Matthieu
c1fcd9a7c8
Repond aux retours de review (rigueur d'assertion transversale) :
- mutualise assertViolationOnPath dans AbstractCarrierApiTestCase (au lieu d'un
duplicata local a CarrierWriteApiTest) ;
- asserte le propertyPath des 422 des sous-ressources (adresses city/street/postalCode,
contacts firstName/phones/email, prix clientDeliveryAddress/supplierSupplyAddress/price)
-> evite les faux-verts du mapping inline (ERP-101) ;
- 404 parent (POST sur /carriers/999999/{addresses,contacts,prices}) ;
- 401 anonyme + filtre ?certificationType= sur la collection (trous releves sur le
contrat de lecture).
329 lines
14 KiB
PHP
329 lines
14 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Tests\Module\Transport\Api;
|
|
|
|
use App\Module\Commercial\Domain\Entity\ClientAddress;
|
|
use App\Module\Core\Infrastructure\DataFixtures\RbacDemoFixtures;
|
|
use App\Module\Sites\Domain\Entity\Site;
|
|
use App\Module\Transport\Domain\Entity\CarrierPrice;
|
|
use Symfony\Bundle\FrameworkBundle\Console\Application;
|
|
use Symfony\Component\Console\Input\ArrayInput;
|
|
use Symfony\Component\Console\Output\NullOutput;
|
|
|
|
/**
|
|
* Sous-ressource Prix d'un transporteur (spec-back M4 § 4.5, ERP-161).
|
|
* POST /api/carriers/{id}/prices, PATCH/DELETE /api/carrier_prices/{id}.
|
|
*
|
|
* Contrat verifie (RG-4.09→4.11) :
|
|
* - branche CLIENT incomplete -> 422 ;
|
|
* - branche FOURNISSEUR incomplete -> 422 ;
|
|
* - adresse de livraison etrangere au client -> 422 ;
|
|
* - adresse d'appro etrangere au fournisseur -> 422 ;
|
|
* - prix CLIENT / FOURNISSEUR complets -> 201 ;
|
|
* - PATCH / DELETE OK avec transport.carriers.manage, 403 sans (view seul).
|
|
*
|
|
* @internal
|
|
*/
|
|
final class CarrierPriceApiTest extends AbstractCarrierApiTestCase
|
|
{
|
|
private const string PWD = RbacDemoFixtures::DEMO_PASSWORD;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
|
|
// Seed idempotent des roles + matrice § 5.2 + comptes demo (meme chemin
|
|
// qu'en recette), requis pour les tests de permission (bureau/commerciale).
|
|
self::bootKernel();
|
|
$application = new Application(self::$kernel);
|
|
$application->setAutoExit(false);
|
|
$exit = $application->run(
|
|
new ArrayInput([
|
|
'command' => 'app:seed-rbac',
|
|
'--with-demo-users' => true,
|
|
'--password' => self::PWD,
|
|
]),
|
|
new NullOutput(),
|
|
);
|
|
self::assertSame(0, $exit, 'app:seed-rbac a echoue (permissions transport.carriers.* synchronisees ?).');
|
|
|
|
self::ensureKernelShutdown();
|
|
}
|
|
|
|
public function testIncompleteClientBranchReturns422(): void
|
|
{
|
|
// RG-4.10 : direction CLIENT sans client / adresse / site de depart -> 422.
|
|
$carrier = $this->seedCarrier('Prix Client Incomplet');
|
|
$client = $this->createAdminClient();
|
|
|
|
$client->request('POST', '/api/carriers/'.$carrier->getId().'/prices', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'direction' => 'CLIENT',
|
|
'containerType' => 'BENNE',
|
|
'pricingUnit' => 'TONNE',
|
|
'price' => '42.50',
|
|
'priceState' => 'VALIDE',
|
|
],
|
|
]);
|
|
self::assertResponseStatusCodeSame(422);
|
|
}
|
|
|
|
public function testIncompleteSupplierBranchReturns422(): void
|
|
{
|
|
// RG-4.11 : direction FOURNISSEUR sans fournisseur / adresse / site -> 422.
