MALIO-DEV/Starseed
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
865180e648aa88d9eb6ac7ce2d12f098a75a9f79
Starseed/tests/Module/Commercial/Api/ClientSubResourceApiTest.php
T
matthieu 120058049c
Auto Tag Develop / tag (push) Successful in 7s
Details
test(commercial) : cover RG-1.01..1.29 except role-gated (M1) + polish stack (#38) 
Dernier wagon de la stack back M1. ERP-60 = polish stack + couverture de tests PHPUnit NON dépendante des rôles métier (cf. spec § 7 / § 8.1).

## Phase 0 — polish stack (déjà mergé dans les branches basses via rebase)
- ERP-59 : route sidebar `/clients` (au lieu de `/commercial/clients`), cohérente avec `/suppliers`.
- One-liner pagination Client abandonné : `pagination_client_enabled: true` est déjà le défaut global → `?pagination=false` marche déjà sur `/api/clients` (décision P7).

## Phase 1 — tests (combler les trous, zéro duplication)
8 nouvelles suites couvrant les RG non encore testées par ERP-55/56/57/58 :
- `ClientFormulaireMainTest` — RG-1.02 (téléphone secondaire, max 2).
- `ClientAddressTest` — RG-1.06/07/08 + RG-1.11 (CHECK BDD prospect/billing).
- `ClientUniquenessTest` — RG-1.15/1.17 (Q4 : SIREN/email NON uniques).
- `ClientArchiveTest` — **RG-1.23 : 409 restauration en conflit (gap P1)**.
- `ClientAuditTest` — RG-1.27 (created* figés / updatedBy modificateur) + iban/bic présents dans le diff audité.
- `ClientMigrationTest` — index partiel unique `uq_client_company_name_active` (1 seul) ; pas d'index siren/email.
- `ClientSecurityTest` — 401 anonyme + 403 sans `commercial.clients.view`.
- `ClientPatchStrictTest` — RG-1.28 (403 strict mix de groupes, fonctionnel).

Cahier de test complet (mapping de TOUTES les RG → test) : `docs/specs/M1-clients/cahier-test-back-M1.md`.

## Délégué à ERP-74 (#493)
Matrice RBAC différenciée (bureau/compta/commerciale/usine) + RG-1.04 fonctionnel — exigent les rôles métier seedés après le merge de la stack.

## Gaps documentés (cahier)
- RG-1.29 validation écriture (catégorie type sur adresse → 422) non implémentée back (hors § 8.1, ticket test-only).
- Violations CHECK adresse → rejet (≥400) sans mapping fin 422 (amélioration possible).

## Vérifs
`make db-reset && make php-cs-fixer-allow-risky && make test` → **421 tests OK, 1386 assertions, 0 risky**. Nouveaux tests : 17, 71 assertions.

---------

Co-authored-by: Matthieu <contact@malio.fr>
Reviewed-on: #38
Co-authored-by: THOLOT DECHENE Matthieu <matthieu@yuno.malio.fr>
Co-committed-by: THOLOT DECHENE Matthieu <matthieu@yuno.malio.fr>
2026-06-01 19:46:39 +00:00

