bert.hausmans
4b7e66b83f
Phase 4 of S2b. Nine resources that shape the universal form builder responses. FieldAccessService::filterVisibleFields gates every field array — the primary defence tested by FormResourceSecurityTest (§22.9). - FormSchemaResource: includes fields_count, submissions_count, has_submissions, is_locked (derived from edit_lock_*), public_form_url when public_token is set, and filtered fields collection. - FormSchemaSummaryResource: lean list-endpoint variant. - FormFieldResource: effective_label / help_text / options resolved via FormLocaleResolver + translations JSON, plus TAG_PICKER available_tags filtered by validation_rules.tag_categories. - FormSubmissionResource: values keyed by field slug with FieldAccessService filtering, section_statuses, active delegations, review_info, submitted_in_locale, submission_duration_seconds. - FormSubmissionSummaryResource: lean list variant. - FormTemplateResource, FormFieldLibraryResource. - PublicFormSchemaResource: strictly limited per §10 — only is_portal_visible=true AND is_admin_only=false fields, no PII hints, no role_restrictions, no submissions_count. - FormSchemaWebhookResource: url/secret never returned; only url_host + has_secret boolean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
66 lines
2.5 KiB
PHP
66 lines
2.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Resources\FormBuilder;
|
|
|
|
use App\Models\FormBuilder\FormSchema;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Http\Resources\Json\JsonResource;
|
|
|
|
/**
|
|
* Public-facing schema response for /public/forms/{public_token}. Strictly
|
|
* limited per ARCH §10: only fields with is_portal_visible=true AND
|
|
* is_admin_only=false; no PII hints, no role_restrictions bleed, no
|
|
* submissions_count.
|
|
*
|
|
* @mixin FormSchema
|
|
*/
|
|
final class PublicFormSchemaResource extends JsonResource
|
|
{
|
|
/**
|
|
* @return array<string, mixed>
|
|
*/
|
|
public function toArray(Request $request): array
|
|
{
|
|
$this->resource->loadMissing(['fields', 'sections']);
|
|
|
|
$visibleFields = $this->fields
|
|
->filter(fn ($f) => (bool) $f->is_portal_visible && ! (bool) $f->is_admin_only)
|
|
->values();
|
|
|
|
return [
|
|
'id' => $this->id,
|
|
'name' => $this->name,
|
|
'slug' => $this->slug,
|
|
'purpose' => $this->purpose instanceof \BackedEnum ? $this->purpose->value : $this->purpose,
|
|
'description' => $this->description,
|
|
'locale' => $this->locale,
|
|
'consent_version' => $this->consent_version,
|
|
'submission_deadline' => optional($this->submission_deadline)->toIso8601String(),
|
|
'section_level_submit' => (bool) $this->section_level_submit,
|
|
'sections' => $this->sections->map(fn ($s) => [
|
|
'id' => $s->id,
|
|
'slug' => $s->slug,
|
|
'name' => $s->name,
|
|
'description' => $s->description,
|
|
'sort_order' => (int) $s->sort_order,
|
|
])->values()->all(),
|
|
'fields' => $visibleFields->map(fn ($f) => [
|
|
'id' => $f->id,
|
|
'slug' => $f->slug,
|
|
'field_type' => $f->field_type,
|
|
'label' => $f->label,
|
|
'help_text' => $f->help_text,
|
|
'options' => is_array($f->options) ? array_values($f->options) : null,
|
|
'validation_rules' => $f->validation_rules,
|
|
'is_required' => (bool) $f->is_required,
|
|
'display_width' => $f->display_width instanceof \BackedEnum ? $f->display_width->value : $f->display_width,
|
|
'conditional_logic' => $f->conditional_logic,
|
|
'sort_order' => (int) $f->sort_order,
|
|
'form_schema_section_id' => $f->form_schema_section_id,
|
|
])->values()->all(),
|
|
];
|
|
}
|
|
}
|