|
|
$carrier = $this->seedCarrier('Prix Fournisseur Incomplet');
|
|
$client = $this->createAdminClient();
|
|
|
|
$client->request('POST', '/api/carriers/'.$carrier->getId().'/prices', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'direction' => 'FOURNISSEUR',
|
|
'containerType' => 'FOND_MOUVANT',
|
|
'pricingUnit' => 'FORFAIT',
|
|
'price' => '320.00',
|
|
'priceState' => 'EN_COURS',
|
|
],
|
|
]);
|
|
self::assertResponseStatusCodeSame(422);
|
|
}
|
|
|
|
public function testForeignClientAddressReturns422(): void
|
|
{
|
|
// RG-4.10 : l'adresse de livraison doit appartenir au client choisi.
|
|
$carrier = $this->seedCarrier('Prix Adresse Etrangere Client');
|
|
$addrA = $this->seedClientWithAddress('Client A');
|
|
$addrB = $this->seedClientWithAddress('Client B');
|
|
$this->getEm()->flush();
|
|
$siteId = $this->aSiteId();
|
|
|
|
$client = $this->createAdminClient();
|
|
$response = $client->request('POST', '/api/carriers/'.$carrier->getId().'/prices', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'direction' => 'CLIENT',
|
|
'client' => '/api/clients/'.$addrA->getClient()?->getId(),
|
|
'clientDeliveryAddress' => '/api/client_addresses/'.$addrB->getId(), // adresse du client B
|
|
'departureSite' => '/api/sites/'.$siteId,
|
|
'containerType' => 'BENNE',
|
|
'pricingUnit' => 'TONNE',
|
|
'price' => '42.50',
|
|
'priceState' => 'VALIDE',
|
|
],
|
|
]);
|
|
self::assertResponseStatusCodeSame(422);
|
|
// Faux-vert evite : la 422 doit prouver l'integrite referentielle adresse<->tiers
|
|
// (violation sur clientDeliveryAddress), pas une autre cause (RG-4.10, ERP-101).
|
|
self::assertViolationOnPath($response, 'clientDeliveryAddress');
|
|
}
|
|
|
|
public function testForeignSupplierAddressReturns422(): void
|
|
{
|
|
// RG-4.11 : l'adresse d'appro doit appartenir au fournisseur choisi.
|
|
$carrier = $this->seedCarrier('Prix Adresse Etrangere Fournisseur');
|
|
$addrA = $this->seedSupplierWithAddress('Fournisseur A');
|
|
$addrB = $this->seedSupplierWithAddress('Fournisseur B');
|
|
$this->getEm()->flush();
|
|
$siteId = $this->aSiteId();
|
|
|
|
$client = $this->createAdminClient();
|
|
$response = $client->request('POST', '/api/carriers/'.$carrier->getId().'/prices', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'direction' => 'FOURNISSEUR',
|
|
'supplier' => '/api/suppliers/'.$addrA->getSupplier()?->getId(),
|
|
'supplierSupplyAddress' => '/api/supplier_addresses/'.$addrB->getId(), // adresse du fournisseur B
|
|
'deliverySite' => '/api/sites/'.$siteId,
|
|
'containerType' => 'FOND_MOUVANT',
|
|
'pricingUnit' => 'FORFAIT',
|
|
'price' => '320.00',
|
|
'priceState' => 'EN_COURS',
|
|
],
|
|
]);
|
|
self::assertResponseStatusCodeSame(422);
|
|
self::assertViolationOnPath($response, 'supplierSupplyAddress');
|
|
}
|
|
|
|
public function testValidClientPriceIsCreated(): void
|
|
{
|
|
$carrier = $this->seedCarrier('Prix Client Valide');
|
|
$addr = $this->seedClientWithAddress('Client OK');
|
|
$this->getEm()->flush();
|
|