321 lines
11 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Tests\Module\Commercial\Api;
use App\Module\Commercial\Domain\Entity\Client as ClientEntity;
use App\Module\Commercial\Domain\Entity\ClientContact;
use App\Module\Commercial\Domain\Entity\ClientRib;
use App\Module\Commercial\Domain\Entity\PaymentType;
use App\Module\Sites\Domain\Entity\Site;
/**
* Tests fonctionnels des sous-ressources Contacts / Adresses / RIB (ERP-57,
* spec § 4.5). Couvrent : CRUD via admin, normalisation serveur
* (RG-1.19/1.20/1.21), validations (Assert\Count sites RG-1.10, Assert\Iban/Bic),
* regles metier RG-1.13 (DELETE dernier RIB sous LCR -> 409) et RG-1.14 (DELETE
* dernier contact -> 409), plus le gating comptable (POST/PATCH/DELETE de
* client_ribs sans accounting.manage -> 403).
*
* @internal
*/
final class ClientSubResourceApiTest extends AbstractCommercialApiTestCase
{
private const string LD = 'application/ld+json';
private const string MERGE = 'application/merge-patch+json';
private const string VALID_IBAN = 'FR1420041010050500013M02606';
private const string VALID_BIC = 'BNPAFRPPXXX';
// === Contacts ===
public function testPostContactNormalizesFields(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Contact Host');
$data = $client->request('POST', '/api/clients/'.$seed->getId().'/contacts', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'firstName' => 'JEAN',
'lastName' => 'dupont',
'phonePrimary' => '06.12.34.56.78',
'email' => 'Jean.DUPONT@ACME.FR',
],
])->toArray();
self::assertResponseStatusCodeSame(201);
// RG-1.19 / 1.20 / 1.21
self::assertSame('Jean', $data['firstName']);
self::assertSame('Dupont', $data['lastName']);
self::assertSame('0612345678', $data['phonePrimary']);
self::assertSame('jean.dupont@acme.fr', $data['email']);
}
public function testPostContactWithoutNameReturns422(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Contact No Name');
$client->request('POST', '/api/clients/'.$seed->getId().'/contacts', [
'headers' => ['Content-Type' => self::LD],
'json' => ['jobTitle' => 'Directeur'],
]);
// RG-1.05
self::assertResponseStatusCodeSame(422);
}
public function testPatchContactNormalizes(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Contact Patch');
$contact = $this->seedContact($seed, 'Paul');
$data = $client->request('PATCH', '/api/client_contacts/'.$contact->getId(), [
'headers' => ['Content-Type' => self::MERGE],
'json' => ['lastName' => 'martin'],
])->toArray();
self::assertResponseStatusCodeSame(200);
self::assertSame('Martin', $data['lastName']);
}
public function testDeleteContactWhenSeveralReturns204(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Contact Multi');
$this->seedContact($seed, 'Premier');
$second = $this->seedContact($seed, 'Second');
$client->request('DELETE', '/api/client_contacts/'.$second->getId());
self::assertResponseStatusCodeSame(204);
}
public function testDeleteLastContactReturns409(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Contact Solo');
$only = $this->seedContact($seed, 'Unique');
$client->request('DELETE', '/api/client_contacts/'.$only->getId());
// RG-1.14
self::assertResponseStatusCodeSame(409);
}
// === Adresses ===
public function testPostAddressNormalizesBillingEmail(): void
{
$this->skipIfSitesModuleDisabled();
$client = $this->createAdminClient();
$seed = $this->seedClient('Address Host');
$siteIri = $this->firstSiteIri();
$data = $client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'isBilling' => true,
'billingEmail' => 'Facturation@ACME.FR',
'postalCode' => '86100',
'city' => 'Châtellerault',
'street' => '1 rue du Test',
'sites' => [$siteIri],
],
])->toArray();
self::assertResponseStatusCodeSame(201);
// RG-1.21
self::assertSame('facturation@acme.fr', $data['billingEmail']);
}
public function testPostAddressWithoutSiteReturns422(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Address No Site');
$client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'postalCode' => '86100',
'city' => 'Châtellerault',
'street' => '1 rue du Test',
'sites' => [],
],
]);
// RG-1.10 (Assert\Count min 1)
self::assertResponseStatusCodeSame(422);
}
public function testPostAddressWithInvalidPostalCodeReturns422(): void
{
$this->skipIfSitesModuleDisabled();
$client = $this->createAdminClient();
$seed = $this->seedClient('Address Bad CP');
