bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(form-builder): admin UI completion — server filters, KPIs, resource expansion (WS-6 sessie 3c)

Browse Source 
Closes the four production gaps that emerged from sessie 3b's admin UI.
What we ship here is final: no further rework planned before production.

Backend
- IndexFailuresRequest validates state/search/failed_at_from/failed_at_to/
  listener_class. orgIndex + platformIndex apply them via a single
  applyIndexFilters() helper. Search runs case-insensitive `LIKE` on
  exception_message; SQL wildcards in user input are escaped.
- New /kpis aggregate endpoint per scope (orgKpis, platformKpis) returns
  open / resolved_30d / dismissed_30d / total_submissions in O(1) COUNTs.
  Replaces sessie 3b's client-side bucketing of an oversized list.
- Resource expansion: organisation_name, form_schema_label,
  resolved_by_user_name, dismissed_by_user_name, exception_trace,
  retry_history[]. Eager-loading via indexEagerLoads()/detailEagerLoads()
  prevents N+1 (verified by query-count assertion in test).
- New 2026_04_28_181000 migration adds exception_trace (longtext nullable)
  to form_submission_action_failures. ApplyBindingsOnFormSubmit listener
  now captures $e->getTraceAsString() at failure time.
- New FormSubmissionActionFailureRetryAttemptResource exposes per-attempt
  data (timestamp, actor name, outcome, exception details) inside
  retry_history[]. Index payloads omit the field via whenLoaded() to keep
  list responses lean.

Frontend (apps/app)
- Types updated to mirror the expanded resource shape and the new KPI
  endpoint contract. FormFailuresKpis is now { open, resolved_30d,
  dismissed_30d, total_submissions } (server-aggregate).
- useFormFailures composable forwards all 5 server filters via
  buildIndexParams() (strips empty/whitespace). useFormFailuresKpis hits
  the dedicated /kpis endpoint per scope.
- FormFailuresTable replaces client-side bucketing with server-side
  filtering, adds listener_class + date-range filter inputs, and renames
  the 4th KPI tile to "Submissions" (was "Totaal").
- FormFailureDetail renders organisation_name + form_schema_label in the
  header, surfaces an expandable stack-trace card, names the resolved/
  dismissed actor in the timeline, and replaces the "v1 placeholder"
  retry-history card with a full per-attempt timeline.

ESLint config gap (apps/app)
- New .eslintrc.cjs adapted from the Vuexy reference, minus Vuexy-internal
  rules. `pnpm lint` now runs successfully (was previously broken — the
  package.json script referenced a missing config). The 80 baseline
  violations across the codebase are pre-existing and out of scope for
  this session.

Tests + gates
- 24 new backend tests across filter, kpis, and resource-shape suites.
  Backend: 1462 → 1486 passing, 0 → 0 failing. Larastan clean. Rector
  dry-run unchanged at 354 (pre-Task-1 baseline from f18b55b).
- 3 new vitest tests in apps/app (filter wiring, KPI endpoint, KPI tile
  values from /kpis). Vitest: 38 → 41 passing. tsc clean. Portal
  unchanged (113 vitest, tsc clean).
- 5 backfill rollback tests bumped --step counts +1 for the new migration.
- Ws6FoundationMigrationTest down/up chain now includes exception_trace
  before the parent table is restored.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-28 23:29:58 +02:00
parent b47e096a55
commit 192353f4bc
31 changed files with 1557 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
api/app/Http/Controllers/Api/V1/FormBuilder/FormSubmissionActionFailureController.php
View File

