crewli

bert.hausmans/crewli

Fork 0

Commit Graph

Author	SHA1	Message	Date
bert.hausmans	6399bacdb6	refactor(form-builder): restore type-hinted route model binding for failures controller (WS-6) Replace the manual `$request->route('formSubmissionActionFailure')` workaround with type-hinted parameters. Implicit route model binding now resolves FormSubmissionActionFailure correctly on both the platform admin route (/admin/form-failures/{id}) and the org-scoped route (/organisations/{organisation}/form-failures/{id}). Root cause: On the nested org-scoped route, Laravel's implicit binding triggers its scoped-binding code path: for the second URL segment, it tries to resolve the failure as a relation of the route's parent ({organisation}) by calling `$organisation->formSubmissionActionFailures()`. Organisation has no such relation (failures live under FormSubmission, not Organisation directly), so the lookup silently fell through and the controller received a raw string. PHP then raised a TypeError on the type-hinted parameter. A second issue compounded it: with the controller method declaring `(FormSubmissionActionFailure $formSubmissionActionFailure, ?Organisation $organisation)` the parameter order did NOT match the URL parameter order (/{organisation}/.../{formSubmissionActionFailure}), so Laravel's resolveMethodDependencies — which falls back to positional binding when parameter counts diverge — bound them to the wrong slots. Fix: - Register an explicit `Route::bind('formSubmissionActionFailure', ...)` in AppServiceProvider that loads the model `withoutGlobalScopes()` and throws ModelNotFoundException on miss. This sidesteps the scoped-binding parent-relation lookup entirely. - Add `->withoutScopedBindings()` to all four org-scoped routes (show, retry, resolve, dismiss) as a belt-and-braces guarantee that Laravel never enters the scoped-binding path for these nested routes. - Reorder controller method signatures to put `?Organisation $organisation` FIRST, matching URL parameter order so positional binding lands the ULID strings on the correct method parameters. - Drop the now-unused private `resolveFailure()` helper. - Tenant scoping continues to be enforced by FormSubmissionActionFailurePolicy via the failure.submission.organisation_id FK chain (RFC V3); cross- tenant access still translates denied → 404, never 403. Tests: all 9 controller tests pass (cross-tenant 404 contract verified for view, dismiss, and resolve). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-28 08:57:06 +02:00
bert.hausmans	d0e17f2824	feat(form-builder): retry/resolve/dismiss API endpoints + dual-route auth (WS-6) Two route groups: /api/v1/admin/form-failures (super_admin platform) and /api/v1/organisations/{organisation}/form-failures (org_admin scoped). Same controller, policy authorises via FK chain (RFC V3). Cross-tenant access returns 404 not 403 to prevent enumeration. Resolve takes optional note; Dismiss requires DismissalReasonType enum with conditional note (mandatory for 'other'). Both via FormRequest validation with explicit i18n message keys. Implementation note: Laravel implicit model binding for nested-namespace ULID models doesn't pick up reliably across nested route groups. Using manual resolveFailure() helper that loads withoutGlobalScopes() (so cross-tenant access still reaches the policy, which translates denied → 404 per V3). Policy explicitly checks soft-delete via deleted_at since withoutGlobalScopes bypasses SoftDeletes too. Policy registered explicitly in AppServiceProvider — auto-discovery doesn't reliably resolve App\Models\FormBuilder\* → App\Policies\FormBuilder\*. NOT: admin UI (session 3). Not: public form routes (no API contract notification needed). Refs: RFC-WS-6.md §3 (Q5), §4 (V2, V3) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-26 15:34:23 +02:00

Author

SHA1

Message

Date

bert.hausmans

6399bacdb6

refactor(form-builder): restore type-hinted route model binding for failures controller (WS-6)

Replace the manual `$request->route('formSubmissionActionFailure')` workaround
with type-hinted parameters. Implicit route model binding now resolves
FormSubmissionActionFailure correctly on both the platform admin route
(/admin/form-failures/{id}) and the org-scoped route
(/organisations/{organisation}/form-failures/{id}).

Root cause:
On the nested org-scoped route, Laravel's implicit binding triggers its
scoped-binding code path: for the second URL segment, it tries to resolve
the failure as a relation of the route's parent ({organisation}) by calling
`$organisation->formSubmissionActionFailures()`. Organisation has no such
relation (failures live under FormSubmission, not Organisation directly),
so the lookup silently fell through and the controller received a raw
string. PHP then raised a TypeError on the type-hinted parameter.

A second issue compounded it: with the controller method declaring
`(FormSubmissionActionFailure $formSubmissionActionFailure, ?Organisation $organisation)`
the parameter order did NOT match the URL parameter order
(/{organisation}/.../{formSubmissionActionFailure}), so Laravel's
resolveMethodDependencies — which falls back to positional binding when
parameter counts diverge — bound them to the wrong slots.

Fix:
- Register an explicit `Route::bind('formSubmissionActionFailure', ...)`
  in AppServiceProvider that loads the model `withoutGlobalScopes()` and
  throws ModelNotFoundException on miss. This sidesteps the scoped-binding
  parent-relation lookup entirely.
- Add `->withoutScopedBindings()` to all four org-scoped routes (show,
  retry, resolve, dismiss) as a belt-and-braces guarantee that Laravel
  never enters the scoped-binding path for these nested routes.
- Reorder controller method signatures to put `?Organisation $organisation`
  FIRST, matching URL parameter order so positional binding lands the
  ULID strings on the correct method parameters.
- Drop the now-unused private `resolveFailure()` helper.
- Tenant scoping continues to be enforced by FormSubmissionActionFailurePolicy
  via the failure.submission.organisation_id FK chain (RFC V3); cross-
  tenant access still translates denied → 404, never 403.

Tests: all 9 controller tests pass (cross-tenant 404 contract verified for
view, dismiss, and resolve).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-28 08:57:06 +02:00

bert.hausmans

d0e17f2824

feat(form-builder): retry/resolve/dismiss API endpoints + dual-route auth (WS-6)

Two route groups: /api/v1/admin/form-failures (super_admin platform) and
/api/v1/organisations/{organisation}/form-failures (org_admin scoped).
Same controller, policy authorises via FK chain (RFC V3). Cross-tenant
access returns 404 not 403 to prevent enumeration.

Resolve takes optional note; Dismiss requires DismissalReasonType
enum with conditional note (mandatory for 'other'). Both via
FormRequest validation with explicit i18n message keys.

Implementation note: Laravel implicit model binding for nested-namespace
ULID models doesn't pick up reliably across nested route groups. Using
manual resolveFailure() helper that loads withoutGlobalScopes() (so
cross-tenant access still reaches the policy, which translates denied →
404 per V3). Policy explicitly checks soft-delete via deleted_at since
withoutGlobalScopes bypasses SoftDeletes too. Policy registered
explicitly in AppServiceProvider — auto-discovery doesn't reliably
resolve App\Models\FormBuilder\* → App\Policies\FormBuilder\*.

NOT: admin UI (session 3). Not: public form routes (no API contract
notification needed).

Refs: RFC-WS-6.md §3 (Q5), §4 (V2, V3)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-26 15:34:23 +02:00

2 Commits