$siteIri = $this->firstSiteIri();
$client->request('POST', '/api/clients/'.$seed->getId().'/addresses', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'postalCode' => '123',
'city' => 'Châtellerault',
'street' => '1 rue du Test',
'sites' => [$siteIri],
],
]);
// RG-1.09 (Assert\Regex ^[0-9]{4,5}$)
self::assertResponseStatusCodeSame(422);
}
// === RIBs ===
public function testPostRibByAdminReturns201(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Rib Host');
$data = $client->request('POST', '/api/clients/'.$seed->getId().'/ribs', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'label' => 'Compte principal',
'bic' => self::VALID_BIC,
'iban' => self::VALID_IBAN,
],
])->toArray();
self::assertResponseStatusCodeSame(201);
self::assertSame('Compte principal', $data['label']);
}
public function testPostRibWithInvalidIbanReturns422(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Rib Bad Iban');
$client->request('POST', '/api/clients/'.$seed->getId().'/ribs', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'label' => 'Compte invalide',
'bic' => self::VALID_BIC,
'iban' => 'INVALID-IBAN',
],
]);
// Assert\Iban
self::assertResponseStatusCodeSame(422);
}
public function testDeleteRibNonLcrReturns204(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Rib Non LCR');
$rib = $this->seedRib($seed);
$client->request('DELETE', '/api/client_ribs/'.$rib->getId());
self::assertResponseStatusCodeSame(204);
}
public function testDeleteLastRibUnderLcrReturns409(): void
{
$client = $this->createAdminClient();
$seed = $this->seedClient('Rib LCR Solo');
$this->setPaymentType($seed, 'LCR');
$rib = $this->seedRib($seed);
$client->request('DELETE', '/api/client_ribs/'.$rib->getId());
// RG-1.13
self::assertResponseStatusCodeSame(409);
}
public function testRibWriteWithoutAccountingManageReturns403(): void
{
// Un utilisateur portant seulement commercial.clients.manage (sans
// accounting.manage) ne peut ni creer, ni modifier, ni supprimer un RIB.
$seed = $this->seedClient('Rib Forbidden');
$rib = $this->seedRib($seed);
$credentials = $this->createUserWithPermission('commercial.clients.manage');
$client = $this->authenticatedClient($credentials['username'], $credentials['password']);
$client->request('POST', '/api/clients/'.$seed->getId().'/ribs', [
'headers' => ['Content-Type' => self::LD],
'json' => ['label' => 'X', 'bic' => self::VALID_BIC, 'iban' => self::VALID_IBAN],
]);
self::assertResponseStatusCodeSame(403);
$client->request('PATCH', '/api/client_ribs/'.$rib->getId(), [
'headers' => ['Content-Type' => self::MERGE],
'json' => ['label' => 'Y'],
]);
self::assertResponseStatusCodeSame(403);
$client->request('DELETE', '/api/client_ribs/'.$rib->getId());
self::assertResponseStatusCodeSame(403);
}
// === Helpers ===
/**
* Seede un ClientContact rattache a un client (sans passer par l'API).
*/
private function seedContact(ClientEntity $client, string $firstName): ClientContact
{
$em = $this->getEm();
$contact = new ClientContact();
$contact->setFirstName($firstName);
$contact->setClient($client);
$em->persist($contact);
$em->flush();
return $contact;
}
/**
* Seede un ClientRib valide rattache a un client (sans passer par l'API).
*/
private function seedRib(ClientEntity $client): ClientRib
{
$em = $this->getEm();
$rib = new ClientRib();
$rib->setLabel('Seed RIB');
$rib->setBic(self::VALID_BIC);
$rib->setIban(self::VALID_IBAN);
$rib->setClient($client);
$em->persist($rib);
$em->flush();
return $rib;
}
/**
* Affecte un type de reglement (par code) au client seede.
*/
private function setPaymentType(ClientEntity $client, string $code): void
{
$em = $this->getEm();
$type = $em->getRepository(PaymentType::class)->findOneBy(['code' => $code]);
self::assertNotNull($type, sprintf('PaymentType "%s" introuvable (fixtures).', $code));
$managed = $em->getRepository(ClientEntity::class)->find($client->getId());
$managed->setPaymentType($type);
$em->flush();
}
/**
* Retourne l'IRI du premier site seede (fixtures Sites). Skip en amont si le
* module Sites est desactive.
*/
private function firstSiteIri(): string
{
$site = $this->getEm()->getRepository(Site::class)->findOneBy([]);
self::assertNotNull($site, 'Aucun site seede : impossible de tester les adresses.');
return '/api/sites/'.$site->getId();
}
}
Reference in New Issue View Git Blame Copy Permalink