string $label): static
|
||||
{
|
||||
$this->label = $label;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getBic(): ?string
|
||||
{
|
||||
return $this->bic;
|
||||
}
|
||||
|
||||
public function setBic(string $bic): static
|
||||
{
|
||||
$this->bic = $bic;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getIban(): ?string
|
||||
{
|
||||
return $this->iban;
|
||||
}
|
||||
|
||||
public function setIban(string $iban): static
|
||||
{
|
||||
$this->iban = $iban;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPosition(): int
|
||||
{
|
||||
return $this->position;
|
||||
}
|
||||
|
||||
public function setPosition(int $position): static
|
||||
{
|
||||
$this->position = $position;
|
||||
|
||||
return $this;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,105 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrinePaymentDelayRepository;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
|
||||
/**
|
||||
* Delai de reglement applique a un client (15 jours, 30 jours, a reception) :
|
||||
* referentiel statique seede par la migration M1 et re-seede en dev/test par
|
||||
* CommercialReferentialFixtures.
|
||||
*
|
||||
* Lecture seule au M1 (HP-M2-2) : GetCollection + Get uniquement (ERP-56),
|
||||
* permission commercial.clients.view ; POST/PATCH/DELETE -> 405. Pas de
|
||||
* Timestampable/Blamable (referentiel statique whiteliste dans
|
||||
* EntitiesAreTimestampableBlamableTest::EXCLUDED). Le groupe
|
||||
* `client:read:accounting` permet l'embarquement dans la reponse Client.
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new GetCollection(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['payment_delay:read']],
|
||||
// Tri par defaut spec M1 § 4.7 : position ASC puis label ASC.
|
||||
order: ['position' => 'ASC', 'label' => 'ASC'],
|
||||
// ERP-72 : pagination serveur + toggle ?pagination=false (cf. TvaMode).
|
||||
paginationClientEnabled: true,
|
||||
),
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['payment_delay:read']],
|
||||
),
|
||||
],
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrinePaymentDelayRepository::class)]
|
||||
#[ORM\Table(name: 'payment_delay')]
|
||||
#[ORM\UniqueConstraint(name: 'uq_payment_delay_code', columns: ['code'])]
|
||||
class PaymentDelay
|
||||
{
|
||||
#[ORM\Id]
|
||||
#[ORM\GeneratedValue]
|
||||
#[ORM\Column]
|
||||
#[Groups(['payment_delay:read', 'client:read:accounting'])]
|
||||
private ?int $id = null;
|
||||
|
||||
#[ORM\Column(length: 30)]
|
||||
#[Groups(['payment_delay:read', 'client:read:accounting'])]
|
||||
private ?string $code = null;
|
||||
|
||||
#[ORM\Column(length: 120)]
|
||||
#[Groups(['payment_delay:read', 'client:read:accounting'])]
|
||||
private ?string $label = null;
|
||||
|
||||
#[ORM\Column(options: ['default' => 0])]
|
||||
#[Groups(['payment_delay:read'])]
|
||||
private int $position = 0;
|
||||
|
||||
public function getId(): ?int
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public function getCode(): ?string
|
||||
{
|
||||
return $this->code;
|
||||
}
|
||||
|
||||
public function setCode(string $code): static
|
||||
{
|
||||
$this->code = $code;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getLabel(): ?string
|
||||
{
|
||||
return $this->label;
|
||||
}
|
||||
|
||||
public function setLabel(string $label): static
|
||||
{
|
||||
$this->label = $label;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPosition(): int
|
||||
{
|
||||
return $this->position;
|
||||
}
|
||||
|
||||
public function setPosition(int $position): static
|
||||
{
|
||||
$this->position = $position;
|
||||
|
||||
return $this;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,108 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrinePaymentTypeRepository;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
|
||||
/**
|
||||
* Type de reglement applique a un client (virement, LCR, cheque, non soumise) :
|
||||
* referentiel statique seede par la migration M1 et re-seede en dev/test par
|
||||
* CommercialReferentialFixtures.
|
||||
*
|
||||
* Le `code` porte une semantique metier : VIREMENT impose une banque (RG-1.12),
|
||||
* LCR impose au moins un RIB (RG-1.13).
|
||||
*
|
||||
* Lecture seule au M1 (HP-M2-2) : GetCollection + Get uniquement (ERP-56),
|
||||
* permission commercial.clients.view ; POST/PATCH/DELETE -> 405. Pas de
|
||||
* Timestampable/Blamable (referentiel statique whiteliste dans
|
||||
* EntitiesAreTimestampableBlamableTest::EXCLUDED). Le groupe
|
||||
* `client:read:accounting` permet l'embarquement dans la reponse Client.
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new GetCollection(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['payment_type:read']],
|
||||
// Tri par defaut spec M1 § 4.7 : position ASC puis label ASC.
|
||||
order: ['position' => 'ASC', 'label' => 'ASC'],
|
||||
// ERP-72 : pagination serveur + toggle ?pagination=false (cf. TvaMode).
|
||||
paginationClientEnabled: true,
|
||||
),
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['payment_type:read']],
|
||||
),
|
||||
],
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrinePaymentTypeRepository::class)]
|
||||
#[ORM\Table(name: 'payment_type')]
|
||||
#[ORM\UniqueConstraint(name: 'uq_payment_type_code', columns: ['code'])]
|
||||
class PaymentType
|
||||
{
|
||||
#[ORM\Id]
|
||||
#[ORM\GeneratedValue]
|
||||
#[ORM\Column]
|
||||
#[Groups(['payment_type:read', 'client:read:accounting'])]
|
||||
private ?int $id = null;
|
||||
|
||||
#[ORM\Column(length: 30)]
|
||||
#[Groups(['payment_type:read', 'client:read:accounting'])]
|
||||
private ?string $code = null;
|
||||
|
||||
#[ORM\Column(length: 120)]
|
||||
#[Groups(['payment_type:read', 'client:read:accounting'])]
|
||||
private ?string $label = null;
|
||||
|
||||
#[ORM\Column(options: ['default' => 0])]
|
||||
#[Groups(['payment_type:read'])]
|
||||
private int $position = 0;
|
||||
|
||||
public function getId(): ?int
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public function getCode(): ?string
|
||||
{
|
||||
return $this->code;
|
||||
}
|
||||
|
||||
public function setCode(string $code): static
|
||||
{
|
||||
$this->code = $code;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getLabel(): ?string
|
||||
{
|
||||
return $this->label;
|
||||
}
|
||||
|
||||
public function setLabel(string $label): static
|
||||
{
|
||||
$this->label = $label;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPosition(): int
|
||||
{
|
||||
return $this->position;
|
||||
}
|
||||
|
||||
public function setPosition(int $position): static
|
||||
{
|
||||
$this->position = $position;
|
||||
|
||||
return $this;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,111 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Entity;
|
||||
|
||||
use ApiPlatform\Metadata\ApiResource;
|
||||
use ApiPlatform\Metadata\Get;
|
||||
use ApiPlatform\Metadata\GetCollection;
|
||||
use App\Module\Commercial\Infrastructure\Doctrine\DoctrineTvaModeRepository;
|
||||
use Doctrine\ORM\Mapping as ORM;
|
||||
use Symfony\Component\Serializer\Attribute\Groups;
|
||||
|
||||
/**
|
||||
* Mode de TVA applique a un client (France ventes, Export, Intracom) :
|
||||
* referentiel statique seede par la migration M1 (Version20260601000000) et
|
||||
* re-seede en dev/test par CommercialReferentialFixtures.
|
||||
*
|
||||
* Lecture seule au M1 (HP-M2-2) : seules GetCollection et Get sont exposees
|
||||
* (ERP-56), sous la permission commercial.clients.view ; aucune ecriture
|
||||
* declaree -> POST/PATCH/DELETE renvoient 405.
|
||||
*
|
||||
* Referentiel statique : pas de Timestampable/Blamable (whiteliste dans
|
||||
* EntitiesAreTimestampableBlamableTest::EXCLUDED, comme CategoryType). Le
|
||||
* groupe `client:read:accounting` permet d'embarquer le mode dans la reponse
|
||||
* d'un Client (onglet Comptabilite) au lieu d'un IRI.
|
||||
*/
|
||||
#[ApiResource(
|
||||
operations: [
|
||||
new GetCollection(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['tva_mode:read']],
|
||||
// Tri par defaut spec M1 § 4.7 : position ASC puis label ASC
|
||||
// (ordre des selecteurs comptables) — provider Doctrine par defaut.
|
||||
order: ['position' => 'ASC', 'label' => 'ASC'],
|
||||
// ERP-72 : pagination serveur sur toute collection autonome. Le
|
||||
// toggle client est desactive globalement, on l'active ici pour
|
||||
// permettre ?pagination=false (alimenter un <MalioSelect> entier).
|
||||
paginationClientEnabled: true,
|
||||
),
|
||||
new Get(
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
normalizationContext: ['groups' => ['tva_mode:read']],
|
||||
),
|
||||
],
|
||||
security: "is_granted('commercial.clients.view')",
|
||||
)]
|
||||
#[ORM\Entity(repositoryClass: DoctrineTvaModeRepository::class)]
|
||||
#[ORM\Table(name: 'tva_mode')]
|
||||
#[ORM\UniqueConstraint(name: 'uq_tva_mode_code', columns: ['code'])]
|
||||
class TvaMode
|
||||
{
|
||||
#[ORM\Id]
|
||||
#[ORM\GeneratedValue]
|
||||
#[ORM\Column]
|
||||
#[Groups(['tva_mode:read', 'client:read:accounting'])]
|
||||
private ?int $id = null;
|
||||
|
||||
#[ORM\Column(length: 30)]
|
||||
#[Groups(['tva_mode:read', 'client:read:accounting'])]
|
||||
private ?string $code = null;
|
||||
|
||||
#[ORM\Column(length: 120)]
|
||||
#[Groups(['tva_mode:read', 'client:read:accounting'])]
|
||||
private ?string $label = null;
|
||||
|
||||
#[ORM\Column(options: ['default' => 0])]
|
||||
#[Groups(['tva_mode:read'])]
|
||||
private int $position = 0;
|
||||
|
||||
public function getId(): ?int
|
||||
{
|
||||
return $this->id;
|
||||
}
|
||||
|
||||
public function getCode(): ?string
|
||||
{
|
||||
return $this->code;
|
||||
}
|
||||
|
||||
public function setCode(string $code): static
|
||||
{
|
||||
$this->code = $code;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getLabel(): ?string
|
||||
{
|
||||
return $this->label;
|
||||
}
|
||||
|
||||
public function setLabel(string $label): static
|
||||
{
|
||||
$this->label = $label;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getPosition(): int
|
||||
{
|
||||
return $this->position;
|
||||
}
|
||||
|
||||
public function setPosition(int $position): static
|
||||
{
|
||||
$this->position = $position;
|
||||
|
||||
return $this;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Repository;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Bank;
|
||||
|
||||
interface BankRepositoryInterface
|
||||
{
|
||||
public function findById(int $id): ?Bank;
|
||||
|
||||
/**
|
||||
* Retourne toutes les banques triees position ASC puis label ASC.
|
||||
*
|
||||
* @return list<Bank>
|
||||
*/
|
||||
public function findAllOrdered(): array;
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Repository;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\ClientAddress;
|
||||
|
||||
interface ClientAddressRepositoryInterface
|
||||
{
|
||||
public function findById(int $id): ?ClientAddress;
|
||||
|
||||
public function save(ClientAddress $address): void;
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Repository;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\ClientContact;
|
||||
|
||||
interface ClientContactRepositoryInterface
|
||||
{
|
||||
public function findById(int $id): ?ClientContact;
|
||||
|
||||
public function save(ClientContact $contact): void;
|
||||
}
|
||||
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Repository;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use Doctrine\ORM\QueryBuilder;
|
||||
|
||||
interface ClientRepositoryInterface
|
||||
{
|
||||
public function findById(int $id): ?Client;
|
||||
|
||||
public function save(Client $client): void;
|
||||
|
||||
/**
|
||||
* Construit un QueryBuilder de liste pour le repertoire clients.
|
||||
* - Exclut toujours les clients soft-deletes (deleted_at IS NOT NULL, RG-1.24).
|
||||
* - Exclut les archives sauf si $includeArchived = true (RG-1.25).
|
||||
* - Tri par defaut : companyName ASC (RG-1.26).
|
||||
* - $search : recherche fuzzy insensible a la casse sur companyName +
|
||||
* lastName + email (metacaracteres LIKE echappes). Ignore si null/vide.
|
||||
* - $categoryType : restreint aux clients possedant au moins une categorie
|
||||
* du type donne (code). Ignore si null/vide.
|
||||
*
|
||||
* Filtrage centralise ICI (et non dans les providers/controllers) pour que
|
||||
* la liste paginee (ClientProvider) et l'export (ClientExportController)
|
||||
* partagent strictement la meme logique de selection.
|
||||
*/
|
||||
public function createListQueryBuilder(
|
||||
bool $includeArchived = false,
|
||||
?string $search = null,
|
||||
?string $categoryType = null,
|
||||
): QueryBuilder;
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Repository;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\ClientRib;
|
||||
|
||||
interface ClientRibRepositoryInterface
|
||||
{
|
||||
public function findById(int $id): ?ClientRib;
|
||||
|
||||
public function save(ClientRib $rib): void;
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Repository;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\PaymentDelay;
|
||||
|
||||
interface PaymentDelayRepositoryInterface
|
||||
{
|
||||
public function findById(int $id): ?PaymentDelay;
|
||||
|
||||
/**
|
||||
* Retourne tous les delais de reglement tries position ASC puis label ASC.
|
||||
*
|
||||
* @return list<PaymentDelay>
|
||||
*/
|
||||
public function findAllOrdered(): array;
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Repository;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\PaymentType;
|
||||
|
||||
interface PaymentTypeRepositoryInterface
|
||||
{
|
||||
public function findById(int $id): ?PaymentType;
|
||||
|
||||
/**
|
||||
* Retourne tous les types de reglement tries position ASC puis label ASC.
|
||||
*
|
||||
* @return list<PaymentType>
|
||||
*/
|
||||
public function findAllOrdered(): array;
|
||||
}
|
||||
@@ -0,0 +1,20 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Domain\Repository;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\TvaMode;
|
||||
|
||||
interface TvaModeRepositoryInterface
|
||||
{
|
||||
public function findById(int $id): ?TvaMode;
|
||||
|
||||
/**
|
||||
* Retourne tous les modes de TVA tries position ASC puis label ASC
|
||||
* (ordre des selecteurs, reutilise par la fixture de re-seed).
|
||||
*
|
||||
* @return list<TvaMode>
|
||||
*/
|
||||
public function findAllOrdered(): array;
|
||||
}
|
||||
+74
@@ -0,0 +1,74 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\ApiPlatform\Serializer;
|
||||
|
||||
use ApiPlatform\Metadata\IriConverterInterface;
|
||||
use App\Shared\Domain\Contract\CategoryInterface;
|
||||
use Symfony\Component\Serializer\Exception\UnexpectedValueException;
|
||||
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
|
||||
|
||||
/**
|
||||
* Denormalise un IRI (`/api/categories/{id}`) vers la Category concrete quand la
|
||||
* propriete cible est type-hintee par le contrat CategoryInterface (ex:
|
||||
* Client::$categories, ClientAddress::$categories).
|
||||
*
|
||||
* Pourquoi ce denormalizer : API Platform deduit le type de l'element de
|
||||
* collection depuis le phpdoc `@var Collection<int, CategoryInterface>`, donc
|
||||
* l'INTERFACE. Or le serializer ne sait pas denormaliser un IRI vers une
|
||||
* interface (« Could not denormalize object of type CategoryInterface[] ») : il
|
||||
* lui faut une classe-ressource concrete. On resout donc l'IRI via l'IriConverter
|
||||
* (qui retourne la Category mappee a la route) sans importer Category — la regle
|
||||
* ABSOLUE n°1 reste respectee (dependance au seul contrat Shared + API Platform).
|
||||
*
|
||||
* En lecture (normalisation), aucun probleme : l'objet reel EST une Category,
|
||||
* resource a part entiere, serialisee en IRI par le normalizer standard.
|
||||
*/
|
||||
final class CategoryReferenceDenormalizer implements DenormalizerInterface
|
||||
{
|
||||
public function __construct(
|
||||
private readonly IriConverterInterface $iriConverter,
|
||||
) {}
|
||||
|
||||
public function denormalize(mixed $data, string $type, ?string $format = null, array $context = []): ?CategoryInterface
|
||||
{
|
||||
if (!is_string($data) || '' === $data) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// getResourceFromIri leve une exception sur IRI invalide -> 400, ce qui
|
||||
// est le comportement attendu pour une reference cassee.
|
||||
$resource = $this->iriConverter->getResourceFromIri($data);
|
||||
|
||||
// IRI syntaxiquement valide mais pointant sur une autre ressource (ex:
|
||||
// '/api/clients/5' la ou une categorie est attendue) : on refuse
|
||||
// explicitement plutot que de retourner null silencieusement, ce qui
|
||||
// perdrait la reference sans erreur. UnexpectedValueException -> 400.
|
||||
if (!$resource instanceof CategoryInterface) {
|
||||
throw new UnexpectedValueException(sprintf(
|
||||
'L\'IRI "%s" ne référence pas une catégorie.',
|
||||
$data,
|
||||
));
|
||||
}
|
||||
|
||||
return $resource;
|
||||
}
|
||||
|
||||
public function supportsDenormalization(mixed $data, string $type, ?string $format = null, array $context = []): bool
|
||||
{
|
||||
// Support base sur le seul type cible : l'ArrayDenormalizer (collection
|
||||
// `CategoryInterface[]`) interroge le support en passant le TABLEAU
|
||||
// complet comme $data avant de deleguer element par element. Tester
|
||||
// is_string($data) ici casserait donc la chaine pour les collections.
|
||||
return CategoryInterface::class === $type;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<class-string|string, bool>
|
||||
*/
|
||||
public function getSupportedTypes(?string $format): array
|
||||
{
|
||||
return [CategoryInterface::class => true];
|
||||
}
|
||||
}
|
||||
+65
@@ -0,0 +1,65 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\ApiPlatform\Serializer;
|
||||
|
||||
use ApiPlatform\State\SerializerContextBuilderInterface;
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
|
||||
use Symfony\Component\DependencyInjection\Attribute\AutowireDecorated;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
/**
|
||||
* Decore le context builder de serialisation d'API Platform pour ajouter
|
||||
* DYNAMIQUEMENT le groupe de lecture `client:read:accounting` sur les ressources
|
||||
* Client, uniquement si l'utilisateur courant a la permission
|
||||
* `commercial.clients.accounting.view` (cf. spec-back M1 § 2.7 / § 4.1 / § 4.2).
|
||||
*
|
||||
* Pourquoi un context builder et pas le Provider : un Provider retourne des
|
||||
* donnees mais ne peut pas influencer les groupes de serialisation. Le contexte
|
||||
* de normalisation est construit ici, en amont du serializer — c'est le point
|
||||
* d'extension idiomatique d'API Platform pour conditionner un groupe selon
|
||||
* l'utilisateur. Realise l'intention « ajout conditionnel du groupe accounting »
|
||||
* de la spec.
|
||||
*
|
||||
* S'applique aux operations de LECTURE (normalization) sur Client : liste ET
|
||||
* detail. Sans la permission, les champs comptables (siren, accountNumber,
|
||||
* tvaMode, nTva, paymentDelay, paymentType, bank) ne sont jamais serialises.
|
||||
*/
|
||||
#[AsDecorator('api_platform.serializer.context_builder')]
|
||||
final readonly class ClientReadGroupContextBuilder implements SerializerContextBuilderInterface
|
||||
{
|
||||
public function __construct(
|
||||
#[AutowireDecorated]
|
||||
private SerializerContextBuilderInterface $decorated,
|
||||
private Security $security,
|
||||
) {}
|
||||
|
||||
public function createFromRequest(Request $request, bool $normalization, ?array $extractedAttributes = null): array
|
||||
{
|
||||
$context = $this->decorated->createFromRequest($request, $normalization, $extractedAttributes);
|
||||
|
||||
// Uniquement en lecture, sur la ressource Client, avec la permission.
|
||||
if (!$normalization) {
|
||||
return $context;
|
||||
}
|
||||
|
||||
if (Client::class !== ($context['resource_class'] ?? null)) {
|
||||
return $context;
|
||||
}
|
||||
|
||||
if (!$this->security->isGranted('commercial.clients.accounting.view')) {
|
||||
return $context;
|
||||
}
|
||||
|
||||
$groups = $context['groups'] ?? [];
|
||||
if (!in_array('client:read:accounting', $groups, true)) {
|
||||
$groups[] = 'client:read:accounting';
|
||||
}
|
||||
$context['groups'] = $groups;
|
||||
|
||||
return $context;
|
||||
}
|
||||
}
|
||||
+71
@@ -0,0 +1,71 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\ApiPlatform\Serializer;
|
||||
|
||||
use ApiPlatform\Metadata\IriConverterInterface;
|
||||
use App\Shared\Domain\Contract\SiteInterface;
|
||||
use Symfony\Component\Serializer\Exception\UnexpectedValueException;
|
||||
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
|
||||
|
||||
/**
|
||||
* Denormalise un IRI (`/api/sites/{id}`) vers le Site concret quand la propriete
|
||||
* cible est type-hintee par le contrat SiteInterface (ClientAddress::$sites).
|
||||
*
|
||||
* Meme mecanisme que CategoryReferenceDenormalizer : API Platform deduit le type
|
||||
* d'element de collection depuis le phpdoc `@var Collection<int, SiteInterface>`,
|
||||
* donc l'INTERFACE. Le serializer ne sait pas denormaliser un IRI vers une
|
||||
* interface (« Could not denormalize object of type SiteInterface[] ») ; on
|
||||
* resout l'IRI via l'IriConverter (qui retourne le Site mappe a la route) sans
|
||||
* importer la classe Site du module Sites — la regle ABSOLUE n°1 (pas d'import
|
||||
* cross-module) reste respectee : dependance au seul contrat Shared + API Platform.
|
||||
*
|
||||
* En lecture (normalisation), aucun probleme : l'objet reel EST un Site,
|
||||
* ressource a part entiere, serialise en IRI par le normalizer standard.
|
||||
*/
|
||||
final class SiteReferenceDenormalizer implements DenormalizerInterface
|
||||
{
|
||||
public function __construct(
|
||||
private readonly IriConverterInterface $iriConverter,
|
||||
) {}
|
||||
|
||||
public function denormalize(mixed $data, string $type, ?string $format = null, array $context = []): ?SiteInterface
|
||||
{
|
||||
if (!is_string($data) || '' === $data) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// getResourceFromIri leve une exception sur IRI invalide -> 400, ce qui
|
||||
// est le comportement attendu pour une reference cassee.
|
||||
$resource = $this->iriConverter->getResourceFromIri($data);
|
||||
|
||||
// IRI syntaxiquement valide mais pointant sur une autre ressource : on
|
||||
// refuse explicitement plutot que de retourner null silencieusement.
|
||||
if (!$resource instanceof SiteInterface) {
|
||||
throw new UnexpectedValueException(sprintf(
|
||||
'L\'IRI "%s" ne référence pas un site.',
|
||||
$data,
|
||||
));
|
||||
}
|
||||
|
||||
return $resource;
|
||||
}
|
||||
|
||||
public function supportsDenormalization(mixed $data, string $type, ?string $format = null, array $context = []): bool
|
||||
{
|
||||
// Support base sur le seul type cible : l'ArrayDenormalizer (collection
|
||||
// `SiteInterface[]`) interroge le support en passant le TABLEAU complet
|
||||
// comme $data avant de deleguer element par element. Tester
|
||||
// is_string($data) ici casserait la chaine pour les collections.
|
||||
return SiteInterface::class === $type;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<class-string|string, bool>
|
||||
*/
|
||||
public function getSupportedTypes(?string $format): array
|
||||
{
|
||||
return [SiteInterface::class => true];
|
||||
}
|
||||
}
|
||||
+92
@@ -0,0 +1,92 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor;
|
||||
|
||||
use ApiPlatform\Metadata\DeleteOperationInterface;
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\ProcessorInterface;
|
||||
use App\Module\Commercial\Application\Service\ClientFieldNormalizer;
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use App\Module\Commercial\Domain\Entity\ClientAddress;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
||||
|
||||
/**
|
||||
* Processor d'ecriture de la sous-ressource Adresse d'un client (M1, § 4.5).
|
||||
*
|
||||
* Sequence :
|
||||
* - POST / PATCH : normalisation serveur du billingEmail en lowercase (RG-1.21)
|
||||
* via le ClientFieldNormalizer partage. Les autres regles de l'onglet Adresse
|
||||
* sont deja garanties en amont : RG-1.09 (code postal) et RG-1.10 (>= 1 site)
|
||||
* par des contraintes Assert sur l'entite, RG-1.06/07/08/11 par des CHECK BDD.
|
||||
* - DELETE : aucune regle metier specifique (suppression physique directe).
|
||||
*
|
||||
* La security de l'operation (commercial.clients.manage) est deja appliquee par
|
||||
* API Platform, de meme que la validation Symfony des contraintes d'attribut.
|
||||
*
|
||||
* @implements ProcessorInterface<ClientAddress, null|ClientAddress>
|
||||
*/
|
||||
final class ClientAddressProcessor implements ProcessorInterface
|
||||
{
|
||||
public function __construct(
|
||||
#[Autowire(service: 'api_platform.doctrine.orm.state.persist_processor')]
|
||||
private readonly ProcessorInterface $persistProcessor,
|
||||
#[Autowire(service: 'api_platform.doctrine.orm.state.remove_processor')]
|
||||
private readonly ProcessorInterface $removeProcessor,
|
||||
private readonly ClientFieldNormalizer $normalizer,
|
||||
private readonly EntityManagerInterface $em,
|
||||
) {}
|
||||
|
||||
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): mixed
|
||||
{
|
||||
if (!$data instanceof ClientAddress) {
|
||||
return $this->persistProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
if ($operation instanceof DeleteOperationInterface) {
|
||||
return $this->removeProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
$this->linkParent($data, $uriVariables);
|
||||
$this->normalize($data);
|
||||
|
||||
return $this->persistProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
/**
|
||||
* Rattache l'adresse au client parent de la sous-ressource POST
|
||||
* (/clients/{clientId}/addresses) : la relation n'est pas peuplee
|
||||
* automatiquement par le Link sur une ecriture. Sur PATCH, no-op.
|
||||
*/
|
||||
private function linkParent(ClientAddress $address, array $uriVariables): void
|
||||
{
|
||||
if (null !== $address->getClient()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$clientId = $uriVariables['clientId'] ?? null;
|
||||
if (null === $clientId) {
|
||||
return;
|
||||
}
|
||||
|
||||
$client = $clientId instanceof Client
|
||||
? $clientId
|
||||
: $this->em->getRepository(Client::class)->find($clientId);
|
||||
|
||||
if ($client instanceof Client) {
|
||||
$address->setClient($client);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Normalisation serveur (RG-1.21) : email de facturation en minuscules. La
|
||||
* methode est null-safe — une adresse non facturable (billingEmail null)
|
||||
* reste null.
|
||||
*/
|
||||
private function normalize(ClientAddress $address): void
|
||||
{
|
||||
$address->setBillingEmail($this->normalizer->normalizeEmail($address->getBillingEmail()));
|
||||
}
|
||||
}
|
||||
+151
@@ -0,0 +1,151 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor;
|
||||
|
||||
use ApiPlatform\Metadata\DeleteOperationInterface;
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\ProcessorInterface;
|
||||
use ApiPlatform\Validator\Exception\ValidationException;
|
||||
use App\Module\Commercial\Application\Service\ClientFieldNormalizer;
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use App\Module\Commercial\Domain\Entity\ClientContact;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
||||
use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
|
||||
use Symfony\Component\Validator\ConstraintViolation;
|
||||
use Symfony\Component\Validator\ConstraintViolationList;
|
||||
|
||||
/**
|
||||
* Processor d'ecriture de la sous-ressource Contact d'un client (M1, § 4.5).
|
||||
*
|
||||
* Sequence :
|
||||
* - POST / PATCH : normalisation serveur (RG-1.19 prenom/nom capitalize,
|
||||
* RG-1.20 telephones reduits aux chiffres, RG-1.21 email lowercase) via le
|
||||
* ClientFieldNormalizer partage (reutilise d'ERP-55), puis validation RG-1.05
|
||||
* (au moins prenom OU nom) avant persistance.
|
||||
* - DELETE : RG-1.14 — la suppression du DERNIER contact d'un client est
|
||||
* refusee (409). Au M1, la completude de l'onglet Contact est purement front
|
||||
* (pas de state machine back) : on garantit seulement qu'un client deja dote
|
||||
* d'un contact n'en soit jamais vide via l'API.
|
||||
*
|
||||
* La security de l'operation (commercial.clients.manage) est deja appliquee par
|
||||
* API Platform en amont. La validation Symfony des contraintes d'attribut
|
||||
* (Assert\Email, Assert\Length...) est jouee avant ce processor.
|
||||
*
|
||||
* @implements ProcessorInterface<ClientContact, null|ClientContact>
|
||||
*/
|
||||
final class ClientContactProcessor implements ProcessorInterface
|
||||
{
|
||||
public function __construct(
|
||||
#[Autowire(service: 'api_platform.doctrine.orm.state.persist_processor')]
|
||||
private readonly ProcessorInterface $persistProcessor,
|
||||
#[Autowire(service: 'api_platform.doctrine.orm.state.remove_processor')]
|
||||
private readonly ProcessorInterface $removeProcessor,
|
||||
private readonly ClientFieldNormalizer $normalizer,
|
||||
private readonly EntityManagerInterface $em,
|
||||
) {}
|
||||
|
||||
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): mixed
|
||||
{
|
||||
if (!$data instanceof ClientContact) {
|
||||
return $this->persistProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
if ($operation instanceof DeleteOperationInterface) {
|
||||
$this->guardLastContactDeletion($data);
|
||||
|
||||
return $this->removeProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
$this->linkParent($data, $uriVariables);
|
||||
$this->normalize($data);
|
||||
$this->validateName($data);
|
||||
|
||||
return $this->persistProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
/**
|
||||
* Rattache le contact au client parent de la sous-ressource POST
|
||||
* (/clients/{clientId}/contacts). La relation n'est pas peuplee
|
||||
* automatiquement par le Link sur une operation d'ecriture : on resout donc
|
||||
* le parent depuis l'uri variable. Sur PATCH (entite existante), le client
|
||||
* est deja present -> no-op.
|
||||
*/
|
||||
private function linkParent(ClientContact $contact, array $uriVariables): void
|
||||
{
|
||||
if (null !== $contact->getClient()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$clientId = $uriVariables['clientId'] ?? null;
|
||||
if (null === $clientId) {
|
||||
return;
|
||||
}
|
||||
|
||||
$client = $clientId instanceof Client
|
||||
? $clientId
|
||||
: $this->em->getRepository(Client::class)->find($clientId);
|
||||
|
||||
if ($client instanceof Client) {
|
||||
$contact->setClient($client);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Normalisation serveur (RG-1.19 / 1.20 / 1.21). Toutes les methodes du
|
||||
* normalizer sont null-safe : une chaine vide apres trim devient null.
