bert.hausmans
e43dd60756
New Phase C test files: - tests/Unit/Models/Artist/ArtistDomainModelsTest.php — relationships, casts, soft-delete trait presence, slug uniqueness within/across organisations, isParked() helper, AdvanceSection's primary scope, PURPOSE_SUBJECT_FQCN['artist'] resolves to instantiable class. - tests/Feature/Artist/ArtistEngagementObserverTest.php — auto-fill organisation_id from artist, cross-tenant guard throws, soft-delete cascades to performances + hard-deletes advance_sections. - tests/Feature/Artist/PerformanceObserverTest.php — version starts at 0, increments by 1 per UPDATE, no bump on no-op save. - tests/Feature/Artist/ArtistDomainScopeLeakageTest.php — 5 scoped models (Artist/Genre/Engagement direct + Stage/Performance FK-chain) isolate cross-org queries. - tests/Feature/Artist/ArtistTimetableDevSeederTest.php — fixture-count smoke (4 stages, 12 stage_days, 6 artists, 12 engagements, 13 performances incl. 1 parked). Cross-cutting fixes that Phase C surfaced: - AppServiceProvider: morph-map block 2 extended with the 8 new artist-domain models (artist_engagement, artist_contact, genre, stage, stage_day, performance, advance_section, advance_submission). Block 1 'artist' alias was already wired via PurposeRegistry. - 5 form-builder backfill tests bumped --step rollback counts by +10 to account for the 10 new May 8 migrations sitting at HEAD between the test's calibration point and current head. - phpstan-baseline.neon regenerated (1631 entries) — all errors are same patterns existing baselined code already exhibits (Factory generic typing, Model property docblock gaps). Tracked systematically under TECH-LARASTAN-* in BACKLOG. Tests: 1646 passing (was 1624 pre-Session-1 → +22 net, no losses). Larastan: 0 errors over baseline. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
146 lines
4.9 KiB
PHP
146 lines
4.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\Artist;
|
|
|
|
use App\Enums\Artist\ArtistEngagementStatus;
|
|
use App\Models\Artist;
|
|
use App\Models\ArtistEngagement;
|
|
use App\Models\Event;
|
|
use App\Models\Genre;
|
|
use App\Models\Organisation;
|
|
use App\Models\Performance;
|
|
use App\Models\Scopes\OrganisationScope;
|
|
use App\Models\Stage;
|
|
use Carbon\CarbonImmutable;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Routing\Route;
|
|
use Tests\TestCase;
|
|
|
|
/**
|
|
* Multi-tenant isolation for the artist domain. Two fully populated
|
|
* tenants; queries scoped to org A must never return org B rows.
|
|
*/
|
|
final class ArtistDomainScopeLeakageTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
private Organisation $orgA;
|
|
|
|
private Organisation $orgB;
|
|
|
|
private Event $eventA;
|
|
|
|
private Event $eventB;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
$this->orgA = Organisation::factory()->create();
|
|
$this->orgB = Organisation::factory()->create();
|
|
$this->eventA = Event::factory()->for($this->orgA)->create();
|
|
$this->eventB = Event::factory()->for($this->orgB)->create();
|
|
}
|
|
|
|
private function withOrgRoute(Organisation $org): void
|
|
{
|
|
$route = new Route(['GET'], '/_test', static fn () => null);
|
|
$route->bind(request());
|
|
$route->setParameter('organisation', $org);
|
|
request()->setRouteResolver(static fn () => $route);
|
|
}
|
|
|
|
