bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(form-builder): consolidate subject-type allow-list into purpose registry

Browse Source 
Q6 of ARCH-CONSOLIDATION-ADDENDUM-2026-04-24: the allowed
`form_submissions.subject_type` values are now derived from
`PurposeRegistry::allSubjectTypes()` instead of the parallel
`config/form_subjects.php` file.

- CreateFormSubmissionRequest validates `subject_type` against the
  registry via constructor-injected PurposeRegistry.
- FormSubmissionController and FormValueService resolve the subject
  FQCN through `Relation::getMorphedModel()` — the morph-map is the
  single source of truth for alias → model mapping.
- `config/form_subjects.php` is deleted. `MorphMapAlignmentTest` keeps
  the registry and morph-map aligned going forward.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-24 14:35:48 +02:00
parent b9343f6eec
commit ab67ed46ca
4 changed files with 13 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/app/Http/Controllers/Api/V1/FormBuilder/FormSubmissionController.php
View File

@@ -14,6 +14,7 @@ use App\Models\FormBuilder\FormSubmission;
use App\Models\Organisation; use App\Models\Organisation;
use App\Services\FormBuilder\FormSubmissionService; use App\Services\FormBuilder\FormSubmissionService;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\Relation;
use Illuminate\Http\JsonResponse; use Illuminate\Http\JsonResponse;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection; use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Gate;
@@ -103,9 +104,8 @@ final class FormSubmissionController extends Controller
if ($type === '' || $id === '') { if ($type === '' || $id === '') {
return null; return null;
} }
$map = (array) config('form_subjects'); $class = Relation::getMorphedModel($type);
$class = $map[$type]['model'] ?? null; if ($class === null || ! class_exists($class)) {
if ($class === null) {
return null; return null;
} }

11
api/app/Http/Requests/Api/V1/FormBuilder/CreateFormSubmissionRequest.php
View File

@@ -4,11 +4,18 @@ declare(strict_types=1);
namespace App\Http\Requests\Api\V1\FormBuilder; namespace App\Http\Requests\Api\V1\FormBuilder;
use App\FormBuilder\Purposes\PurposeRegistry;
use Illuminate\Foundation\Http\FormRequest; use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule; use Illuminate\Validation\Rule;
final class CreateFormSubmissionRequest extends FormRequest final class CreateFormSubmissionRequest extends FormRequest
{ {
public function __construct(
private readonly PurposeRegistry $purposeRegistry,
) {
parent::__construct();
}
public function authorize(): bool public function authorize(): bool
{ {
return true; return true;
@@ -19,10 +26,8 @@ final class CreateFormSubmissionRequest extends FormRequest
*/ */
public function rules(): array public function rules(): array
{ {
$allowedSubjects = array_keys((array) config('form_subjects', []));
return [ return [
'subject_type' => ['nullable', Rule::in($allowedSubjects)], 'subject_type' => ['nullable', Rule::in($this->purposeRegistry->allSubjectTypes())],
'subject_id' => ['nullable', 'string', 'max:30', 'required_with:subject_type'], 'subject_id' => ['nullable', 'string', 'max:30', 'required_with:subject_type'],
'idempotency_key' => ['nullable', 'string', 'max:30'], 'idempotency_key' => ['nullable', 'string', 'max:30'],
'is_test' => ['boolean'], 'is_test' => ['boolean'],

5
api/app/Services/FormBuilder/FormValueService.php
View File

@@ -340,9 +340,8 @@ final class FormValueService
} }
if ($subjectType === $entity) { if ($subjectType === $entity) {
$map = config('form_subjects'); $model = \Illuminate\Database\Eloquent\Relations\Relation::getMorphedModel($entity);
$model = $map[$entity]['model'] ?? null; if ($model === null || ! class_exists($model)) {
if ($model === null) {
return null; return null;
} }

52
api/config/form_subjects.php
View File

@@ -1,52 +0,0 @@
<?php
declare(strict_types=1);
/*
|--------------------------------------------------------------------------
| Subject Type Registry
|--------------------------------------------------------------------------
|
| Authoritative list of subject_type values permitted on form_submissions.
| Must match morph-map keys registered in AppServiceProvider.
|
| 'permission_check' format: '<PolicyClass>@<method>' invoked to authorise
| access to a submission for this subject. Omit when policy doesn't exist yet.
|
*/
return [
'person' => [
'model' => \App\Models\Person::class,
'display_attribute' => 'name',
'permission_check' => \App\Policies\PersonPolicy::class.'@view',
],
'user' => [
'model' => \App\Models\User::class,
'display_attribute' => 'name',
// TODO: add permission_check when UserPolicy is built (S2)
],
'company' => [
'model' => \App\Models\Company::class,
'display_attribute' => 'name',
'permission_check' => \App\Policies\CompanyPolicy::class.'@view',
],
'organisation' => [
'model' => \App\Models\Organisation::class,
'display_attribute' => 'name',
'permission_check' => \App\Policies\OrganisationPolicy::class.'@view',
],
'event' => [
'model' => \App\Models\Event::class,
'display_attribute' => 'name',
'permission_check' => \App\Policies\EventPolicy::class.'@view',
],
// 'artist' entry added when artist module lands
];