|
||||
*/
|
||||
private function normalize(ClientContact $contact): void
|
||||
{
|
||||
$contact->setFirstName($this->normalizer->normalizePersonName($contact->getFirstName()));
|
||||
$contact->setLastName($this->normalizer->normalizePersonName($contact->getLastName()));
|
||||
$contact->setPhonePrimary($this->normalizer->normalizePhone($contact->getPhonePrimary()));
|
||||
$contact->setPhoneSecondary($this->normalizer->normalizePhone($contact->getPhoneSecondary()));
|
||||
$contact->setEmail($this->normalizer->normalizeEmail($contact->getEmail()));
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.05 : au moins le prenom OU le nom est obligatoire (double garde avec
|
||||
* le CHECK BDD chk_client_contact_name — leve un 422 propre plutot qu'une
|
||||
* erreur SQL). Joue apres normalisation, donc les chaines vides sont deja
|
||||
* ramenees a null.
|
||||
*/
|
||||
private function validateName(ClientContact $contact): void
|
||||
{
|
||||
if (null === $contact->getFirstName() && null === $contact->getLastName()) {
|
||||
$violations = new ConstraintViolationList();
|
||||
$violations->add(new ConstraintViolation(
|
||||
'Le prénom ou le nom du contact est obligatoire.',
|
||||
null,
|
||||
[],
|
||||
$contact,
|
||||
'firstName',
|
||||
null,
|
||||
));
|
||||
|
||||
throw new ValidationException($violations);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.14 : refuse la suppression du dernier contact d'un client (409). La
|
||||
* collection inclut le contact en cours de suppression : un effectif <= 1
|
||||
* signifie qu'il ne resterait aucun contact. Sans client rattache (cas
|
||||
* theorique), on laisse passer.
|
||||
*/
|
||||
private function guardLastContactDeletion(ClientContact $contact): void
|
||||
{
|
||||
$client = $contact->getClient();
|
||||
if (null === $client) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ($client->getContacts()->count() <= 1) {
|
||||
throw new ConflictHttpException(
|
||||
'Impossible de supprimer le dernier contact du client : au moins un contact est requis.',
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,638 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor;
|
||||
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\ProcessorInterface;
|
||||
use ApiPlatform\Validator\Exception\ValidationException;
|
||||
use App\Module\Commercial\Application\Service\ClientFieldNormalizer;
|
||||
use App\Module\Commercial\Application\Validator\ClientInformationCompletenessValidator;
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use App\Shared\Domain\Contract\BusinessRoleAwareInterface;
|
||||
use App\Shared\Domain\Contract\CategoryInterface;
|
||||
use App\Shared\Domain\Security\BusinessRoles;
|
||||
use DateTimeImmutable;
|
||||
use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Doctrine\ORM\PersistentCollection;
|
||||
use JsonException;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
||||
use Symfony\Component\HttpFoundation\RequestStack;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException;
|
||||
use Symfony\Component\Validator\ConstraintViolation;
|
||||
use Symfony\Component\Validator\ConstraintViolationList;
|
||||
|
||||
/**
|
||||
* Processor d'ecriture du repertoire clients (M1). Cf. spec-back M1 § 2.8 /
|
||||
* § 2.9 / § 4.3 / § 4.4 + RG-1.01 a RG-1.28.
|
||||
*
|
||||
* Sequence (POST / PATCH) :
|
||||
* 1. Autorisation additionnelle par groupe d'onglet. La security d'operation
|
||||
* du PATCH a ete elargie (ERP-74) a `manage` OU `accounting.manage` pour
|
||||
* laisser entrer le role Compta ; ce processor re-gate alors finement :
|
||||
* - champ comptable modifie dans le payload -> exige accounting.manage (RG-1.28, 403) ;
|
||||
* - champ main/information modifie -> exige manage (guardManage, 403) : empeche
|
||||
* Compta d'editer un autre onglet que la Comptabilite (§ 2.7) ;
|
||||
* - champ isArchived dans le payload -> exige archive (RG-1.22, 403) et
|
||||
* interdit toute autre modification dans la meme requete (RG-1.22, 422).
|
||||
* 2. Normalisation serveur (RG-1.18 a 1.21) via ClientFieldNormalizer.
|
||||
* 3. Regles metier : RG-1.01 (prenom/nom), RG-1.03 (distributor/broker
|
||||
* exclusifs + type de categorie), RG-1.12 (Virement -> banque),
|
||||
* RG-1.13 (LCR -> >= 1 RIB), RG-1.04 (completude Information exigee sur POST
|
||||
* et tout PATCH pour le role Commerciale).
|
||||
* 4. Pose / retrait de archivedAt (RG-1.22 true=now, RG-1.23 false=null).
|
||||
* 5. Persistance via le persist_processor Doctrine, avec traduction des
|
||||
* collisions d'unicite en 409 (RG-1.16 doublon de nom ; RG-1.23 conflit de
|
||||
* restauration).
|
||||
*
|
||||
* Note : la validation Symfony (Assert\NotBlank, Assert\Email, Assert\Count sur
|
||||
* categories...) est jouee par API Platform AVANT ce processor ; on n'y traite
|
||||
* donc que les regles non exprimables en simples contraintes d'attribut.
|
||||
*
|
||||
* @implements ProcessorInterface<Client, Client>
|
||||
*/
|
||||
final class ClientProcessor implements ProcessorInterface
|
||||
{
|
||||
/** Champs de l'onglet principal (groupe client:write:main). */
|
||||
private const array MAIN_FIELDS = [
|
||||
'companyName', 'firstName', 'lastName', 'phonePrimary', 'phoneSecondary',
|
||||
'email', 'distributor', 'broker', 'triageService', 'categories',
|
||||
];
|
||||
|
||||
/** Champs de l'onglet Information (groupe client:write:information). */
|
||||
private const array INFORMATION_FIELDS = [
|
||||
'description', 'competitors', 'foundedAt', 'employeesCount',
|
||||
'revenueAmount', 'directorName', 'profitAmount',
|
||||
];
|
||||
|
||||
/** Champs de l'onglet Comptabilite (groupe client:write:accounting). */
|
||||
private const array ACCOUNTING_FIELDS = [
|
||||
'siren', 'accountNumber', 'tvaMode', 'nTva', 'paymentDelay',
|
||||
'paymentType', 'bank',
|
||||
];
|
||||
|
||||
/** Champ d'archivage (groupe client:write:archive). */
|
||||
private const string ARCHIVE_FIELD = 'isArchived';
|
||||
|
||||
private const string PERM_MANAGE = 'commercial.clients.manage';
|
||||
private const string PERM_ACCOUNTING_MANAGE = 'commercial.clients.accounting.manage';
|
||||
private const string PERM_ARCHIVE = 'commercial.clients.archive';
|
||||
|
||||
/**
|
||||
* Memoisation du dernier corps de requete decode, clos par le contenu brut.
|
||||
* payloadKeys() est appele plusieurs fois par requete (writablePayloadKeys,
|
||||
* categoriesChanged...) : on evite de rejouer json_decode a chaque appel. La
|
||||
* cle etant le contenu lui-meme et le calcul une fonction pure de ce contenu,
|
||||
* aucune fuite n'est possible entre requetes sur ce service partage (un meme
|
||||
* corps redonne les memes cles).
|
||||
*/
|
||||
private ?string $decodedContent = null;
|
||||
|
||||
/** @var list<string> Cles de premier niveau correspondant au corps memoise. */
|
||||
private array $decodedPayloadKeys = [];
|
||||
|
||||
public function __construct(
|
||||
#[Autowire(service: 'api_platform.doctrine.orm.state.persist_processor')]
|
||||
private readonly ProcessorInterface $persistProcessor,
|
||||
private readonly ClientFieldNormalizer $normalizer,
|
||||
private readonly ClientInformationCompletenessValidator $informationValidator,
|
||||
private readonly Security $security,
|
||||
private readonly RequestStack $requestStack,
|
||||
private readonly EntityManagerInterface $em,
|
||||
) {}
|
||||
|
||||
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): mixed
|
||||
{
|
||||
if (!$data instanceof Client) {
|
||||
return $this->persistProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
$writableKeys = $this->writablePayloadKeys();
|
||||
|
||||
$isArchiveRequest = $this->guardArchive($data, $writableKeys);
|
||||
$this->guardAccounting($data);
|
||||
|
||||
$this->normalize($data);
|
||||
|
||||
// guardManage apres normalize : la comparaison « change vs etat
|
||||
// persiste » des champs texte (companyName, email...) se fait sur des
|
||||
// valeurs normalisees des deux cotes (l'etat persiste l'a deja ete).
|
||||
$this->guardManage($data);
|
||||
|
||||
$this->validateMainContact($data);
|
||||
$this->validateDistributorBroker($data);
|
||||
$this->validateAccountingConsistency($data);
|
||||
$this->validateInformationCompleteness($data);
|
||||
|
||||
try {
|
||||
return $this->persistProcessor->process($data, $operation, $uriVariables, $context);
|
||||
} catch (UniqueConstraintViolationException $e) {
|
||||
// Le seul index unique partiel est uq_client_company_name_active
|
||||
// (LOWER(company_name) parmi non-archives/non-deletes — decision Q4).
|
||||
if ($isArchiveRequest && false === $data->isArchived()) {
|
||||
// RG-1.23 : restauration en conflit avec un homonyme actif.
|
||||
throw new ConflictHttpException(
|
||||
'Restauration impossible : un autre client a pris le nom entre-temps.',
|
||||
$e,
|
||||
);
|
||||
}
|
||||
|
||||
// RG-1.16 : doublon de nom de societe.
|
||||
throw new ConflictHttpException(
|
||||
sprintf('Un client nommé "%s" existe déjà.', (string) $data->getCompanyName()),
|
||||
$e,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.22 / RG-1.23 : si le payload bascule reellement isArchived, exige la
|
||||
* permission archive (403), interdit toute autre modification (422) et
|
||||
* pose/retire archivedAt. Retourne true si la requete est une requete
|
||||
* d'archivage.
|
||||
*
|
||||
* Le gating est restreint a la mise a jour d'un client existant ET au seul
|
||||
* cas ou isArchived change vraiment : un POST (entite non encore geree par
|
||||
* l'ORM) ou un PATCH « representation complete » renvoyant isArchived
|
||||
* inchange ne doit declencher ni 403 ni 422 parasite.
|
||||
*
|
||||
* @param list<string> $writableKeys cles ecrivables du payload (hors @* et champs inconnus)
|
||||
*/
|
||||
private function guardArchive(Client $data, array $writableKeys): bool
|
||||
{
|
||||
// POST / entite non geree : l'archivage est une action de mise a jour.
|
||||
if (!$this->em->contains($data)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// isArchived inchange par rapport a l'etat persiste : pas une requete
|
||||
// d'archivage (cas du PATCH representation complete).
|
||||
if (!$this->fieldChanged($data, 'isArchived', $data->isArchived())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!$this->security->isGranted(self::PERM_ARCHIVE)) {
|
||||
throw new AccessDeniedHttpException(sprintf(
|
||||
'Le champ "%s" requiert la permission "%s".',
|
||||
self::ARCHIVE_FIELD,
|
||||
self::PERM_ARCHIVE,
|
||||
));
|
||||
}
|
||||
|
||||
// RG-1.22 : une requete d'archivage ne modifie aucun autre champ ecrivable.
|
||||
if ([] !== array_diff($writableKeys, [self::ARCHIVE_FIELD])) {
|
||||
throw new UnprocessableEntityHttpException(
|
||||
'Une requête d\'archivage ne peut modifier aucun autre champ que "isArchived".',
|
||||
);
|
||||
}
|
||||
|
||||
// RG-1.22 (true -> now) / RG-1.23 (false -> null).
|
||||
$data->setArchivedAt($data->isArchived() ? new DateTimeImmutable() : null);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.28 : la modification effective d'un champ comptable exige
|
||||
* accounting.manage, sinon 403 sur l'ensemble du payload (mode strict, pas
|
||||
* de filtrage silencieux). On ne gate que si un champ change reellement par
|
||||
* rapport a l'etat persiste : un POST/PATCH renvoyant des champs comptables
|
||||
* inchanges (ou null en creation) ne declenche pas de 403 parasite. Le
|
||||
* message precise le premier champ fautif.
|
||||
*/
|
||||
private function guardAccounting(Client $data): void
|
||||
{
|
||||
$changed = $this->changedAccountingFields($data);
|
||||
|
||||
if ([] === $changed) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$this->security->isGranted(self::PERM_ACCOUNTING_MANAGE)) {
|
||||
throw new AccessDeniedHttpException(sprintf(
|
||||
'Le champ "%s" requiert la permission "%s".',
|
||||
$changed[0],
|
||||
self::PERM_ACCOUNTING_MANAGE,
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* § 2.7 / RG-1.28 (ERP-74) : la modification effective d'un champ « metier »
|
||||
* (onglets principal ou Information) exige `commercial.clients.manage`. Sans
|
||||
* cette permission -> 403 sur l'ensemble du payload (mode strict, miroir de
|
||||
* guardAccounting). C'est ce qui empeche le role Compta — qui entre dans le
|
||||
* PATCH via `accounting.manage` (security d'operation elargie) — d'editer
|
||||
* autre chose que l'onglet Comptabilite.
|
||||
*
|
||||
* Ne s'applique qu'aux mises a jour (entite geree) : la creation (POST) est
|
||||
* deja gardee par la security d'operation `manage`, donc inutile de la
|
||||
* re-gater ici (et un POST par un porteur de `manage` passerait de toute
|
||||
* facon).
|
||||
*/
|
||||
private function guardManage(Client $data): void
|
||||
{
|
||||
if (!$this->em->contains($data)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$changed = $this->changedBusinessFields($data);
|
||||
|
||||
if ([] === $changed) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!$this->security->isGranted(self::PERM_MANAGE)) {
|
||||
throw new AccessDeniedHttpException(sprintf(
|
||||
'Le champ "%s" requiert la permission "%s".',
|
||||
$changed[0],
|
||||
self::PERM_MANAGE,
|
||||
));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Champs « metier » (onglets principal + Information, hors comptabilite et
|
||||
* archivage) dont la valeur courante differe de l'etat persiste. Memes
|
||||
* regles de comparaison que changedAccountingFields (scalaires par valeur,
|
||||
* relations ManyToOne distributor/broker par identite via l'identity map).
|
||||
*
|
||||
* Cas particulier `categories` (M2M) : non trace par getOriginalEntityData,
|
||||
* compare par valeur via le snapshot de la PersistentCollection (cf.
|
||||
* categoriesChanged) — la simple presence dans le payload ne suffit pas, sous
|
||||
* peine de 403 parasite sur un PATCH representation complete reincluant des
|
||||
* categories inchangees.
|
||||
*
|
||||
* @return list<string>
|
||||
*/
|
||||
private function changedBusinessFields(Client $data): array
|
||||
{
|
||||
$newValues = [
|
||||
'companyName' => $data->getCompanyName(),
|
||||
'firstName' => $data->getFirstName(),
|
||||
'lastName' => $data->getLastName(),
|
||||
'phonePrimary' => $data->getPhonePrimary(),
|
||||
'phoneSecondary' => $data->getPhoneSecondary(),
|
||||
'email' => $data->getEmail(),
|
||||
'distributor' => $data->getDistributor(),
|
||||
'broker' => $data->getBroker(),
|
||||
'triageService' => $data->isTriageService(),
|
||||
'description' => $data->getDescription(),
|
||||
'competitors' => $data->getCompetitors(),
|
||||
'foundedAt' => $data->getFoundedAt(),
|
||||
'employeesCount' => $data->getEmployeesCount(),
|
||||
'revenueAmount' => $data->getRevenueAmount(),
|
||||
'directorName' => $data->getDirectorName(),
|
||||
'profitAmount' => $data->getProfitAmount(),
|
||||
];
|
||||
|
||||
$changed = [];
|
||||
foreach ($newValues as $field => $newValue) {
|
||||
if ($this->fieldChanged($data, $field, $newValue)) {
|
||||
$changed[] = $field;
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->categoriesChanged($data)) {
|
||||
$changed[] = 'categories';
|
||||
}
|
||||
|
||||
return $changed;
|
||||
}
|
||||
|
||||
/**
|
||||
* Vrai si l'ensemble des categories (M2M) differe reellement de l'etat
|
||||
* persiste. La collection n'etant pas tracee par getOriginalEntityData, on
|
||||
* compare par identifiants (independamment de l'ordre) le snapshot de la
|
||||
* PersistentCollection (etat charge depuis la base) a l'etat courant (apres
|
||||
* application du payload). Symetrique de changedAccountingFields : seul un
|
||||
* changement effectif compte, pas la simple presence dans le payload.
|
||||
*
|
||||
* - POST / entite non geree : fournir des categories est un acte metier
|
||||
* (comportement historique conserve) — branche defensive, guardManage ne
|
||||
* s'execute de toute facon que sur entite geree.
|
||||
* - categories absent du payload (PATCH partiel) : aucun changement.
|
||||
*/
|
||||
private function categoriesChanged(Client $data): bool
|
||||
{
|
||||
if (!$this->em->contains($data)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!in_array('categories', $this->payloadKeys(), true)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$collection = $data->getCategories();
|
||||
|
||||
// Hors PersistentCollection (cas limite hors flux PATCH reel) : faute
|
||||
// d'etat persiste comparable, on se rabat sur la presence payload.
|
||||
if (!$collection instanceof PersistentCollection) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return $this->categoryIdSet($collection->toArray())
|
||||
!== $this->categoryIdSet($collection->getSnapshot());
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensemble trie des identifiants d'une liste de categories — pour une
|
||||
* comparaison par valeur independante de l'ordre.
|
||||
*
|
||||
* @param array<int, object> $categories
|
||||
*
|
||||
* @return list<mixed>
|
||||
*/
|
||||
private function categoryIdSet(array $categories): array
|
||||
{
|
||||
$ids = array_map(
|
||||
static fn (object $category): mixed => method_exists($category, 'getId')
|
||||
? $category->getId()
|
||||
: spl_object_id($category),
|
||||
array_values($categories),
|
||||
);
|
||||
sort($ids);
|
||||
|
||||
return $ids;
|
||||
}
|
||||
|
||||
/**
|
||||
* Champs comptables dont la valeur courante differe de l'etat persiste. Les
|
||||
* relations (tvaMode, paymentDelay, paymentType, bank) sont comparees par
|
||||
* identite d'objet : l'identity map Doctrine renvoie la meme instance tant
|
||||
* que la reference est inchangee.
|
||||
*
|
||||
* @return list<string>
|
||||
*/
|
||||
private function changedAccountingFields(Client $data): array
|
||||
{
|
||||
$changed = [];
|
||||
|
||||
foreach (self::ACCOUNTING_FIELDS as $field) {
|
||||
$newValue = match ($field) {
|
||||
'siren' => $data->getSiren(),
|
||||
'accountNumber' => $data->getAccountNumber(),
|
||||
'tvaMode' => $data->getTvaMode(),
|
||||
'nTva' => $data->getNTva(),
|
||||
'paymentDelay' => $data->getPaymentDelay(),
|
||||
'paymentType' => $data->getPaymentType(),
|
||||
'bank' => $data->getBank(),
|
||||
};
|
||||
|
||||
if ($this->fieldChanged($data, $field, $newValue)) {
|
||||
$changed[] = $field;
|
||||
}
|
||||
}
|
||||
|
||||
return $changed;
|
||||
}
|
||||
|
||||
/**
|
||||
* Vrai si la valeur courante d'un champ differe de l'etat persiste. Pour une
|
||||
* entite non geree (creation/POST), l'etat persiste est vide : toute valeur
|
||||
* non-null est alors un changement.
|
||||
*/
|
||||
private function fieldChanged(Client $data, string $field, mixed $newValue): bool
|
||||
{
|
||||
$original = $this->originalData($data);
|
||||
|
||||
return $newValue !== ($original[$field] ?? null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Snapshot des valeurs persistees de l'entite (telles que chargees, avant
|
||||
* application du payload). Vide pour une entite non geree (POST).
|
||||
*
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function originalData(Client $data): array
|
||||
{
|
||||
if (!$this->em->contains($data)) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return $this->em->getUnitOfWork()->getOriginalEntityData($data);
|
||||
}
|
||||
|
||||
/**
|
||||
* Normalisation serveur (RG-1.18 a 1.21). Les setters non-nullables
|
||||
* (companyName, email, phonePrimary) ne sont touches que si une valeur est
|
||||
* presente, pour ne jamais ecraser l'existant lors d'un PATCH partiel.
|
||||
*/
|
||||
private function normalize(Client $data): void
|
||||
{
|
||||
if (null !== $data->getCompanyName()) {
|
||||
$data->setCompanyName((string) $this->normalizer->normalizeCompanyName($data->getCompanyName()));
|
||||
}
|
||||
if (null !== $data->getEmail()) {
|
||||
$data->setEmail((string) $this->normalizer->normalizeEmail($data->getEmail()));
|
||||
}
|
||||
if (null !== $data->getPhonePrimary()) {
|
||||
$data->setPhonePrimary((string) $this->normalizer->normalizePhone($data->getPhonePrimary()));
|
||||
}
|
||||
|
||||
$data->setFirstName($this->normalizer->normalizePersonName($data->getFirstName()));
|
||||
$data->setLastName($this->normalizer->normalizePersonName($data->getLastName()));
|
||||
$data->setPhoneSecondary($this->normalizer->normalizePhone($data->getPhoneSecondary()));
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.01 : au moins le prenom OU le nom du contact principal.
|
||||
*/
|
||||
private function validateMainContact(Client $data): void
|
||||
{
|
||||
if (null === $data->getFirstName() && null === $data->getLastName()) {
|
||||
$this->throwViolation(
|
||||
'firstName',
|
||||
'Le prénom ou le nom du contact principal est obligatoire.',
|
||||
$data,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.03 : distributor et broker mutuellement exclusifs ; un distributor
|
||||
* doit referencer un client de categorie DISTRIBUTEUR (idem broker ->
|
||||
* COURTIER).
|
||||
*/
|
||||
private function validateDistributorBroker(Client $data): void
|
||||
{
|
||||
$distributor = $data->getDistributor();
|
||||
$broker = $data->getBroker();
|
||||
|
||||
if (null !== $distributor && null !== $broker) {
|
||||
$this->throwViolation(
|
||||
'distributor',
|
||||
'Un client ne peut pas être rattaché à la fois à un distributeur et à un courtier.',
|
||||
$data,
|
||||
);
|
||||
}
|
||||
|
||||
if (null !== $distributor && !$this->hasCategoryType($distributor, 'DISTRIBUTEUR')) {
|
||||
$this->throwViolation(
|
||||
'distributor',
|
||||
'Le distributeur référencé doit être un client de catégorie DISTRIBUTEUR.',
|
||||
$data,
|
||||
);
|
||||
}
|
||||
|
||||
if (null !== $broker && !$this->hasCategoryType($broker, 'COURTIER')) {
|
||||
$this->throwViolation(
|
||||
'broker',
|
||||
'Le courtier référencé doit être un client de catégorie COURTIER.',
|
||||
$data,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.12 : Virement -> banque obligatoire. RG-1.13 : LCR -> au moins un RIB.
|
||||
*/
|
||||
private function validateAccountingConsistency(Client $data): void
|
||||
{
|
||||
$paymentCode = $data->getPaymentType()?->getCode();
|
||||
|
||||
if ('VIREMENT' === $paymentCode && null === $data->getBank()) {
|
||||
$this->throwViolation(
|
||||
'bank',
|
||||
'La banque est obligatoire pour le type de règlement Virement.',
|
||||
$data,
|
||||
);
|
||||
}
|
||||
|
||||
if ('LCR' === $paymentCode && $data->getRibs()->isEmpty()) {
|
||||
$this->throwViolation(
|
||||
'paymentType',
|
||||
'Au moins un RIB est obligatoire pour le type de règlement LCR.',
|
||||
$data,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.04 (durcie ERP-74) : si l'utilisateur porte le role metier
|
||||
* Commerciale, TOUS les champs de l'onglet Information sont obligatoires sur
|
||||
* POST comme sur TOUT PATCH — independamment des champs reellement envoyes
|
||||
* (plus de condition d'intersection avec INFORMATION_FIELDS). Garantit qu'un
|
||||
* client cree/edite par une Commerciale ne reste jamais avec un onglet
|
||||
* Information incomplet.
|
||||
*/
|
||||
private function validateInformationCompleteness(Client $data): void
|
||||
{
|
||||
if ($this->currentUserIsCommerciale()) {
|
||||
$this->informationValidator->validate($data);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Vrai si au moins une categorie du client porte le type donne. S'appuie
|
||||
* sur CategoryInterface::getCategoryTypeCode() (pas d'import de Category).
|
||||
*/
|
||||
private function hasCategoryType(Client $client, string $typeCode): bool
|
||||
{
|
||||
foreach ($client->getCategories() as $category) {
|
||||
if ($category instanceof CategoryInterface && $category->getCategoryTypeCode() === $typeCode) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private function currentUserIsCommerciale(): bool
|
||||
{
|
||||
$user = $this->security->getUser();
|
||||
|
||||
return $user instanceof BusinessRoleAwareInterface
|
||||
&& $user->hasBusinessRole(BusinessRoles::COMMERCIALE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Cles ecrivables effectivement presentes dans le payload : on retire les
|
||||
* cles JSON-LD (@id, @context, @var...) et tout champ non rattache a un
|
||||
* groupe d'ecriture connu. C'est la base du 422 d'archivage (RG-1.22) et du
|
||||
* declenchement conditionnel de RG-1.04 — sans elles, un PATCH
|
||||
* « representation complete » porteur de @id ferait croire a une
|
||||
* modification multi-onglets.
|
||||
*
|
||||
* @return list<string>
|
||||
*/
|
||||
private function writablePayloadKeys(): array
|
||||
{
|
||||
$writable = array_merge(
|
||||
self::MAIN_FIELDS,
|
||||
self::INFORMATION_FIELDS,
|
||||
self::ACCOUNTING_FIELDS,
|
||||
[self::ARCHIVE_FIELD],
|
||||
);
|
||||
|
||||
return array_values(array_intersect($this->payloadKeys(), $writable));
|
||||
}
|
||||
|
||||
/**
|
||||
* Cles de premier niveau effectivement envoyees par le client (payload JSON
|
||||
* brut), filtrage compris. Pour un PATCH merge-patch+json, ce sont les seuls
|
||||
* champs modifies.
|
||||
*
|
||||
* @return list<string>
|
||||
*/
|
||||
private function payloadKeys(): array
|
||||
{
|
||||
$request = $this->requestStack->getCurrentRequest();
|
||||
if (null === $request) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$content = $request->getContent();
|
||||
|
||||
// Cache hit : meme corps brut que le dernier decodage -> memes cles.
|
||||
if ($content === $this->decodedContent) {
|
||||
return $this->decodedPayloadKeys;
|
||||
}
|
||||
|
||||
$this->decodedContent = $content;
|
||||
$this->decodedPayloadKeys = $this->extractPayloadKeys($content);
|
||||
|
||||
return $this->decodedPayloadKeys;
|
||||
}
|
||||
|
||||
/**
|
||||
* Decode le corps brut et en extrait les cles de premier niveau (chaines).
|
||||
* Corps vide ou JSON invalide -> aucune cle.
|
||||
*
|
||||
* @return list<string>
|
||||
*/
|
||||
private function extractPayloadKeys(string $content): array
|
||||
{
|
||||
if ('' === $content) {
|
||||
return [];
|
||||
}
|
||||
|
||||
try {
|
||||
$decoded = json_decode($content, true, 512, JSON_THROW_ON_ERROR);
|
||||
} catch (JsonException) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return is_array($decoded) ? array_values(array_filter(array_keys($decoded), 'is_string')) : [];
|
||||
}
|
||||
|
||||
/**
|
||||
* Leve une ValidationException (HTTP 422) portant une violation unique sur
|
||||
* la propriete visee — meme rendu Hydra que les contraintes Symfony.
|
||||
*
|
||||
* @return never
|
||||
*/
|
||||
private function throwViolation(string $property, string $message, Client $root): void
|
||||
{
|
||||
$violations = new ConstraintViolationList();
|
||||
$violations->add(new ConstraintViolation($message, null, [], $root, $property, null));
|
||||
|
||||
throw new ValidationException($violations);
|
||||
}
|
||||
}
|
||||
+104
@@ -0,0 +1,104 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor;
|
||||
|
||||
use ApiPlatform\Metadata\DeleteOperationInterface;
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\ProcessorInterface;
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use App\Module\Commercial\Domain\Entity\ClientRib;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
||||
use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
|
||||
|
||||
/**
|
||||
* Processor d'ecriture de la sous-ressource RIB d'un client (M1, § 4.5).
|
||||
*
|
||||
* Sequence :
|
||||
* - POST / PATCH : aucune normalisation specifique. La validite de l'IBAN et du
|
||||
* BIC est garantie par Assert\Iban / Assert\Bic sur l'entite (jouees en amont
|
||||
* par API Platform). Aucun #[AuditIgnore] sur iban/bic : la tracabilite
|
||||
* comptable est volontaire (decision Matthieu 29/05, spec § 6.1).
|
||||
* - DELETE : RG-1.13 — si le client est en reglement LCR, la suppression de son
|
||||
* DERNIER RIB est refusee (409), car LCR exige au moins un RIB.
|
||||
*
|
||||
* La security de l'operation (commercial.clients.accounting.manage) est deja
|
||||
* appliquee par API Platform en amont : un utilisateur sans cette permission
|
||||
* recoit 403 sur POST/PATCH/DELETE avant d'atteindre ce processor.
|
||||
*
|
||||
* @implements ProcessorInterface<ClientRib, null|ClientRib>
|
||||
*/
|
||||
final class ClientRibProcessor implements ProcessorInterface
|
||||
{
|
||||
public function __construct(
|
||||
#[Autowire(service: 'api_platform.doctrine.orm.state.persist_processor')]
|
||||
private readonly ProcessorInterface $persistProcessor,
|
||||
#[Autowire(service: 'api_platform.doctrine.orm.state.remove_processor')]
|
||||
private readonly ProcessorInterface $removeProcessor,
|
||||
private readonly EntityManagerInterface $em,
|
||||
) {}
|
||||
|
||||
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): mixed
|
||||
{
|
||||
if (!$data instanceof ClientRib) {
|
||||
return $this->persistProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
if ($operation instanceof DeleteOperationInterface) {
|
||||
$this->guardLastRibDeletionUnderLcr($data);
|
||||
|
||||
return $this->removeProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
$this->linkParent($data, $uriVariables);
|
||||
|
||||
return $this->persistProcessor->process($data, $operation, $uriVariables, $context);
|
||||
}
|
||||
|
||||
/**
|
||||
* Rattache le RIB au client parent de la sous-ressource POST
|
||||
* (/clients/{clientId}/ribs) : la relation n'est pas peuplee automatiquement
|
||||
* par le Link sur une ecriture. Sur PATCH, no-op.
