matthieu
6f9bb68170
Auto Tag Develop / tag (push) Successful in 7s
## ERP-92 — Tests PHPUnit M2 fournisseurs (#521) Suite fonctionnelle M2 assertant sur le **corps JSON** (jamais les annotations), jumelle de la suite clients M1. ### Couverture - **Contrat de sérialisation** (`SupplierSerializationContractTest`) : 4 régressions M1 re-testées — RIB gaté **absent** pour la Commerciale, booléens `triageProvider`/`isArchived` présents, embed `categories[].code/name`, embed `sites[].name/postalCode` (objet, pas IRI) — + enveloppe AP4 (`member`/`totalItems`/`view`, archivés exclus) + suppression du contact inline. - **Matrice RBAC réelle** (`app:seed-rbac`, pas de mock) : bureau/compta/commerciale/usine 200/403, gating `accounting` par **omission de clé**, mode strict PATCH (RG-2.16). - **Matrice RG-2.03 → RG-2.17** (création, normalisation RG-2.12, catégorie FOURNISSEUR RG-2.10, unicité RG-2.11, archivage RG-2.14/2.15, RG-2.07/2.08 compta, sous-ressources RG-2.04/2.05/2.06/2.09). - **Anti N+1 liste** : nombre de requêtes constant entre 2 et 4 fournisseurs. **Audit** Supplier + RIB (`iban`/`bic` dans le diff). ### Fix de contrat (découvert par la DoD) Les référentiels comptables (`TvaMode`/`PaymentType`/`PaymentDelay`/`Bank`) ne portaient que `client:read:accounting` (M1) → sur un fournisseur ils sortaient en **IRI nu**. Ajout de `supplier:read:accounting` → objet `{id, code, label}` embarqué (additif, zéro impact M1). Sans ce fix, #95/#96 auraient été développés contre un contrat faux. ### Infra `makefile` : `test-db-setup` recrée l'index partiel `uq_supplier_company_name_active` (droppé par `schema:update` comme celui du client — oubli M2). ### DoD ✅ § 4.0.bis : réponses JSON **réelles** (liste + détail admin/commerciale) collées. Front #93→#96 peuvent démarrer. ### Vérifs - `make test` : **574 tests OK** (suite complète verte) - `make php-cs-fixer-allow-risky` : 0 correction --------- Co-authored-by: Matthieu <contact@malio.fr> Reviewed-on: #71 Co-authored-by: THOLOT DECHENE Matthieu <matthieu@yuno.malio.fr> Co-committed-by: THOLOT DECHENE Matthieu <matthieu@yuno.malio.fr>
141 lines
5.3 KiB
PHP
141 lines
5.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Tests\Module\Commercial\Api;
|
|
|
|
use Doctrine\DBAL\Connection;
|
|
|
|
/**
|
|
* Tests Audit du repertoire fournisseurs (M2, spec § 6). Couvre :
|
|
* - POST / PATCH / archivage -> ligne audit_log entity_type='commercial.Supplier'
|
|
* avec l'action et le diff attendus ;
|
|
* - RIB : `#[Auditable]` SANS `#[AuditIgnore]` sur iban/bic -> ces champs sensibles
|
|
* DOIVENT apparaitre dans le diff audite (decision § 2.7, miroir M1).