@@ -9,11 +9,13 @@ use App\Exceptions\FormBuilder\FailureNotRetriableException;
use App\Exceptions\FormBuilder\ParentSubmissionGoneException;
use App\Http\Controllers\Controller;
use App\Http\Requests\FormBuilder\DismissFailureRequest;
use App\Http\Requests\FormBuilder\IndexFailuresRequest;
use App\Http\Requests\FormBuilder\ResolveFailureRequest;
use App\Http\Resources\FormBuilder\FormSubmissionActionFailureResource;
use App\Models\FormBuilder\FormSubmissionActionFailure;
use App\Models\Organisation;
use App\Services\FormBuilder\FormFailureRetryService;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
@@ -28,7 +30,7 @@ use Illuminate\Support\Facades\Gate;
*/
final class FormSubmissionActionFailureController extends Controller
{
public function orgIndex(Organisation $organisation): AnonymousResourceCollection
public function orgIndex(Organisation $organisation, IndexFailuresRequest $request): AnonymousResourceCollection
{
// RFC V3 IDOR-class — the user must be super_admin OR an
// org_admin on THIS specific organisation. Viewing any org's
@@ -38,28 +40,64 @@ final class FormSubmissionActionFailureController extends Controller
// resolve/dismiss.
$this->authorizeViewAnyInOrgOrNotFound($organisation);
$failures = FormSubmissionActionFailure::query()
$query = FormSubmissionActionFailure::query()
->with($this->indexEagerLoads())
->whereHas('submission', function ($q) use ($organisation): void {
/** @var \Illuminate\Database\Eloquent\Builder<\App\Models\FormBuilder\FormSubmission> $q */
$q->where('organisation_id', $organisation->id);
})
->latest('failed_at')
->paginate(50);
});
$this->applyIndexFilters($query, $request);
$failures = $query->latest('failed_at')->paginate(50)->withQueryString();
return FormSubmissionActionFailureResource::collection($failures);
}
public function platformIndex(): AnonymousResourceCollection
public function platformIndex(IndexFailuresRequest $request): AnonymousResourceCollection
{
Gate::authorize('viewAny', FormSubmissionActionFailure::class);
$failures = FormSubmissionActionFailure::query()
->latest('failed_at')
->paginate(50);
$query = FormSubmissionActionFailure::query()->with($this->indexEagerLoads());
$this->applyIndexFilters($query, $request);
$failures = $query->latest('failed_at')->paginate(50)->withQueryString();
return FormSubmissionActionFailureResource::collection($failures);
}
/**
* Sessie 3c admin-UI dashboard counters (org-scoped). Same
* tenant gate as orgIndex (RFC V3): denied 404.
*/
public function orgKpis(Organisation $organisation): JsonResponse
{
$this->authorizeViewAnyInOrgOrNotFound($organisation);
return response()->json([
'data' => $this->buildKpis(
FormSubmissionActionFailure::query()
->whereHas('submission', function ($q) use ($organisation): void {
/** @var \Illuminate\Database\Eloquent\Builder<\App\Models\FormBuilder\FormSubmission> $q */
$q->where('organisation_id', $organisation->id);
}),
$organisation,
),
]);
}
/**
* Sessie 3c platform-wide dashboard counters (super_admin only).
*/
public function platformKpis(): JsonResponse
{
Gate::authorize('viewAny', FormSubmissionActionFailure::class);
return response()->json([
'data' => $this->buildKpis(FormSubmissionActionFailure::query(), null),
]);
}
public function show(?Organisation $organisation, FormSubmissionActionFailure $formSubmissionActionFailure): FormSubmissionActionFailureResource
{
// $organisation is bound only on the org-scoped route; null on the
@@ -70,6 +108,8 @@ final class FormSubmissionActionFailureController extends Controller
unset($organisation);
$this->authorizeOrNotFound('view', $formSubmissionActionFailure);
$formSubmissionActionFailure->load($this->detailEagerLoads());
return new FormSubmissionActionFailureResource($formSubmissionActionFailure);
}
@@ -97,7 +137,7 @@ final class FormSubmissionActionFailureController extends Controller
], 410);
}
return new FormSubmissionActionFailureResource($failure->refresh());
return new FormSubmissionActionFailureResource($failure->refresh()->load($this->detailEagerLoads()));
}
public function resolve(
@@ -126,7 +166,7 @@ final class FormSubmissionActionFailureController extends Controller
$failure->resolved_by_user_id = $request->user()?->id;