|
||||
*/
|
||||
private function linkParent(ClientRib $rib, array $uriVariables): void
|
||||
{
|
||||
if (null !== $rib->getClient()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$clientId = $uriVariables['clientId'] ?? null;
|
||||
if (null === $clientId) {
|
||||
return;
|
||||
}
|
||||
|
||||
$client = $clientId instanceof Client
|
||||
? $clientId
|
||||
: $this->em->getRepository(Client::class)->find($clientId);
|
||||
|
||||
if ($client instanceof Client) {
|
||||
$rib->setClient($client);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.13 : un client dont le type de reglement est LCR doit conserver au
|
||||
* moins un RIB. La collection inclut le RIB en cours de suppression : un
|
||||
* effectif <= 1 signifie qu'il ne resterait aucun RIB -> 409. Pour tout autre
|
||||
* type de reglement, les RIBs sont optionnels (suppression libre).
|
||||
*/
|
||||
private function guardLastRibDeletionUnderLcr(ClientRib $rib): void
|
||||
{
|
||||
$client = $rib->getClient();
|
||||
if (null === $client) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ('LCR' === $client->getPaymentType()?->getCode() && $client->getRibs()->count() <= 1) {
|
||||
throw new ConflictHttpException(
|
||||
'Impossible de supprimer le dernier RIB : le type de règlement LCR exige au moins un RIB.',
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,130 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\ApiPlatform\State\Provider;
|
||||
|
||||
use ApiPlatform\Doctrine\Orm\Paginator;
|
||||
use ApiPlatform\Metadata\CollectionOperationInterface;
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\Pagination\Pagination;
|
||||
use ApiPlatform\State\ProviderInterface;
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use App\Module\Commercial\Domain\Repository\ClientRepositoryInterface;
|
||||
use Doctrine\ORM\Tools\Pagination\Paginator as DoctrinePaginator;
|
||||
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
||||
|
||||
/**
|
||||
* Provider du repertoire clients (M1). Cf. spec-back M1 § 4.1 / § 4.2.
|
||||
*
|
||||
* Collection (GET /api/clients) :
|
||||
* - exclut par defaut les archives (is_archived = true) ET les soft-deletes
|
||||
* (deleted_at IS NOT NULL) — RG-1.24 ;
|
||||
* - ?includeArchived=true reintegre les archives (les soft-deletes restent
|
||||
* exclus au M1) — RG-1.25 ;
|
||||
* - tri par defaut companyName ASC — RG-1.26 ;
|
||||
* - filtres ?search=... (fuzzy companyName + lastName + email) et
|
||||
* ?categoryType=<code> (clients ayant >= 1 categorie de ce type) ;
|
||||
* - pagination obligatoire (convention Starseed ERP-72) : Paginator ORM ;
|
||||
* echappatoire ?pagination=false pour alimenter un <select> sans pagination.
|
||||
*
|
||||
* Item (GET /api/clients/{id} + provider de PATCH) :
|
||||
* - 404 si introuvable OU soft-delete (deleted_at non null, jamais expose au
|
||||
* M1) ; les archives restent consultables/restaurables en detail.
|
||||
*
|
||||
* Le filtrage des champs comptables en lecture (groupe client:read:accounting)
|
||||
* n'est PAS fait ici mais dans ClientReadGroupContextBuilder (le provider ne
|
||||
* peut pas influencer les groupes de serialisation).
|
||||
*
|
||||
* @implements ProviderInterface<Client>
|
||||
*/
|
||||
final class ClientProvider implements ProviderInterface
|
||||
{
|
||||
public function __construct(
|
||||
#[Autowire(service: 'App\Module\Commercial\Infrastructure\Doctrine\DoctrineClientRepository')]
|
||||
private readonly ClientRepositoryInterface $repository,
|
||||
private readonly Pagination $pagination,
|
||||
) {}
|
||||
|
||||
public function provide(Operation $operation, array $uriVariables = [], array $context = []): Client|iterable|Paginator|null
|
||||
{
|
||||
if ($operation instanceof CollectionOperationInterface) {
|
||||
return $this->provideCollection($operation, $context);
|
||||
}
|
||||
|
||||
return $this->provideItem($uriVariables);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $context
|
||||
*
|
||||
* @return list<Client>|Paginator<Client>
|
||||
*/
|
||||
private function provideCollection(Operation $operation, array $context): array|Paginator
|
||||
{
|
||||
$filters = $context['filters'] ?? [];
|
||||
$includeArchived = $this->readBool($filters['includeArchived'] ?? false);
|
||||
$search = $filters['search'] ?? null;
|
||||
$categoryType = $filters['categoryType'] ?? null;
|
||||
|
||||
// Filtrage delegue au repository (logique partagee avec l'export XLSX).
|
||||
$qb = $this->repository->createListQueryBuilder(
|
||||
$includeArchived,
|
||||
is_string($search) ? $search : null,
|
||||
is_string($categoryType) ? $categoryType : null,
|
||||
);
|
||||
|
||||
// Echappatoire ?pagination=false : collection complete sans Paginator
|
||||
// (cf. convention ERP-72 — utile pour un <select> cote front).
|
||||
if (!$this->pagination->isEnabled($operation, $context)) {
|
||||
// @var list<Client> $result
|
||||
return $qb->getQuery()->getResult();
|
||||
}
|
||||
|
||||
$limit = $this->pagination->getLimit($operation, $context);
|
||||
$page = max(1, $this->pagination->getPage($context));
|
||||
$offset = ($page - 1) * $limit;
|
||||
|
||||
$qb->setFirstResult($offset)->setMaxResults($limit);
|
||||
|
||||
// fetchJoinCollection: true pour un COUNT correct des que des JOINs
|
||||
// to-many seront ajoutes (sous-collections embarquees en detail).
|
||||
return new Paginator(new DoctrinePaginator($qb->getQuery(), fetchJoinCollection: true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $uriVariables
|
||||
*/
|
||||
private function provideItem(array $uriVariables): ?Client
|
||||
{
|
||||
$id = $uriVariables['id'] ?? null;
|
||||
if (!is_int($id) && !(is_string($id) && ctype_digit($id))) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$client = $this->repository->findById((int) $id);
|
||||
if (null === $client) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// Soft-delete : jamais expose au M1 (HP-M2-1) — 404 via retour null.
|
||||
// Les archives restent visibles en detail (consultation + restauration).
|
||||
if (null !== $client->getDeletedAt()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $client;
|
||||
}
|
||||
|
||||
/**
|
||||
* Lit un flag booleen issu des query params. Accepte true / "true" / "1".
|
||||
*/
|
||||
private function readBool(mixed $raw): bool
|
||||
{
|
||||
if (is_bool($raw)) {
|
||||
return $raw;
|
||||
}
|
||||
|
||||
return is_string($raw) && in_array(strtolower($raw), ['true', '1'], true);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,201 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\Controller;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use App\Module\Commercial\Domain\Repository\ClientRepositoryInterface;
|
||||
use App\Shared\Domain\Contract\CategoryInterface;
|
||||
use App\Shared\Domain\Contract\SiteInterface;
|
||||
use App\Shared\Domain\Contract\SpreadsheetExporterInterface;
|
||||
use DateTimeImmutable;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpKernel\Attribute\AsController;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
use Symfony\Component\Security\Http\Attribute\IsGranted;
|
||||
|
||||
/**
|
||||
* Export XLSX du repertoire clients (M1, spec-back § 4.6).
|
||||
*
|
||||
* Controller Symfony custom (et non operation API Platform) car il produit un
|
||||
* binaire de fichier, pas une representation Hydra. `priority: 1` est
|
||||
* OBLIGATOIRE sur la route : sans cela API Platform capterait
|
||||
* `/api/clients/export.xlsx` comme l'item `GET /api/clients/{id}.{_format}`
|
||||
* (id="export", _format="xlsx") — cf. CLAUDE.md « controller custom sous /api ».
|
||||
*
|
||||
* Separation des responsabilites :
|
||||
* - le COMMENT (generation du fichier) est delegue au service Shared
|
||||
* {@see SpreadsheetExporterInterface} — generique, reutilisable, sans metier ;
|
||||
* - le QUOI vit ICI : selection des clients (memes filtres que
|
||||
* `GET /api/clients`, via {@see ClientRepositoryInterface::createListQueryBuilder()})
|
||||
* et mapping metier des colonnes.
|
||||
*
|
||||
* La colonne SIREN n'est ajoutee que si l'utilisateur a la permission
|
||||
* `commercial.clients.accounting.view` (gating identique a la lecture).
|
||||
*/
|
||||
#[AsController]
|
||||
final class ClientExportController
|
||||
{
|
||||
public function __construct(
|
||||
#[Autowire(service: 'App\Module\Commercial\Infrastructure\Doctrine\DoctrineClientRepository')]
|
||||
private readonly ClientRepositoryInterface $repository,
|
||||
private readonly SpreadsheetExporterInterface $exporter,
|
||||
private readonly Security $security,
|
||||
) {}
|
||||
|
||||
#[Route('/api/clients/export.xlsx', name: 'commercial_clients_export_xlsx', methods: ['GET'], priority: 1)]
|
||||
#[IsGranted('commercial.clients.view')]
|
||||
public function __invoke(Request $request): Response
|
||||
{
|
||||
$includeArchived = $this->readBool($request->query->get('includeArchived'));
|
||||
$search = $request->query->getString('search') ?: null;
|
||||
$categoryType = $request->query->getString('categoryType') ?: null;
|
||||
|
||||
/** @var list<Client> $clients */
|
||||
$clients = $this->repository
|
||||
->createListQueryBuilder($includeArchived, $search, $categoryType)
|
||||
->getQuery()
|
||||
->getResult()
|
||||
;
|
||||
|
||||
$withSiren = $this->security->isGranted('commercial.clients.accounting.view');
|
||||
|
||||
$binary = $this->exporter->export(
|
||||
'Répertoire clients',
|
||||
$this->buildHeaders($withSiren),
|
||||
$this->buildRows($clients, $withSiren),
|
||||
);
|
||||
|
||||
return $this->buildResponse($binary);
|
||||
}
|
||||
|
||||
/**
|
||||
* Colonnes dans l'ordre impose par la spec § 4.6. SIREN inseree avant la
|
||||
* date de creation, uniquement si l'utilisateur a accounting.view.
|
||||
*
|
||||
* @return list<string>
|
||||
*/
|
||||
private function buildHeaders(bool $withSiren): array
|
||||
{
|
||||
$headers = [
|
||||
'Nom entreprise',
|
||||
'Nom contact principal',
|
||||
'Prénom',
|
||||
'Téléphone principal',
|
||||
'Téléphone secondaire',
|
||||
'Email',
|
||||
'Catégories',
|
||||
'Sites',
|
||||
];
|
||||
|
||||
if ($withSiren) {
|
||||
$headers[] = 'SIREN';
|
||||
}
|
||||
|
||||
$headers[] = 'Date de création';
|
||||
|
||||
return $headers;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param list<Client> $clients
|
||||
*
|
||||
* @return iterable<list<null|scalar>>
|
||||
*/
|
||||
private function buildRows(array $clients, bool $withSiren): iterable
|
||||
{
|
||||
foreach ($clients as $client) {
|
||||
$row = [
|
||||
$client->getCompanyName(),
|
||||
$client->getLastName(),
|
||||
$client->getFirstName(),
|
||||
$client->getPhonePrimary(),
|
||||
$client->getPhoneSecondary(),
|
||||
$client->getEmail(),
|
||||
$this->formatCategories($client),
|
||||
$this->formatSites($client),
|
||||
];
|
||||
|
||||
if ($withSiren) {
|
||||
$row[] = $client->getSiren();
|
||||
}
|
||||
|
||||
$row[] = $client->getCreatedAt()?->format('d/m/Y');
|
||||
|
||||
yield $row;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Libelles des categories du client, dedupliques, tries, joints par virgule.
|
||||
*/
|
||||
private function formatCategories(Client $client): string
|
||||
{
|
||||
$names = [];
|
||||
foreach ($client->getCategories() as $category) {
|
||||
// @var CategoryInterface $category
|
||||
$name = $category->getName();
|
||||
if (null !== $name && '' !== $name) {
|
||||
$names[$name] = true;
|
||||
}
|
||||
}
|
||||
|
||||
return $this->joinSorted($names);
|
||||
}
|
||||
|
||||
/**
|
||||
* Le Client ne porte pas de sites en propre : ils sont rattaches aux
|
||||
* adresses (RG-1.10). La colonne « Sites » agrege donc l'union distincte des
|
||||
* sites de toutes les adresses du client (decision validee 01/06).
|
||||
*/
|
||||
private function formatSites(Client $client): string
|
||||
{
|
||||
$names = [];
|
||||
foreach ($client->getAddresses() as $address) {
|
||||
foreach ($address->getSites() as $site) {
|
||||
// @var SiteInterface $site
|
||||
$name = $site->getName();
|
||||
if (null !== $name && '' !== $name) {
|
||||
$names[$name] = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $this->joinSorted($names);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, true> $names ensemble de libelles (cles)
|
||||
*/
|
||||
private function joinSorted(array $names): string
|
||||
{
|
||||
$list = array_keys($names);
|
||||
sort($list);
|
||||
|
||||
return implode(', ', $list);
|
||||
}
|
||||
|
||||
private function buildResponse(string $binary): Response
|
||||
{
|
||||
$filename = sprintf('repertoire-clients-%s.xlsx', new DateTimeImmutable()->format('Ymd'));
|
||||
|
||||
$response = new Response($binary);
|
||||
$response->headers->set('Content-Type', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet');
|
||||
$response->headers->set('Content-Disposition', sprintf('attachment; filename="%s"', $filename));
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Lit un flag booleen issu des query params. Accepte true / "true" / "1".
|
||||
* Aligne sur ClientProvider pour un comportement identique a la liste.
|
||||
*/
|
||||
private function readBool(mixed $raw): bool
|
||||
{
|
||||
return is_string($raw) && in_array(strtolower($raw), ['true', '1'], true);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,94 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\DataFixtures;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Bank;
|
||||
use App\Module\Commercial\Domain\Entity\PaymentDelay;
|
||||
use App\Module\Commercial\Domain\Entity\PaymentType;
|
||||
use App\Module\Commercial\Domain\Entity\TvaMode;
|
||||
use Doctrine\Bundle\FixturesBundle\Fixture;
|
||||
use Doctrine\Persistence\ObjectManager;
|
||||
|
||||
/**
|
||||
* Fixtures du module Commercial : re-seed des 4 referentiels comptables
|
||||
* (tva_mode, payment_delay, payment_type, bank) seedes par la migration M1
|
||||
* (Version20260601000000).
|
||||
*
|
||||
* Pourquoi cette fixture EN PLUS du seed de la migration : depuis ERP-54 ces
|
||||
* 4 tables sont des entites managees par l'ORM, donc le purger Doctrine les
|
||||
* vide avant chaque `doctrine:fixtures:load`. Sans cette fixture, les
|
||||
* referentiels seedes par la migration disparaitraient apres `make db-reset`
|
||||
* (0 ligne en dev/test) — cassant les FK Client -> referentiels et les tests
|
||||
* RG-1.12/1.13. Le seed migration couvre la prod (ou les fixtures ne tournent
|
||||
* pas) ; cette fixture re-aligne dev et test. Memes valeurs des deux cotes.
|
||||
*
|
||||
* Idempotence : lookup par `code` avant insertion (sur le modele de
|
||||
* CategoryTypeFixtures). Rejouable sans doublon meme si le purger est desactive.
|
||||
*/
|
||||
class CommercialReferentialFixtures extends Fixture
|
||||
{
|
||||
/**
|
||||
* Source unique des referentiels : classe d'entite => [code => [label, position]].
|
||||
* Doit rester aligne sur le seed de la migration Version20260601000000.
|
||||
*
|
||||
* @var array<class-string, array<string, array{string, int}>>
|
||||
*/
|
||||
private const REFERENTIALS = [
|
||||
TvaMode::class => [
|
||||
'FRANCE_VENTES' => ['France (ventes)', 10],
|
||||
'EXPORT_VENTES' => ['Export (ventes)', 20],
|
||||
'INTRACOM_VENTES' => ['Intracom (ventes)', 30],
|
||||
],
|
||||
PaymentDelay::class => [
|
||||
'J15' => ['15 jours', 10],
|
||||
'J30' => ['30 jours', 20],
|
||||
'A_RECEPTION' => ['À réception', 30],
|
||||
],
|
||||
PaymentType::class => [
|
||||
'VIREMENT' => ['Virement', 10],
|
||||
'LCR' => ['LCR', 20],
|
||||
'NON_SOUMISE' => ['Non soumise', 30],
|
||||
'CHEQUE' => ['Chèque', 40],
|
||||
],
|
||||
Bank::class => [
|
||||
'SG' => ['Société Générale', 10],
|
||||
'CIC' => ['CIC', 20],
|
||||
'CA' => ['Crédit Agricole', 30],
|
||||
],
|
||||
];
|
||||
|
||||
public function load(ObjectManager $manager): void
|
||||
{
|
||||
foreach (self::REFERENTIALS as $entityClass => $rows) {
|
||||
$this->seedReferential($manager, $entityClass, $rows);
|
||||
}
|
||||
|
||||
$manager->flush();
|
||||
}
|
||||
|
||||
/**
|
||||
* Upsert idempotent d'un referentiel : indexe l'existant par code puis
|
||||
* cree/met a jour chaque entree. Les 4 entites partagent le meme contrat
|
||||
* setCode/setLabel/setPosition.
|
||||
*
|
||||
* @param class-string $entityClass
|
||||
* @param array<string, array{string, int}> $rows
|
||||
*/
|
||||
private function seedReferential(ObjectManager $manager, string $entityClass, array $rows): void
|
||||
{
|
||||
$existingByCode = [];
|
||||
foreach ($manager->getRepository($entityClass)->findAll() as $entity) {
|
||||
$existingByCode[$entity->getCode()] = $entity;
|
||||
}
|
||||
|
||||
foreach ($rows as $code => [$label, $position]) {
|
||||
$entity = $existingByCode[$code] ?? new $entityClass();
|
||||
$entity->setCode($code);
|
||||
$entity->setLabel($label);
|
||||
$entity->setPosition($position);
|
||||
$manager->persist($entity);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\Doctrine;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Bank;
|
||||
use App\Module\Commercial\Domain\Repository\BankRepositoryInterface;
|
||||
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
|
||||
use Doctrine\Persistence\ManagerRegistry;
|
||||
|
||||
/**
|
||||
* @extends ServiceEntityRepository<Bank>
|
||||
*/
|
||||
class DoctrineBankRepository extends ServiceEntityRepository implements BankRepositoryInterface
|
||||
{
|
||||
public function __construct(ManagerRegistry $registry)
|
||||
{
|
||||
parent::__construct($registry, Bank::class);
|
||||
}
|
||||
|
||||
public function findById(int $id): ?Bank
|
||||
{
|
||||
return $this->find($id);
|
||||
}
|
||||
|
||||
public function findAllOrdered(): array
|
||||
{
|
||||
return $this->createQueryBuilder('b')
|
||||
->orderBy('b.position', 'ASC')
|
||||
->addOrderBy('b.label', 'ASC')
|
||||
->getQuery()
|
||||
->getResult()
|
||||
;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\Doctrine;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\ClientAddress;
|
||||
use App\Module\Commercial\Domain\Repository\ClientAddressRepositoryInterface;
|
||||
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
|
||||
use Doctrine\Persistence\ManagerRegistry;
|
||||
|
||||
/**
|
||||
* @extends ServiceEntityRepository<ClientAddress>
|
||||
*/
|
||||
class DoctrineClientAddressRepository extends ServiceEntityRepository implements ClientAddressRepositoryInterface
|
||||
{
|
||||
public function __construct(ManagerRegistry $registry)
|
||||
{
|
||||
parent::__construct($registry, ClientAddress::class);
|
||||
}
|
||||
|
||||
public function findById(int $id): ?ClientAddress
|
||||
{
|
||||
return $this->find($id);
|
||||
}
|
||||
|
||||
public function save(ClientAddress $address): void
|
||||
{
|
||||
$this->getEntityManager()->persist($address);
|
||||
$this->getEntityManager()->flush();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\Doctrine;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\ClientContact;
|
||||
use App\Module\Commercial\Domain\Repository\ClientContactRepositoryInterface;
|
||||
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
|
||||
use Doctrine\Persistence\ManagerRegistry;
|
||||
|
||||
/**
|
||||
* @extends ServiceEntityRepository<ClientContact>
|
||||
*/
|
||||
class DoctrineClientContactRepository extends ServiceEntityRepository implements ClientContactRepositoryInterface
|
||||
{
|
||||
public function __construct(ManagerRegistry $registry)
|
||||
{
|
||||
parent::__construct($registry, ClientContact::class);
|
||||
}
|
||||
|
||||
public function findById(int $id): ?ClientContact
|
||||
{
|
||||
return $this->find($id);
|
||||
}
|
||||
|
||||
public function save(ClientContact $contact): void
|
||||
{
|
||||
$this->getEntityManager()->persist($contact);
|
||||
$this->getEntityManager()->flush();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,98 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\Doctrine;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use App\Module\Commercial\Domain\Repository\ClientRepositoryInterface;
|
||||
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
|
||||
use Doctrine\ORM\QueryBuilder;
|
||||
use Doctrine\Persistence\ManagerRegistry;
|
||||
|
||||
/**
|
||||
* @extends ServiceEntityRepository<Client>
|
||||
*/
|
||||
class DoctrineClientRepository extends ServiceEntityRepository implements ClientRepositoryInterface
|
||||
{
|
||||
public function __construct(ManagerRegistry $registry)
|
||||
{
|
||||
parent::__construct($registry, Client::class);
|
||||
}
|
||||
|
||||
public function findById(int $id): ?Client
|
||||
{
|
||||
return $this->find($id);
|
||||
}
|
||||
|
||||
public function save(Client $client): void
|
||||
{
|
||||
$this->getEntityManager()->persist($client);
|
||||
$this->getEntityManager()->flush();
|
||||
}
|
||||
|
||||
public function createListQueryBuilder(
|
||||
bool $includeArchived = false,
|
||||
?string $search = null,
|
||||
?string $categoryType = null,
|
||||
): QueryBuilder {
|
||||
$qb = $this->createQueryBuilder('c')
|
||||
->andWhere('c.deletedAt IS NULL')
|
||||
->orderBy('c.companyName', 'ASC')
|
||||
;
|
||||
|
||||
if (!$includeArchived) {
|
||||
$qb->andWhere('c.isArchived = false');
|
||||
}
|
||||
|
||||
$this->applySearch($qb, $search);
|
||||
$this->applyCategoryType($qb, $categoryType);
|
||||
|
||||
return $qb;
|
||||
}
|
||||
|
||||
/**
|
||||
* Recherche fuzzy insensible a la casse sur companyName + lastName + email.
|
||||
* Les metacaracteres LIKE (%, _, \) saisis sont echappes pour rester
|
||||
* litteraux.
|
||||
*/
|
||||
private function applySearch(QueryBuilder $qb, ?string $search): void
|
||||
{
|
||||
if (null === $search || '' === trim($search)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$escaped = str_replace(['\\', '%', '_'], ['\\\\', '\%', '\_'], trim($search));
|
||||
$pattern = '%'.mb_strtolower($escaped, 'UTF-8').'%';
|
||||
|
||||
$qb->andWhere(
|
||||
'LOWER(c.companyName) LIKE :search '
|
||||
.'OR LOWER(c.lastName) LIKE :search '
|
||||
.'OR LOWER(c.email) LIKE :search',
|
||||
)->setParameter('search', $pattern);
|
||||
}
|
||||
|
||||
/**
|
||||
* Restreint aux clients possedant au moins une categorie du type donne.
|
||||
* Sous-requete IN (plutot qu'un JOIN sur la collection M2M) pour ne pas
|
||||
* perturber le DISTINCT / ORDER BY de la requete principale.
|
||||
*/
|
||||
private function applyCategoryType(QueryBuilder $qb, ?string $categoryType): void
|
||||
{
|
||||
if (null === $categoryType || '' === trim($categoryType)) {
|
||||
return;
|
||||
}
|
||||
|
||||
$sub = $this->getEntityManager()->createQueryBuilder()
|
||||
->select('c2.id')
|
||||
->from(Client::class, 'c2')
|
||||
->join('c2.categories', 'cat2')
|
||||
->join('cat2.categoryType', 'ct2')
|
||||
->where('ct2.code = :categoryType')
|
||||
;
|
||||
|
||||
$qb->andWhere($qb->expr()->in('c.id', $sub->getDQL()))
|
||||
->setParameter('categoryType', trim($categoryType))
|
||||
;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\Doctrine;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\ClientRib;
|
||||
use App\Module\Commercial\Domain\Repository\ClientRibRepositoryInterface;
|
||||
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
|
||||
use Doctrine\Persistence\ManagerRegistry;
|
||||
|
||||
/**
|
||||
* @extends ServiceEntityRepository<ClientRib>
|
||||
*/
|
||||
class DoctrineClientRibRepository extends ServiceEntityRepository implements ClientRibRepositoryInterface
|
||||
{
|
||||
public function __construct(ManagerRegistry $registry)
|
||||
{
|
||||
parent::__construct($registry, ClientRib::class);
|
||||
}
|
||||
|
||||
public function findById(int $id): ?ClientRib
|
||||
{
|
||||
return $this->find($id);
|
||||
}
|
||||
|
||||
public function save(ClientRib $rib): void
|
||||
{
|
||||
$this->getEntityManager()->persist($rib);
|
||||
$this->getEntityManager()->flush();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\Doctrine;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\PaymentDelay;
|
||||
use App\Module\Commercial\Domain\Repository\PaymentDelayRepositoryInterface;
|
||||
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
|
||||
use Doctrine\Persistence\ManagerRegistry;
|
||||
|
||||
/**
|
||||
* @extends ServiceEntityRepository<PaymentDelay>
|
||||
*/
|
||||
class DoctrinePaymentDelayRepository extends ServiceEntityRepository implements PaymentDelayRepositoryInterface
|
||||
{
|
||||
public function __construct(ManagerRegistry $registry)
|
||||
{
|
||||
parent::__construct($registry, PaymentDelay::class);
|
||||
}
|
||||
|
||||
public function findById(int $id): ?PaymentDelay
|
||||
{
|
||||
return $this->find($id);
|
||||
}
|
||||
|
||||
public function findAllOrdered(): array
|
||||
{
|
||||
return $this->createQueryBuilder('p')
|
||||
->orderBy('p.position', 'ASC')
|
||||
->addOrderBy('p.label', 'ASC')
|
||||
->getQuery()
|
||||
->getResult()
|
||||
;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\Doctrine;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\PaymentType;
|
||||
use App\Module\Commercial\Domain\Repository\PaymentTypeRepositoryInterface;
|
||||
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
|
||||
use Doctrine\Persistence\ManagerRegistry;
|
||||
|
||||
/**
|
||||
* @extends ServiceEntityRepository<PaymentType>
|
||||
*/
|
||||
class DoctrinePaymentTypeRepository extends ServiceEntityRepository implements PaymentTypeRepositoryInterface
|
||||
{
|
||||
public function __construct(ManagerRegistry $registry)
|
||||
{
|
||||
parent::__construct($registry, PaymentType::class);
|
||||
}
|
||||
|
||||
public function findById(int $id): ?PaymentType
|
||||
{
|
||||
return $this->find($id);
|
||||
}
|
||||
|
||||
public function findAllOrdered(): array
|
||||
{
|
||||
return $this->createQueryBuilder('p')
|
||||
->orderBy('p.position', 'ASC')
|
||||
->addOrderBy('p.label', 'ASC')
|
||||
->getQuery()
|
||||
->getResult()
|
||||
;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Commercial\Infrastructure\Doctrine;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\TvaMode;
|
||||
use App\Module\Commercial\Domain\Repository\TvaModeRepositoryInterface;
|
||||
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
|
||||
use Doctrine\Persistence\ManagerRegistry;
|
||||
|
||||
/**
|
||||
* @extends ServiceEntityRepository<TvaMode>
|
||||
*/
|
||||
class DoctrineTvaModeRepository extends ServiceEntityRepository implements TvaModeRepositoryInterface
|
||||
{
|
||||
public function __construct(ManagerRegistry $registry)
|
||||
{
|
||||
parent::__construct($registry, TvaMode::class);
|
||||
}
|
||||
|
||||
public function findById(int $id): ?TvaMode
|
||||
{
|
||||
return $this->find($id);
|
||||
}
|
||||
|
||||
public function findAllOrdered(): array
|
||||
{
|
||||
return $this->createQueryBuilder('t')
|
||||
->orderBy('t.position', 'ASC')
|
||||
->addOrderBy('t.label', 'ASC')
|
||||
->getQuery()
|
||||
->getResult()
|
||||
;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,218 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Core\Application\Rbac;
|
||||
|
||||
use App\Module\Core\Domain\Entity\Role;
|
||||
use App\Module\Core\Domain\Entity\User;
|
||||
use App\Module\Core\Domain\Exception\RbacSeedException;
|
||||
use App\Module\Core\Domain\Repository\PermissionRepositoryInterface;
|
||||
use App\Module\Core\Domain\Repository\RoleRepositoryInterface;
|
||||
use App\Module\Core\Domain\Repository\UserRepositoryInterface;
|
||||
use App\Shared\Domain\Contract\SiteProviderInterface;
|
||||
use App\Shared\Domain\Security\BusinessRoles;
|
||||
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
||||
|
||||
/**
|
||||
* Source UNIQUE (anti-drift) du RBAC metier MALIO : les 4 roles
|
||||
* (bureau / compta / commerciale / usine), la matrice § 2.7 (role -> permissions)
|
||||
* et les comptes demo par role. Aucun de ces litteraux ne doit etre duplique
|
||||
* ailleurs (ni SQL en dur, ni autre fixture).
|
||||
*
|
||||
* Consomme par :
|
||||
* - la commande applicative `app:seed-rbac` (presente dans le build prod, donc
|
||||
* rejouable en recette/prod, contrairement aux fixtures `require-dev`) ;
|
||||
* - la fixture Core dev/test (DRY : meme seeder).
|
||||
*
|
||||
* Toutes les operations sont idempotentes et non destructives :
|
||||
* - ensureRoles() : cree un role par lookup de code (skip si present) ;
|
||||
* - attachMatrix() : attache les permissions § 2.7 via la M2M role_permission,
|
||||
* sans re-attacher un lien existant ; STOP explicite si un code manque ;
|
||||
* - ensureDemoUsers() : cree un user par role (lookup par username, skip si
|
||||
* present), rattache au role + a >= 1 site.
|
||||
*/
|
||||
final class RbacSeeder
|
||||
{
|
||||
/**
|
||||
* Codes des roles metier (snake_case, regex Role respectee). `commerciale`
|
||||
* reference la constante Shared deja consommee par le ClientProcessor
|
||||
* (RG-1.04) pour eviter tout drift : un seul litteral pour ce code.
