MALIO-DEV/Starseed
3
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity
Files
ee1f344764ac81063a2734901fd2fb3af455c97f
Starseed/tests/Module/Technique/Api/ProviderAuditTest.php
T
matthieu 3fe0f676f6
Auto Tag Develop / tag (push) Successful in 11s
Details
test(technique) : couvrir RG-3.x PHPUnit + capturer le contrat JSON (ERP-139) (#100) 
Ticket Lesstime #139 (M3 — Répertoire prestataires, position 1.9). DoD back avant le front : suite PHPUnit consolidée sur la matrice § 8.1 + captures JSON réelles dans la spec § 4.0.bis.

## Contenu
- **Fix réfs comptables** : `provider:read:accounting` ajouté sur `TvaMode`/`PaymentDelay`/`PaymentType`/`Bank` — sans ça elles sortaient en IRI nu dans le détail prestataire (réplique du fix ERP-92 du M2, piège #1 § 4.0.bis).
- **`ProviderSerializationContractTest`** (13 tests) : gating RIB/scalaires par omission, réfs compta en objet `{id,code,label}`, `isArchived`, embed categories/sites liste+détail, sous-collections, enveloppe AP4 ; `testDodReferenceJsonShape` dumpe le JSON réel (`PROVIDER_DOD_DUMP=1`).
- **`ProviderAuditTest`** (5 tests) : create/update/archive (`technique.Provider`), iban/bic dans le diff (`technique.ProviderRib`, pas dAuditIgnore), trace M2M `sites`.
- **`ProviderListTest`** étendu : `?pagination=false`, anti-N+1, filtre `?typeCode=PRESTATAIRE`.
- **`ProviderRbacGatingTest`** étendu : restauration en conflit de nom → 409 (RG-3.14).
- **`ProviderFixtures`** (§ 8.4) : démo idempotente (complet VIREMENT+banque+RIB, LCR+RIB, CHEQUE multi-cat, minimal, archivé) répartie sur sites 86/17/82 ; skip en env `test`.
- Helper `seedCompleteProvider` ; spec § 4.0.bis : gabarits remplacés par les captures réelles (liste + détail avec/sans accounting.view).

## Vérifications
- `make php-cs-fixer-allow-risky` → 0 fichier
- `make test` → OK, 677 tests, 3328 assertions (garde-fous globaux verts)

## Notes
- MR stackée sur ERP-138 (base = sa branche).
- Fixtures démo exercées en dev via `make fixtures` (autowiring vérifié).

---------

Co-authored-by: Matthieu <contact@malio.fr>
Reviewed-on: #100
2026-06-12 14:44:43 +00:00