$failure->save();
return new FormSubmissionActionFailureResource($failure->refresh());
return new FormSubmissionActionFailureResource($failure->refresh()->load($this->detailEagerLoads()));
}
public function dismiss(
@@ -156,7 +196,118 @@ final class FormSubmissionActionFailureController extends Controller
$failure->dismissed_by_user_id = $request->user()?->id;
$failure->save();
return new FormSubmissionActionFailureResource($failure->refresh());
return new FormSubmissionActionFailureResource($failure->refresh()->load($this->detailEagerLoads()));
}
/**
* Sessie 3c relations needed by the index Resource.
* Tight set: org+schema labels and the two action-actor user names.
* Skip retryAttempts on the index for payload size; show endpoint
* lazy-loads it via {@see detailEagerLoads()}.
*
* @return array<int, string>
*/
private function indexEagerLoads(): array
{
return [
'submission:id,form_schema_id,organisation_id',
'submission.organisation:id,name',
'submission.schema:id,name',
'resolvedBy:id,first_name,last_name',
'dismissedBy:id,first_name,last_name',
];
}
/**
* Sessie 3c relations for the detail Resource. Adds retryAttempts
* with attempted-by user for the timeline.
*
* @return array<int, string>
*/
private function detailEagerLoads(): array
{
return [
'submission:id,form_schema_id,organisation_id',
'submission.organisation:id,name',
'submission.schema:id,name',
'resolvedBy:id,first_name,last_name',
'dismissedBy:id,first_name,last_name',
'retryAttempts',
'retryAttempts.attemptedBy:id,first_name,last_name',
];
}
/**
* Sessie 3c KPI aggregate (open / resolved 30d / dismissed 30d /
* total submissions). The 30d windows are computed via aggregate
* SQL (single COUNT per metric) so the cost stays O(1) on indexed
* columns regardless of org volume.
*
* `total_submissions` is org-scoped when an organisation is given;
* platform-wide otherwise. We re-query FormSubmission rather than
* derive it from the failures query because total submissions is
* unrelated to the failure rowset.
*
* @param Builder<FormSubmissionActionFailure> $query
* @return array{open:int, resolved_30d:int, dismissed_30d:int, total_submissions:int}
*/
private function buildKpis(Builder $query, ?Organisation $organisation): array
{
$thirtyDaysAgo = now()->subDays(30);
$open = (clone $query)->whereNull('resolved_at')->whereNull('dismissed_at')->count();
$resolved30d = (clone $query)->where('resolved_at', '>=', $thirtyDaysAgo)->count();
$dismissed30d = (clone $query)->where('dismissed_at', '>=', $thirtyDaysAgo)->count();
$submissionsQuery = \App\Models\FormBuilder\FormSubmission::query();
if ($organisation instanceof Organisation) {
$submissionsQuery->where('organisation_id', $organisation->id);
}
return [
'open' => $open,
'resolved_30d' => $resolved30d,
'dismissed_30d' => $dismissed30d,
'total_submissions' => $submissionsQuery->count(),
];
}
/**
* Sessie 3c apply admin-UI filters to the failure query.
*
* Default state = `open`. Search runs case-insensitive substring
* match on `exception_message`. Date range is half-open by default
* (Laravel `whereBetween` is inclusive on both ends sufficient
* for ISO date inputs from the date-picker UI).
*
* @param Builder<FormSubmissionActionFailure> $query
*/
private function applyIndexFilters(Builder $query, IndexFailuresRequest $request): void
{
$state = (string) ($request->validated('state') ?? 'open');
match ($state) {
'open' => $query->whereNull('resolved_at')->whereNull('dismissed_at'),
'resolved' => $query->whereNotNull('resolved_at'),
'dismissed' => $query->whereNotNull('dismissed_at'),
'all' => null,
default => null,
};
if (($search = $request->validated('search')) !== null && $search !== '') {
$like = '%'.str_replace(['%', '_'], ['\\%', '\\_'], (string) $search).'%';
$query->where('exception_message', 'like', $like);
}
if (($from = $request->validated('failed_at_from')) !== null) {
$query->where('failed_at', '>=', $from);
}
if (($to = $request->validated('failed_at_to')) !== null) {
$query->where('failed_at', '<=', $to);
}
if (($listener = $request->validated('listener_class')) !== null && $listener !== '') {
$query->where('listener_class', $listener);
}
}
/**