|
||||
*/
|
||||
public const string ROLE_BUREAU = 'bureau';
|
||||
public const string ROLE_COMPTA = 'compta';
|
||||
public const string ROLE_COMMERCIALE = BusinessRoles::COMMERCIALE;
|
||||
public const string ROLE_USINE = 'usine';
|
||||
|
||||
/** Site de rattachement par defaut des comptes demo (cf. SitesFixtures). */
|
||||
private const string DEFAULT_SITE_NAME = 'Chatellerault';
|
||||
|
||||
/**
|
||||
* Definition unique des 4 roles + matrice § 2.7. La cle est le code du role,
|
||||
* `label` le libelle FR affichable, `permissions` la liste des codes RBAC a
|
||||
* attacher (vide pour usine : aucun acces ; admin n'apparait pas car il
|
||||
* bypass tout via isAdmin ; `commercial.clients.archive` n'est attache a
|
||||
* aucun role metier — admin seul).
|
||||
*
|
||||
* @var array<string, array{label: string, permissions: list<string>}>
|
||||
*/
|
||||
private const array MATRIX = [
|
||||
self::ROLE_BUREAU => [
|
||||
'label' => 'Bureau',
|
||||
'permissions' => [
|
||||
'commercial.clients.view',
|
||||
'commercial.clients.manage',
|
||||
],
|
||||
],
|
||||
self::ROLE_COMPTA => [
|
||||
'label' => 'Comptabilité',
|
||||
'permissions' => [
|
||||
'commercial.clients.view',
|
||||
'commercial.clients.accounting.view',
|
||||
'commercial.clients.accounting.manage',
|
||||
],
|
||||
],
|
||||
self::ROLE_COMMERCIALE => [
|
||||
'label' => 'Commerciale',
|
||||
'permissions' => [
|
||||
'commercial.clients.view',
|
||||
'commercial.clients.manage',
|
||||
],
|
||||
],
|
||||
self::ROLE_USINE => [
|
||||
'label' => 'Usine',
|
||||
'permissions' => [],
|
||||
],
|
||||
];
|
||||
|
||||
public function __construct(
|
||||
private readonly RoleRepositoryInterface $roleRepository,
|
||||
private readonly PermissionRepositoryInterface $permissionRepository,
|
||||
private readonly UserRepositoryInterface $userRepository,
|
||||
private readonly SiteProviderInterface $siteProvider,
|
||||
private readonly UserPasswordHasherInterface $passwordHasher,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* Cree chaque role metier absent (lookup par code). Idempotent.
|
||||
*
|
||||
* @return list<string> codes des roles effectivement crees (vide au rejeu)
|
||||
*/
|
||||
public function ensureRoles(): array
|
||||
{
|
||||
$created = [];
|
||||
|
||||
foreach (self::MATRIX as $code => $definition) {
|
||||
if (null !== $this->roleRepository->findByCode($code)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// isSystem=false : ce sont des roles metier, supprimables par un
|
||||
// admin (contrairement aux roles systeme admin/user).
|
||||
$this->roleRepository->save(new Role($code, $definition['label'], isSystem: false));
|
||||
$created[] = $code;
|
||||
}
|
||||
|
||||
return $created;
|
||||
}
|
||||
|
||||
/**
|
||||
* Attache la matrice § 2.7 a chaque role via la M2M role_permission. Lookup
|
||||
* de la permission par code ; un code absent leve une RbacSeedException
|
||||
* (garde-fou : `app:sync-permissions` doit avoir tourne). Idempotent : un
|
||||
* lien deja present n'est pas recree.
|
||||
*
|
||||
* @return int nombre de liens role->permission effectivement ajoutes (0 au rejeu)
|
||||
*
|
||||
* @throws RbacSeedException si un role ou une permission de la matrice manque
|
||||
*/
|
||||
public function attachMatrix(): int
|
||||
{
|
||||
$added = 0;
|
||||
|
||||
foreach (self::MATRIX as $code => $definition) {
|
||||
$role = $this->roleRepository->findByCode($code);
|
||||
if (null === $role) {
|
||||
throw RbacSeedException::missingRole($code);
|
||||
}
|
||||
|
||||
$touched = false;
|
||||
foreach ($definition['permissions'] as $permissionCode) {
|
||||
$permission = $this->permissionRepository->findByCode($permissionCode);
|
||||
if (null === $permission) {
|
||||
throw RbacSeedException::missingPermission($permissionCode);
|
||||
}
|
||||
|
||||
if (!$role->getPermissions()->contains($permission)) {
|
||||
$role->addPermission($permission);
|
||||
$touched = true;
|
||||
++$added;
|
||||
}
|
||||
}
|
||||
|
||||
// Un seul flush par role, et seulement si un lien a change.
|
||||
if ($touched) {
|
||||
$this->roleRepository->save($role);
|
||||
}
|
||||
}
|
||||
|
||||
return $added;
|
||||
}
|
||||
|
||||
/**
|
||||
* Cree un compte demo par role metier (username = code du role), non-admin,
|
||||
* mot de passe hashe, rattache a son role et a >= 1 site. Lookup par
|
||||
* username : idempotent (un compte existant est laisse intact, mot de passe
|
||||
* inchange).
|
||||
*
|
||||
* @return list<string> usernames effectivement crees (vide au rejeu)
|
||||
*
|
||||
* @throws RbacSeedException si un role metier attendu est absent (ensureRoles non joue)
|
||||
*/
|
||||
public function ensureDemoUsers(string $password): array
|
||||
{
|
||||
// Rattachement a un site par defaut s'il existe (les flux login / me en
|
||||
// ont besoin ; le repertoire clients n'est pas site-scope mais on reste
|
||||
// coherent avec les fixtures admin/alice/bob).
|
||||
$defaultSite = $this->siteProvider->findByName(self::DEFAULT_SITE_NAME);
|
||||
$created = [];
|
||||
|
||||
foreach (array_keys(self::MATRIX) as $code) {
|
||||
$username = $code;
|
||||
if (null !== $this->userRepository->findByUsername($username)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$role = $this->roleRepository->findByCode($code);
|
||||
if (null === $role) {
|
||||
throw RbacSeedException::missingRole($code);
|
||||
}
|
||||
|
||||
$user = new User();
|
||||
$user->setUsername($username);
|
||||
$user->setIsAdmin(false);
|
||||
$user->setPassword($this->passwordHasher->hashPassword($user, $password));
|
||||
$user->addRbacRole($role);
|
||||
|
||||
if (null !== $defaultSite) {
|
||||
$user->addSite($defaultSite);
|
||||
$user->setCurrentSite($defaultSite);
|
||||
}
|
||||
|
||||
$this->userRepository->save($user);
|
||||
$created[] = $username;
|
||||
}
|
||||
|
||||
return $created;
|
||||
}
|
||||
|
||||
/**
|
||||
* Liste des codes des roles metier definis (pour reporting / tests).
|
||||
*
|
||||
* @return list<string>
|
||||
*/
|
||||
public static function roleCodes(): array
|
||||
{
|
||||
return array_keys(self::MATRIX);
|
||||
}
|
||||
}
|
||||
@@ -22,6 +22,7 @@ use App\Module\Core\Infrastructure\Doctrine\DoctrineUserRepository;
|
||||
// C'est le pattern officiel Doctrine pour les bounded contexts DDD.
|
||||
use App\Shared\Domain\Attribute\Auditable;
|
||||
use App\Shared\Domain\Attribute\AuditIgnore;
|
||||
use App\Shared\Domain\Contract\BusinessRoleAwareInterface;
|
||||
use App\Shared\Domain\Contract\SiteInterface;
|
||||
use App\Shared\Domain\Exception\SiteNotAuthorizedException;
|
||||
use DateTimeImmutable;
|
||||
@@ -75,7 +76,7 @@ use Symfony\Component\Serializer\Attribute\SerializedName;
|
||||
#[ORM\Entity(repositoryClass: DoctrineUserRepository::class)]
|
||||
#[ORM\Table(name: '`user`')]
|
||||
#[Auditable]
|
||||
class User implements UserInterface, PasswordAuthenticatedUserInterface
|
||||
class User implements UserInterface, PasswordAuthenticatedUserInterface, BusinessRoleAwareInterface
|
||||
{
|
||||
#[ORM\Id]
|
||||
#[ORM\GeneratedValue]
|
||||
@@ -337,6 +338,23 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
|
||||
return $keys;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implemente BusinessRoleAwareInterface : vrai si l'un des roles RBAC
|
||||
* rattaches porte le code donne. Permet aux modules tiers de detecter un
|
||||
* role metier (ex: `commerciale` pour RG-1.04 du M1 Clients) sans importer
|
||||
* cette classe. Comparaison stricte sur Role::code.
|
||||
*/
|
||||
public function hasBusinessRole(string $roleCode): bool
|
||||
{
|
||||
foreach ($this->rbacRoles as $role) {
|
||||
if ($role->getCode() === $roleCode) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public function getPassword(): ?string
|
||||
{
|
||||
return $this->password;
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Core\Domain\Exception;
|
||||
|
||||
use RuntimeException;
|
||||
|
||||
/**
|
||||
* Erreur de seed RBAC (service RbacSeeder / commande app:seed-rbac).
|
||||
*
|
||||
* Deux causes possibles, toutes deux fatales et explicites :
|
||||
* - role metier attendu introuvable (ensureRoles() n'a pas tourne avant
|
||||
* attachMatrix() ou ensureDemoUsers()) ;
|
||||
* - code de permission de la matrice § 2.7 absent du catalogue : signe que
|
||||
* `app:sync-permissions` n'a pas ete joue. Le message embarque alors
|
||||
* l'invite a lancer la synchronisation, exploitee telle quelle par la
|
||||
* commande.
|
||||
*/
|
||||
final class RbacSeedException extends RuntimeException
|
||||
{
|
||||
public static function missingRole(string $roleCode): self
|
||||
{
|
||||
return new self(sprintf(
|
||||
'Role metier "%s" introuvable. Appelle RbacSeeder::ensureRoles() avant attachMatrix()/ensureDemoUsers().',
|
||||
$roleCode,
|
||||
));
|
||||
}
|
||||
|
||||
public static function missingPermission(string $permissionCode): self
|
||||
{
|
||||
return new self(sprintf(
|
||||
'Permission "%s" (matrice § 2.7) absente du catalogue. '
|
||||
.'Lance d\'abord `bin/console app:sync-permissions` pour la poser en base, puis relance le seed RBAC.',
|
||||
$permissionCode,
|
||||
));
|
||||
}
|
||||
}
|
||||
@@ -186,6 +186,15 @@ final class SeedE2ECommand extends Command
|
||||
'sites.bypass_scope',
|
||||
'catalog.categories.view',
|
||||
'catalog.categories.manage',
|
||||
// Commercial — Repertoire clients (M1). Mappe ici sur le
|
||||
// persona "tout" en attendant les vrais roles metier
|
||||
// (bureau/compta/commerciale/usine) seedes par ERP-74.
|
||||
// Miroir de frontend/tests/e2e/_fixtures/personas.ts.
|
||||
'commercial.clients.view',
|
||||
'commercial.clients.manage',
|
||||
'commercial.clients.accounting.view',
|
||||
'commercial.clients.accounting.manage',
|
||||
'commercial.clients.archive',
|
||||
],
|
||||
],
|
||||
[
|
||||
|
||||
@@ -0,0 +1,138 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Core\Infrastructure\Console;
|
||||
|
||||
use App\Module\Core\Application\Rbac\RbacSeeder;
|
||||
use App\Module\Core\Domain\Exception\RbacSeedException;
|
||||
use Symfony\Component\Console\Attribute\AsCommand;
|
||||
use Symfony\Component\Console\Command\Command;
|
||||
use Symfony\Component\Console\Input\InputInterface;
|
||||
use Symfony\Component\Console\Input\InputOption;
|
||||
use Symfony\Component\Console\Output\OutputInterface;
|
||||
use Symfony\Component\Console\Style\SymfonyStyle;
|
||||
|
||||
/**
|
||||
* Seed RBAC metier idempotent et NON destructif (cf. ERP-74 / spec-back M1
|
||||
* § 2.7). Contrairement aux fixtures Doctrine (`require-dev`, absentes du build
|
||||
* prod `--no-dev`), cette commande applicative est presente dans l'image prod :
|
||||
* elle est donc rejouable en recette/staging/prod.
|
||||
*
|
||||
* Etape de release : a lancer APRES `doctrine:migrations:migrate` et
|
||||
* `app:sync-permissions`.
|
||||
* - En prod : `app:seed-rbac` (roles + matrice § 2.7, sans comptes demo).
|
||||
* - En recette : `app:seed-rbac --with-demo-users --password=<...>` pour
|
||||
* disposer de logins de test.
|
||||
*
|
||||
* Toute la logique (litteraux des roles, matrice, comptes demo) vit dans
|
||||
* RbacSeeder — cette commande n'en est que l'enveloppe CLI.
|
||||
*/
|
||||
#[AsCommand(
|
||||
name: 'app:seed-rbac',
|
||||
description: 'Seede les roles metier RBAC + la matrice § 2.7 (idempotent, non destructif).',
|
||||
)]
|
||||
final class SeedRbacCommand extends Command
|
||||
{
|
||||
/** Variable d'environnement de repli pour le mot de passe des comptes demo. */
|
||||
private const string PASSWORD_ENV = 'RBAC_DEMO_PASSWORD';
|
||||
|
||||
public function __construct(private readonly RbacSeeder $seeder)
|
||||
{
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
protected function configure(): void
|
||||
{
|
||||
$this
|
||||
->addOption(
|
||||
'with-demo-users',
|
||||
null,
|
||||
InputOption::VALUE_NONE,
|
||||
'Cree aussi un compte demo par role metier (recette/dev — JAMAIS en prod).',
|
||||
)
|
||||
->addOption(
|
||||
'password',
|
||||
null,
|
||||
InputOption::VALUE_REQUIRED,
|
||||
'Mot de passe des comptes demo (defaut : variable d\'env '.self::PASSWORD_ENV.'). Requis avec --with-demo-users.',
|
||||
)
|
||||
;
|
||||
}
|
||||
|
||||
protected function execute(InputInterface $input, OutputInterface $output): int
|
||||
{
|
||||
$io = new SymfonyStyle($input, $output);
|
||||
|
||||
// 1. Roles metier + matrice § 2.7. attachMatrix() exige que les
|
||||
// permissions soient en base : sinon RbacSeedException porteuse de
|
||||
// l'invite a lancer `app:sync-permissions`.
|
||||
try {
|
||||
$createdRoles = $this->seeder->ensureRoles();
|
||||
$addedLinks = $this->seeder->attachMatrix();
|
||||
} catch (RbacSeedException $e) {
|
||||
$io->error($e->getMessage());
|
||||
|
||||
return Command::FAILURE;
|
||||
}
|
||||
|
||||
$io->text(sprintf(
|
||||
'Roles metier : %d cree(s), matrice § 2.7 : %d lien(s) ajoute(s).',
|
||||
count($createdRoles),
|
||||
$addedLinks,
|
||||
));
|
||||
|
||||
// 2. Comptes demo (optionnel, jamais en prod).
|
||||
if ((bool) $input->getOption('with-demo-users')) {
|
||||
$password = $this->resolveDemoPassword($input);
|
||||
if (null === $password) {
|
||||
$io->error(sprintf(
|
||||
'--with-demo-users exige un mot de passe : passe --password=<...> ou definis la variable d\'env %s. '
|
||||
.'(Aucun mot de passe en dur cote serveur.)',
|
||||
self::PASSWORD_ENV,
|
||||
));
|
||||
|
||||
return Command::FAILURE;
|
||||
}
|
||||
|
||||
try {
|
||||
$createdUsers = $this->seeder->ensureDemoUsers($password);
|
||||
} catch (RbacSeedException $e) {
|
||||
$io->error($e->getMessage());
|
||||
|
||||
return Command::FAILURE;
|
||||
}
|
||||
|
||||
$io->text(sprintf(
|
||||
'Comptes demo : %d cree(s)%s.',
|
||||
count($createdUsers),
|
||||
[] === $createdUsers ? '' : ' ['.implode(', ', $createdUsers).']',
|
||||
));
|
||||
}
|
||||
|
||||
$io->success('Seed RBAC metier termine (idempotent).');
|
||||
|
||||
return Command::SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Resout le mot de passe demo : option `--password` prioritaire, sinon
|
||||
* variable d'environnement. Renvoie null si aucun n'est fourni (la commande
|
||||
* refuse alors --with-demo-users plutot que d'inventer un mot de passe).
|
||||
*/
|
||||
private function resolveDemoPassword(InputInterface $input): ?string
|
||||
{
|
||||
/** @var null|string $option */
|
||||
$option = $input->getOption('password');
|
||||
if (null !== $option && '' !== $option) {
|
||||
return $option;
|
||||
}
|
||||
|
||||
$env = $_SERVER[self::PASSWORD_ENV] ?? $_ENV[self::PASSWORD_ENV] ?? getenv(self::PASSWORD_ENV);
|
||||
if (is_string($env) && '' !== $env) {
|
||||
return $env;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,56 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Core\Infrastructure\DataFixtures;
|
||||
|
||||
use App\Module\Core\Application\Rbac\RbacSeeder;
|
||||
use App\Module\Sites\Infrastructure\DataFixtures\SitesFixtures;
|
||||
use Doctrine\Bundle\FixturesBundle\Fixture;
|
||||
use Doctrine\Common\DataFixtures\DependentFixtureInterface;
|
||||
use Doctrine\Persistence\ObjectManager;
|
||||
|
||||
/**
|
||||
* Fixture dev/test des roles metier MALIO (bureau / compta / commerciale /
|
||||
* usine) + comptes demo associes. DRY : delegue au MEME service RbacSeeder que
|
||||
* la commande `app:seed-rbac`, de sorte que `make db-reset` reproduise l'etat
|
||||
* de recette.
|
||||
*
|
||||
* Depend de SitesFixtures : les comptes demo sont rattaches au site par defaut
|
||||
* (cf. RbacSeeder::DEFAULT_SITE_NAME).
|
||||
*
|
||||
* ⚠ N'attache PAS la matrice § 2.7 ici : `doctrine:fixtures:load` PURGE la table
|
||||
* `permission` avant de charger, donc les codes `commercial.clients.*` ne sont
|
||||
* pas encore en base au moment du load (cf. ordre du makefile : fixtures PUIS
|
||||
* `app:sync-permissions`). La matrice est attachee juste apres, par l'etape
|
||||
* `app:seed-rbac` du makefile (db-reset / test-db-setup), via le meme seeder.
|
||||
* Resultat final identique a la recette : roles + matrice + comptes demo.
|
||||
*/
|
||||
final class RbacDemoFixtures extends Fixture implements DependentFixtureInterface
|
||||
{
|
||||
/**
|
||||
* Mot de passe DEV/TEST connu des comptes demo (bureau / compta /
|
||||
* commerciale / usine). Reference par les tests fonctionnels de matrice
|
||||
* RBAC. Sans rapport avec la prod : en recette/prod le mot de passe est
|
||||
* fourni explicitement a `app:seed-rbac --with-demo-users --password=...`.
|
||||
*/
|
||||
public const string DEMO_PASSWORD = 'demo';
|
||||
|
||||
public function __construct(private readonly RbacSeeder $seeder) {}
|
||||
|
||||
/**
|
||||
* @return array<int, class-string>
|
||||
*/
|
||||
public function getDependencies(): array
|
||||
{
|
||||
return [SitesFixtures::class];
|
||||
}
|
||||
|
||||
public function load(ObjectManager $manager): void
|
||||
{
|
||||
// Idempotent : ensureRoles puis ensureDemoUsers (lookup par code /
|
||||
// username). La matrice est volontairement deferree (cf. docblock).
|
||||
$this->seeder->ensureRoles();
|
||||
$this->seeder->ensureDemoUsers(self::DEMO_PASSWORD);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Shared\Domain\Contract;
|
||||
|
||||
/**
|
||||
* Expose, sans coupler a la classe concrete User (module Core), le moyen de
|
||||
* savoir si un utilisateur porte un role METIER donne (par son code, cf.
|
||||
* App\Shared\Domain\Security\BusinessRoles).
|
||||
*
|
||||
* Implementee par App\Module\Core\Domain\Entity\User. Permet a un module tiers
|
||||
* (ex: Commercial — RG-1.04, completude Information pour le role Commerciale)
|
||||
* de raisonner sur les roles metier via Security::getUser() sans importer User
|
||||
* (regle ABSOLUE n°1 : pas d'import inter-modules).
|
||||
*
|
||||
* Distinct de UserInterface::getRoles() (roles SYSTEME Symfony ROLE_*, derives
|
||||
* de is_admin) : ici on parle des roles RBAC metier rattaches a l'utilisateur.
|
||||
*/
|
||||
interface BusinessRoleAwareInterface
|
||||
{
|
||||
/**
|
||||
* Vrai si l'utilisateur porte le role RBAC metier identifie par $roleCode
|
||||
* (compare au champ Role::code).
|
||||
*/
|
||||
public function hasBusinessRole(string $roleCode): bool;
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Shared\Domain\Contract;
|
||||
|
||||
/**
|
||||
* Interface minimale exposant ce qu'un module tiers (Commercial...) doit
|
||||
* connaitre d'une Category, sans creer de couplage direct vers le module
|
||||
* Catalog (regle ABSOLUE n°1 : pas d'import inter-modules).
|
||||
*
|
||||
* Implementee par App\Module\Catalog\Domain\Entity\Category.
|
||||
* Utilisee comme cible des ManyToMany Client.categories et
|
||||
* ClientAddress.categories via resolve_target_entities (cf. doctrine.yaml),
|
||||
* sur le meme modele que SiteInterface / UserInterface.
|
||||
*/
|
||||
interface CategoryInterface
|
||||
{
|
||||
public function getId(): ?int;
|
||||
|
||||
public function getName(): ?string;
|
||||
|
||||
/**
|
||||
* Code du type de categorie rattache (CategoryType::code), ou null si la
|
||||
* categorie n'a pas de type. Expose pour permettre a un module tiers de
|
||||
* raisonner sur le type metier (ex: M1 Commercial — RG-1.03 : un distributor
|
||||
* doit referencer un client categorise DISTRIBUTEUR ; RG-1.29 : categorie
|
||||
* d'adresse limitee a SECTEUR/AUTRE) sans importer la classe concrete
|
||||
* Category (regle ABSOLUE n°1).
|
||||
*/
|
||||
public function getCategoryTypeCode(): ?string;
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Shared\Domain\Contract;
|
||||
|
||||
/**
|
||||
* Contrat d'export d'une feuille de calcul tabulaire vers un binaire XLSX.
|
||||
*
|
||||
* Service GENERIQUE et reutilisable : il ne connait aucune entite metier. Le
|
||||
* module appelant decide QUOI exporter (en-tetes + lignes deja mappees) ; cette
|
||||
* interface decrit seulement COMMENT produire le fichier. Aucun module n'est
|
||||
* couple a une implementation concrete : on depend de ce contrat (dans Shared),
|
||||
* jamais l'inverse (regle ABSOLUE n°1).
|
||||
*
|
||||
* Implementee par App\Shared\Infrastructure\Export\PhpSpreadsheetExporter (on
|
||||
* ne la reference pas via @see pour ne pas creer un import Domain -> Infra).
|
||||
*/
|
||||
interface SpreadsheetExporterInterface
|
||||
{
|
||||
/**
|
||||
* Genere un classeur XLSX a une feuille et retourne son contenu binaire.
|
||||
*
|
||||
* @param string $sheetTitle titre de l'onglet (assaini / tronque par l'implementation si besoin)
|
||||
* @param list<string> $headers libelles de la ligne d'en-tete (ligne 1)
|
||||
* @param iterable<list<null|scalar>> $rows lignes de donnees ; chaque ligne est une liste de cellules alignee sur $headers
|
||||
*
|
||||
* @return string contenu binaire du fichier XLSX
|
||||
*/
|
||||
public function export(string $sheetTitle, array $headers, iterable $rows): string;
|
||||
}
|
||||
@@ -0,0 +1,42 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Shared\Domain\Security;
|
||||
|
||||
/**
|
||||
* Codes des roles METIER MALIO partages entre modules.
|
||||
*
|
||||
* Distincts des roles SYSTEME (cf. App\Module\Core\Domain\Security\SystemRoles :
|
||||
* `admin` / `user`). Un role metier porte une intention fonctionnelle (poste de
|
||||
* travail) et conditionne certaines regles de gestion au-dela des permissions
|
||||
* RBAC pures — ex : RG-1.04 du M1 Clients rend l'onglet Information obligatoire
|
||||
* pour le seul role Commerciale, alors que Commerciale et Bureau partagent les
|
||||
* memes permissions (commercial.clients.view + manage, cf. spec-back M1 § 5.2).
|
||||
*
|
||||
* Ces constantes vivent dans Shared (et non dans un module) pour que :
|
||||
* - le seed des roles cote Core (ERP-74) reference le meme code sans importer
|
||||
* une constante du module Commercial (regle ABSOLUE n°1 : pas d'import
|
||||
* inter-modules) ;
|
||||
* - le ClientProcessor (module Commercial) detecte le role Commerciale via ce
|
||||
* meme code, sans dependre de Core.
|
||||
*
|
||||
* Coordination stack M1 :
|
||||
* - ERP-74 seede le role `commerciale` avec ce code exact.
|
||||
* - ERP-59 / ERP-60 (declaration RBAC + tests personas) le reutilisent.
|
||||
* - ERP-55 (ici) ne fait que le REFERENCER : tant qu'aucun user ne porte le
|
||||
* role `commerciale`, la validation de completude Information reste dormante.
|
||||
*/
|
||||
final class BusinessRoles
|
||||
{
|
||||
/**
|
||||
* Role metier « Commerciale » — code de Role RBAC (champ Role::code,
|
||||
* snake_case impose par la regex Role). Conditionne RG-1.04.
|
||||
*/
|
||||
public const string COMMERCIALE = 'commerciale';
|
||||
|
||||
private function __construct()
|
||||
{
|
||||
// Classe de constantes : non instanciable.
