feat(form-builder): add PublishGuard framework + 9 concrete guards (WS-6)

Per-purpose schema validation composes a PurposeGuardProvider returning a list of guards. Errors collected (not first-fail) so the builder UI surfaces every issue per save. ConditionalRequirement composes higher- order without proliferating one-off classes. RequiresIdentityKeyBinding checks the is_identity_key flag specifically; the binding-existence check is handled additively by the existing assertRequiredBindingsPresent in FormSchemaService. SchemaHasLinkedEvent checks owner_type='event' + owner_id (FormSchema uses polymorphic owner; there is no direct event_id column). i18n messages live in lang/nl/form_builder_publish_guards.php. Refs: RFC-WS-6.md §3 (Q13), §4 (V1, V3) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 22:55:42 +02:00
parent c5b0210ae7
commit 81a8120f98
21 changed files with 1156 additions and 0 deletions
--- a/api/app/FormBuilder/Publishing/NoAmbiguousTrustLevels.php
+++ b/api/app/FormBuilder/Publishing/NoAmbiguousTrustLevels.php
@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\FormBuilder\Publishing;
+
+use App\Models\FormBuilder\FormField;
+use App\Models\FormBuilder\FormFieldBinding;
+use App\Models\FormBuilder\FormSchema;
+
+/**
+ * RFC-WS-6 §3 (Q7) — within any (target_entity, target_attribute) group,
+ * no two bindings may share the same trust_level. Tie-breaker exists
+ * (sort_order) but ambiguity at config time is rejected.
+ */
+final class NoAmbiguousTrustLevels implements PublishGuard
+{
+    public function code(): string
+    {
+        return 'no_ambiguous_trust_levels';
+    }
+
+    public function evaluate(FormSchema $schema): PublishGuardResult
+    {
+        /** @var array<string, array<int, array<int, string>>> $byTargetTrust */
+        $byTargetTrust = [];
+
+        /** @var FormField $field */
+        foreach ($schema->fields as $field) {
+            /** @var FormFieldBinding $binding */
+            foreach ($field->bindings as $binding) {
+                $key = $binding->target_entity . '.' . $binding->target_attribute;
+                $trust = (int) $binding->trust_level;
+                $byTargetTrust[$key][$trust][] = (string) $field->id;
+            }
+        }
+
+        foreach ($byTargetTrust as $target => $trustGroups) {
+            foreach ($trustGroups as $trust => $fieldIds) {
+                if (count($fieldIds) > 1) {
+                    return PublishGuardResult::failed(
+                        guardCode: $this->code(),
+                        messageKey: 'form_builder_publish_guards.no_ambiguous_trust_levels',
+                        offendingFormFieldId: $fieldIds[0],
+                        context: [
+                            'target' => $target,
+                            'trust_level' => $trust,
+                            'form_field_ids' => $fieldIds,
+                        ],
+                    );
+                }
+            }
+        }
+
+        return PublishGuardResult::passed($this->code());
+    }
+}