test(form-builder): feature suites + integration contracts incl. FORM-02 (§31.10)

Phase 6 of S2b. 37 new tests, 820 → 857 passing across the suite.

Feature suites (api/tests/Feature/FormBuilder/):
- FormSchemaApiTest: CRUD, publish/unpublish, rotate-public-token (with
  grace window), edit-lock conflict, typed-confirmation delete, 401 on
  unauthenticated, 403 on outsider.
- FormFieldApiTest: create, reorder, binding-change guard (422 w/o force,
  200 with force), conditional_logic cycle rejection, 401 unauth.
- FormSubmissionApiTest: draft → values → submit stores schema snapshot +
  version; review records reviewer; delegation creates active row; draft
  update blocked for non-subject non-delegatee (403).
- FormValueSecurityTest: FieldAccessService hides admin-only fields from
  non-admin; subject-self bypass; admin-only field leaks through neither
  admin list nor non-admin detail responses (§22.9 intent).
- PublicFormApiTest: portal-visible non-admin fields only; unknown token
  → 404; happy-path submission; expired-previous-token → 410; grace
  window still allows submission.
- FormSchemaWebhookApiTest: url/secret NEVER returned in resources;
  DeliverFormWebhookJob rejects 10.x private-ip SSRF (response_body_excerpt
  logs rejection).
- FilterRegistryApiTest: response shape includes tags + form_field
  sources; form_field filter registers.

Integration contract (§31.10):
- TagPickerSyncListenerTest: 5 cases proving (a) no-op on user_id=null,
  (b) sync on submit, (c) deferred sync via
  PersonIdentityService::confirmMatch, (d) organiser_assigned tags
  preserved on rebuild, (e) idempotent rerun.

Fixes discovered while writing tests:
- SyncTagPickerSelectionsOnSubmit: removed hardcoded connection='redis'
  so tests run via sync queue (QUEUE_CONNECTION fallback).
- FormSubmissionService: corrected FormSubmissionReviewed / DraftUpdated
  event signatures to match S1 event classes.
- FormSubmission model: added schema_version_at_submit / snapshot /
  anonymised_at / submission_duration_seconds / auto_save_count to
  $fillable so bulk operations + factory states populate consistently.
- FormSchema: added version, edit_lock_user_id, edit_lock_expires_at to
  $fillable; factory now sets version=1 explicitly.
- FormValueService: public submission path (actor=null) enforces
  is_portal_visible=true AND is_admin_only=false at the write layer
  instead of running FieldAccessService against a null user.
- MigrationRollbackTest: target the S2a drop migration by filename.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