|
||||
}
|
||||
}
|
||||
@@ -128,6 +128,135 @@ final class ColumnCommentsCatalog
|
||||
'user_id' => 'FK -> user.id, ON DELETE CASCADE — utilisateur ayant acces au site.',
|
||||
'site_id' => 'FK -> site.id, ON DELETE CASCADE — site accessible par l utilisateur.',
|
||||
],
|
||||
|
||||
// === M1 Commercial (ERP-53/54) — miroir des COMMENT de la migration
|
||||
// Version20260601000000 pour le chemin schema:update (dev/test). ===
|
||||
|
||||
'tva_mode' => [
|
||||
'_table' => 'Referentiel des modes de TVA appliques a un client (France, Export, Intracom).',
|
||||
'id' => 'Identifiant interne auto-incremente.',
|
||||
'code' => 'Code technique stable (UPPER_SNAKE, ≤ 30 caracteres) — unique, utilise par le code metier.',
|
||||
'label' => 'Libelle affichable (FR, ≤ 120 caracteres).',
|
||||
'position' => 'Ordre d affichage croissant dans les selecteurs (tri position ASC puis label ASC).',
|
||||
],
|
||||
|
||||
'payment_delay' => [
|
||||
'_table' => 'Referentiel des delais de reglement (15 jours, 30 jours, a reception).',
|
||||
'id' => 'Identifiant interne auto-incremente.',
|
||||
'code' => 'Code technique stable (UPPER_SNAKE, ≤ 30 caracteres) — unique, utilise par le code metier.',
|
||||
'label' => 'Libelle affichable (FR, ≤ 120 caracteres).',
|
||||
'position' => 'Ordre d affichage croissant dans les selecteurs (tri position ASC puis label ASC).',
|
||||
],
|
||||
|
||||
'payment_type' => [
|
||||
'_table' => 'Referentiel des types de reglement (virement, LCR, cheque, non soumise).',
|
||||
'id' => 'Identifiant interne auto-incremente.',
|
||||
'code' => 'Code technique stable (UPPER_SNAKE, ≤ 30 caracteres) — unique, utilise par le code metier.',
|
||||
'label' => 'Libelle affichable (FR, ≤ 120 caracteres).',
|
||||
'position' => 'Ordre d affichage croissant dans les selecteurs (tri position ASC puis label ASC).',
|
||||
],
|
||||
|
||||
'bank' => [
|
||||
'_table' => 'Referentiel des banques selectionnables pour le reglement par virement.',
|
||||
'id' => 'Identifiant interne auto-incremente.',
|
||||
'code' => 'Code technique stable (UPPER_SNAKE, ≤ 30 caracteres) — unique, utilise par le code metier.',
|
||||
'label' => 'Libelle affichable (FR, ≤ 120 caracteres).',
|
||||
'position' => 'Ordre d affichage croissant dans les selecteurs (tri position ASC puis label ASC).',
|
||||
],
|
||||
|
||||
'client' => [
|
||||
'_table' => 'Repertoire clients (M1 Commercial) — entites archivables (is_archived) et soft-deletables (deleted_at, HP M2).',
|
||||
'id' => 'Identifiant interne auto-incremente.',
|
||||
'company_name' => 'Raison sociale (stockee en MAJUSCULES, RG-1.18). Unique case-insensitive parmi les actifs non archives/non supprimes (RG-1.16, uq_client_company_name_active).',
|
||||
'first_name' => 'Prenom du contact principal (capitalise serveur, RG-1.19). first_name OU last_name obligatoire (RG-1.01).',
|
||||
'last_name' => 'Nom du contact principal (capitalise serveur, RG-1.19). first_name OU last_name obligatoire (RG-1.01).',
|
||||
'phone_primary' => 'Telephone principal — stocke en chiffres uniquement (RG-1.20). Obligatoire.',
|
||||
'phone_secondary' => 'Telephone secondaire optionnel — chiffres uniquement (RG-1.20).',
|
||||
'email' => 'Email principal (lowercase serveur, RG-1.21). NON unique (RG-1.17 supprimee, Q4).',
|
||||
'distributor_id' => 'FK auto-referente vers un client porteur de la categorie DISTRIBUTEUR — exclusive avec broker_id (RG-1.03, chk_client_distrib_or_broker). FK -> client.id, ON DELETE SET NULL.',
|
||||
'broker_id' => 'FK auto-referente vers un client porteur de la categorie COURTIER — exclusive avec distributor_id (RG-1.03). FK -> client.id, ON DELETE SET NULL.',
|
||||
'triage_service' => 'Drapeau service triage active pour le client. Faux par defaut.',
|
||||
'description' => 'Onglet Information : description libre. Obligatoire pour le role Commerciale (RG-1.04), optionnel sinon.',
|
||||
'competitors' => 'Onglet Information : concurrents identifies (texte libre ≤ 255). Obligatoire role Commerciale (RG-1.04).',
|
||||
'founded_at' => 'Onglet Information : date de creation de l entreprise. Obligatoire role Commerciale (RG-1.04).',
|
||||
'employees_count' => 'Onglet Information : effectif (entier >= 0). Obligatoire role Commerciale (RG-1.04).',
|
||||
'revenue_amount' => 'Onglet Information : chiffre d affaires (NUMERIC 15,2). Obligatoire role Commerciale (RG-1.04).',
|
||||
'director_name' => 'Onglet Information : nom du dirigeant. Obligatoire role Commerciale (RG-1.04).',
|
||||
'profit_amount' => 'Onglet Information : resultat / benefice (NUMERIC 15,2). Obligatoire role Commerciale (RG-1.04).',
|
||||
'siren' => 'Onglet Comptabilite : SIREN (9 chiffres attendus). NON unique — peut etre partage entre etablissements (RG-1.15 supprimee, Q4).',
|
||||
'account_number' => 'Onglet Comptabilite : numero de compte comptable du client.',
|
||||
'tva_mode_id' => 'Onglet Comptabilite : mode de TVA applique — FK -> tva_mode.id, ON DELETE RESTRICT.',
|
||||
'n_tva' => 'Onglet Comptabilite : numero de TVA intracommunautaire.',
|
||||
'payment_delay_id' => 'Onglet Comptabilite : delai de reglement — FK -> payment_delay.id, ON DELETE RESTRICT.',
|
||||
'payment_type_id' => 'Onglet Comptabilite : type de reglement — FK -> payment_type.id, ON DELETE RESTRICT. Code LCR impose >= 1 RIB (RG-1.13), VIREMENT impose une banque (RG-1.12).',
|
||||
'bank_id' => 'Onglet Comptabilite : banque — FK -> bank.id, ON DELETE RESTRICT. Obligatoire si payment_type = VIREMENT (RG-1.12).',
|
||||
'is_archived' => 'Drapeau fonctionnel d archivage — masque par defaut dans la liste. Bascule via permission commercial.clients.archive (RG-1.22/23).',
|
||||
'archived_at' => 'Horodatage de l archivage — pose quand is_archived passe a vrai, remis a null a la restauration (RG-1.22/23).',
|
||||
'deleted_at' => 'Horodatage du soft-delete technique (HP M2) — non expose par l API au M1. Null = ligne active.',
|
||||
] + self::timestampableBlamableComments(),
|
||||
|
||||
'client_category' => [
|
||||
'_table' => 'Jointure M2M client <-> category (Catalog) — categories metier du client (au moins une obligatoire).',
|
||||
'client_id' => 'FK -> client.id, ON DELETE CASCADE — client porteur de la categorie.',
|
||||
'category_id' => 'FK -> category.id, ON DELETE RESTRICT — categorie rattachee au client.',
|
||||
],
|
||||
|
||||
'client_contact' => [
|
||||
'_table' => 'Contacts d un client (1:n) — au moins firstName OU lastName par contact (RG-1.05).',
|
||||
'id' => 'Identifiant interne auto-incremente.',
|
||||
'client_id' => 'FK -> client.id, ON DELETE CASCADE — client proprietaire du contact.',
|
||||
'first_name' => 'Prenom du contact (capitalise serveur). first_name OU last_name obligatoire (RG-1.05, chk_client_contact_name).',
|
||||
'last_name' => 'Nom du contact (capitalise serveur). first_name OU last_name obligatoire (RG-1.05, chk_client_contact_name).',
|
||||
'job_title' => 'Fonction / intitule de poste du contact (≤ 120 caracteres).',
|
||||
'phone_primary' => 'Telephone principal du contact — chiffres uniquement (RG-1.20).',
|
||||
'phone_secondary' => 'Telephone secondaire du contact — chiffres uniquement (RG-1.20).',
|
||||
'email' => 'Email du contact (lowercase serveur, RG-1.21).',
|
||||
'position' => 'Ordre d affichage du contact dans la liste du client (croissant).',
|
||||
] + self::timestampableBlamableComments(),
|
||||
|
||||
'client_address' => [
|
||||
'_table' => 'Adresses d un client (1:n) — prospect exclusif de livraison/facturation (RG-1.06/07/08), >= 1 site rattache (RG-1.10).',
|
||||
'id' => 'Identifiant interne auto-incremente.',
|
||||
'client_id' => 'FK -> client.id, ON DELETE CASCADE — client proprietaire de l adresse.',
|
||||
'is_prospect' => 'Adresse de prospection — exclusive de is_delivery/is_billing (RG-1.06/07/08, chk_client_address_prospect_exclusive). Faux par defaut.',
|
||||
'is_delivery' => 'Adresse de livraison. Exclusive de is_prospect. Faux par defaut.',
|
||||
'is_billing' => 'Adresse de facturation. Exclusive de is_prospect. Impose billing_email (RG-1.11). Faux par defaut.',
|
||||
'country' => 'Pays de l adresse — defaut France.',
|
||||
'postal_code' => 'Code postal (4-5 chiffres attendus, RG-1.09).',
|
||||
'city' => 'Ville — preremplie depuis le code postal via API BAN cote front (RG-1.09).',
|
||||
'street' => 'Numero et voie de l adresse.',
|
||||
'street_complement' => 'Complement d adresse (etage, batiment...) — optionnel.',
|
||||
'billing_email' => 'Email de facturation — obligatoire si is_billing, null sinon (RG-1.11, chk_client_address_billing_email).',
|
||||
'position' => 'Ordre d affichage de l adresse dans la liste du client (croissant).',
|
||||
] + self::timestampableBlamableComments(),
|
||||
|
||||
'client_address_site' => [
|
||||
'_table' => 'Jointure M2M client_address <-> site (Sites) — sites desservis par l adresse (>= 1 obligatoire, RG-1.10).',
|
||||
'client_address_id' => 'FK -> client_address.id, ON DELETE CASCADE — adresse concernee.',
|
||||
'site_id' => 'FK -> site.id, ON DELETE RESTRICT — site rattache a l adresse.',
|
||||
],
|
||||
|
||||
'client_address_contact' => [
|
||||
'_table' => 'Jointure M2M client_address <-> client_contact — contacts associes a une adresse.',
|
||||
'client_address_id' => 'FK -> client_address.id, ON DELETE CASCADE — adresse concernee.',
|
||||
'client_contact_id' => 'FK -> client_contact.id, ON DELETE CASCADE — contact associe a l adresse.',
|
||||
],
|
||||
|
||||
'client_address_category' => [
|
||||
'_table' => 'Jointure M2M client_address <-> category — categories d adresse (types SECTEUR/AUTRE uniquement, RG-1.29).',
|
||||
'client_address_id' => 'FK -> client_address.id, ON DELETE CASCADE — adresse concernee.',
|
||||
'category_id' => 'FK -> category.id, ON DELETE RESTRICT — categorie d adresse (type SECTEUR ou AUTRE, RG-1.29).',
|
||||
],
|
||||
|
||||
'client_rib' => [
|
||||
'_table' => 'Coordonnees bancaires d un client (1:n) — >= 1 RIB obligatoire si payment_type = LCR (RG-1.13). Tous les champs audites (pas d AuditIgnore).',
|
||||
'id' => 'Identifiant interne auto-incremente.',
|
||||
'client_id' => 'FK -> client.id, ON DELETE CASCADE — client proprietaire du RIB.',
|
||||
'label' => 'Libelle du RIB (ex: compte principal).',
|
||||
'bic' => 'Code BIC/SWIFT de la banque (8 ou 11 caracteres).',
|
||||
'iban' => 'IBAN du compte (≤ 34 caracteres).',
|
||||
'position' => 'Ordre d affichage du RIB dans la liste du client (croissant).',
|
||||
] + self::timestampableBlamableComments(),
|
||||
];
|
||||
}
|
||||
|
||||
@@ -151,12 +280,25 @@ final class ColumnCommentsCatalog
|
||||
* Construit la liste des requetes SQL `COMMENT ON TABLE/COLUMN` (en
|
||||
* dollar-quoting Postgres `$_$`) a partir du catalogue.
|
||||
*
|
||||
* @param null|list<string> $onlyTables Restreint la generation a ces tables
|
||||
* (utile pour la migration retrofit qui
|
||||
* ne doit commenter que les tables deja
|
||||
* presentes a son instant T — les tables
|
||||
* des modules crees plus tard posent
|
||||
* leurs propres COMMENT). null = tout.
|
||||
*
|
||||
* @return list<string>
|
||||
*/
|
||||
public static function toSqlStatements(): array
|
||||
public static function toSqlStatements(?array $onlyTables = null): array
|
||||
{
|
||||
$allowed = null === $onlyTables ? null : array_fill_keys($onlyTables, true);
|
||||
|
||||
$statements = [];
|
||||
foreach (self::comments() as $table => $entries) {
|
||||
if (null !== $allowed && !isset($allowed[$table])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$quotedTable = self::quoteIdent($table);
|
||||
foreach ($entries as $column => $description) {
|
||||
if ('_table' === $column) {
|
||||
|
||||
@@ -0,0 +1,85 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Shared\Infrastructure\Export;
|
||||
|
||||
use App\Shared\Domain\Contract\SpreadsheetExporterInterface;
|
||||
use PhpOffice\PhpSpreadsheet\Spreadsheet;
|
||||
use PhpOffice\PhpSpreadsheet\Writer\Xlsx;
|
||||
use RuntimeException;
|
||||
|
||||
/**
|
||||
* Implementation XLSX du contrat d'export via la librairie PhpSpreadsheet.
|
||||
*
|
||||
* Strictement technique : ecrit la ligne d'en-tete puis les lignes de donnees
|
||||
* dans l'unique feuille du classeur, et retourne le binaire. Aucune logique
|
||||
* metier, aucune reference a une entite d'un module — le mapping des colonnes
|
||||
* est de la responsabilite de l'appelant.
|
||||
*/
|
||||
final class PhpSpreadsheetExporter implements SpreadsheetExporterInterface
|
||||
{
|
||||
// Excel limite le titre d'un onglet a 31 caracteres et interdit certains
|
||||
// caracteres ; on assainit pour ne jamais faire echouer setTitle().
|
||||
private const int MAX_SHEET_TITLE_LENGTH = 31;
|
||||
private const string INVALID_TITLE_CHARS = '*:/\?[]';
|
||||
|
||||
public function export(string $sheetTitle, array $headers, iterable $rows): string
|
||||
{
|
||||
$spreadsheet = new Spreadsheet();
|
||||
$sheet = $spreadsheet->getActiveSheet();
|
||||
$sheet->setTitle($this->sanitizeSheetTitle($sheetTitle));
|
||||
|
||||
// Ligne 1 : en-tete.
|
||||
$sheet->fromArray($headers, null, 'A1');
|
||||
|
||||
// Lignes 2..n : donnees. Iteration manuelle pour supporter un iterable
|
||||
// paresseux (generator) sans tout materialiser en memoire.
|
||||
$rowNumber = 2;
|
||||
foreach ($rows as $row) {
|
||||
$sheet->fromArray($row, null, 'A'.$rowNumber);
|
||||
++$rowNumber;
|
||||
}
|
||||
|
||||
return $this->toBinary($spreadsheet);
|
||||
}
|
||||
|
||||
private function toBinary(Spreadsheet $spreadsheet): string
|
||||
{
|
||||
$writer = new Xlsx($spreadsheet);
|
||||
|
||||
// Le writer ecrit vers un chemin de fichier : on passe par un fichier
|
||||
// temporaire puis on lit son contenu binaire.
|
||||
$tmpFile = tempnam(sys_get_temp_dir(), 'xlsx_export_');
|
||||
if (false === $tmpFile) {
|
||||
throw new RuntimeException('Impossible de creer un fichier temporaire pour l\'export XLSX.');
|
||||
}
|
||||
|
||||
try {
|
||||
$writer->save($tmpFile);
|
||||
$binary = file_get_contents($tmpFile);
|
||||
if (false === $binary) {
|
||||
throw new RuntimeException('Lecture du fichier XLSX temporaire impossible.');
|
||||
}
|
||||
|
||||
return $binary;
|
||||
} finally {
|
||||
// Libere les references internes de PhpSpreadsheet puis supprime le
|
||||
// fichier temporaire, meme en cas d'exception.
|
||||
$spreadsheet->disconnectWorksheets();
|
||||
@unlink($tmpFile);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Retire les caracteres interdits et tronque a 31 caracteres ; renvoie un
|
||||
* titre par defaut si la chaine resultante est vide.
|
||||
*/
|
||||
private function sanitizeSheetTitle(string $title): string
|
||||
{
|
||||
$clean = str_replace(str_split(self::INVALID_TITLE_CHARS), '', $title);
|
||||
$clean = mb_substr($clean, 0, self::MAX_SHEET_TITLE_LENGTH);
|
||||
|
||||
return '' === $clean ? 'Export' : $clean;
|
||||
}
|
||||
}
|
||||
+256
@@ -0,0 +1,256 @@
|
||||
{
|
||||
"api-platform/symfony": {
|
||||
"version": "4.3",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "4.0",
|
||||
"ref": "e9952e9f393c2d048f10a78f272cd35e807d972b"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/api_platform.yaml",
|
||||
"config/routes/api_platform.yaml",
|
||||
"src/ApiResource/.gitignore"
|
||||
]
|
||||
},
|
||||
"doctrine/deprecations": {
|
||||
"version": "1.1",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "1.0",
|
||||
"ref": "fdd756167454623e21f1d769c5b814b243782a67"
|
||||
}
|
||||
},
|
||||
"doctrine/doctrine-bundle": {
|
||||
"version": "3.2",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "3.0",
|
||||
"ref": "d39a3bd844edfe90c20ae520b804a3bf4f82b4ad"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/doctrine.yaml",
|
||||
"src/Entity/.gitignore",
|
||||
"src/Repository/.gitignore"
|
||||
]
|
||||
},
|
||||
"doctrine/doctrine-fixtures-bundle": {
|
||||
"version": "4.3",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "3.0",
|
||||
"ref": "1f5514cfa15b947298df4d771e694e578d4c204d"
|
||||
},
|
||||
"files": [
|
||||
"src/DataFixtures/AppFixtures.php"
|
||||
]
|
||||
},
|
||||
"doctrine/doctrine-migrations-bundle": {
|
||||
"version": "4.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "3.1",
|
||||
"ref": "1d01ec03c6ecbd67c3375c5478c9a423ae5d6a33"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/doctrine_migrations.yaml",
|
||||
"migrations/.gitignore"
|
||||
]
|
||||
},
|
||||
"friendsofphp/php-cs-fixer": {
|
||||
"version": "3.94",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "3.39",
|
||||
"ref": "97aaf9026490db73b86c23d49e5774bc89d2b232"
|
||||
},
|
||||
"files": [
|
||||
".php-cs-fixer.dist.php"
|
||||
]
|
||||
},
|
||||
"lexik/jwt-authentication-bundle": {
|
||||
"version": "3.2",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "2.5",
|
||||
"ref": "e9481b233a11ef7e15fe055a2b21fd3ac1aa2bb7"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/lexik_jwt_authentication.yaml"
|
||||
]
|
||||
},
|
||||
"nelmio/cors-bundle": {
|
||||
"version": "2.6",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "1.5",
|
||||
"ref": "6bea22e6c564fba3a1391615cada1437d0bde39c"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/nelmio_cors.yaml"
|
||||
]
|
||||
},
|
||||
"nyholm/psr7": {
|
||||
"version": "1.8",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "1.0",
|
||||
"ref": "4a8c0345442dcca1d8a2c65633dcf0285dd5a5a2"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/nyholm_psr7.yaml"
|
||||
]
|
||||
},
|
||||
"phpunit/phpunit": {
|
||||
"version": "13.1",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "11.1",
|
||||
"ref": "ca0bc067abfb40a8de1b2561b96cbfc2b833c314"
|
||||
},
|
||||
"files": [
|
||||
".env.test",
|
||||
"phpunit.dist.xml",
|
||||
"tests/bootstrap.php",
|
||||
"bin/phpunit"
|
||||
]
|
||||
},
|
||||
"symfony/console": {
|
||||
"version": "8.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "5.3",
|
||||
"ref": "1781ff40d8a17d87cf53f8d4cf0c8346ed2bb461"
|
||||
},
|
||||
"files": [
|
||||
"bin/console"
|
||||
]
|
||||
},
|
||||
"symfony/flex": {
|
||||
"version": "2.10",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "2.4",
|
||||
"ref": "52e9754527a15e2b79d9a610f98185a1fe46622a"
|
||||
},
|
||||
"files": [
|
||||
".env",
|
||||
".env.dev"
|
||||
]
|
||||
},
|
||||
"symfony/framework-bundle": {
|
||||
"version": "8.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "7.4",
|
||||
"ref": "d5dcd308c8becd725c9d8b91e31aab1ff0bbc30b"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/cache.yaml",
|
||||
"config/packages/framework.yaml",
|
||||
"config/preload.php",
|
||||
"config/routes/framework.yaml",
|
||||
"config/services.yaml",
|
||||
"public/index.php",
|
||||
"src/Controller/.gitignore",
|
||||
"src/Kernel.php",
|
||||
".editorconfig"
|
||||
]
|
||||
},
|
||||
"symfony/monolog-bundle": {
|
||||
"version": "4.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "3.7",
|
||||
"ref": "1b9efb10c54cb51c713a9391c9300ff8bceda459"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/monolog.yaml"
|
||||
]
|
||||
},
|
||||
"symfony/property-info": {
|
||||
"version": "8.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "7.3",
|
||||
"ref": "dae70df71978ae9226ae915ffd5fad817f5ca1f7"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/property_info.yaml"
|
||||
]
|
||||
},
|
||||
"symfony/routing": {
|
||||
"version": "8.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "7.4",
|
||||
"ref": "bc94c4fd86f393f3ab3947c18b830ea343e51ded"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/routing.yaml",
|
||||
"config/routes.yaml"
|
||||
]
|
||||
},
|
||||
"symfony/security-bundle": {
|
||||
"version": "8.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "7.4",
|
||||
"ref": "c42fee7802181cdd50f61b8622715829f5d2335c"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/security.yaml",
|
||||
"config/routes/security.yaml"
|
||||
]
|
||||
},
|
||||
"symfony/twig-bundle": {
|
||||
"version": "8.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "6.4",
|
||||
"ref": "f250159ebe99153d0c640a3e7742876fc7453f2c"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/twig.yaml",
|
||||
"templates/base.html.twig"
|
||||
]
|
||||
},
|
||||
"symfony/uid": {
|
||||
"version": "8.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "7.0",
|
||||
"ref": "0df5844274d871b37fc3816c57a768ffc60a43a5"
|
||||
}
|
||||
},
|
||||
"symfony/validator": {
|
||||
"version": "8.0",
|
||||
"recipe": {
|
||||
"repo": "github.com/symfony/recipes",
|
||||
"branch": "main",
|
||||
"version": "7.0",
|
||||
"ref": "8c1c4e28d26a124b0bb273f537ca8ce443472bfd"
|
||||
},
|
||||
"files": [
|
||||
"config/packages/validator.yaml"
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -5,6 +5,10 @@ declare(strict_types=1);
|
||||
namespace App\Tests\Architecture;
|
||||
|
||||
use App\Module\Catalog\Domain\Entity\CategoryType;
|
||||
use App\Module\Commercial\Domain\Entity\Bank;
|
||||
use App\Module\Commercial\Domain\Entity\PaymentDelay;
|
||||
use App\Module\Commercial\Domain\Entity\PaymentType;
|
||||
use App\Module\Commercial\Domain\Entity\TvaMode;
|
||||
use App\Module\Core\Domain\Entity\Permission;
|
||||
use App\Module\Core\Domain\Entity\Role;
|
||||
use App\Module\Core\Domain\Entity\User;
|
||||
@@ -49,6 +53,11 @@ final class EntitiesAreTimestampableBlamableTest extends TestCase
|
||||
* - CategoryType : referentiel statique (codes de typage des categories),
|
||||
* pas de besoin de tracabilite user-driven (cree par migration/seed,
|
||||
* pas pilote utilisateur au M0). Cf. spec-back § 2.8.bis + RG-1.17.
|
||||
* - TvaMode / PaymentDelay / PaymentType / Bank (M1 Commercial) : referentiels
|
||||
* comptables statiques (id/code/label/position), seedes par migration +
|
||||
* CommercialReferentialFixtures, lecture seule au M1 (HP-M2-2). Pas de
|
||||
* tracabilite user-driven, meme justification que CategoryType. Cf.
|
||||
* spec-back M1 § 2.6 + § 3.5.
|
||||
*
|
||||
* Les futurs referentiels statiques s'ajoutent ici avec une justification.
|
||||
*/
|
||||
@@ -58,6 +67,10 @@ final class EntitiesAreTimestampableBlamableTest extends TestCase
|
||||
Permission::class,
|
||||
Site::class,
|
||||
CategoryType::class,
|
||||
TvaMode::class,
|
||||
PaymentDelay::class,
|
||||
PaymentType::class,
|
||||
Bank::class,
|
||||
];
|
||||
|
||||
public function testAllBusinessEntitiesImplementBothInterfaces(): void
|
||||
|
||||
@@ -0,0 +1,130 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use ApiPlatform\Symfony\Bundle\Test\Client;
|
||||
use App\Module\Catalog\Domain\Entity\Category;
|
||||
use App\Module\Catalog\Domain\Entity\CategoryType;
|
||||
use App\Module\Commercial\Domain\Entity\Client as ClientEntity;
|
||||
use App\Module\Core\Domain\Entity\Role;
|
||||
use App\Module\Core\Domain\Entity\User;
|
||||
use App\Tests\Module\Core\Api\AbstractApiTestCase;
|
||||
use DateTimeImmutable;
|
||||
|
||||
/**
|
||||
* Base des tests fonctionnels du module Commercial (M1 — repertoire clients).
|
||||
*
|
||||
* Etend la base Core : ajoute des factories pour seeder vite des categories
|
||||
* typees (DISTRIBUTEUR / COURTIER / SECTEUR) et des clients, plus un helper
|
||||
* d'authentification admin.
|
||||
*
|
||||
* Cleanup : tearDown purge clients, categories `test_cli_cat_*` et users/roles
|
||||
* `test_*`. Les category_types business sont fetch-or-create (idempotents) et
|
||||
* laisses en place (pas de DELETE pour ne pas entrer en conflit avec d'autres
|
||||
* suites). Pas de DAMA en local -> purge manuelle obligatoire.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
abstract class AbstractCommercialApiTestCase extends AbstractApiTestCase
|
||||
{
|
||||
protected const string TEST_CATEGORY_PREFIX = 'test_cli_cat_';
|
||||
|
||||
protected function tearDown(): void
|
||||
{
|
||||
$this->cleanupCommercialTestData();
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
protected function createAdminClient(): Client
|
||||
{
|
||||
return $this->authenticatedClient('admin', 'admin');
|
||||
}
|
||||
|
||||
/**
|
||||
* Recupere (ou cree) un CategoryType par son code metier. Idempotent : la
|
||||
* contrainte d'unicite sur category_type.code interdit les doublons.
|
||||
*/
|
||||
protected function createCategoryType(string $code): CategoryType
|
||||
{
|
||||
$em = $this->getEm();
|
||||
$existing = $em->getRepository(CategoryType::class)->findOneBy(['code' => $code]);
|
||||
if (null !== $existing) {
|
||||
return $existing;
|
||||
}
|
||||
|
||||
$type = new CategoryType();
|
||||
$type->setCode($code);
|
||||
$type->setLabel(ucfirst(strtolower($code)));
|
||||
$em->persist($type);
|
||||
$em->flush();
|
||||
|
||||
return $type;
|
||||
}
|
||||
|
||||
/**
|
||||
* Cree une Category de test rattachee a un type metier donne (code).
|
||||
*/
|
||||
protected function createCategory(string $typeCode = 'SECTEUR'): Category
|
||||
{
|
||||
$em = $this->getEm();
|
||||
$suffix = substr(bin2hex(random_bytes(4)), 0, 8);
|
||||
$category = new Category();
|
||||
$category->setName(self::TEST_CATEGORY_PREFIX.$suffix);
|
||||
$category->setCategoryType($this->createCategoryType($typeCode));
|
||||
$em->persist($category);
|
||||
$em->flush();
|
||||
|
||||
return $category;
|
||||
}
|
||||
|
||||
/**
|
||||
* Seede directement un Client en base (sans passer par l'API), pour les
|
||||
* tests de liste / archivage. Le client porte une categorie SECTEUR.
|
||||
*/
|
||||
protected function seedClient(string $companyName, bool $isArchived = false, string $categoryTypeCode = 'SECTEUR'): ClientEntity
|
||||
{
|
||||
$em = $this->getEm();
|
||||
$client = new ClientEntity();
|
||||
// Stocke en MAJUSCULES pour refleter l'etat normalise (RG-1.18) qu'aurait
|
||||
// produit le ClientProcessor via l'API.
|
||||
$client->setCompanyName(mb_strtoupper($companyName, 'UTF-8'));
|
||||
$client->setLastName('Seed');
|
||||
$client->setPhonePrimary('0102030405');
|
||||
$client->setEmail(strtolower(str_replace(' ', '', $companyName)).'@seed.test');
|
||||
$client->addCategory($this->createCategory($categoryTypeCode));
|
||||
$client->setIsArchived($isArchived);
|
||||
if ($isArchived) {
|
||||
$client->setArchivedAt(new DateTimeImmutable());
|
||||
}
|
||||
$em->persist($client);
|
||||
$em->flush();
|
||||
|
||||
return $client;
|
||||
}
|
||||
|
||||
private function cleanupCommercialTestData(): void
|
||||
{
|
||||
$em = $this->getEm();
|
||||
|
||||
// Clients d'abord (la jointure client_category est purgee par
|
||||
// ON DELETE CASCADE ; les auto-references distributor/broker sont
|
||||
// ON DELETE SET NULL).
|
||||
$em->createQuery('DELETE FROM '.ClientEntity::class)->execute();
|
||||
|
||||
// Categories de test ensuite (FK client_category deja purgee).
|
||||
$em->createQuery(
|
||||
'DELETE FROM '.Category::class.' c WHERE c.name LIKE :prefix',
|
||||
)->setParameter('prefix', self::TEST_CATEGORY_PREFIX.'%')->execute();
|
||||
|
||||
// Users / roles jetables.
|
||||
$em->createQuery(
|
||||
'DELETE FROM '.User::class.' u WHERE u.username LIKE :prefix',
|
||||
)->setParameter('prefix', 'test_%')->execute();
|
||||
|
||||
$em->createQuery(
|
||||
'DELETE FROM '.Role::class.' r WHERE r.code LIKE :prefix',
|
||||
)->setParameter('prefix', 'test_%')->execute();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,149 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use App\Module\Sites\Domain\Entity\Site;
|
||||
|
||||
/**
|
||||
* Tests fonctionnels de l'onglet Adresse — combler les trous (ERP-60).
|
||||
*
|
||||
* RG-1.09 (code postal) et RG-1.10 (>= 1 site) sont DEJA couverts par
|
||||
* ClientSubResourceApiTest (ERP-57) et ne sont pas reduplique ici. Ce fichier
|
||||
* cible les contraintes CHECK BDD non encore testees :
|
||||
* - RG-1.06 / RG-1.07 / RG-1.08 : `chk_client_address_prospect_exclusive`
|
||||
* (is_prospect exclusif de is_delivery / is_billing) ;
|
||||
* - RG-1.11 : `chk_client_address_billing_email` (billing_email obligatoire
|
||||
* ssi is_billing).
|
||||
*
|
||||
* Note : ces regles sont portees par des CHECK Postgres (pas d'Assert ni de
|
||||
* regle Processor au M1). On verifie donc que la combinaison invalide est
|
||||
* REJETEE par le serveur (statut >= 400), sans coupler le test au code exact :
|
||||
* une violation CHECK non mappee remonte aujourd'hui en erreur serveur ; un
|
||||
* mapping fin vers 422 serait une amelioration ulterieure (hors perimetre
|
||||
* ERP-60, test-only).
|
||||
*
|
||||
* RG-1.29 (filtrage du type de categorie SECTEUR/AUTRE sur une adresse) n'est
|
||||
* PAS testee : la validation d'ecriture correspondante n'est pas implementee
|
||||
* cote back au M1 (et ne figure pas dans la liste § 8.1). Documentee comme gap
|
||||
* dans le cahier de test #478.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientAddressTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
|
||||
/**
|
||||
* RG-1.06 / RG-1.07 : une adresse de prospection ne peut pas etre une
|
||||
* adresse de livraison (CHECK chk_client_address_prospect_exclusive).
|
||||
*/
|
||||
public function testProspectAddressCannotBeDelivery(): void
|
||||
{
|
||||
$this->skipIfSitesModuleDisabled();
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Prospect Delivery');
|
||||
|
||||
$response = $client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'isProspect' => true,
|
||||
'isDelivery' => true,
|
||||
'postalCode' => '86100',
|
||||
'city' => 'Châtellerault',
|
||||
'street' => '1 rue du Test',
|
||||
'sites' => [$this->firstSiteIri()],
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertGreaterThanOrEqual(400, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.06 / RG-1.08 : une adresse de prospection ne peut pas etre une
|
||||
* adresse de facturation (meme CHECK). On fournit billingEmail pour que la
|
||||
* seule violation possible soit l'exclusivite prospect/billing.
|
||||
*/
|
||||
public function testProspectAddressCannotBeBilling(): void
|
||||
{
|
||||
$this->skipIfSitesModuleDisabled();
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Prospect Billing');
|
||||
|
||||
$response = $client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'isProspect' => true,
|
||||
'isBilling' => true,
|
||||
'billingEmail' => 'facturation@test.fr',
|
||||
'postalCode' => '86100',
|
||||
'city' => 'Châtellerault',
|
||||
'street' => '1 rue du Test',
|
||||
'sites' => [$this->firstSiteIri()],
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertGreaterThanOrEqual(400, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.11 : une adresse de facturation exige un billingEmail
|
||||
* (CHECK chk_client_address_billing_email).
|
||||
*/
|
||||
public function testBillingAddressRequiresBillingEmail(): void
|
||||
{
|
||||
$this->skipIfSitesModuleDisabled();
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Billing No Email');
|
||||
|
||||
$response = $client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'isBilling' => true,
|
||||
'postalCode' => '86100',
|
||||
'city' => 'Châtellerault',
|
||||
'street' => '1 rue du Test',
|
||||
'sites' => [$this->firstSiteIri()],
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertGreaterThanOrEqual(400, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.11 (sens inverse) : une adresse NON facturable ne peut pas porter un
|
||||
* billingEmail (meme CHECK).
|
||||
*/
|
||||
public function testNonBillingAddressRejectsBillingEmail(): void
|
||||
{
|
||||
$this->skipIfSitesModuleDisabled();
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Non Billing With Email');
|
||||
|
||||
$response = $client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'isBilling' => false,
|
||||
'billingEmail' => 'parasite@test.fr',
|
||||
'postalCode' => '86100',
|
||||
'city' => 'Châtellerault',
|
||||
'street' => '1 rue du Test',
|
||||
'sites' => [$this->firstSiteIri()],
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertGreaterThanOrEqual(400, $response->getStatusCode());
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne l'IRI du premier site seede (fixtures Sites).
