feat(form-builder): add PublishGuard framework + 9 concrete guards (WS-6)

Per-purpose schema validation composes a PurposeGuardProvider returning a list of guards. Errors collected (not first-fail) so the builder UI surfaces every issue per save. ConditionalRequirement composes higher- order without proliferating one-off classes. RequiresIdentityKeyBinding checks the is_identity_key flag specifically; the binding-existence check is handled additively by the existing assertRequiredBindingsPresent in FormSchemaService. SchemaHasLinkedEvent checks owner_type='event' + owner_id (FormSchema uses polymorphic owner; there is no direct event_id column). i18n messages live in lang/nl/form_builder_publish_guards.php. Refs: RFC-WS-6.md §3 (Q13), §4 (V1, V3) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 22:55:42 +02:00
parent c5b0210ae7
commit 81a8120f98
21 changed files with 1156 additions and 0 deletions
--- a/api/app/FormBuilder/Publishing/IdentityKeyBindingsOnlyInFirstSection.php
+++ b/api/app/FormBuilder/Publishing/IdentityKeyBindingsOnlyInFirstSection.php
@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\FormBuilder\Publishing;
+
+use App\Models\FormBuilder\FormField;
+use App\Models\FormBuilder\FormFieldBinding;
+use App\Models\FormBuilder\FormSchema;
+use App\Models\FormBuilder\FormSchemaSection;
+
+/**
+ * RFC-WS-6 §3 (Q10) — when section_level_submit is active, identity-key
+ * bindings must live in the first section (lowest sort_order).
+ *
+ * No-op when section_level_submit is false. Universal: wires into every
+ * PurposeGuardProvider.
+ */
+final class IdentityKeyBindingsOnlyInFirstSection implements PublishGuard
+{
+    public function code(): string
+    {
+        return 'identity_key_bindings_only_in_first_section';
+    }
+
+    public function evaluate(FormSchema $schema): PublishGuardResult
+    {
+        if (! (bool) $schema->section_level_submit) {
+            return PublishGuardResult::passed($this->code());
+        }
+
+        $sections = $schema->sections;
+        if ($sections->isEmpty()) {
+            return PublishGuardResult::passed($this->code());
+        }
+
+        /** @var FormSchemaSection $first */
+        $first = $sections->sortBy('sort_order')->first();
+        $firstSectionId = (string) $first->id;
+
+        /** @var FormField $field */
+        foreach ($schema->fields as $field) {
+            $hasIdentityKey = false;
+            /** @var FormFieldBinding $binding */
+            foreach ($field->bindings as $binding) {
+                if ((bool) $binding->is_identity_key) {
+                    $hasIdentityKey = true;
+                    break;
+                }
+            }
+
+            if (! $hasIdentityKey) {
+                continue;
+            }
+
+            if ((string) $field->form_schema_section_id !== $firstSectionId) {
+                return PublishGuardResult::failed(
+                    guardCode: $this->code(),
+                    messageKey: 'form_builder_publish_guards.identity_key_bindings_only_in_first_section',
+                    offendingFormFieldId: (string) $field->id,
+                );
+            }
+        }
+
+        return PublishGuardResult::passed($this->code());
+    }
+}