163 lines
6.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Tests\Module\Technique\Api;
use Doctrine\DBAL\Connection;
/**
* Tests Audit du repertoire prestataires (M3, spec § 6). Jumeau du
* {@see \App\Tests\Module\Commercial\Api\SupplierAuditTest} (M2). Couvre :
* - POST / PATCH / archivage -> ligne audit_log entity_type='technique.Provider'
* avec l'action et le diff attendus ;
* - RIB : `#[Auditable]` SANS `#[AuditIgnore]` sur iban/bic -> ces champs sensibles
* DOIVENT apparaitre dans le diff audite (decision § 2.7, miroir M1/M2) ;
* - M2M `sites` : un PATCH du formulaire principal qui modifie les sites trace la
* relation many-to-many (audit M2M automatique, § 2.7).
*
* @internal
*/
final class ProviderAuditTest extends AbstractProviderApiTestCase
{
private const string PROVIDER_TYPE = 'technique.Provider';
private const string RIB_TYPE = 'technique.ProviderRib';
private ?Connection $auditConnection = null;
protected function setUp(): void
{
parent::setUp();
self::bootKernel();
/** @var Connection $conn */
$conn = self::getContainer()->get('doctrine.dbal.audit_connection');
$this->auditConnection = $conn;
}
protected function tearDown(): void
{
if (null !== $this->auditConnection) {
$this->auditConnection->close();
}
parent::tearDown();
}
public function testPostProviderIsAudited(): void
{
$admin = $this->createAdminClient();
$payload = $this->validMainPayload('Audit Created Co', [self::SITE_86]);
$created = $admin->request('POST', '/api/providers', [
'headers' => ['Content-Type' => self::LD],
'json' => $payload,
])->toArray();
self::assertResponseStatusCodeSame(201);
self::assertGreaterThanOrEqual(
1,
$this->countAudit(self::PROVIDER_TYPE, (string) $created['id'], 'create'),
'Un audit_log "create" doit etre genere pour le prestataire.',
);
}
public function testPatchProviderIsAudited(): void
{
$admin = $this->createAdminClient();
$seed = $this->seedProvider('Audit Patch Co', [self::SITE_86]);
$admin->request('PATCH', '/api/providers/'.$seed->getId(), [
'headers' => ['Content-Type' => self::MERGE],
'json' => ['companyName' => 'Audit Patch Renamed'],
]);
self::assertResponseStatusCodeSame(200);
self::assertGreaterThanOrEqual(
1,
$this->countAudit(self::PROVIDER_TYPE, (string) $seed->getId(), 'update'),
'Un audit_log "update" doit etre genere pour le PATCH.',
);
}
public function testArchiveProviderIsAudited(): void
{
$admin = $this->createAdminClient();
$seed = $this->seedProvider('Audit Archive Co', [self::SITE_86]);
$admin->request('PATCH', '/api/providers/'.$seed->getId(), [
'headers' => ['Content-Type' => self::MERGE],
'json' => ['isArchived' => true],
]);
self::assertResponseStatusCodeSame(200);
$changes = $this->latestChanges(self::PROVIDER_TYPE, (string) $seed->getId(), 'update');
self::assertArrayHasKey('isArchived', $changes, 'Le diff d\'archivage doit tracer isArchived.');
}
public function testPatchSitesIsAuditedAsManyToMany(): void
{
$admin = $this->createAdminClient();
$seed = $this->seedProvider('Audit Sites Co', [self::SITE_86]);
// PATCH du formulaire principal : on passe a 2 sites (86 + 17). L'audit M2M
// automatique (§ 2.7) doit tracer la relation `sites` dans le diff.
$admin->request('PATCH', '/api/providers/'.$seed->getId(), [
'headers' => ['Content-Type' => self::MERGE],
'json' => ['sites' => [
'/api/sites/'.$this->site(self::SITE_86)->getId(),
'/api/sites/'.$this->site(self::SITE_17)->getId(),
]],
]);
self::assertResponseStatusCodeSame(200);
$changes = $this->latestChanges(self::PROVIDER_TYPE, (string) $seed->getId(), 'update');
self::assertArrayHasKey('sites', $changes, 'La modification M2M des sites doit etre tracee.');
}
public function testRibCreateAuditIncludesIbanAndBic(): void
{
$admin = $this->createAdminClient();
$seed = $this->seedProvider('Rib Audit Host', [self::SITE_86]);
$rib = $admin->request('POST', '/api/providers/'.$seed->getId().'/ribs', [
'headers' => ['Content-Type' => self::LD],
'json' => [
'label' => 'Compte audite',
'bic' => self::VALID_BIC,
'iban' => self::VALID_IBAN,
],
])->toArray();
self::assertResponseStatusCodeSame(201);
$changes = $this->latestChanges(self::RIB_TYPE, (string) $rib['id'], 'create');
self::assertArrayHasKey('iban', $changes, 'iban doit figurer dans le diff audite (pas d\'AuditIgnore).');
self::assertArrayHasKey('bic', $changes, 'bic doit figurer dans le diff audite (pas d\'AuditIgnore).');
self::assertSame(self::VALID_IBAN, $changes['iban']);
self::assertSame(self::VALID_BIC, $changes['bic']);
}
/**
* Decode le `changes` (diff) de la derniere ligne audit_log correspondante.
*
* @return array<string, mixed>
*/
private function latestChanges(string $type, string $id, string $action): array
{
$rows = $this->auditConnection->fetchAllAssociative(
'SELECT changes FROM audit_log WHERE entity_type = :type AND entity_id = :id AND action = :action ORDER BY performed_at DESC',
['type' => $type, 'id' => $id, 'action' => $action],
);
self::assertGreaterThanOrEqual(1, count($rows), sprintf('Un audit_log "%s" doit exister pour %s#%s.', $action, $type, $id));
return json_decode((string) $rows[0]['changes'], true, flags: JSON_THROW_ON_ERROR);
}
private function countAudit(string $type, string $id, string $action): int
{
return (int) $this->auditConnection->fetchOne(
'SELECT COUNT(*) FROM audit_log WHERE entity_type = :type AND entity_id = :id AND action = :action',
['type' => $type, 'id' => $id, 'action' => $action],
);
}
}
Reference in New Issue View Git Blame Copy Permalink