public function test_artist_scope_blocks_cross_org(): void
|
|
{
|
|
Artist::factory()->create(['organisation_id' => $this->orgA->id]);
|
|
Artist::factory()->create(['organisation_id' => $this->orgB->id]);
|
|
|
|
$this->withOrgRoute($this->orgA);
|
|
$this->assertSame(1, Artist::query()->count());
|
|
$this->assertSame(2, Artist::withoutGlobalScope(OrganisationScope::class)->count());
|
|
}
|
|
|
|
public function test_genre_scope_blocks_cross_org(): void
|
|
{
|
|
Genre::factory()->create(['organisation_id' => $this->orgA->id]);
|
|
Genre::factory()->create(['organisation_id' => $this->orgB->id]);
|
|
|
|
$this->withOrgRoute($this->orgB);
|
|
$genres = Genre::query()->get();
|
|
$this->assertCount(1, $genres);
|
|
$this->assertSame($this->orgB->id, $genres->first()->organisation_id);
|
|
}
|
|
|
|
public function test_artist_engagement_scope_blocks_cross_org(): void
|
|
{
|
|
$artistA = Artist::factory()->create(['organisation_id' => $this->orgA->id]);
|
|
$artistB = Artist::factory()->create(['organisation_id' => $this->orgB->id]);
|
|
|
|
ArtistEngagement::create([
|
|
'artist_id' => $artistA->id,
|
|
'event_id' => $this->eventA->id,
|
|
'booking_status' => ArtistEngagementStatus::Draft->value,
|
|
]);
|
|
ArtistEngagement::create([
|
|
'artist_id' => $artistB->id,
|
|
'event_id' => $this->eventB->id,
|
|
'booking_status' => ArtistEngagementStatus::Draft->value,
|
|
]);
|
|
|
|
$this->withOrgRoute($this->orgA);
|
|
$this->assertSame(1, ArtistEngagement::query()->count());
|
|
}
|
|
|
|
public function test_stage_fk_chain_scope_blocks_cross_org(): void
|
|
{
|
|
Stage::factory()->for($this->eventA)->create();
|
|
Stage::factory()->for($this->eventA)->create();
|
|
Stage::factory()->for($this->eventB)->create();
|
|
|
|
$this->withOrgRoute($this->orgA);
|
|
$this->assertSame(2, Stage::query()->count());
|
|
$this->assertSame(3, Stage::withoutGlobalScope(OrganisationScope::class)->count());
|
|
}
|
|
|
|
public function test_performance_fk_chain_scope_blocks_cross_org(): void
|
|
{
|
|
$artistA = Artist::factory()->create(['organisation_id' => $this->orgA->id]);
|
|
$artistB = Artist::factory()->create(['organisation_id' => $this->orgB->id]);
|
|
|
|
$engA = ArtistEngagement::create([
|
|
'artist_id' => $artistA->id,
|
|
'event_id' => $this->eventA->id,
|
|
'booking_status' => ArtistEngagementStatus::Draft->value,
|
|
]);
|
|
$engB = ArtistEngagement::create([
|
|
'artist_id' => $artistB->id,
|
|
'event_id' => $this->eventB->id,
|
|
'booking_status' => ArtistEngagementStatus::Draft->value,
|
|
]);
|
|
|
|
$stageA = Stage::factory()->for($this->eventA)->create();
|
|
$stageB = Stage::factory()->for($this->eventB)->create();
|
|
$start = CarbonImmutable::now();
|
|
|
|
Performance::create([
|
|
'engagement_id' => $engA->id,
|
|
'event_id' => $this->eventA->id,
|
|
'stage_id' => $stageA->id,
|
|
'start_at' => $start,
|
|
'end_at' => $start->addHour(),
|
|
]);
|
|
Performance::create([
|
|
'engagement_id' => $engB->id,
|
|
'event_id' => $this->eventB->id,
|
|
'stage_id' => $stageB->id,
|
|
'start_at' => $start,
|
|
'end_at' => $start->addHour(),
|
|
]);
|
|
|
|
$this->withOrgRoute($this->orgB);
|
|
$this->assertSame(1, Performance::query()->count());
|
|
$this->assertSame(2, Performance::withoutGlobalScope(OrganisationScope::class)->count());
|
|
}
|
|
}
|