bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(form-builder): wire PurposeGuardProvider per purpose (WS-6)

Browse Source 
Adds PurposeGuardProvider as a parallel interface to PurposeDefinition
(value object stays untouched). Seven concrete providers, one per v1.0
purpose, each declaring its publish-guard list. Registry resolves and
caches providers via guards_class config key.

Universal guards (MaxOneIdentityKeyPerTargetEntity,
AppendStrategyRequiresCollectionTarget, NoAmbiguousTrustLevels,
IdentityKeyBindingsOnlyInFirstSection) wire into every purpose. The
section guard is a cheap no-op when section_level_submit=false.

ArtistAdvanceGuards omits RequiresIdentityKeyBinding because the
artist subject is resolved via portal token, not form data. Same
reasoning for supplier_intake (production_request) and the auth-based
purposes.

Includes a cross-cutting BindingTypeRegistryConsistencyTest that
verifies tasks 5/7/8 do not contradict each other (registry ↔ guards ↔
purpose required_bindings).

Refs: RFC-WS-6.md §3 (Q9, Q13)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-25 23:01:19 +02:00
parent 81a8120f98
commit e3c9211e3f
16 changed files with 763 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
api/app/FormBuilder/Purposes/Guards/IncidentReportGuards.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\FormBuilder\Purposes\Guards;
use App\FormBuilder\Bindings\BindingTypeRegistry;
use App\FormBuilder\Publishing\AppendStrategyRequiresCollectionTarget;
use App\FormBuilder\Publishing\IdentityKeyBindingsOnlyInFirstSection;
use App\FormBuilder\Publishing\MaxOneIdentityKeyPerTargetEntity;
use App\FormBuilder\Publishing\NoAmbiguousTrustLevels;
use App\FormBuilder\Purposes\PurposeGuardProvider;
final readonly class IncidentReportGuards implements PurposeGuardProvider
{
public function __construct(private BindingTypeRegistry $registry) {}
public function publishGuards(): array
{
return [
new MaxOneIdentityKeyPerTargetEntity(),
new AppendStrategyRequiresCollectionTarget($this->registry),
new NoAmbiguousTrustLevels(),
new IdentityKeyBindingsOnlyInFirstSection(),
// Anonymous-allowed — no identity key required.
];
}
}