bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b1bf0e13d51057c98a79e48ba7381d5b223b43e
crewli/api/app/Models/FormBuilder/FormSchema.php
bert.hausmans 6e89b0ccf7 test(form-builder): feature suites + integration contracts incl. FORM-02 (§31.10) 
Phase 6 of S2b. 37 new tests, 820 → 857 passing across the suite.

Feature suites (api/tests/Feature/FormBuilder/):
- FormSchemaApiTest: CRUD, publish/unpublish, rotate-public-token (with
  grace window), edit-lock conflict, typed-confirmation delete, 401 on
  unauthenticated, 403 on outsider.
- FormFieldApiTest: create, reorder, binding-change guard (422 w/o force,
  200 with force), conditional_logic cycle rejection, 401 unauth.
- FormSubmissionApiTest: draft → values → submit stores schema snapshot +
  version; review records reviewer; delegation creates active row; draft
  update blocked for non-subject non-delegatee (403).
- FormValueSecurityTest: FieldAccessService hides admin-only fields from
  non-admin; subject-self bypass; admin-only field leaks through neither
  admin list nor non-admin detail responses (§22.9 intent).
- PublicFormApiTest: portal-visible non-admin fields only; unknown token
  → 404; happy-path submission; expired-previous-token → 410; grace
  window still allows submission.
- FormSchemaWebhookApiTest: url/secret NEVER returned in resources;
  DeliverFormWebhookJob rejects 10.x private-ip SSRF (response_body_excerpt
  logs rejection).
- FilterRegistryApiTest: response shape includes tags + form_field
  sources; form_field filter registers.

Integration contract (§31.10):
- TagPickerSyncListenerTest: 5 cases proving (a) no-op on user_id=null,
  (b) sync on submit, (c) deferred sync via
  PersonIdentityService::confirmMatch, (d) organiser_assigned tags
  preserved on rebuild, (e) idempotent rerun.

Fixes discovered while writing tests:
- SyncTagPickerSelectionsOnSubmit: removed hardcoded connection='redis'
  so tests run via sync queue (QUEUE_CONNECTION fallback).
- FormSubmissionService: corrected FormSubmissionReviewed / DraftUpdated
  event signatures to match S1 event classes.
- FormSubmission model: added schema_version_at_submit / snapshot /
  anonymised_at / submission_duration_seconds / auto_save_count to
  $fillable so bulk operations + factory states populate consistently.
- FormSchema: added version, edit_lock_user_id, edit_lock_expires_at to
  $fillable; factory now sets version=1 explicitly.
- FormValueService: public submission path (actor=null) enforces
  is_portal_visible=true AND is_admin_only=false at the write layer
  instead of running FieldAccessService against a null user.
- MigrationRollbackTest: target the S2a drop migration by filename.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 21:27:27 +02:00

154 lines
4.4 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Models\FormBuilder;
use App\Enums\FormBuilder\FormPurpose;
use App\Enums\FormBuilder\FormSchemaSnapshotMode;
use App\Enums\FormBuilder\FormSubmissionMode;
use App\Models\Organisation;
use App\Models\Scopes\OrganisationScope;
use App\Models\User;
use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\Relations\MorphTo;
use Illuminate\Database\Eloquent\SoftDeletes;
/**
* Activity log strategy: explicit calls via logSchemaChange() — no LogsActivity
* trait (would produce noise). See ARCH-FORM-BUILDER.md §17.1 and S1 Phase 4b.
*/
final class FormSchema extends Model
{
use HasFactory;
use HasUlids;
use SoftDeletes;
public string $organisationScopeColumn = 'organisation_id';
protected static function booted(): void
{
static::addGlobalScope(new OrganisationScope());
}
protected $fillable = [
'organisation_id',
'owner_type',
'owner_id',
'name',
'slug',
'purpose',
'custom_purpose_slug',
'description',
'is_published',
'submission_mode',
'public_token',
'public_token_previous',
'public_token_rotated_at',
'submission_deadline',
'locale',
'settings',
'version',
'snapshot_mode',
'freeze_on_submit',
'retention_days',
'consent_version',
'section_level_submit',
'auto_save_enabled',
'max_submissions',
'created_by_user_id',
'last_updated_by_user_id',
'edit_lock_user_id',
'edit_lock_expires_at',
];
/** @var array<string, string> */
protected $casts = [
'purpose' => FormPurpose::class,
'submission_mode' => FormSubmissionMode::class,
'snapshot_mode' => FormSchemaSnapshotMode::class,
'is_published' => 'bool',
'freeze_on_submit' => 'bool',
'section_level_submit' => 'bool',
'auto_save_enabled' => 'bool',
'settings' => 'array',
'submission_deadline' => 'datetime',
'public_token_rotated_at' => 'datetime',
'edit_lock_expires_at' => 'datetime',
'version' => 'int',
'retention_days' => 'int',
'max_submissions' => 'int',
];
public function organisation(): BelongsTo
{
return $this->belongsTo(Organisation::class);
}
public function owner(): MorphTo
{
return $this->morphTo();
}
public function fields(): HasMany
{
return $this->hasMany(FormField::class);
}
public function sections(): HasMany
{
return $this->hasMany(FormSchemaSection::class);
}
public function submissions(): HasMany
{
return $this->hasMany(FormSubmission::class);
}
public function webhooks(): HasMany
{
return $this->hasMany(FormSchemaWebhook::class);
}
public function createdBy(): BelongsTo
{
return $this->belongsTo(User::class, 'created_by_user_id');
}
public function lastUpdatedBy(): BelongsTo
{
return $this->belongsTo(User::class, 'last_updated_by_user_id');
}
public function editLockUser(): BelongsTo
{
return $this->belongsTo(User::class, 'edit_lock_user_id');
}
/**
* Nuanced activity log (ARCH §17.1; S1 Phase 4b). Callers choose which
* events are worth logging — e.g. created/deleted/restored, published
* toggled, purpose changed, freeze_on_submit toggled, retention_days
* changed, consent_version changed, public_token rotated, snapshot_mode
* changed. NOT logged (noise): name/description/slug, settings, locale.
*
* Bulk-fixture suppression: the activitylog.enabled config key is the
* kill-switch. Seeders and one-shot commands wrap themselves in
* App\Support\ActivityLog::suppressed(...). activity()->log() becomes
* a silent no-op while disabled, so no guard is needed here.
*
* @param array<string, mixed> $properties
*/
public function logSchemaChange(string $event, array $properties = []): void
{
activity()
->performedOn($this)
->withProperties($properties)
->log($event);
}
}
Reference in New Issue View Git Blame Copy Permalink