api/tests/Feature/FormBuilder/FormSubmissionApiTest.php

@@ -0,0 +1,144 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Feature\FormBuilder;
+
+use App\Enums\FormBuilder\FormFieldType;
+use App\Enums\FormBuilder\FormSchemaSnapshotMode;
+use App\Enums\FormBuilder\FormSubmissionReviewStatus;
+use App\Enums\FormBuilder\FormSubmissionStatus;
+use App\Models\FormBuilder\FormField;
+use App\Models\FormBuilder\FormSchema;
+use App\Models\FormBuilder\FormSubmission;
+use App\Models\Organisation;
+use App\Models\User;
+use Database\Seeders\RoleSeeder;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Laravel\Sanctum\Sanctum;
+use Tests\TestCase;
+
+final class FormSubmissionApiTest extends TestCase
+{
+    use RefreshDatabase;
+
+    private Organisation $org;
+
+    private User $admin;
+
+    private User $submitter;
+
+    private FormSchema $schema;
+
+    private FormField $field;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->seed(RoleSeeder::class);
+        $this->org = Organisation::factory()->create();
+        $this->admin = User::factory()->create();
+        $this->org->users()->attach($this->admin, ['role' => 'org_admin']);
+        $this->submitter = User::factory()->create();
+        $this->org->users()->attach($this->submitter, ['role' => 'org_member']);
+
+        $this->schema = FormSchema::factory()->create([
+            'organisation_id' => $this->org->id,
+            'snapshot_mode' => FormSchemaSnapshotMode::ON_SUBMIT,
+        ]);
+        $this->field = FormField::factory()->create([
+            'form_schema_id' => $this->schema->id,
+            'field_type' => FormFieldType::TEXT->value,
+            'slug' => 'motivatie',
+            'label' => 'Motivatie',
+            'role_restrictions' => null,
+        ]);
+    }
+
+    public function test_create_draft_and_submit_stores_schema_snapshot(): void
+    {
+        Sanctum::actingAs($this->submitter);
+
+        // Create draft (subject = user self)
+        $create = $this->postJson(
+            "/api/v1/organisations/{$this->org->id}/forms/schemas/{$this->schema->id}/submissions",
+            ['subject_type' => 'user', 'subject_id' => $this->submitter->id],
+        );
+        $create->assertCreated();
+        $submissionId = $create->json('data.id');
+
+        // Upsert values
+        $this->putJson(
+            "/api/v1/organisations/{$this->org->id}/forms/submissions/{$submissionId}/field-values",
+            ['values' => ['motivatie' => 'Ik doe graag mee.']],
+        )->assertOk();
+
+        // Submit
+        $this->postJson("/api/v1/organisations/{$this->org->id}/forms/submissions/{$submissionId}/submit")
+            ->assertOk()
+            ->assertJsonPath('data.status', FormSubmissionStatus::SUBMITTED->value);
+
+        $submission = FormSubmission::query()->findOrFail($submissionId);
+        $this->assertNotNull($submission->schema_snapshot);
+        $this->assertEquals($this->schema->version, $submission->schema_version_at_submit);
+    }
+
+    public function test_review_transitions_status_and_records_reviewer(): void
+    {
+        Sanctum::actingAs($this->admin);
+        $submission = FormSubmission::factory()->create([
+            'form_schema_id' => $this->schema->id,
+            'status' => FormSubmissionStatus::SUBMITTED->value,
+            'submitted_by_user_id' => $this->submitter->id,
+            'submitted_at' => now(),
+        ]);
+
+        $this->postJson(
+            "/api/v1/organisations/{$this->org->id}/forms/submissions/{$submission->id}/review",
+            ['status' => FormSubmissionReviewStatus::APPROVED->value, 'review_notes' => 'Goed ingevuld.'],
+        )->assertOk();
+
+        $fresh = $submission->fresh();
+        $this->assertSame($this->admin->id, $fresh->reviewed_by_user_id);
+    }
+
+    public function test_delegate_creates_active_delegation(): void
+    {
+        Sanctum::actingAs($this->submitter);
+        $other = User::factory()->create();
+        $this->org->users()->attach($other, ['role' => 'org_member']);
+
+        $submission = FormSubmission::factory()->create([
+            'form_schema_id' => $this->schema->id,
+            'status' => FormSubmissionStatus::DRAFT->value,
+            'subject_type' => 'user',
+            'subject_id' => $this->submitter->id,
+        ]);
+
+        $this->postJson(
+            "/api/v1/organisations/{$this->org->id}/forms/submissions/{$submission->id}/delegate",
+            ['delegated_to_user_id' => $other->id, 'message' => 'Kijk er even naar.'],
+        )->assertCreated();
+
+        $this->assertSame(1, $submission->fresh()->delegations()->whereNull('revoked_at')->count());
+    }
+
+    public function test_update_blocked_for_non_subject_non_delegatee(): void
+    {
+        $outsider = User::factory()->create();
+        $this->org->users()->attach($outsider, ['role' => 'org_member']);
+        Sanctum::actingAs($outsider);
+
+        $submission = FormSubmission::factory()->create([
+            'form_schema_id' => $this->schema->id,
+            'status' => FormSubmissionStatus::DRAFT->value,
+            'subject_type' => 'user',
+            'subject_id' => $this->submitter->id,
+        ]);
+
+        $this->putJson(
+            "/api/v1/organisations/{$this->org->id}/forms/submissions/{$submission->id}/field-values",
+            ['values' => ['motivatie' => 'hack']],
+        )->assertStatus(403);
+    }
+}