|
||||
*/
|
||||
private function firstSiteIri(): string
|
||||
{
|
||||
$site = $this->getEm()->getRepository(Site::class)->findOneBy([]);
|
||||
self::assertNotNull($site, 'Aucun site seede : impossible de tester les adresses.');
|
||||
|
||||
return '/api/sites/'.$site->getId();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,285 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
/**
|
||||
* Tests fonctionnels de l'API /api/clients (M1) — branche ERP-55.
|
||||
*
|
||||
* Authentifies en ADMIN (bypass RBAC via isAdmin) : on valide ici les regles
|
||||
* METIER (normalisation, unicite, distributor/broker, archivage, liste). Le
|
||||
* gating par permission (accounting.manage / archive / RG-1.28 strict, RG-1.04
|
||||
* Commerciale) est couvert par les tests unitaires du ClientProcessor : il
|
||||
* exige des users non-admin portant des permissions `commercial.clients.*` qui
|
||||
* ne sont declarees qu'en ERP-59 (tests RBAC complets en ERP-60).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientApiTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
|
||||
public function testPostNormalizesTextFields(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
|
||||
$response = $client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'companyName' => 'acme sas',
|
||||
'firstName' => 'JEAN',
|
||||
'lastName' => 'dupont',
|
||||
'phonePrimary' => '06.12.34.56.78',
|
||||
'email' => 'Jean.DUPONT@ACME.FR',
|
||||
'categories' => ['/api/categories/'.$cat->getId()],
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
$data = $response->toArray();
|
||||
// RG-1.18 / 1.19 / 1.20 / 1.21
|
||||
self::assertSame('ACME SAS', $data['companyName']);
|
||||
self::assertSame('Jean', $data['firstName']);
|
||||
self::assertSame('Dupont', $data['lastName']);
|
||||
self::assertSame('0612345678', $data['phonePrimary']);
|
||||
self::assertSame('jean.dupont@acme.fr', $data['email']);
|
||||
self::assertFalse($data['isArchived']);
|
||||
}
|
||||
|
||||
public function testPostDuplicateCompanyNameReturns409(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
$iri = '/api/categories/'.$cat->getId();
|
||||
|
||||
$payload = [
|
||||
'companyName' => 'Doublon SARL',
|
||||
'firstName' => 'A',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 'dup@test.fr',
|
||||
'categories' => [$iri],
|
||||
];
|
||||
|
||||
$client->request('POST', '/api/clients', ['headers' => ['Content-Type' => self::LD], 'json' => $payload]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
|
||||
// Meme nom (insensible a la casse via l'index LOWER) -> 409 (RG-1.16).
|
||||
$payload['email'] = 'dup2@test.fr';
|
||||
$client->request('POST', '/api/clients', ['headers' => ['Content-Type' => self::LD], 'json' => $payload]);
|
||||
self::assertResponseStatusCodeSame(409);
|
||||
}
|
||||
|
||||
public function testPostWithoutFirstOrLastNameReturns422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
|
||||
$client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'companyName' => 'No Contact Name',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 'nc@test.fr',
|
||||
'categories' => ['/api/categories/'.$cat->getId()],
|
||||
],
|
||||
]);
|
||||
|
||||
// RG-1.01
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testPostWithoutCategoryReturns422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'companyName' => 'No Category',
|
||||
'firstName' => 'A',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 'nocat@test.fr',
|
||||
'categories' => [],
|
||||
],
|
||||
]);
|
||||
|
||||
// Assert\Count(min: 1)
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testPostWithDistributorAndBrokerReturns422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
$distributor = $this->seedClient('Distrib Mutex', false, 'DISTRIBUTEUR');
|
||||
|
||||
$client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'companyName' => 'Mutex Client',
|
||||
'firstName' => 'A',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 'mutex@test.fr',
|
||||
'categories' => ['/api/categories/'.$cat->getId()],
|
||||
'distributor' => '/api/clients/'.$distributor->getId(),
|
||||
'broker' => '/api/clients/'.$distributor->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
// RG-1.03 (exclusivite)
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testPostDistributorReferencingNonDistributorReturns422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
$notDistro = $this->seedClient('Pas Un Distrib', false, 'SECTEUR');
|
||||
|
||||
$client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'companyName' => 'Bad Distrib Ref',
|
||||
'firstName' => 'A',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 'baddistrib@test.fr',
|
||||
'categories' => ['/api/categories/'.$cat->getId()],
|
||||
'distributor' => '/api/clients/'.$notDistro->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
// RG-1.03 (le distributor doit etre categorise DISTRIBUTEUR)
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testPostValidDistributorReturns201(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
$distributor = $this->seedClient('Vrai Distrib', false, 'DISTRIBUTEUR');
|
||||
|
||||
$client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'companyName' => 'Client Avec Distrib',
|
||||
'firstName' => 'A',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 'okdistrib@test.fr',
|
||||
'categories' => ['/api/categories/'.$cat->getId()],
|
||||
'distributor' => '/api/clients/'.$distributor->getId(),
|
||||
],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
}
|
||||
|
||||
public function testListSortedByCompanyNameAscAndExcludesArchived(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$this->seedClient('Zebra Co');
|
||||
$this->seedClient('Alpha Co');
|
||||
$this->seedClient('Archivé Co', true);
|
||||
|
||||
$names = $client->request('GET', '/api/clients?pagination=false', [
|
||||
'headers' => ['Accept' => self::LD],
|
||||
])->toArray()['member'];
|
||||
$companyNames = array_map(static fn (array $c): string => $c['companyName'], $names);
|
||||
|
||||
// RG-1.24 : l'archive est exclue par defaut.
|
||||
self::assertNotContains('ARCHIVÉ CO', $companyNames);
|
||||
// RG-1.26 : tri companyName ASC (Alpha avant Zebra).
|
||||
$alpha = array_search('ALPHA CO', $companyNames, true);
|
||||
$zebra = array_search('ZEBRA CO', $companyNames, true);
|
||||
self::assertNotFalse($alpha);
|
||||
self::assertNotFalse($zebra);
|
||||
self::assertLessThan($zebra, $alpha);
|
||||
}
|
||||
|
||||
public function testListIncludeArchivedReturnsArchived(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$this->seedClient('Hidden Archived', true);
|
||||
|
||||
$members = $client->request('GET', '/api/clients?includeArchived=true&pagination=false', [
|
||||
'headers' => ['Accept' => self::LD],
|
||||
])->toArray()['member'];
|
||||
$names = array_map(static fn (array $c): string => $c['companyName'], $members);
|
||||
|
||||
// RG-1.25
|
||||
self::assertContains('HIDDEN ARCHIVED', $names);
|
||||
}
|
||||
|
||||
public function testCollectionIsPaginated(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$this->seedClient('Paginated One');
|
||||
|
||||
// Collection Hydra avec total (la cle `view` n'apparait qu'a partir de
|
||||
// 2 pages cote API Platform 4, donc non assertable sur page unique).
|
||||
$page1 = $client->request('GET', '/api/clients', ['headers' => ['Accept' => self::LD]])->toArray();
|
||||
self::assertArrayHasKey('totalItems', $page1);
|
||||
self::assertNotEmpty($page1['member']);
|
||||
|
||||
// Preuve que la pagination serveur est bien engagee : la page 2 d'un jeu
|
||||
// tenant sur une page est vide (un provider non pagine ignorerait `page`
|
||||
// et renverrait quand meme les items).
|
||||
$page2 = $client->request('GET', '/api/clients?page=2', ['headers' => ['Accept' => self::LD]])->toArray();
|
||||
self::assertSame([], $page2['member']);
|
||||
}
|
||||
|
||||
public function testPatchArchiveSetsArchivedAtThenRestore(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('To Archive');
|
||||
$iri = '/api/clients/'.$seed->getId();
|
||||
|
||||
// Archive (RG-1.22) : admin a la permission archive via bypass isAdmin.
|
||||
$archived = $client->request('PATCH', $iri, [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['isArchived' => true],
|
||||
])->toArray();
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
self::assertTrue($archived['isArchived']);
|
||||
self::assertNotNull($archived['archivedAt']);
|
||||
|
||||
// Restauration (RG-1.23) : archivedAt repasse a null.
|
||||
$restored = $client->request('PATCH', $iri, [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['isArchived' => false],
|
||||
])->toArray();
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
self::assertFalse($restored['isArchived']);
|
||||
self::assertNull($restored['archivedAt']);
|
||||
}
|
||||
|
||||
public function testPatchArchiveWithOtherFieldReturns422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Archive Plus Field');
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['isArchived' => true, 'companyName' => 'Renamed'],
|
||||
]);
|
||||
|
||||
// RG-1.22 : une requete d'archivage ne modifie aucun autre champ.
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testGetDetailEmbedsSubCollections(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Detail Embed');
|
||||
|
||||
$data = $client->request('GET', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Accept' => self::LD],
|
||||
])->toArray();
|
||||
|
||||
// § 4.2 : le detail embarque contacts / adresses / ribs.
|
||||
self::assertArrayHasKey('contacts', $data);
|
||||
self::assertArrayHasKey('addresses', $data);
|
||||
self::assertArrayHasKey('ribs', $data);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,47 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
/**
|
||||
* Tests d'archivage / restauration — combler les trous (ERP-60).
|
||||
*
|
||||
* Le cas nominal RG-1.22 (archive pose archivedAt) + RG-1.23 (restauration
|
||||
* repasse archivedAt a null) ainsi que le 422 « archive + autre champ » sont
|
||||
* DEJA couverts par ClientApiTest (ERP-55). Ce fichier cible le trou identifie
|
||||
* en revue (P1 review ERP-55) : le 409 de RESTAURATION en conflit d'unicite.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientArchiveTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string MERGE = 'application/merge-patch+json';
|
||||
|
||||
/**
|
||||
* RG-1.23 : restaurer un client archive dont le nom a ete repris par un
|
||||
* client actif entre-temps doit echouer en 409 (l'index partiel
|
||||
* uq_client_company_name_active n'admet qu'un seul actif portant ce nom).
|
||||
*
|
||||
* Scenario :
|
||||
* 1. un client « ACME CONFLICT » est archive (donc hors index partiel) ;
|
||||
* 2. un autre client actif « ACME CONFLICT » est cree (autorise tant que le
|
||||
* premier reste archive) ;
|
||||
* 3. la restauration du premier le rendrait actif -> collision d'unicite
|
||||
* -> ClientProcessor traduit la UniqueConstraintViolationException en 409.
|
||||
*/
|
||||
public function testRestoreConflictReturns409(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$archived = $this->seedClient('Acme Conflict', true);
|
||||
$this->seedClient('Acme Conflict', false);
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$archived->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['isArchived' => false],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(409);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,142 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Client as ClientEntity;
|
||||
use DateTimeImmutable;
|
||||
use Doctrine\DBAL\Connection;
|
||||
|
||||
/**
|
||||
* Tests Audit + Timestampable/Blamable du repertoire clients (ERP-60).
|
||||
*
|
||||
* Couvre :
|
||||
* - RG-1.27 : createdAt / createdBy figes au POST, updatedBy reflete bien
|
||||
* l'auteur de la modification (POST admin puis PATCH par un autre user) ;
|
||||
* - Audit (§ 6.1) : le RIB est `#[Auditable]` SANS `#[AuditIgnore]` sur iban /
|
||||
* bic — ces champs sensibles DOIVENT donc apparaitre dans le diff audite
|
||||
* (decision Matthieu, revue MR 29/05/2026).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientAuditTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
private const string MERGE = 'application/merge-patch+json';
|
||||
private const string RIB_TYPE = 'commercial.ClientRib';
|
||||
private const string VALID_IBAN = 'FR1420041010050500013M02606';
|
||||
private const string VALID_BIC = 'BNPAFRPPXXX';
|
||||
|
||||
private ?Connection $auditConnection = null;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
self::bootKernel();
|
||||
|
||||
/** @var Connection $conn */
|
||||
$conn = self::getContainer()->get('doctrine.dbal.audit_connection');
|
||||
$this->auditConnection = $conn;
|
||||
}
|
||||
|
||||
protected function tearDown(): void
|
||||
{
|
||||
if (null !== $this->auditConnection) {
|
||||
$this->auditConnection->close();
|
||||
}
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.27 : createdAt / createdBy sont poses au POST puis figes ; updatedBy
|
||||
* suit l'auteur de la derniere modification. On cree en admin puis on
|
||||
* modifie avec un user `commercial.clients.manage` distinct : createdBy reste
|
||||
* l'admin, updatedBy devient le manager, createdAt ne bouge pas.
|
||||
*/
|
||||
public function testCreatedFrozenAndUpdatedByReflectsModifier(): void
|
||||
{
|
||||
// 1. User modificateur (non-admin) cree AVANT le reboot de kernel induit
|
||||
// par les clients authentifies suivants ; il est persiste en base.
|
||||
$manageCreds = $this->createUserWithPermission('commercial.clients.manage');
|
||||
|
||||
// 2. Creation en admin (createdBy = admin).
|
||||
$admin = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
|
||||
$created = $admin->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'companyName' => 'Blamable Co',
|
||||
'firstName' => 'A',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 'blamable@test.fr',
|
||||
'categories' => ['/api/categories/'.$cat->getId()],
|
||||
],
|
||||
])->toArray();
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
$id = (int) $created['id'];
|
||||
$createdAtTs = new DateTimeImmutable((string) $created['createdAt'])->getTimestamp();
|
||||
|
||||
// 3. Modification par le manager (updatedBy = manager).
|
||||
$manage = $this->authenticatedClient($manageCreds['username'], $manageCreds['password']);
|
||||
$manage->request('PATCH', '/api/clients/'.$id, [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'Blamable Renamed'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
// 4. Verification cote base (etat re-charge depuis la BDD).
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
$reloaded = $em->getRepository(ClientEntity::class)->find($id);
|
||||
self::assertNotNull($reloaded);
|
||||
|
||||
self::assertSame('admin', $reloaded->getCreatedBy()?->getUserIdentifier(), 'createdBy doit rester l\'admin createur.');
|
||||
self::assertSame(
|
||||
$manageCreds['username'],
|
||||
$reloaded->getUpdatedBy()?->getUserIdentifier(),
|
||||
'updatedBy doit refleter le dernier modificateur.',
|
||||
);
|
||||
self::assertSame($createdAtTs, $reloaded->getCreatedAt()?->getTimestamp(), 'createdAt doit etre fige au POST.');
|
||||
self::assertNotNull($reloaded->getUpdatedAt());
|
||||
self::assertGreaterThanOrEqual($createdAtTs, $reloaded->getUpdatedAt()->getTimestamp());
|
||||
}
|
||||
|
||||
/**
|
||||
* Audit § 6.1 : la creation d'un RIB produit une ligne audit_log
|
||||
* `commercial.ClientRib` / `create` dont le snapshot contient iban et bic
|
||||
* (champs volontairement NON ignores).
|
||||
*/
|
||||
public function testRibCreateAuditIncludesIbanAndBic(): void
|
||||
{
|
||||
$admin = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Rib Audit Host');
|
||||
|
||||
$rib = $admin->request('POST', '/api/clients/'.$seed->getId().'/ribs', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'label' => 'Compte audite',
|
||||
'bic' => self::VALID_BIC,
|
||||
'iban' => self::VALID_IBAN,
|
||||
],
|
||||
])->toArray();
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
|
||||
$rows = $this->auditConnection->fetchAllAssociative(
|
||||
'SELECT changes FROM audit_log '
|
||||
.'WHERE entity_type = :type AND entity_id = :id AND action = :action '
|
||||
.'ORDER BY performed_at DESC',
|
||||
['type' => self::RIB_TYPE, 'id' => (string) $rib['id'], 'action' => 'create'],
|
||||
);
|
||||
|
||||
self::assertGreaterThanOrEqual(1, count($rows), 'Un audit_log "create" doit etre genere pour le RIB.');
|
||||
|
||||
/** @var array<string, mixed> $changes */
|
||||
$changes = json_decode((string) $rows[0]['changes'], true, flags: JSON_THROW_ON_ERROR);
|
||||
self::assertArrayHasKey('iban', $changes, 'iban doit figurer dans le diff audite (pas d\'AuditIgnore).');
|
||||
self::assertArrayHasKey('bic', $changes, 'bic doit figurer dans le diff audite (pas d\'AuditIgnore).');
|
||||
self::assertSame(self::VALID_IBAN, $changes['iban']);
|
||||
self::assertSame(self::VALID_BIC, $changes['bic']);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,185 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use PhpOffice\PhpSpreadsheet\IOFactory;
|
||||
|
||||
/**
|
||||
* Tests fonctionnels de l'export XLSX du repertoire clients (M1, § 4.6).
|
||||
*
|
||||
* Couvre : reponse 200 (Content-Type + Content-Disposition), exclusion des
|
||||
* archives par defaut, respect des filtres ?search / ?categoryType, gating de
|
||||
* la colonne SIREN selon commercial.clients.accounting.view, 403 sans
|
||||
* commercial.clients.view, 401 anonyme.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientExportControllerTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string XLSX_MIME = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet';
|
||||
private const string EXPORT_URL = '/api/clients/export.xlsx';
|
||||
|
||||
public function testExportReturnsXlsxResponseWithAttachmentFilename(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$this->seedClient('Export Alpha');
|
||||
|
||||
$response = $client->request('GET', self::EXPORT_URL);
|
||||
|
||||
self::assertResponseIsSuccessful();
|
||||
$headers = $response->getHeaders(false);
|
||||
self::assertStringContainsString(self::XLSX_MIME, $headers['content-type'][0] ?? '');
|
||||
|
||||
$disposition = $headers['content-disposition'][0] ?? '';
|
||||
self::assertStringContainsString('attachment; filename="repertoire-clients-', $disposition);
|
||||
self::assertMatchesRegularExpression(
|
||||
'/filename="repertoire-clients-\d{8}\.xlsx"/',
|
||||
$disposition,
|
||||
);
|
||||
|
||||
// Le binaire est un XLSX relisible dont la 1re ligne porte les en-tetes.
|
||||
$grid = $this->gridFromResponse($response->getContent());
|
||||
$headers = $grid[0];
|
||||
self::assertSame('Nom entreprise', $headers[0]);
|
||||
self::assertContains('Catégories', $headers);
|
||||
self::assertContains('Sites', $headers);
|
||||
self::assertContains('Date de création', $headers);
|
||||
}
|
||||
|
||||
public function testExportExcludesArchivedByDefault(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$this->seedClient('Active One');
|
||||
$this->seedClient('Archived One', true);
|
||||
|
||||
$names = $this->companyNames($client->request('GET', self::EXPORT_URL)->getContent());
|
||||
|
||||
self::assertContains('ACTIVE ONE', $names);
|
||||
self::assertNotContains('ARCHIVED ONE', $names);
|
||||
}
|
||||
|
||||
public function testExportRespectsSearchFilter(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$this->seedClient('Searchable Alpha');
|
||||
$this->seedClient('Other Beta');
|
||||
|
||||
$names = $this->companyNames(
|
||||
$client->request('GET', self::EXPORT_URL.'?search=alpha')->getContent(),
|
||||
);
|
||||
|
||||
self::assertContains('SEARCHABLE ALPHA', $names);
|
||||
self::assertNotContains('OTHER BETA', $names);
|
||||
}
|
||||
|
||||
public function testExportRespectsCategoryTypeFilter(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$this->seedClient('Distrib Co', false, 'DISTRIBUTEUR');
|
||||
$this->seedClient('Secteur Co', false, 'SECTEUR');
|
||||
|
||||
$names = $this->companyNames(
|
||||
$client->request('GET', self::EXPORT_URL.'?categoryType=DISTRIBUTEUR')->getContent(),
|
||||
);
|
||||
|
||||
self::assertContains('DISTRIB CO', $names);
|
||||
self::assertNotContains('SECTEUR CO', $names);
|
||||
}
|
||||
|
||||
public function testSirenColumnPresentWithAccountingView(): void
|
||||
{
|
||||
// L'admin bypass le RBAC : il a donc accounting.view -> colonne SIREN.
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Siren Co');
|
||||
$em = $this->getEm();
|
||||
$seed->setSiren('123456789');
|
||||
$em->flush();
|
||||
|
||||
$grid = $this->gridFromResponse($client->request('GET', self::EXPORT_URL)->getContent());
|
||||
|
||||
self::assertContains('SIREN', $grid[0]);
|
||||
self::assertStringContainsString('123456789', $this->flatten($grid));
|
||||
}
|
||||
|
||||
public function testSirenColumnAbsentWithoutAccountingView(): void
|
||||
{
|
||||
// Seed via admin, puis relecture par un user qui n'a QUE clients.view.
|
||||
$admin = $this->createAdminClient();
|
||||
$seed = $this->seedClient('No Siren Co');
|
||||
$em = $this->getEm();
|
||||
$seed->setSiren('987654321');
|
||||
$em->flush();
|
||||
|
||||
$creds = $this->createUserWithPermission('commercial.clients.view');
|
||||
$viewer = $this->authenticatedClient($creds['username'], $creds['password']);
|
||||
|
||||
$grid = $this->gridFromResponse($viewer->request('GET', self::EXPORT_URL)->getContent());
|
||||
|
||||
self::assertNotContains('SIREN', $grid[0]);
|
||||
self::assertStringNotContainsString('987654321', $this->flatten($grid));
|
||||
}
|
||||
|
||||
public function testForbiddenWithoutClientsViewPermission(): void
|
||||
{
|
||||
$creds = $this->createUserWithPermission('core.users.view');
|
||||
$client = $this->authenticatedClient($creds['username'], $creds['password']);
|
||||
|
||||
$client->request('GET', self::EXPORT_URL);
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testUnauthorizedWhenAnonymous(): void
|
||||
{
|
||||
$client = self::createClient();
|
||||
$client->request('GET', self::EXPORT_URL);
|
||||
|
||||
self::assertResponseStatusCodeSame(401);
|
||||
}
|
||||
|
||||
/**
|
||||
* Relit le binaire XLSX d'une reponse et renvoie la grille de cellules.
|
||||
*
|
||||
* @return array<int, array<int, mixed>>
|
||||
*/
|
||||
private function gridFromResponse(string $binary): array
|
||||
{
|
||||
$tmp = tempnam(sys_get_temp_dir(), 'xlsx_export_test_');
|
||||
self::assertIsString($tmp);
|
||||
file_put_contents($tmp, $binary);
|
||||
|
||||
try {
|
||||
return IOFactory::load($tmp)->getActiveSheet()->toArray();
|
||||
} finally {
|
||||
@unlink($tmp);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Extrait la colonne « Nom entreprise » (1re colonne) des lignes de donnees.
|
||||
*
|
||||
* @return list<string>
|
||||
*/
|
||||
private function companyNames(string $binary): array
|
||||
{
|
||||
$grid = $this->gridFromResponse($binary);
|
||||
$rows = array_slice($grid, 1); // saute l'en-tete
|
||||
|
||||
return array_values(array_map(static fn (array $row): string => (string) ($row[0] ?? ''), $rows));
|
||||
}
|
||||
|
||||
/**
|
||||
* Aplatit toute la grille en une chaine, pour les assertions de presence.
|
||||
*
|
||||
* @param array<int, array<int, mixed>> $grid
|
||||
*/
|
||||
private function flatten(array $grid): string
|
||||
{
|
||||
return implode('|', array_map(
|
||||
static fn (array $row): string => implode('|', array_map(static fn ($cell): string => (string) $cell, $row)),
|
||||
$grid,
|
||||
));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,84 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Client as ClientEntity;
|
||||
|
||||
/**
|
||||
* Tests fonctionnels du formulaire principal — combler les trous (ERP-60).
|
||||
*
|
||||
* RG-1.01 (prenom OU nom obligatoire) et RG-1.03 (distributor/broker exclusifs
|
||||
* + type de categorie) sont DEJA couverts par ClientApiTest (ERP-55) : on ne les
|
||||
* reduplique pas ici. Ce fichier ne couvre que RG-1.02 (telephone secondaire),
|
||||
* non encore testee.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientFormulaireMainTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
|
||||
/**
|
||||
* RG-1.02 : le telephone secondaire est optionnel mais persiste (2 colonnes
|
||||
* distinctes). Verifie aussi la normalisation chiffres-seuls (RG-1.20) sur
|
||||
* la colonne secondaire.
|
||||
*/
|
||||
public function testPostPersistsSecondaryPhoneNormalized(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
|
||||
$data = $client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'companyName' => 'Two Phones SARL',
|
||||
'firstName' => 'A',
|
||||
'phonePrimary' => '06.12.34.56.78',
|
||||
'phoneSecondary' => '05 49 00 11 22',
|
||||
'email' => 'twophones@test.fr',
|
||||
'categories' => ['/api/categories/'.$cat->getId()],
|
||||
],
|
||||
])->toArray();
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
self::assertSame('0612345678', $data['phonePrimary']);
|
||||
self::assertSame('0549001122', $data['phoneSecondary']);
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.02 : maximum 2 telephones — le modele n'expose que phonePrimary et
|
||||
* phoneSecondary. Un eventuel 3e champ envoye par un appel API direct est
|
||||
* ignore (aucune 3e colonne), il ne peut donc pas creer un troisieme numero.
|
||||
*/
|
||||
public function testThirdPhoneFieldIsIgnored(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
|
||||
$data = $client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'companyName' => 'Third Phone SARL',
|
||||
'firstName' => 'A',
|
||||
'phonePrimary' => '0612345678',
|
||||
'phoneSecondary' => '0549001122',
|
||||
'phoneTertiary' => '0700000000',
|
||||
'email' => 'thirdphone@test.fr',
|
||||
'categories' => ['/api/categories/'.$cat->getId()],
|
||||
],
|
||||
])->toArray();
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
// Le champ inconnu est ignore par le denormaliseur : il n'apparait pas
|
||||
// dans la representation et n'a pas ete persiste.
|
||||
self::assertArrayNotHasKey('phoneTertiary', $data);
|
||||
|
||||
// Confirmation cote base : seules les 2 colonnes telephone existent.
|
||||
$persisted = $this->getEm()->getRepository(ClientEntity::class)->find($data['id']);
|
||||
self::assertNotNull($persisted);
|
||||
self::assertSame('0612345678', $persisted->getPhonePrimary());
|
||||
self::assertSame('0549001122', $persisted->getPhoneSecondary());
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,67 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
/**
|
||||
* Tests de structure / migration M1 (ERP-60).
|
||||
*
|
||||
* Verifie la decision Q4 (29/05/2026) au niveau du schema Postgres :
|
||||
* - l'unique index partiel fonctionnel uq_client_company_name_active existe
|
||||
* (un seul, sur LOWER(company_name), partiel sur les actifs non archives /
|
||||
* non supprimes) — seule unicite metier conservee (RG-1.16) ;
|
||||
* - les anciens index uq_client_siren_active (RG-1.15) et uq_client_email_active
|
||||
* (RG-1.17) ont ete supprimes / ne sont jamais crees.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientMigrationTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
public function testCompanyNameActivePartialIndexExistsExactlyOnce(): void
|
||||
{
|
||||
$rows = $this->clientIndexes();
|
||||
|
||||
$companyNameIndexes = array_filter(
|
||||
$rows,
|
||||
static fn (array $r): bool => 'uq_client_company_name_active' === $r['indexname'],
|
||||
);
|
||||
|
||||
self::assertCount(
|
||||
1,
|
||||
$companyNameIndexes,
|
||||
'Il doit exister exactement UN index uq_client_company_name_active.',
|
||||
);
|
||||
|
||||
// Confirme la nature fonctionnelle (LOWER) + partielle (WHERE) de l'index.
|
||||
// Postgres serialise l'expression sous la forme `lower((company_name)::text)`,
|
||||
// d'ou des verifications de sous-chaines distinctes.
|
||||
$def = strtolower((string) array_values($companyNameIndexes)[0]['indexdef']);
|
||||
self::assertStringContainsString('unique', $def);
|
||||
self::assertStringContainsString('lower', $def);
|
||||
self::assertStringContainsString('company_name', $def);
|
||||
self::assertStringContainsString('where', $def, 'L\'index doit etre partiel (clause WHERE sur les actifs).');
|
||||
}
|
||||
|
||||
public function testNoSirenOrEmailUniqueIndex(): void
|
||||
{
|
||||
$names = array_map(static fn (array $r): string => $r['indexname'], $this->clientIndexes());
|
||||
|
||||
// RG-1.15 / RG-1.17 supprimees (Q4) : aucun index unique siren / email.
|
||||
self::assertNotContains('uq_client_siren_active', $names);
|
||||
self::assertNotContains('uq_client_email_active', $names);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<array{indexname: string, indexdef: string}>
|
||||
*/
|
||||
private function clientIndexes(): array
|
||||
{
|
||||
self::bootKernel();
|
||||
|
||||
/** @var list<array{indexname: string, indexdef: string}> $rows */
|
||||
return $this->getEm()->getConnection()->fetchAllAssociative(
|
||||
"SELECT indexname, indexdef FROM pg_indexes WHERE schemaname = 'public' AND tablename = 'client'",
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,52 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Client as ClientEntity;
|
||||
|
||||
/**
|
||||
* Test fonctionnel du mode strict PATCH multi-groupes (RG-1.28) — ERP-60.
|
||||
*
|
||||
* Le cas est deja couvert en unitaire (ClientProcessorTest) ; on en ajoute la
|
||||
* preuve fonctionnelle HTTP, SANS dependre d'un role metier : un utilisateur
|
||||
* portant `commercial.clients.manage` mais PAS `commercial.clients.accounting.manage`
|
||||
* qui envoie un PATCH melant un champ principal (companyName) et un champ
|
||||
* comptable (siren) recoit un 403 sur l'ENSEMBLE du payload — aucun champ n'est
|
||||
* applique (pas de filtrage silencieux).
|
||||
*
|
||||
* ⚠ La matrice differenciee par role metier (Bureau / Compta / Commerciale) est
|
||||
* DELEGUEE a ERP-74 (#493). Ici on n'utilise qu'un user mono-permission.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientPatchStrictTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string MERGE = 'application/merge-patch+json';
|
||||
|
||||
public function testMixedGroupsPatchWithoutAccountingPermissionIsForbidden(): void
|
||||
{
|
||||
$seed = $this->seedClient('Strict Mix');
|
||||
$credentials = $this->createUserWithPermission('commercial.clients.manage');
|
||||
$client = $this->authenticatedClient($credentials['username'], $credentials['password']);
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => [
|
||||
'companyName' => 'Renamed Strict',
|
||||
'siren' => '123456789',
|
||||
],
|
||||
]);
|
||||
|
||||
// RG-1.28 : 403 strict (le champ comptable siren exige accounting.manage).
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
// Aucun champ applique : le companyName d'origine est intact.
