feat(form-builder): retry/resolve/dismiss API endpoints + dual-route auth (WS-6)

Two route groups: /api/v1/admin/form-failures (super_admin platform) and /api/v1/organisations/{organisation}/form-failures (org_admin scoped). Same controller, policy authorises via FK chain (RFC V3). Cross-tenant access returns 404 not 403 to prevent enumeration. Resolve takes optional note; Dismiss requires DismissalReasonType enum with conditional note (mandatory for 'other'). Both via FormRequest validation with explicit i18n message keys. Implementation note: Laravel implicit model binding for nested-namespace ULID models doesn't pick up reliably across nested route groups. Using manual resolveFailure() helper that loads withoutGlobalScopes() (so cross-tenant access still reaches the policy, which translates denied → 404 per V3). Policy explicitly checks soft-delete via deleted_at since withoutGlobalScopes bypasses SoftDeletes too. Policy registered explicitly in AppServiceProvider — auto-discovery doesn't reliably resolve App\Models\FormBuilder\* → App\Policies\FormBuilder\*. NOT: admin UI (session 3). Not: public form routes (no API contract notification needed). Refs: RFC-WS-6.md §3 (Q5), §4 (V2, V3) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-26 15:34:23 +02:00
parent 84d57c5bbc
commit d0e17f2824
9 changed files with 509 additions and 3 deletions
--- a/api/app/Http/Resources/FormBuilder/FormSubmissionActionFailureResource.php
+++ b/api/app/Http/Resources/FormBuilder/FormSubmissionActionFailureResource.php
@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\FormBuilder;
+
+use App\Models\FormBuilder\FormSubmissionActionFailure;
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+/**
+ * @mixin FormSubmissionActionFailure
+ */
+final class FormSubmissionActionFailureResource extends JsonResource
+{
+    /**
+     * @return array<string, mixed>
+     */
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => $this->id,
+            'form_submission_id' => $this->form_submission_id,
+            'binding_id' => $this->binding_id,
+            'listener_class' => $this->listener_class,
+            'failed_at' => $this->failed_at->toIso8601String(),
+            'exception_class' => $this->exception_class,
+            'exception_message' => $this->exception_message,
+            'context' => $this->context,
+            'retry_count' => $this->retry_count,
+            'resolved_at' => $this->resolved_at?->toIso8601String(),
+            'resolved_note' => $this->resolved_note,
+            'dismissed_at' => $this->dismissed_at?->toIso8601String(),
+            'dismissed_reason_type' => $this->dismissed_reason_type?->value,
+            'dismissed_reason_note' => $this->dismissed_reason_note,
+            'state' => match (true) {
+                $this->resolved_at !== null => 'resolved',
+                $this->dismissed_at !== null => 'dismissed',
+                default => 'open',
+            },
+        ];
+    }
+}