$siteId = $this->aSiteId();
|
|
|
|
$client = $this->createAdminClient();
|
|
$client->request('POST', '/api/carriers/'.$carrier->getId().'/prices', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'direction' => 'CLIENT',
|
|
'client' => '/api/clients/'.$addr->getClient()?->getId(),
|
|
'clientDeliveryAddress' => '/api/client_addresses/'.$addr->getId(),
|
|
'departureSite' => '/api/sites/'.$siteId,
|
|
'containerType' => 'BENNE',
|
|
'pricingUnit' => 'TONNE',
|
|
'price' => '42.50',
|
|
'priceState' => 'VALIDE',
|
|
],
|
|
]);
|
|
self::assertResponseStatusCodeSame(201);
|
|
self::assertJsonContains(['direction' => 'CLIENT', 'priceState' => 'VALIDE']);
|
|
}
|
|
|
|
public function testValidSupplierPriceIsCreated(): void
|
|
{
|
|
$carrier = $this->seedCarrier('Prix Fournisseur Valide');
|
|
$addr = $this->seedSupplierWithAddress('Fournisseur OK');
|
|
$this->getEm()->flush();
|
|
$siteId = $this->aSiteId();
|
|
|
|
$client = $this->createAdminClient();
|
|
$client->request('POST', '/api/carriers/'.$carrier->getId().'/prices', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'direction' => 'FOURNISSEUR',
|
|
'supplier' => '/api/suppliers/'.$addr->getSupplier()?->getId(),
|
|
'supplierSupplyAddress' => '/api/supplier_addresses/'.$addr->getId(),
|
|
'deliverySite' => '/api/sites/'.$siteId,
|
|
'containerType' => 'FOND_MOUVANT',
|
|
'pricingUnit' => 'FORFAIT',
|
|
'price' => '320.00',
|
|
'priceState' => 'EN_COURS',
|
|
],
|
|
]);
|
|
self::assertResponseStatusCodeSame(201);
|
|
self::assertJsonContains(['direction' => 'FOURNISSEUR', 'priceState' => 'EN_COURS']);
|
|
}
|
|
|
|
public function testNegativePriceReturns422(): void
|
|
{
|
|
// Le prix porte un Assert\PositiveOrZero : une valeur negative -> 422 sur `price`
|
|
// (la branche CLIENT est par ailleurs complete pour isoler la cause).
|
|
$carrier = $this->seedCarrier('Prix Negatif');
|
|
$addr = $this->seedClientWithAddress('Client Prix Negatif');
|
|
$this->getEm()->flush();
|
|
$siteId = $this->aSiteId();
|
|
|
|
$client = $this->createAdminClient();
|
|
$response = $client->request('POST', '/api/carriers/'.$carrier->getId().'/prices', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'direction' => 'CLIENT',
|
|
'client' => '/api/clients/'.$addr->getClient()?->getId(),
|
|
'clientDeliveryAddress' => '/api/client_addresses/'.$addr->getId(),
|
|
'departureSite' => '/api/sites/'.$siteId,
|
|
'containerType' => 'BENNE',
|
|
'pricingUnit' => 'TONNE',
|
|
'price' => '-5.00',
|
|
'priceState' => 'VALIDE',
|
|
],
|
|
]);
|
|
self::assertResponseStatusCodeSame(422);
|
|
self::assertViolationOnPath($response, 'price');
|
|
}
|
|
|
|
public function testPostPriceOnUnknownCarrierReturns404(): void
|
|
{
|
|
// Parent introuvable (read:false) -> 404 explicite du processor (linkParent
|
|
// s'execute avant validateBranch). Le payload porte les scalaires NotBlank
|
|
// (containerType/pricingUnit/price/priceState) pour passer la validation
|
|
// d'entite et atteindre le processor, ou le 404 prime.