|
|
*
|
|
* @internal
|
|
*/
|
|
final class SupplierAuditTest extends AbstractSupplierApiTestCase
|
|
{
|
|
private const string SUPPLIER_TYPE = 'commercial.Supplier';
|
|
private const string RIB_TYPE = 'commercial.SupplierRib';
|
|
|
|
private ?Connection $auditConnection = null;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
self::bootKernel();
|
|
|
|
/** @var Connection $conn */
|
|
$conn = self::getContainer()->get('doctrine.dbal.audit_connection');
|
|
$this->auditConnection = $conn;
|
|
}
|
|
|
|
protected function tearDown(): void
|
|
{
|
|
if (null !== $this->auditConnection) {
|
|
$this->auditConnection->close();
|
|
}
|
|
parent::tearDown();
|
|
}
|
|
|
|
public function testPostSupplierIsAudited(): void
|
|
{
|
|
$admin = $this->createAdminClient();
|
|
$cat = $this->supplierCategory('NEGOCIANT');
|
|
|
|
$created = $admin->request('POST', '/api/suppliers', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'companyName' => 'Audit Created Co',
|
|
'categories' => ['/api/categories/'.$cat->getId()],
|
|
],
|
|
])->toArray();
|
|
self::assertResponseStatusCodeSame(201);
|
|
|
|
self::assertGreaterThanOrEqual(
|
|
1,
|
|
$this->countAudit(self::SUPPLIER_TYPE, (string) $created['id'], 'create'),
|
|
'Un audit_log "create" doit etre genere pour le fournisseur.',
|
|
);
|
|
}
|
|
|
|
public function testPatchSupplierIsAudited(): void
|
|
{
|
|
$admin = $this->createAdminClient();
|
|
$seed = $this->seedSupplier('Audit Patch Co');
|
|
|
|
$admin->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
|
'headers' => ['Content-Type' => self::MERGE],
|
|
'json' => ['companyName' => 'Audit Patch Renamed'],
|
|
]);
|
|
self::assertResponseStatusCodeSame(200);
|
|
|
|
self::assertGreaterThanOrEqual(
|
|
1,
|
|
$this->countAudit(self::SUPPLIER_TYPE, (string) $seed->getId(), 'update'),
|
|
'Un audit_log "update" doit etre genere pour le PATCH.',
|
|
);
|
|
}
|
|
|
|
public function testArchiveSupplierIsAudited(): void
|
|
{
|
|
$admin = $this->createAdminClient();
|
|
$seed = $this->seedSupplier('Audit Archive Co');
|
|
|
|
$admin->request('PATCH', '/api/suppliers/'.$seed->getId(), [
|
|
'headers' => ['Content-Type' => self::MERGE],
|
|
'json' => ['isArchived' => true],
|
|
]);
|
|
self::assertResponseStatusCodeSame(200);
|
|
|
|
$rows = $this->auditConnection->fetchAllAssociative(
|
|
'SELECT changes FROM audit_log WHERE entity_type = :type AND entity_id = :id AND action = :action ORDER BY performed_at DESC',
|
|
['type' => self::SUPPLIER_TYPE, 'id' => (string) $seed->getId(), 'action' => 'update'],
|
|
);
|
|
self::assertGreaterThanOrEqual(1, count($rows));
|
|
|
|
/** @var array<string, mixed> $changes */
|
|
$changes = json_decode((string) $rows[0]['changes'], true, flags: JSON_THROW_ON_ERROR);
|
|
self::assertArrayHasKey('isArchived', $changes, 'Le diff d\'archivage doit tracer isArchived.');
|
|
}
|
|
|
|
public function testRibCreateAuditIncludesIbanAndBic(): void
|
|
{
|
|
$admin = $this->createAdminClient();
|
|
$seed = $this->seedSupplier('Rib Audit Host');
|
|
|
|
$rib = $admin->request('POST', '/api/suppliers/'.$seed->getId().'/ribs', [
|
|
'headers' => ['Content-Type' => self::LD],
|
|
'json' => [
|
|
'label' => 'Compte audite',
|
|
'bic' => self::VALID_BIC,
|
|
'iban' => self::VALID_IBAN,
|
|
],
|
|
])->toArray();
|
|
self::assertResponseStatusCodeSame(201);
|
|
|
|
$rows = $this->auditConnection->fetchAllAssociative(
|
|
'SELECT changes FROM audit_log WHERE entity_type = :type AND entity_id = :id AND action = :action ORDER BY performed_at DESC',
|
|
['type' => self::RIB_TYPE, 'id' => (string) $rib['id'], 'action' => 'create'],
|
|
);
|
|
self::assertGreaterThanOrEqual(1, count($rows), 'Un audit_log "create" doit etre genere pour le RIB.');
|
|
|
|
/** @var array<string, mixed> $changes */
|
|
$changes = json_decode((string) $rows[0]['changes'], true, flags: JSON_THROW_ON_ERROR);
|
|
self::assertArrayHasKey('iban', $changes, 'iban doit figurer dans le diff audite (pas d\'AuditIgnore).');
|
|
self::assertArrayHasKey('bic', $changes, 'bic doit figurer dans le diff audite (pas d\'AuditIgnore).');
|
|
self::assertSame(self::VALID_IBAN, $changes['iban']);
|
|
self::assertSame(self::VALID_BIC, $changes['bic']);
|
|
}
|
|
|
|
private function countAudit(string $type, string $id, string $action): int
|
|
{
|
|
return (int) $this->auditConnection->fetchOne(
|
|
'SELECT COUNT(*) FROM audit_log WHERE entity_type = :type AND entity_id = :id AND action = :action',
|
|
['type' => $type, 'id' => $id, 'action' => $action],
|
|
);
|
|
}
|
|
}
|