bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
21c042d93f090cdfef2145cde5d03bdf504cd8f5
crewli/api/tests/Feature/FormBuilder/FormSchemaServicePublishGuardsTest.php
bert.hausmans d2059e3cff feat(form-builder): per-schema default_crowd_type_id replaces silent oldest() heuristic (WS-6) 
Session 2's PersonProvisioner picked CrowdType::oldest() for the org —
silently wrong for multi-crowd_type orgs (Volunteer + Crew + Press are
three distinct crowd_types in one org). Schemas now declare their
target crowd_type explicitly via form_schemas.default_crowd_type_id.
RequiresDefaultCrowdType publish guard prevents misconfigured
event_registration schemas from publishing.

PersonProvisioner: oldest() fallback removed entirely. Misconfiguration
throws no_default_crowd_type at runtime; publish guard prevents it at
config time.

Migration uses a plain ulid() column without DB-level FK because
SQLite's table-rebuild on ALTER ADD FOREIGN KEY cascade-deletes
form_fields rows (form_fields.form_schema_id has cascadeOnDelete on
form_schemas). Application-level integrity via FormSchema::defaultCrowdType()
belongsTo + the publish guard + the runtime failsafe — three load-bearing
checks, none of which require the DB-level constraint.

Three pre-existing migration backfill tests bumped step counts +1 to
account for the new migration sitting between WS-5c and WS-5d:
FormFieldBindingMigrationTest (16→17, 14→15), FormFieldConfigBackfillAndDropTest
(11→12), FormFieldValidationRuleBackfillTest (14→15),
ConditionalLogicBackfillTest (5→6).

Six event_registration test fixtures updated to set default_crowd_type_id
to satisfy the new publish guard.

FormBuilderDevSeeder.resolveDefaultCrowdTypeId() — VOLUNTEER → first-active
→ create-as-needed fallback chain; documented contract for future seeders.

SCHEMA.md updated to v2.7.
Refs: RFC-WS-6.md v1.1 §3 Q8 addendum (Task 4 of this session)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-27 23:47:32 +02:00

157 lines
6.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace Tests\Feature\FormBuilder;
use App\Enums\FormBuilder\FormFieldType;
use App\Enums\FormBuilder\FormPurpose;
use App\Exceptions\FormBuilder\PublishGuardViolationException;
use App\Exceptions\FormBuilder\PurposeRequirementsNotMetException;
use App\Models\FormBuilder\FormField;
use App\Models\FormBuilder\FormFieldBinding;
use App\Models\FormBuilder\FormSchema;
use App\Models\User;
use App\Services\FormBuilder\FormSchemaService;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;
final class FormSchemaServicePublishGuardsTest extends TestCase
{
use RefreshDatabase;
public function test_valid_event_registration_schema_publishes(): void
{
$schema = $this->buildValidEventRegistrationSchema();
$this->service()->publish($schema, $this->actor());
$this->assertTrue($schema->refresh()->is_published);
}
public function test_missing_required_bindings_throws_existing_exception_first(): void
{
$schema = FormSchema::factory()->create([
'purpose' => FormPurpose::EVENT_REGISTRATION->value,
]);
// No bindings → required_bindings (person.email/first_name/last_name) unmet.
$this->expectException(PurposeRequirementsNotMetException::class);
$this->service()->publish($schema, $this->actor());
}
public function test_missing_identity_key_flag_throws_publish_guard_violation(): void
{
$schema = $this->buildValidEventRegistrationSchema();
FormFieldBinding::query()->withoutGlobalScopes()
->whereIn('owner_id', $schema->fields->pluck('id'))
->where('target_attribute', 'email')
->update(['is_identity_key' => false]);
$schema->load('fields.bindings');
try {
$this->service()->publish($schema, $this->actor());
$this->fail('Expected PublishGuardViolationException');
} catch (PublishGuardViolationException $e) {
$codes = array_map(static fn (\App\FormBuilder\Publishing\PublishGuardResult $v): string => $v->guardCode, $e->violations);
$this->assertContains('requires_identity_key_binding:person:email', $codes);
}
$this->assertFalse($schema->refresh()->is_published);
}
public function test_violations_are_sorted_lexicographically(): void
{
$schema = $this->buildValidEventRegistrationSchema();
// Trigger TWO violations: drop is_identity_key + create ambiguous trust.
FormFieldBinding::query()->withoutGlobalScopes()
->whereIn('owner_id', $schema->fields->pluck('id'))
->where('target_attribute', 'email')
->update(['is_identity_key' => false, 'trust_level' => 60]);
FormFieldBinding::query()->withoutGlobalScopes()
->whereIn('owner_id', $schema->fields->pluck('id'))
->where('target_attribute', 'first_name')
->update(['trust_level' => 60]);
$schema->load('fields.bindings');
try {
$this->service()->publish($schema, $this->actor());
$this->fail('Expected PublishGuardViolationException');
} catch (PublishGuardViolationException $e) {
$codes = array_map(static fn (\App\FormBuilder\Publishing\PublishGuardResult $v): string => $v->guardCode, $e->violations);
$sorted = $codes;
sort($sorted);
$this->assertSame($sorted, $codes, 'Violations must be sorted lexicographically by code');
}
}
public function test_response_renders_as_422_with_violation_payload(): void
{
$schema = $this->buildValidEventRegistrationSchema();
FormFieldBinding::query()->withoutGlobalScopes()
->whereIn('owner_id', $schema->fields->pluck('id'))
->where('target_attribute', 'email')
->update(['is_identity_key' => false]);
$schema->load('fields.bindings');
try {
$this->service()->publish($schema, $this->actor());
$this->fail('Expected PublishGuardViolationException');
} catch (PublishGuardViolationException $e) {
$response = $e->render(request());
$this->assertSame(422, $response->getStatusCode());
$body = json_decode((string) $response->getContent(), true);
$this->assertSame('publish_blocked', $body['error']);
$this->assertSame('event_registration', $body['purpose_slug']);
$this->assertNotEmpty($body['violations']);
}
}
private function service(): FormSchemaService
{
return $this->app->make(FormSchemaService::class);
}
private function actor(): User
{
return User::factory()->create();
}
private function buildValidEventRegistrationSchema(): FormSchema
{
$schema = FormSchema::factory()->create([
'purpose' => FormPurpose::EVENT_REGISTRATION->value,
'section_level_submit' => false,
'is_published' => false,
]);
$crowdType = \App\Models\CrowdType::factory()->create([
'organisation_id' => $schema->organisation_id,
]);
$schema->default_crowd_type_id = $crowdType->id;
$schema->save();
$emailField = FormField::factory()->create([
'form_schema_id' => $schema->id,
'field_type' => FormFieldType::EMAIL->value,
]);
FormFieldBinding::factory()->forField($emailField)->entityOwned('person', 'email')
->create(['is_identity_key' => true, 'trust_level' => 80]);
$firstNameField = FormField::factory()->create([
'form_schema_id' => $schema->id,
'field_type' => FormFieldType::TEXT->value,
]);
FormFieldBinding::factory()->forField($firstNameField)->entityOwned('person', 'first_name')
->create(['is_identity_key' => false, 'trust_level' => 70]);
$lastNameField = FormField::factory()->create([
'form_schema_id' => $schema->id,
'field_type' => FormFieldType::TEXT->value,
]);
FormFieldBinding::factory()->forField($lastNameField)->entityOwned('person', 'last_name')
->create(['is_identity_key' => false, 'trust_level' => 50]);
return $schema->fresh(['fields.bindings', 'fields.configs', 'sections']);
}
}
Reference in New Issue View Git Blame Copy Permalink