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
$reloaded = $em->getRepository(ClientEntity::class)->find($seed->getId());
|
||||
self::assertNotNull($reloaded);
|
||||
self::assertSame('STRICT MIX', $reloaded->getCompanyName());
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,299 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use ApiPlatform\Symfony\Bundle\Test\Client;
|
||||
use App\Module\Core\Infrastructure\DataFixtures\RbacDemoFixtures;
|
||||
use Symfony\Bundle\FrameworkBundle\Console\Application;
|
||||
use Symfony\Component\Console\Input\ArrayInput;
|
||||
use Symfony\Component\Console\Output\NullOutput;
|
||||
|
||||
/**
|
||||
* Matrice RBAC complete du repertoire clients par role metier (spec-back M1
|
||||
* § 2.7 + cahier ERP-74). Valide 200/403 par verbe et par onglet pour
|
||||
* bureau / compta / commerciale / usine, plus le durcissement RG-1.04
|
||||
* (Commerciale) au POST.
|
||||
*
|
||||
* Les comptes demo et la matrice sont seedes via la commande reelle
|
||||
* `app:seed-rbac --with-demo-users` (le MEME chemin qu'en recette), idempotente.
|
||||
* Pre-requis du run : `app:sync-permissions` a tourne (cf. make test-db-setup).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientRBACMatrixTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
private const string MERGE = 'application/merge-patch+json';
|
||||
private const string PWD = RbacDemoFixtures::DEMO_PASSWORD;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
// Seed idempotent via la commande applicative (roles + matrice § 2.7 +
|
||||
// comptes demo). Exerce aussi le chemin de code prod.
|
||||
self::bootKernel();
|
||||
$application = new Application(self::$kernel);
|
||||
$application->setAutoExit(false);
|
||||
$exit = $application->run(
|
||||
new ArrayInput([
|
||||
'command' => 'app:seed-rbac',
|
||||
'--with-demo-users' => true,
|
||||
'--password' => self::PWD,
|
||||
]),
|
||||
new NullOutput(),
|
||||
);
|
||||
self::assertSame(
|
||||
0,
|
||||
$exit,
|
||||
'app:seed-rbac a echoue : les permissions commercial.clients.* sont-elles synchronisees (app:sync-permissions) ?',
|
||||
);
|
||||
|
||||
// Liberer le kernel pour que authenticatedClient()/createClient() reparte propre.
|
||||
self::ensureKernelShutdown();
|
||||
}
|
||||
|
||||
public function testUsineIsForbiddenEverywhere(): void
|
||||
{
|
||||
$seed = $this->seedClient('Usine Target');
|
||||
$client = $this->authAs('usine');
|
||||
|
||||
// Aucune permission : 403 sur tous les verbes.
|
||||
$client->request('GET', '/api/clients', ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
$client->request('GET', '/api/clients/'.$seed->getId(), ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
$client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('Usine Post'),
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'Renamed By Usine'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testBureauHasViewAndManageButNoAccountingNoArchive(): void
|
||||
{
|
||||
$seed = $this->seedClient('Bureau Target');
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
$client = $this->authAs('bureau');
|
||||
|
||||
// view
|
||||
$client->request('GET', '/api/clients', ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
// manage : creation OK
|
||||
$client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('Bureau Created', $cat->getId()),
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
|
||||
// manage : edition onglet principal OK
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'Bureau Renamed'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
// PAS accounting : edition onglet Comptabilite refusee
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['siren' => '123456789'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
// PAS archive : archivage refuse
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['isArchived' => true],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testComptaCanEditAccountingOnly(): void
|
||||
{
|
||||
$seed = $this->seedClient('Compta Target');
|
||||
$client = $this->authAs('compta');
|
||||
|
||||
// view
|
||||
$client->request('GET', '/api/clients', ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
// PAS manage : creation refusee
|
||||
$client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('Compta Post'),
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
// accounting.manage : edition onglet Comptabilite OK
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['siren' => '123456789'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
// PAS manage : edition onglet principal refusee (guardManage)
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['companyName' => 'Compta Renamed'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
// PAS manage : edition onglet Information refusee (guardManage)
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['description' => 'Une description'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
// PAS archive : archivage refuse
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['isArchived' => true],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testCommercialeHasViewAndManageButNoAccountingNoArchive(): void
|
||||
{
|
||||
$seed = $this->seedClient('Commerciale Target');
|
||||
$client = $this->authAs('commerciale');
|
||||
|
||||
// view
|
||||
$client->request('GET', '/api/clients', ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
// manage : la creation passe la security d'operation (pas un 403 comme
|
||||
// Compta) mais bute sur RG-1.04 (onglet Information incomplet) -> 422.
|
||||
// C'est la preuve que Commerciale porte `manage` (sinon 403).
|
||||
$client->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('Commerciale Post'),
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
|
||||
// PAS accounting : edition onglet Comptabilite refusee
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['siren' => '123456789'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
// PAS archive : archivage refuse
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['isArchived' => true],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testRG104CommercialePostIncompleteIs422AdminIs201(): void
|
||||
{
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
|
||||
// RG-1.04 durcie : Commerciale POST sans onglet Information complet -> 422.
|
||||
$commerciale = $this->authAs('commerciale');
|
||||
$commerciale->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('RG104 Commerciale', $cat->getId()),
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
|
||||
// Meme payload par un Admin (non gate par RG-1.04) -> 201.
|
||||
$admin = $this->createAdminClient();
|
||||
$admin->request('POST', '/api/clients', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => $this->validMainPayload('RG104 Admin', $cat->getId()),
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
}
|
||||
|
||||
public function testComptaFullRepresentationPatchWithUnchangedCategoriesIsNotForbidden(): void
|
||||
{
|
||||
// FIX review MR #40 : un Compta (accounting.manage, PAS manage) faisant un
|
||||
// PATCH representation complete de l'onglet Comptabilite et reincluant ses
|
||||
// categories INCHANGEES ne doit PAS prendre de 403. guardManage compare
|
||||
// desormais les categories par valeur (et non par simple presence) : seul
|
||||
// l'onglet Comptabilite change ici -> 200.
|
||||
$seed = $this->seedClient('Compta Cat Unchanged');
|
||||
$category = $seed->getCategories()->first();
|
||||
self::assertNotFalse($category);
|
||||
$catId = $category->getId();
|
||||
$client = $this->authAs('compta');
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => [
|
||||
'siren' => '123456789',
|
||||
'categories' => ['/api/categories/'.$catId],
|
||||
],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
public function testComptaChangingCategoriesIsForbidden(): void
|
||||
{
|
||||
// Non-regression : si le Compta change REELLEMENT l'ensemble des
|
||||
// categories (sans manage) -> 403 via guardManage. La comparaison par
|
||||
// valeur detecte bien le changement.
|
||||
$seed = $this->seedClient('Compta Cat Change');
|
||||
$newCat = $this->createCategory('SECTEUR');
|
||||
$client = $this->authAs('compta');
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['categories' => ['/api/categories/'.$newCat->getId()]],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testBureauChangingCategoriesIsAllowed(): void
|
||||
{
|
||||
// Non-regression : un role porteur de `manage` (Bureau) peut changer les
|
||||
// categories -> 200.
|
||||
$seed = $this->seedClient('Bureau Cat Change');
|
||||
$newCat = $this->createCategory('SECTEUR');
|
||||
$client = $this->authAs('bureau');
|
||||
|
||||
$client->request('PATCH', '/api/clients/'.$seed->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['categories' => ['/api/categories/'.$newCat->getId()]],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
private function authAs(string $role): Client
|
||||
{
|
||||
return $this->authenticatedClient($role, self::PWD);
|
||||
}
|
||||
|
||||
/**
|
||||
* Payload minimal valide de l'onglet principal (RG-1.01 : un nom de contact ;
|
||||
* une categorie SECTEUR). Si $categoryId est null, une categorie est creee a
|
||||
* la volee.
|
||||
*
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function validMainPayload(string $companyName, ?int $categoryId = null): array
|
||||
{
|
||||
$categoryId ??= $this->createCategory('SECTEUR')->getId();
|
||||
|
||||
return [
|
||||
'companyName' => $companyName,
|
||||
'firstName' => 'Jean',
|
||||
'phonePrimary' => '0612345678',
|
||||
'email' => strtolower(str_replace(' ', '', $companyName)).'@matrix.test',
|
||||
'categories' => ['/api/categories/'.$categoryId],
|
||||
];
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,57 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
/**
|
||||
* Tests de securite GENERIQUE de /api/clients (ERP-60).
|
||||
*
|
||||
* Couvre les garde-fous non dependants des roles metier :
|
||||
* - 401 si requete anonyme (firewall JWT) ;
|
||||
* - 403 si l'utilisateur authentifie ne porte pas `commercial.clients.view`.
|
||||
*
|
||||
* ⚠ La matrice RBAC differenciee par role metier (bureau / compta / commerciale
|
||||
* / usine) et le test fonctionnel RG-1.04 sont DELEGUES a ERP-74 (#493) : ils
|
||||
* exigent les roles seedes apres le merge de la stack. NE PAS les ajouter ici.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientSecurityTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
|
||||
public function testAnonymousGetCollectionReturns401(): void
|
||||
{
|
||||
$client = self::createClient();
|
||||
$client->request('GET', '/api/clients', ['headers' => ['Accept' => self::LD]]);
|
||||
|
||||
self::assertResponseStatusCodeSame(401);
|
||||
}
|
||||
|
||||
public function testAnonymousGetItemReturns401(): void
|
||||
{
|
||||
$seed = $this->seedClient('Anon Item');
|
||||
$client = self::createClient();
|
||||
|
||||
$client->request('GET', '/api/clients/'.$seed->getId(), ['headers' => ['Accept' => self::LD]]);
|
||||
|
||||
self::assertResponseStatusCodeSame(401);
|
||||
}
|
||||
|
||||
public function testForbiddenWithoutClientsViewPermission(): void
|
||||
{
|
||||
// User authentifie portant une permission SANS rapport avec les clients.
|
||||
$seed = $this->seedClient('Forbidden Target');
|
||||
$credentials = $this->createUserWithPermission('core.users.view');
|
||||
$client = $this->authenticatedClient($credentials['username'], $credentials['password']);
|
||||
|
||||
// Collection.
|
||||
$client->request('GET', '/api/clients', ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
// Detail.
|
||||
$client->request('GET', '/api/clients/'.$seed->getId(), ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,320 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Client as ClientEntity;
|
||||
use App\Module\Commercial\Domain\Entity\ClientContact;
|
||||
use App\Module\Commercial\Domain\Entity\ClientRib;
|
||||
use App\Module\Commercial\Domain\Entity\PaymentType;
|
||||
use App\Module\Sites\Domain\Entity\Site;
|
||||
|
||||
/**
|
||||
* Tests fonctionnels des sous-ressources Contacts / Adresses / RIB (ERP-57,
|
||||
* spec § 4.5). Couvrent : CRUD via admin, normalisation serveur
|
||||
* (RG-1.19/1.20/1.21), validations (Assert\Count sites RG-1.10, Assert\Iban/Bic),
|
||||
* regles metier RG-1.13 (DELETE dernier RIB sous LCR -> 409) et RG-1.14 (DELETE
|
||||
* dernier contact -> 409), plus le gating comptable (POST/PATCH/DELETE de
|
||||
* client_ribs sans accounting.manage -> 403).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientSubResourceApiTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
private const string MERGE = 'application/merge-patch+json';
|
||||
private const string VALID_IBAN = 'FR1420041010050500013M02606';
|
||||
private const string VALID_BIC = 'BNPAFRPPXXX';
|
||||
|
||||
// === Contacts ===
|
||||
|
||||
public function testPostContactNormalizesFields(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Contact Host');
|
||||
|
||||
$data = $client->request('POST', '/api/clients/'.$seed->getId().'/contacts', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'firstName' => 'JEAN',
|
||||
'lastName' => 'dupont',
|
||||
'phonePrimary' => '06.12.34.56.78',
|
||||
'email' => 'Jean.DUPONT@ACME.FR',
|
||||
],
|
||||
])->toArray();
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
// RG-1.19 / 1.20 / 1.21
|
||||
self::assertSame('Jean', $data['firstName']);
|
||||
self::assertSame('Dupont', $data['lastName']);
|
||||
self::assertSame('0612345678', $data['phonePrimary']);
|
||||
self::assertSame('jean.dupont@acme.fr', $data['email']);
|
||||
}
|
||||
|
||||
public function testPostContactWithoutNameReturns422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Contact No Name');
|
||||
|
||||
$client->request('POST', '/api/clients/'.$seed->getId().'/contacts', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => ['jobTitle' => 'Directeur'],
|
||||
]);
|
||||
|
||||
// RG-1.05
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testPatchContactNormalizes(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Contact Patch');
|
||||
$contact = $this->seedContact($seed, 'Paul');
|
||||
|
||||
$data = $client->request('PATCH', '/api/client_contacts/'.$contact->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['lastName' => 'martin'],
|
||||
])->toArray();
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
self::assertSame('Martin', $data['lastName']);
|
||||
}
|
||||
|
||||
public function testDeleteContactWhenSeveralReturns204(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Contact Multi');
|
||||
$this->seedContact($seed, 'Premier');
|
||||
$second = $this->seedContact($seed, 'Second');
|
||||
|
||||
$client->request('DELETE', '/api/client_contacts/'.$second->getId());
|
||||
|
||||
self::assertResponseStatusCodeSame(204);
|
||||
}
|
||||
|
||||
public function testDeleteLastContactReturns409(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Contact Solo');
|
||||
$only = $this->seedContact($seed, 'Unique');
|
||||
|
||||
$client->request('DELETE', '/api/client_contacts/'.$only->getId());
|
||||
|
||||
// RG-1.14
|
||||
self::assertResponseStatusCodeSame(409);
|
||||
}
|
||||
|
||||
// === Adresses ===
|
||||
|
||||
public function testPostAddressNormalizesBillingEmail(): void
|
||||
{
|
||||
$this->skipIfSitesModuleDisabled();
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Address Host');
|
||||
$siteIri = $this->firstSiteIri();
|
||||
|
||||
$data = $client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'isBilling' => true,
|
||||
'billingEmail' => 'Facturation@ACME.FR',
|
||||
'postalCode' => '86100',
|
||||
'city' => 'Châtellerault',
|
||||
'street' => '1 rue du Test',
|
||||
'sites' => [$siteIri],
|
||||
],
|
||||
])->toArray();
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
// RG-1.21
|
||||
self::assertSame('facturation@acme.fr', $data['billingEmail']);
|
||||
}
|
||||
|
||||
public function testPostAddressWithoutSiteReturns422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Address No Site');
|
||||
|
||||
$client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'postalCode' => '86100',
|
||||
'city' => 'Châtellerault',
|
||||
'street' => '1 rue du Test',
|
||||
'sites' => [],
|
||||
],
|
||||
]);
|
||||
|
||||
// RG-1.10 (Assert\Count min 1)
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testPostAddressWithInvalidPostalCodeReturns422(): void
|
||||
{
|
||||
$this->skipIfSitesModuleDisabled();
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Address Bad CP');
|
||||
$siteIri = $this->firstSiteIri();
|
||||
|
||||
$client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'postalCode' => '123',
|
||||
'city' => 'Châtellerault',
|
||||
'street' => '1 rue du Test',
|
||||
'sites' => [$siteIri],
|
||||
],
|
||||
]);
|
||||
|
||||
// RG-1.09 (Assert\Regex ^[0-9]{4,5}$)
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
// === RIBs ===
|
||||
|
||||
public function testPostRibByAdminReturns201(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Rib Host');
|
||||
|
||||
$data = $client->request('POST', '/api/clients/'.$seed->getId().'/ribs', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'label' => 'Compte principal',
|
||||
'bic' => self::VALID_BIC,
|
||||
'iban' => self::VALID_IBAN,
|
||||
],
|
||||
])->toArray();
|
||||
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
self::assertSame('Compte principal', $data['label']);
|
||||
}
|
||||
|
||||
public function testPostRibWithInvalidIbanReturns422(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Rib Bad Iban');
|
||||
|
||||
$client->request('POST', '/api/clients/'.$seed->getId().'/ribs', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => [
|
||||
'label' => 'Compte invalide',
|
||||
'bic' => self::VALID_BIC,
|
||||
'iban' => 'INVALID-IBAN',
|
||||
],
|
||||
]);
|
||||
|
||||
// Assert\Iban
|
||||
self::assertResponseStatusCodeSame(422);
|
||||
}
|
||||
|
||||
public function testDeleteRibNonLcrReturns204(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Rib Non LCR');
|
||||
$rib = $this->seedRib($seed);
|
||||
|
||||
$client->request('DELETE', '/api/client_ribs/'.$rib->getId());
|
||||
|
||||
self::assertResponseStatusCodeSame(204);
|
||||
}
|
||||
|
||||
public function testDeleteLastRibUnderLcrReturns409(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$seed = $this->seedClient('Rib LCR Solo');
|
||||
$this->setPaymentType($seed, 'LCR');
|
||||
$rib = $this->seedRib($seed);
|
||||
|
||||
$client->request('DELETE', '/api/client_ribs/'.$rib->getId());
|
||||
|
||||
// RG-1.13
|
||||
self::assertResponseStatusCodeSame(409);
|
||||
}
|
||||
|
||||
public function testRibWriteWithoutAccountingManageReturns403(): void
|
||||
{
|
||||
// Un utilisateur portant seulement commercial.clients.manage (sans
|
||||
// accounting.manage) ne peut ni creer, ni modifier, ni supprimer un RIB.
|
||||
$seed = $this->seedClient('Rib Forbidden');
|
||||
$rib = $this->seedRib($seed);
|
||||
$credentials = $this->createUserWithPermission('commercial.clients.manage');
|
||||
$client = $this->authenticatedClient($credentials['username'], $credentials['password']);
|
||||
|
||||
$client->request('POST', '/api/clients/'.$seed->getId().'/ribs', [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => ['label' => 'X', 'bic' => self::VALID_BIC, 'iban' => self::VALID_IBAN],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
$client->request('PATCH', '/api/client_ribs/'.$rib->getId(), [
|
||||
'headers' => ['Content-Type' => self::MERGE],
|
||||
'json' => ['label' => 'Y'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
$client->request('DELETE', '/api/client_ribs/'.$rib->getId());
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
// === Helpers ===
|
||||
|
||||
/**
|
||||
* Seede un ClientContact rattache a un client (sans passer par l'API).
|
||||
*/
|
||||
private function seedContact(ClientEntity $client, string $firstName): ClientContact
|
||||
{
|
||||
$em = $this->getEm();
|
||||
$contact = new ClientContact();
|
||||
$contact->setFirstName($firstName);
|
||||
$contact->setClient($client);
|
||||
$em->persist($contact);
|
||||
$em->flush();
|
||||
|
||||
return $contact;
|
||||
}
|
||||
|
||||
/**
|
||||
* Seede un ClientRib valide rattache a un client (sans passer par l'API).
|
||||
*/
|
||||
private function seedRib(ClientEntity $client): ClientRib
|
||||
{
|
||||
$em = $this->getEm();
|
||||
$rib = new ClientRib();
|
||||
$rib->setLabel('Seed RIB');
|
||||
$rib->setBic(self::VALID_BIC);
|
||||
$rib->setIban(self::VALID_IBAN);
|
||||
$rib->setClient($client);
|
||||
$em->persist($rib);
|
||||
$em->flush();
|
||||
|
||||
return $rib;
|
||||
}
|
||||
|
||||
/**
|
||||
* Affecte un type de reglement (par code) au client seede.
|
||||
*/
|
||||
private function setPaymentType(ClientEntity $client, string $code): void
|
||||
{
|
||||
$em = $this->getEm();
|
||||
$type = $em->getRepository(PaymentType::class)->findOneBy(['code' => $code]);
|
||||
self::assertNotNull($type, sprintf('PaymentType "%s" introuvable (fixtures).', $code));
|
||||
|
||||
$managed = $em->getRepository(ClientEntity::class)->find($client->getId());
|
||||
$managed->setPaymentType($type);
|
||||
$em->flush();
|
||||
}
|
||||
|
||||
/**
|
||||
* Retourne l'IRI du premier site seede (fixtures Sites). Skip en amont si le
|
||||
* module Sites est desactive.
|
||||
*/
|
||||
private function firstSiteIri(): string
|
||||
{
|
||||
$site = $this->getEm()->getRepository(Site::class)->findOneBy([]);
|
||||
self::assertNotNull($site, 'Aucun site seede : impossible de tester les adresses.');
|
||||
|
||||
return '/api/sites/'.$site->getId();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,73 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\Client as ClientEntity;
|
||||
|
||||
/**
|
||||
* Tests d'unicite — combler les trous (ERP-60).
|
||||
*
|
||||
* RG-1.16 (doublon de companyName parmi les actifs -> 409) est DEJA couvert par
|
||||
* ClientApiTest::testPostDuplicateCompanyNameReturns409 (ERP-55). Ce fichier
|
||||
* verifie l'envers de la decision Q4 (29/05/2026) : le SIREN (RG-1.15 supprimee)
|
||||
* et l'email (RG-1.17 supprimee) NE SONT PLUS contraints uniques.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientUniquenessTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
|
||||
/**
|
||||
* RG-1.16 / RG-1.17 (Q4) : deux clients actifs peuvent partager le meme
|
||||
* email principal — aucune contrainte d'unicite (un email peut servir
|
||||
* plusieurs clients).
|
||||
*/
|
||||
public function testDuplicateEmailIsAllowed(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$cat = $this->createCategory('SECTEUR');
|
||||
$iri = '/api/categories/'.$cat->getId();
|
||||
|
||||
$payload = static fn (string $name): array => [
|
||||
'companyName' => $name,
|
||||
'firstName' => 'A',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 'partage@test.fr',
|
||||
'categories' => [$iri],
|
||||
];
|
||||
|
||||
$client->request('POST', '/api/clients', ['headers' => ['Content-Type' => self::LD], 'json' => $payload('Email Share One')]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
|
||||
// Meme email, nom different -> doit passer (pas d'index unique email).
|
||||
$client->request('POST', '/api/clients', ['headers' => ['Content-Type' => self::LD], 'json' => $payload('Email Share Two')]);
|
||||
self::assertResponseStatusCodeSame(201);
|
||||
}
|
||||
|
||||
/**
|
||||
* RG-1.15 (Q4) : deux clients peuvent partager le meme SIREN (etablissements
|
||||
* multiples). Le SIREN n'est pas ecrivable au POST (groupe accounting), on
|
||||
* seede donc directement via l'ORM et on prouve que le flush ne leve aucune
|
||||
* violation d'unicite.
|
||||
*/
|
||||
public function testDuplicateSirenIsAllowed(): void
|
||||
{
|
||||
// Boot kernel pour disposer de l'EM (pas d'appel HTTP necessaire ici).
|
||||
self::bootKernel();
|
||||
$em = $this->getEm();
|
||||
|
||||
$one = $this->seedClient('Siren Share One');
|
||||
$two = $this->seedClient('Siren Share Two');
|
||||
|
||||
$one->setSiren('123456789');
|
||||
$two->setSiren('123456789');
|
||||
$em->flush();
|
||||
|
||||
// Aucune exception : preuve qu'il n'existe pas d'index unique sur siren.
|
||||
self::assertSame('123456789', $em->getRepository(ClientEntity::class)->find($one->getId())->getSiren());
|
||||
self::assertSame('123456789', $em->getRepository(ClientEntity::class)->find($two->getId())->getSiren());
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,253 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Api;
|
||||
|
||||
use App\Module\Commercial\Domain\Entity\TvaMode;
|
||||
use PHPUnit\Framework\Attributes\DataProvider;
|
||||
|
||||
/**
|
||||
* Tests fonctionnels des 4 referentiels comptables lecture seule (ERP-56) :
|
||||
* tva_mode, payment_delay, payment_type, bank. Cf. spec-back M1 § 4.7.
|
||||
*
|
||||
* Couvre les criteres d'acceptation du ticket :
|
||||
* - les 4 GetCollection repondent 200 avec le seed (CommercialReferentialFixtures) ;
|
||||
* - tri par defaut position ASC puis label ASC ;
|
||||
* - POST / PATCH / DELETE -> 405 (aucune operation d'ecriture declaree) ;
|
||||
* - user authentifie sans commercial.clients.view -> 403 ;
|
||||
* - anonyme -> 401 ;
|
||||
* - pagination serveur active (ERP-72) + echappatoire ?pagination=false.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ReferentialApiTest extends AbstractCommercialApiTestCase
|
||||
{
|
||||
private const string LD = 'application/ld+json';
|
||||
|
||||
/**
|
||||
* Endpoint => codes attendus dans le seed (sous-ensemble verifie present).
|
||||
*
|
||||
* @var array<string, list<string>>
|
||||
*/
|
||||
private const SEED = [
|
||||
'/api/tva_modes' => ['FRANCE_VENTES', 'EXPORT_VENTES', 'INTRACOM_VENTES'],
|
||||
'/api/payment_delays' => ['J15', 'J30', 'A_RECEPTION'],
|
||||
'/api/payment_types' => ['VIREMENT', 'LCR', 'NON_SOUMISE', 'CHEQUE'],
|
||||
'/api/banks' => ['SG', 'CIC', 'CA'],
|
||||
];
|
||||
|
||||
/**
|
||||
* Purge les eventuelles lignes de test inserees dans tva_mode (tri label).
|
||||
* Les codes du seed ne commencent jamais par TEST_, donc cette purge ne
|
||||
* touche pas les referentiels metier.
|
||||
*/
|
||||
protected function tearDown(): void
|
||||
{
|
||||
$this->getEm()
|
||||
->createQuery('DELETE FROM '.TvaMode::class.' t WHERE t.code LIKE :prefix')
|
||||
->setParameter('prefix', 'TEST\_%')
|
||||
->execute()
|
||||
;
|
||||
|
||||
parent::tearDown();
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : chaque endpoint repond 200 et expose le seed (id, code, label,
|
||||
* position) sous le groupe de lecture du referentiel.
|
||||
*
|
||||
* @param list<string> $expectedCodes
|
||||
*/
|
||||
#[DataProvider('endpointProvider')]
|
||||
public function testCollectionReturns200WithSeed(string $endpoint, array $expectedCodes): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$response = $client->request('GET', $endpoint.'?pagination=false', ['headers' => ['Accept' => self::LD]]);
|
||||
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
|
||||
$members = $response->toArray()['member'];
|
||||
$codes = array_map(static fn (array $m): string => $m['code'], $members);
|
||||
|
||||
foreach ($expectedCodes as $expected) {
|
||||
self::assertContains($expected, $codes, $endpoint.' doit exposer le code seede '.$expected);
|
||||
}
|
||||
|
||||
// Le DTO de lecture expose bien id / code / label / position.
|
||||
$first = $members[0];
|
||||
self::assertArrayHasKey('id', $first);
|
||||
self::assertArrayHasKey('label', $first);
|
||||
self::assertArrayHasKey('position', $first);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : GET item repond 200 (recupere via un id reel de la collection).
|
||||
*/
|
||||
public function testGetItemReturns200(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$first = $client->request('GET', '/api/tva_modes?pagination=false', ['headers' => ['Accept' => self::LD]])
|
||||
->toArray()['member'][0]
|
||||
;
|
||||
|
||||
$client->request('GET', '/api/tva_modes/'.$first['id'], ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(200);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : tri par defaut position ASC. Le seed tva_mode est ordonne
|
||||
* FRANCE_VENTES (10) < EXPORT_VENTES (20) < INTRACOM_VENTES (30).
|
||||
*/
|
||||
public function testDefaultSortByPositionAsc(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
$codes = array_map(
|
||||
static fn (array $m): string => $m['code'],
|
||||
$client->request('GET', '/api/tva_modes?pagination=false', ['headers' => ['Accept' => self::LD]])->toArray()['member'],
|
||||
);
|
||||
|
||||
$expectedOrder = ['FRANCE_VENTES', 'EXPORT_VENTES', 'INTRACOM_VENTES'];
|
||||
$filtered = array_values(array_intersect($codes, $expectedOrder));
|
||||
|
||||
self::assertSame(
|
||||
$expectedOrder,
|
||||
$filtered,
|
||||
'Les modes de TVA doivent etre tries position ASC (§ 4.7).',
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : a position egale, tri label ASC (departage). On insere deux
|
||||
* lignes de test partageant la meme position, labels volontairement dans le
|
||||
* desordre alphabetique ; le tearDown les purge ensuite.
|
||||
*/
|
||||
public function testTieBreakSortByLabelAsc(): void
|
||||
{
|
||||
$em = $this->getEm();
|
||||
foreach ([['TEST_TIE_Z', 'ZZZ Tie'], ['TEST_TIE_A', 'AAA Tie']] as [$code, $label]) {
|
||||
$mode = new TvaMode();
|
||||
$mode->setCode($code);
|
||||
$mode->setLabel($label);
|
||||
$mode->setPosition(9000);
|
||||
$em->persist($mode);
|
||||
}
|
||||
$em->flush();
|
||||
|
||||
$client = $this->createAdminClient();
|
||||
$codes = array_map(
|
||||
static fn (array $m): string => $m['code'],
|
||||
$client->request('GET', '/api/tva_modes?pagination=false', ['headers' => ['Accept' => self::LD]])->toArray()['member'],
|
||||
);
|
||||
|
||||
$tie = array_values(array_intersect($codes, ['TEST_TIE_A', 'TEST_TIE_Z']));
|
||||
self::assertSame(
|
||||
['TEST_TIE_A', 'TEST_TIE_Z'],
|
||||
$tie,
|
||||
'A position egale, le tri secondaire doit etre label ASC (§ 4.7).',
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere ERP-72 : la collection est paginee par defaut. Preuve : une page
|
||||
* au-dela des donnees est vide (un provider non pagine ignorerait `page`).
|
||||
* Avec ?pagination=false, le parametre `page` est ignore -> tout revient.
|
||||
*/
|
||||
public function testPaginationActiveAndClientToggle(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
|
||||
// Page 2 d'un referentiel tenant sur une page : vide -> pagination active.
|
||||
$page2 = $client->request('GET', '/api/tva_modes?page=2', ['headers' => ['Accept' => self::LD]])->toArray();
|
||||
self::assertArrayHasKey('totalItems', $page2);
|
||||
self::assertSame([], $page2['member'], 'La page 2 doit etre vide : pagination serveur active.');
|
||||
|
||||
// ?pagination=false : `page` ignore, le seed complet est renvoye.
|
||||
$all = $client->request('GET', '/api/tva_modes?pagination=false&page=2', ['headers' => ['Accept' => self::LD]])->toArray();
|
||||
self::assertNotEmpty($all['member'], '?pagination=false doit desactiver la pagination (page ignoree).');
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : aucune operation d'ecriture n'est declaree -> POST sur la
|
||||
* collection renvoie 405 Method Not Allowed sur les 4 referentiels.
|
||||
*
|
||||
* @param list<string> $expectedCodes
|
||||
*/
|
||||
#[DataProvider('endpointProvider')]
|
||||
public function testPostReturns405(string $endpoint, array $expectedCodes): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$client->request('POST', $endpoint, [
|
||||
'headers' => ['Content-Type' => self::LD],
|
||||
'json' => ['code' => 'X', 'label' => 'X', 'position' => 1],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(405);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : PATCH et DELETE sur un item renvoient 405 (lecture seule).