|
|
$client = $this->createAdminClient();
|
|
|
|
$client->request('POST', '/api/carriers/999999/prices', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'direction' => 'CLIENT',
|
|
'containerType' => 'BENNE',
|
|
'pricingUnit' => 'TONNE',
|
|
'price' => '42.50',
|
|
'priceState' => 'VALIDE',
|
|
],
|
|
]);
|
|
self::assertResponseStatusCodeSame(404);
|
|
}
|
|
|
|
public function testPatchAndDeleteSucceedWithManage(): void
|
|
{
|
|
$price = $this->seedClientPrice('Patch Delete');
|
|
$client = $this->authenticatedClient('bureau', self::PWD); // manage (matrice § 5.2)
|
|
|
|
// PATCH (manage) -> 200
|
|
$client->request('PATCH', '/api/carrier_prices/'.$price->getId(), [
|
|
'headers' => ['Content-Type' => self::MERGE],
|
|
'json' => ['priceState' => 'NON_VALIDE'],
|
|
]);
|
|
self::assertResponseStatusCodeSame(200);
|
|
self::assertJsonContains(['priceState' => 'NON_VALIDE']);
|
|
|
|
// DELETE (manage) -> 204
|
|
$client->request('DELETE', '/api/carrier_prices/'.$price->getId());
|
|
self::assertResponseStatusCodeSame(204);
|
|
}
|
|
|
|
public function testWriteForbiddenWithoutManage(): void
|
|
{
|
|
$price = $this->seedClientPrice('Forbidden');
|
|
$carrier = $price->getCarrier();
|
|
self::assertNotNull($carrier);
|
|
$client = $this->authenticatedClient('commerciale', self::PWD); // view seul
|
|
|
|
$client->request('POST', '/api/carriers/'.$carrier->getId().'/prices', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => ['direction' => 'CLIENT'],
|
|
]);
|
|
self::assertResponseStatusCodeSame(403);
|
|
|
|
$client->request('PATCH', '/api/carrier_prices/'.$price->getId(), [
|
|
'headers' => ['Content-Type' => self::MERGE],
|
|
'json' => ['priceState' => 'VALIDE'],
|
|
]);
|
|
self::assertResponseStatusCodeSame(403);
|
|
|
|
$client->request('DELETE', '/api/carrier_prices/'.$price->getId());
|
|
self::assertResponseStatusCodeSame(403);
|
|
}
|
|
|
|
/** Id d'un site fixture (adresse de depart / livraison des prix). */
|
|
private function aSiteId(): int
|
|
{
|
|
$site = $this->getEm()->getRepository(Site::class)->findOneBy([]);
|
|
self::assertNotNull($site, 'Un site fixture est requis (SitesFixtures).');
|
|
$id = $site->getId();
|
|
self::assertNotNull($id);
|
|
|
|
return $id;
|
|
}
|
|
|
|
/**
|
|
* Seede un transporteur + un prix CLIENT complet rattache (pour les tests
|
|
* PATCH / DELETE). Passe par l'EM directement (le flux d'ecriture est teste
|
|
* via l'API ailleurs).
|
|
*/
|
|
private function seedClientPrice(string $name): CarrierPrice
|
|
{
|
|
$em = $this->getEm();
|
|
$carrier = $this->seedCarrier($name);
|
|
|
|
/** @var ClientAddress $addr */
|
|
$addr = $this->seedClientWithAddress($name);
|
|
|
|
$price = new CarrierPrice();
|
|
$price->setCarrier($carrier);
|
|
$price->setDirection('CLIENT');
|
|
$price->setClient($addr->getClient());
|
|
$price->setClientDeliveryAddress($addr);
|
|
$price->setDepartureSite($em->getRepository(Site::class)->findOneBy([]));
|
|
$price->setContainerType('BENNE');
|
|
$price->setPricingUnit('TONNE');
|
|
$price->setPrice('42.50');
|
|
$price->setPriceState('VALIDE');
|
|
$carrier->addPrice($price);
|
|
$em->persist($price);
|
|
$em->flush();
|
|
|
|
return $price;
|
|
}
|
|
}
|