feat(form-builder): integrate PublishGuard framework into FormSchemaService::publish() (WS-6)

assertPublishGuardsSatisfied() runs additively after the existing assertRequiredBindingsPresent() check. Failures are collected (not first-fail) so PublishGuardViolationException carries the full list to the builder UI in one 422 response. PurposeRequirementsNotMetException remains for missing bindings; PublishGuardViolationException covers semantic constraints (is_identity_key flag, no-ambiguous-trust, append-collection-only, section-aware schemas, conditional triggers). Two pre-existing tests updated their fixtures to satisfy the new guards (PublishChecksRelationalBindingsTest + PurposeSchemaLifecycleTest): EMAIL field type + is_identity_key on person.email + unique trust levels are now required for event_registration to publish. Refs: RFC-WS-6.md §3 (Q13) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 23:07:12 +02:00
parent e3c9211e3f
commit 7a747382a0
5 changed files with 288 additions and 15 deletions
--- a/api/tests/Feature/FormBuilder/Bindings/PublishChecksRelationalBindingsTest.php
+++ b/api/tests/Feature/FormBuilder/Bindings/PublishChecksRelationalBindingsTest.php
@@ -4,9 +4,11 @@ declare(strict_types=1);

 namespace Tests\Feature\FormBuilder\Bindings;

+use App\Enums\FormBuilder\FormFieldType;
 use App\Enums\FormBuilder\FormPurpose;
 use App\Exceptions\FormBuilder\PurposeRequirementsNotMetException;
 use App\Models\FormBuilder\FormField;
+use App\Models\FormBuilder\FormFieldBinding;
 use App\Models\FormBuilder\FormSchema;
 use App\Models\Organisation;
 use App\Models\User;
@@ -53,9 +55,22 @@ final class PublishChecksRelationalBindingsTest extends TestCase
            $this->actor,
        );

-        FormField::factory()->withEntityBinding('person', 'email')->create(['form_schema_id' => $schema->id]);
-        FormField::factory()->withEntityBinding('person', 'first_name')->create(['form_schema_id' => $schema->id]);
-        FormField::factory()->withEntityBinding('person', 'last_name')->create(['form_schema_id' => $schema->id]);
+        // WS-6 publish guards require: EMAIL field type, identity_key flag
+        // on person.email, unique trust levels per (entity, attribute).
+        $emailField = FormField::factory()->create([
+            'form_schema_id' => $schema->id,
+            'field_type' => FormFieldType::EMAIL->value,
+        ]);
+        FormFieldBinding::factory()->forField($emailField)->entityOwned('person', 'email')
+            ->create(['is_identity_key' => true, 'trust_level' => 80]);
+
+        $firstField = FormField::factory()->create(['form_schema_id' => $schema->id]);
+        FormFieldBinding::factory()->forField($firstField)->entityOwned('person', 'first_name')
+            ->create(['trust_level' => 70]);
+
+        $lastField = FormField::factory()->create(['form_schema_id' => $schema->id]);
+        FormFieldBinding::factory()->forField($lastField)->entityOwned('person', 'last_name')
+            ->create(['trust_level' => 60]);

        $published = $this->service->publish($schema->fresh(), $this->actor);