|
||||
*/
|
||||
public function testPatchAndDeleteReturn405(): void
|
||||
{
|
||||
$client = $this->createAdminClient();
|
||||
$first = $client->request('GET', '/api/tva_modes?pagination=false', ['headers' => ['Accept' => self::LD]])
|
||||
->toArray()['member'][0]
|
||||
;
|
||||
$iri = '/api/tva_modes/'.$first['id'];
|
||||
|
||||
$client->request('PATCH', $iri, [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['label' => 'Renamed'],
|
||||
]);
|
||||
self::assertResponseStatusCodeSame(405);
|
||||
|
||||
$client->request('DELETE', $iri);
|
||||
self::assertResponseStatusCodeSame(405);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : un utilisateur authentifie sans la permission
|
||||
* commercial.clients.view obtient 403 sur les 4 endpoints.
|
||||
*
|
||||
* @param list<string> $expectedCodes
|
||||
*/
|
||||
#[DataProvider('endpointProvider')]
|
||||
public function testForbiddenWithoutPermission(string $endpoint, array $expectedCodes): void
|
||||
{
|
||||
// User jetable portant une permission SANS rapport (existe en base mais
|
||||
// ne donne pas commercial.clients.view).
|
||||
$creds = $this->createUserWithPermission('core.users.view');
|
||||
$client = $this->authenticatedClient($creds['username'], $creds['password']);
|
||||
|
||||
$client->request('GET', $endpoint, ['headers' => ['Accept' => self::LD]]);
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
/**
|
||||
* Critere : un appel anonyme (non authentifie) obtient 401 sur les 4
|
||||
* endpoints.
|
||||
*
|
||||
* @param list<string> $expectedCodes
|
||||
*/
|
||||
#[DataProvider('endpointProvider')]
|
||||
public function testUnauthorizedWhenAnonymous(string $endpoint, array $expectedCodes): void
|
||||
{
|
||||
$client = self::createClient();
|
||||
$client->request('GET', $endpoint, ['headers' => ['Accept' => self::LD]]);
|
||||
|
||||
self::assertResponseStatusCodeSame(401);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return iterable<string, array{string, list<string>}>
|
||||
*/
|
||||
public static function endpointProvider(): iterable
|
||||
{
|
||||
foreach (self::SEED as $endpoint => $codes) {
|
||||
yield $endpoint => [$endpoint, $codes];
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,62 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Unit;
|
||||
|
||||
use ApiPlatform\Metadata\IriConverterInterface;
|
||||
use App\Module\Commercial\Infrastructure\ApiPlatform\Serializer\CategoryReferenceDenormalizer;
|
||||
use App\Shared\Domain\Contract\CategoryInterface;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use stdClass;
|
||||
use Symfony\Component\Serializer\Exception\UnexpectedValueException;
|
||||
|
||||
/**
|
||||
* Tests unitaires du CategoryReferenceDenormalizer : resolution d'un IRI vers
|
||||
* une Category concrete, et rejet explicite d'un IRI pointant sur une autre
|
||||
* ressource (au lieu d'un null silencieux qui perdrait la reference).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class CategoryReferenceDenormalizerTest extends TestCase
|
||||
{
|
||||
public function testResolvesCategoryIri(): void
|
||||
{
|
||||
$category = $this->createStub(CategoryInterface::class);
|
||||
$iriConverter = $this->createMock(IriConverterInterface::class);
|
||||
$iriConverter->method('getResourceFromIri')->willReturn($category);
|
||||
|
||||
$denormalizer = new CategoryReferenceDenormalizer($iriConverter);
|
||||
|
||||
self::assertSame(
|
||||
$category,
|
||||
$denormalizer->denormalize('/api/categories/1', CategoryInterface::class),
|
||||
);
|
||||
}
|
||||
|
||||
public function testRejectsIriOfWrongType(): void
|
||||
{
|
||||
// Bug review ERP-55 : un IRI syntaxiquement valide mais pointant sur une
|
||||
// autre ressource (ex: /api/clients/5) doit lever une exception au lieu
|
||||
// d'etre silencieusement ignore.
|
||||
$iriConverter = $this->createMock(IriConverterInterface::class);
|
||||
$iriConverter->method('getResourceFromIri')->willReturn(new stdClass());
|
||||
|
||||
$denormalizer = new CategoryReferenceDenormalizer($iriConverter);
|
||||
|
||||
$this->expectException(UnexpectedValueException::class);
|
||||
$denormalizer->denormalize('/api/clients/5', CategoryInterface::class);
|
||||
}
|
||||
|
||||
public function testReturnsNullForEmptyData(): void
|
||||
{
|
||||
// Valeur vide deleguee par l'ArrayDenormalizer : aucun appel a
|
||||
// l'IriConverter, retour null.
|
||||
$iriConverter = $this->createMock(IriConverterInterface::class);
|
||||
$iriConverter->expects(self::never())->method('getResourceFromIri');
|
||||
|
||||
$denormalizer = new CategoryReferenceDenormalizer($iriConverter);
|
||||
|
||||
self::assertNull($denormalizer->denormalize('', CategoryInterface::class));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,56 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Unit;
|
||||
|
||||
use App\Module\Commercial\Application\Service\ClientFieldNormalizer;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
/**
|
||||
* Tests unitaires de la normalisation serveur (RG-1.18 a RG-1.21).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientFieldNormalizerTest extends TestCase
|
||||
{
|
||||
private ClientFieldNormalizer $normalizer;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
$this->normalizer = new ClientFieldNormalizer();
|
||||
}
|
||||
|
||||
public function testCompanyNameIsUppercased(): void
|
||||
{
|
||||
// RG-1.18
|
||||
self::assertSame('ACME SAS', $this->normalizer->normalizeCompanyName(' acme sas '));
|
||||
self::assertNull($this->normalizer->normalizeCompanyName(null));
|
||||
}
|
||||
|
||||
public function testPersonNameIsTitleCased(): void
|
||||
{
|
||||
// RG-1.19
|
||||
self::assertSame('Jean', $this->normalizer->normalizePersonName('JEAN'));
|
||||
self::assertSame('Dupont', $this->normalizer->normalizePersonName('dupont'));
|
||||
self::assertNull($this->normalizer->normalizePersonName(' '));
|
||||
self::assertNull($this->normalizer->normalizePersonName(null));
|
||||
}
|
||||
|
||||
public function testEmailIsLowercased(): void
|
||||
{
|
||||
// RG-1.21
|
||||
self::assertSame('jean.dupont@acme.fr', $this->normalizer->normalizeEmail(' Jean.DUPONT@ACME.FR '));
|
||||
self::assertNull($this->normalizer->normalizeEmail(null));
|
||||
self::assertNull($this->normalizer->normalizeEmail(' '));
|
||||
}
|
||||
|
||||
public function testPhoneKeepsOnlyDigits(): void
|
||||
{
|
||||
// RG-1.20
|
||||
self::assertSame('0612345678', $this->normalizer->normalizePhone('06.12.34.56.78'));
|
||||
self::assertSame('0612345678', $this->normalizer->normalizePhone('06 12 34 56 78'));
|
||||
self::assertNull($this->normalizer->normalizePhone('----'));
|
||||
self::assertNull($this->normalizer->normalizePhone(null));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,453 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Unit;
|
||||
|
||||
use ApiPlatform\Metadata\Operation;
|
||||
use ApiPlatform\State\ProcessorInterface;
|
||||
use ApiPlatform\Validator\Exception\ValidationException;
|
||||
use App\Module\Commercial\Application\Service\ClientFieldNormalizer;
|
||||
use App\Module\Commercial\Application\Validator\ClientInformationCompletenessValidator;
|
||||
use App\Module\Commercial\Domain\Entity\Bank;
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use App\Module\Commercial\Domain\Entity\ClientRib;
|
||||
use App\Module\Commercial\Domain\Entity\PaymentType;
|
||||
use App\Module\Commercial\Infrastructure\ApiPlatform\State\Processor\ClientProcessor;
|
||||
use App\Shared\Domain\Contract\BusinessRoleAwareInterface;
|
||||
use App\Shared\Domain\Security\BusinessRoles;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Doctrine\ORM\UnitOfWork;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\RequestStack;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
use Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
|
||||
/**
|
||||
* Tests unitaires du ClientProcessor : gating par permission (accounting.manage
|
||||
* / archive / RG-1.28 strict) et regles metier non testables en HTTP admin
|
||||
* (RG-1.04 Commerciale, RG-1.12 Virement, RG-1.13 LCR), grace a un Security et
|
||||
* un RequestStack stubbes.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientProcessorTest extends TestCase
|
||||
{
|
||||
public function testAccountingFieldWithoutPermissionIsForbidden(): void
|
||||
{
|
||||
// RG-1.28 : la modification effective d'un champ comptable sans
|
||||
// accounting.manage -> 403. En creation (POST), positionner siren est un
|
||||
// changement vs l'etat persiste vide.
|
||||
$client = $this->minimalClient();
|
||||
$client->setSiren('123456789');
|
||||
|
||||
$processor = $this->makeProcessor(granted: [], payload: ['siren' => '123456789']);
|
||||
|
||||
$this->expectException(AccessDeniedHttpException::class);
|
||||
$processor->process($client, $this->operation());
|
||||
}
|
||||
|
||||
public function testStrictMixWithAccountingFieldIsForbidden(): void
|
||||
{
|
||||
// RG-1.28 : payload mixant main + accounting sans la permission -> 403
|
||||
// sur l'ensemble (pas de filtrage silencieux).
|
||||
$client = $this->minimalClient();
|
||||
$client->setCompanyName('X');
|
||||
$client->setSiren('123456789');
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: [],
|
||||
payload: ['companyName' => 'X', 'siren' => '123456789'],
|
||||
);
|
||||
|
||||
$this->expectException(AccessDeniedHttpException::class);
|
||||
$processor->process($client, $this->operation());
|
||||
}
|
||||
|
||||
public function testArchiveWithoutPermissionIsForbidden(): void
|
||||
{
|
||||
// RG-1.22 : basculer isArchived sans la permission archive -> 403.
|
||||
$client = $this->minimalClient();
|
||||
$client->setIsArchived(true);
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: [],
|
||||
payload: ['isArchived' => true],
|
||||
managed: true,
|
||||
originalData: ['isArchived' => false],
|
||||
);
|
||||
|
||||
$this->expectException(AccessDeniedHttpException::class);
|
||||
$processor->process($client, $this->operation());
|
||||
}
|
||||
|
||||
public function testArchiveWithOtherFieldIsUnprocessable(): void
|
||||
{
|
||||
// RG-1.22 : une requete d'archivage ne modifie aucun autre champ.
|
||||
$client = $this->minimalClient();
|
||||
$client->setIsArchived(true);
|
||||
$client->setCompanyName('X');
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: ['commercial.clients.archive'],
|
||||
payload: ['isArchived' => true, 'companyName' => 'X'],
|
||||
managed: true,
|
||||
originalData: ['isArchived' => false],
|
||||
);
|
||||
|
||||
$this->expectException(UnprocessableEntityHttpException::class);
|
||||
$processor->process($client, $this->operation());
|
||||
}
|
||||
|
||||
public function testPostWithIsArchivedFalseIsNotGated(): void
|
||||
{
|
||||
// Bug review ERP-55 : un POST renvoyant isArchived:false (valeur par
|
||||
// defaut) ne doit declencher ni 403 (archive) ni 422, meme sans
|
||||
// permission. L'entite n'est pas encore geree par l'ORM.
|
||||
$client = $this->minimalClient(); // isArchived = false par defaut
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: [],
|
||||
payload: ['companyName' => 'Test Co', 'isArchived' => false],
|
||||
managed: false,
|
||||
);
|
||||
|
||||
self::assertInstanceOf(Client::class, $processor->process($client, $this->operation()));
|
||||
}
|
||||
|
||||
public function testFullRepresentationPatchWithUnchangedArchiveIsNotGated(): void
|
||||
{
|
||||
// Bug review ERP-55 : un PATCH « representation complete » renvoyant
|
||||
// isArchived inchange + des cles JSON-LD (@id, @context) ne doit pas etre
|
||||
// gate (ni 403 archive ni 422), meme sans permission.
|
||||
$client = $this->minimalClient(); // isArchived = false (inchange)
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: [],
|
||||
payload: [
|
||||
'@id' => '/api/clients/1',
|
||||
'@context' => '/api/contexts/Client',
|
||||
'companyName' => 'Test Co',
|
||||
'isArchived' => false,
|
||||
],
|
||||
managed: true,
|
||||
// Etat persiste complet (valeurs normalisees) : sans les champs
|
||||
// metier, guardManage (ERP-74) les croirait modifies (companyName,
|
||||
// lastName... compares a null) et leverait un 403 parasite.
|
||||
originalData: [
|
||||
'companyName' => 'TEST CO',
|
||||
'lastName' => 'Dupont',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 't@test.fr',
|
||||
'triageService' => false,
|
||||
'isArchived' => false,
|
||||
],
|
||||
);
|
||||
|
||||
self::assertInstanceOf(Client::class, $processor->process($client, $this->operation()));
|
||||
}
|
||||
|
||||
public function testUnchangedAccountingFieldOnPatchIsNotGated(): void
|
||||
{
|
||||
// Bug review ERP-55 : renvoyer un champ comptable a sa valeur persistee
|
||||
// (PATCH representation complete) ne change rien -> pas d'exigence
|
||||
// accounting.manage.
|
||||
$client = $this->minimalClient();
|
||||
$client->setSiren('123456789'); // identique a l'etat persiste
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: [],
|
||||
payload: ['companyName' => 'Test Co', 'siren' => '123456789'],
|
||||
managed: true,
|
||||
// getOriginalEntityData renvoie tous les champs mappes d'une entite
|
||||
// geree : isArchived (non-null) y figure toujours, ainsi que les
|
||||
// champs metier (sinon guardManage les croirait modifies).
|
||||
originalData: [
|
||||
'siren' => '123456789',
|
||||
'companyName' => 'TEST CO',
|
||||
'lastName' => 'Dupont',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 't@test.fr',
|
||||
'triageService' => false,
|
||||
'isArchived' => false,
|
||||
],
|
||||
);
|
||||
|
||||
self::assertInstanceOf(Client::class, $processor->process($client, $this->operation()));
|
||||
}
|
||||
|
||||
public function testBusinessFieldWithoutManagePermissionIsForbidden(): void
|
||||
{
|
||||
// ERP-74 (guardManage) : modifier un champ metier (companyName) sur un
|
||||
// client existant sans `manage` -> 403, meme avec accounting.manage
|
||||
// (cas Compta qui sort de son onglet).
|
||||
$client = $this->minimalClient();
|
||||
$client->setCompanyName('Renamed Co');
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: ['commercial.clients.accounting.manage'],
|
||||
payload: ['companyName' => 'Renamed Co'],
|
||||
managed: true,
|
||||
originalData: [
|
||||
'companyName' => 'TEST CO',
|
||||
'lastName' => 'Dupont',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 't@test.fr',
|
||||
'triageService' => false,
|
||||
'isArchived' => false,
|
||||
],
|
||||
);
|
||||
|
||||
$this->expectException(AccessDeniedHttpException::class);
|
||||
$processor->process($client, $this->operation());
|
||||
}
|
||||
|
||||
public function testAccountingOnlyPatchWithAccountingManageOnlyPasses(): void
|
||||
{
|
||||
// ERP-74 : Compta (accounting.manage, PAS manage) qui ne touche QUE
|
||||
// l'onglet Comptabilite d'un client existant -> 200. guardManage ne
|
||||
// declenche pas (aucun champ metier modifie), guardAccounting passe.
|
||||
$client = $this->minimalClient();
|
||||
$client->setSiren('999999999');
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: ['commercial.clients.accounting.manage'],
|
||||
payload: ['siren' => '999999999'],
|
||||
managed: true,
|
||||
originalData: [
|
||||
'siren' => '111111111',
|
||||
'companyName' => 'TEST CO',
|
||||
'lastName' => 'Dupont',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 't@test.fr',
|
||||
'triageService' => false,
|
||||
'isArchived' => false,
|
||||
],
|
||||
);
|
||||
|
||||
self::assertInstanceOf(Client::class, $processor->process($client, $this->operation()));
|
||||
}
|
||||
|
||||
public function testVirementWithoutBankIsUnprocessable(): void
|
||||
{
|
||||
// RG-1.12
|
||||
$client = $this->minimalClient();
|
||||
$client->setPaymentType($this->paymentType('VIREMENT'));
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: ['commercial.clients.accounting.manage'],
|
||||
payload: ['paymentType' => '/api/payment_types/1'],
|
||||
);
|
||||
|
||||
$this->expectException(ValidationException::class);
|
||||
$processor->process($client, $this->operation());
|
||||
}
|
||||
|
||||
public function testVirementWithBankPasses(): void
|
||||
{
|
||||
// RG-1.12 satisfait : Virement + banque.
|
||||
$client = $this->minimalClient();
|
||||
$client->setPaymentType($this->paymentType('VIREMENT'));
|
||||
$client->setBank(new Bank());
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: ['commercial.clients.accounting.manage'],
|
||||
payload: ['paymentType' => '/api/payment_types/1', 'bank' => '/api/banks/1'],
|
||||
);
|
||||
|
||||
$result = $processor->process($client, $this->operation());
|
||||
self::assertInstanceOf(Client::class, $result);
|
||||
}
|
||||
|
||||
public function testLcrWithoutRibIsUnprocessable(): void
|
||||
{
|
||||
// RG-1.13
|
||||
$client = $this->minimalClient();
|
||||
$client->setPaymentType($this->paymentType('LCR'));
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: ['commercial.clients.accounting.manage'],
|
||||
payload: ['paymentType' => '/api/payment_types/2'],
|
||||
);
|
||||
|
||||
$this->expectException(ValidationException::class);
|
||||
$processor->process($client, $this->operation());
|
||||
}
|
||||
|
||||
public function testLcrWithRibPasses(): void
|
||||
{
|
||||
// RG-1.13 satisfait : LCR + au moins un RIB.
|
||||
$client = $this->minimalClient();
|
||||
$client->setPaymentType($this->paymentType('LCR'));
|
||||
$client->addRib(new ClientRib());
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: ['commercial.clients.accounting.manage'],
|
||||
payload: ['paymentType' => '/api/payment_types/2'],
|
||||
);
|
||||
|
||||
self::assertInstanceOf(Client::class, $processor->process($client, $this->operation()));
|
||||
}
|
||||
|
||||
public function testCommercialeIncompleteInformationIsUnprocessable(): void
|
||||
{
|
||||
// RG-1.04 : role Commerciale + onglet Information incomplet -> 422.
|
||||
$client = $this->minimalClient();
|
||||
$client->setDescription('Une description'); // les autres champs Information restent null
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: [],
|
||||
payload: ['description' => 'Une description'],
|
||||
user: $this->commercialeUser(),
|
||||
);
|
||||
|
||||
$this->expectException(ValidationException::class);
|
||||
$processor->process($client, $this->operation());
|
||||
}
|
||||
|
||||
public function testCommercialeIncompleteInformationOnNonInformationPatchIsUnprocessable(): void
|
||||
{
|
||||
// RG-1.04 durcie (ERP-74) : pour une Commerciale, la completude de
|
||||
// l'onglet Information est exigee meme quand le payload ne touche PAS
|
||||
// l'onglet Information (ici seulement companyName). L'ancienne condition
|
||||
// d'intersection avec INFORMATION_FIELDS a ete retiree.
|
||||
$client = $this->minimalClient();
|
||||
$client->setCompanyName('Renamed Co'); // onglet principal uniquement, Information vide
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: ['commercial.clients.manage'],
|
||||
payload: ['companyName' => 'Renamed Co'],
|
||||
user: $this->commercialeUser(),
|
||||
managed: true,
|
||||
originalData: [
|
||||
'companyName' => 'TEST CO',
|
||||
'lastName' => 'Dupont',
|
||||
'phonePrimary' => '0102030405',
|
||||
'email' => 't@test.fr',
|
||||
'triageService' => false,
|
||||
'isArchived' => false,
|
||||
],
|
||||
);
|
||||
|
||||
$this->expectException(ValidationException::class);
|
||||
$processor->process($client, $this->operation());
|
||||
}
|
||||
|
||||
public function testNonCommercialeSkipsInformationCompleteness(): void
|
||||
{
|
||||
// Meme payload incomplet, mais user non-Commerciale -> aucun blocage.
|
||||
$client = $this->minimalClient();
|
||||
$client->setDescription('Une description');
|
||||
|
||||
$processor = $this->makeProcessor(
|
||||
granted: [],
|
||||
payload: ['description' => 'Une description'],
|
||||
user: null,
|
||||
);
|
||||
|
||||
self::assertInstanceOf(Client::class, $processor->process($client, $this->operation()));
|
||||
}
|
||||
|
||||
/**
|
||||
* @param list<string> $granted Permissions accordees a l'utilisateur courant
|
||||
* @param array<string, mixed> $payload Corps JSON simule de la requete
|
||||
* @param bool $managed true = entite geree par l'ORM (PATCH), false = creation (POST)
|
||||
* @param array<string, mixed> $originalData Etat persiste simule (getOriginalEntityData) pour la detection de changement
|
||||
*/
|
||||
private function makeProcessor(
|
||||
array $granted,
|
||||
array $payload,
|
||||
?UserInterface $user = null,
|
||||
bool $managed = false,
|
||||
array $originalData = [],
|
||||
): ClientProcessor {
|
||||
$persist = new class implements ProcessorInterface {
|
||||
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): mixed
|
||||
{
|
||||
return $data;
|
||||
}
|
||||
};
|
||||
|
||||
$security = $this->createStub(Security::class);
|
||||
$security->method('isGranted')->willReturnCallback(
|
||||
static fn (mixed $attribute): bool => is_string($attribute) && in_array($attribute, $granted, true),
|
||||
);
|
||||
$security->method('getUser')->willReturn($user);
|
||||
|
||||
$requestStack = new RequestStack();
|
||||
$requestStack->push(new Request([], [], [], [], [], [], json_encode($payload, JSON_THROW_ON_ERROR)));
|
||||
|
||||
// EntityManager stub : contains() distingue creation (POST) et mise a
|
||||
// jour (PATCH) ; getOriginalEntityData() fournit l'etat persiste compare
|
||||
// par le gating (RG-1.22 / RG-1.28).
|
||||
$uow = $this->createMock(UnitOfWork::class);
|
||||
$uow->method('getOriginalEntityData')->willReturn($originalData);
|
||||
|
||||
$em = $this->createMock(EntityManagerInterface::class);
|
||||
$em->method('contains')->willReturn($managed);
|
||||
$em->method('getUnitOfWork')->willReturn($uow);
|
||||
|
||||
return new ClientProcessor(
|
||||
$persist,
|
||||
new ClientFieldNormalizer(),
|
||||
new ClientInformationCompletenessValidator(),
|
||||
$security,
|
||||
$requestStack,
|
||||
$em,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Client minimal valide vis-a-vis de RG-1.01 (un nom de contact) — suffisant
|
||||
* pour atteindre les validations testees.
|
||||
*/
|
||||
private function minimalClient(): Client
|
||||
{
|
||||
$client = new Client();
|
||||
$client->setCompanyName('Test Co');
|
||||
$client->setLastName('Dupont');
|
||||
$client->setPhonePrimary('0102030405');
|
||||
$client->setEmail('t@test.fr');
|
||||
|
||||
return $client;
|
||||
}
|
||||
|
||||
private function paymentType(string $code): PaymentType
|
||||
{
|
||||
$type = new PaymentType();
|
||||
$type->setCode($code);
|
||||
$type->setLabel($code);
|
||||
|
||||
return $type;
|
||||
}
|
||||
|
||||
private function operation(): Operation
|
||||
{
|
||||
return $this->createStub(Operation::class);
|
||||
}
|
||||
|
||||
private function commercialeUser(): UserInterface
|
||||
{
|
||||
return new class implements UserInterface, BusinessRoleAwareInterface {
|
||||
public function hasBusinessRole(string $roleCode): bool
|
||||
{
|
||||
return BusinessRoles::COMMERCIALE === $roleCode;
|
||||
}
|
||||
|
||||
public function getRoles(): array
|
||||
{
|
||||
return ['ROLE_USER'];
|
||||
}
|
||||
|
||||
public function eraseCredentials(): void {}
|
||||
|
||||
public function getUserIdentifier(): string
|
||||
{
|
||||
return 'commerciale-test';
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,85 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Module\Commercial\Unit;
|
||||
|
||||
use ApiPlatform\State\SerializerContextBuilderInterface;
|
||||
use App\Module\Commercial\Domain\Entity\Client;
|
||||
use App\Module\Commercial\Infrastructure\ApiPlatform\Serializer\ClientReadGroupContextBuilder;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
/**
|
||||
* Tests unitaires du context builder qui ajoute conditionnellement le groupe
|
||||
* de lecture `client:read:accounting` selon la permission accounting.view
|
||||
* (§ 2.7 / § 4.1 / § 4.2).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class ClientReadGroupContextBuilderTest extends TestCase
|
||||
{
|
||||
public function testAddsAccountingGroupForClientReadWhenGranted(): void
|
||||
{
|
||||
$builder = $this->builder(
|
||||
baseContext: ['resource_class' => Client::class, 'groups' => ['client:read', 'default:read']],
|
||||
granted: true,
|
||||
);
|
||||
|
||||
$context = $builder->createFromRequest(new Request(), true);
|
||||
|
||||
self::assertContains('client:read:accounting', $context['groups']);
|
||||
}
|
||||
|
||||
public function testDoesNotAddAccountingGroupWhenNotGranted(): void
|
||||
{
|
||||
$builder = $this->builder(
|
||||
baseContext: ['resource_class' => Client::class, 'groups' => ['client:read', 'default:read']],
|
||||
granted: false,
|
||||
);
|
||||
|
||||
$context = $builder->createFromRequest(new Request(), true);
|
||||
|
||||
self::assertNotContains('client:read:accounting', $context['groups']);
|
||||
}
|
||||
|
||||
public function testDoesNotAddAccountingGroupOnWrite(): void
|
||||
{
|
||||
$builder = $this->builder(
|
||||
baseContext: ['resource_class' => Client::class, 'groups' => ['client:write:main']],
|
||||
granted: true,
|
||||
);
|
||||
|
||||
// normalization = false -> ecriture : pas de groupe de lecture ajoute.
|
||||
$context = $builder->createFromRequest(new Request(), false);
|
||||
|
||||
self::assertNotContains('client:read:accounting', $context['groups']);
|
||||
}
|
||||
|
||||
public function testIgnoresOtherResources(): void
|
||||
{
|
||||
$builder = $this->builder(
|
||||
baseContext: ['resource_class' => 'App\Other\Resource', 'groups' => ['other:read']],
|
||||
granted: true,
|
||||
);
|
||||
|
||||
$context = $builder->createFromRequest(new Request(), true);
|
||||
|
||||
self::assertSame(['other:read'], $context['groups']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $baseContext
|
||||
*/
|
||||
private function builder(array $baseContext, bool $granted): ClientReadGroupContextBuilder
|
||||
{
|
||||
$decorated = $this->createStub(SerializerContextBuilderInterface::class);
|
||||
$decorated->method('createFromRequest')->willReturn($baseContext);
|
||||
|
||||
$security = $this->createStub(Security::class);
|
||||
$security->method('isGranted')->willReturn($granted);
|
||||
|
||||
return new ClientReadGroupContextBuilder($decorated, $security);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,99 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Tests\Shared\Infrastructure\Export;
|
||||
|
||||
use App\Shared\Infrastructure\Export\PhpSpreadsheetExporter;
|
||||
use Generator;
|
||||
use PhpOffice\PhpSpreadsheet\IOFactory;
|
||||
use PhpOffice\PhpSpreadsheet\Spreadsheet;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
/**
|
||||
* Test unitaire du service Shared d'export XLSX. Verifie que le binaire produit
|
||||
* est un vrai fichier XLSX relisible, que l'en-tete et les lignes sont ecrits
|
||||
* dans le bon ordre, qu'un iterable paresseux (generator) est accepte et que le
|
||||
* titre d'onglet est assaini.
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
final class PhpSpreadsheetExporterTest extends TestCase
|
||||
{
|
||||
public function testExportProducesReadableXlsxWithHeadersAndRows(): void
|
||||
{
|
||||
$binary = new PhpSpreadsheetExporter()->export(
|
||||
'Feuille test',
|
||||
['Nom', 'Email'],
|
||||
[
|
||||
['Alpha', 'alpha@test.fr'],
|
||||
['Beta', null],
|
||||
],
|
||||
);
|
||||
|
||||
self::assertNotSame('', $binary);
|
||||
// Un fichier XLSX (OOXML) est une archive ZIP : signature "PK\x03\x04".
|
||||
self::assertStringStartsWith("PK\x03\x04", $binary);
|
||||
|
||||
$grid = $this->grid($binary);
|
||||
self::assertSame(['Nom', 'Email'], $grid[0]);
|
||||
self::assertSame('Alpha', $grid[1][0]);
|
||||
self::assertSame('alpha@test.fr', $grid[1][1]);
|
||||
self::assertSame('Beta', $grid[2][0]);
|
||||
// Cellule null a l'ecriture -> vide a la relecture.
|
||||
self::assertNull($grid[2][1]);
|
||||
}
|
||||
|
||||
public function testExportAcceptsGeneratorRows(): void
|
||||
{
|
||||
$rows = (static function (): Generator {
|
||||
yield ['L1'];
|
||||
|
||||
yield ['L2'];
|
||||
})();
|
||||
|
||||
$grid = $this->grid(new PhpSpreadsheetExporter()->export('Gen', ['H'], $rows));
|
||||
|
||||
self::assertSame('H', $grid[0][0]);
|
||||
self::assertSame('L1', $grid[1][0]);
|
||||
self::assertSame('L2', $grid[2][0]);
|
||||
}
|
||||
|
||||
public function testLongOrInvalidSheetTitleIsSanitized(): void
|
||||
{
|
||||
// Titre > 31 caracteres + caracteres interdits par Excel ([ ] : * etc.).
|
||||
$binary = new PhpSpreadsheetExporter()->export(
|
||||
str_repeat('A', 50).'[]:*?/\\',
|
||||
['H'],
|
||||
[['x']],
|
||||
);
|
||||
|
||||
$title = $this->load($binary)->getActiveSheet()->getTitle();
|
||||
self::assertLessThanOrEqual(31, mb_strlen($title));
|
||||
self::assertStringNotContainsString('[', $title);
|
||||
self::assertStringNotContainsString(':', $title);
|
||||
}
|
||||
|
||||
/**
|
||||
* Relit le binaire XLSX et renvoie la grille de cellules (ligne 0 = entete).
|
||||
*
|
||||
* @return array<int, array<int, mixed>>
|
||||
*/
|
||||
private function grid(string $binary): array
|
||||
{
|
||||
return $this->load($binary)->getActiveSheet()->toArray();
|
||||
}
|
||||
|
||||
private function load(string $binary): Spreadsheet
|
||||
{
|
||||
$tmp = tempnam(sys_get_temp_dir(), 'xlsx_test_');
|
||||
self::assertIsString($tmp);
|
||||
file_put_contents($tmp, $binary);
|
||||
|
||||
try {
|
||||
return IOFactory::load($tmp);
|
||||
} finally {
|
||||
@unlink($tmp);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user