bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b1d5bcda763fe667d7fd68828c04deca8091a65b
crewli/api/app/Providers/AppServiceProvider.php
bert.hausmans b1d5bcda76 feat: BindSentryContext middleware + queue job attempt tagging 
WS-7 PR-2 commit 2.

- app/Http/Middleware/BindSentryContext.php: sets RFC §3.6 tags on the
  active Sentry scope (app, http.method, route_name, actor_type,
  user_id, organisation_id, event_id, impersonation). Multi-tenant
  invariant: throws RuntimeException in local/testing when an auth
  request to a tenant-scoped route lacks organisation_id; logs a
  warning in production so the user flow still completes.
- app/Listeners/Observability/TagJobAttemptOnSentry.php: tags
  queue.attempt on the scope from the JobProcessing event. Default
  stack-trace grouping preserved per §3.11.
- ActorType: VOLUNTEER case reserved for a future role split. Current
  resolver maps non-admin authenticated users to ORG_MEMBER.
- bootstrap/app.php: registers sentry.context alias. Applied inside
  auth:sanctum groups in routes/api.php so it runs after auth.
- AppServiceProvider::boot registers the queue listener.

Test count: 1507 to 1523. Larastan clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 09:13:55 +02:00

327 lines
14 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Providers;
use App\Events\FormBuilder\FormSubmissionSectionSubmitted;
use App\Events\FormBuilder\FormSubmissionSubmitted;
use App\FormBuilder\Bindings\BindingActivityLogger;
use App\FormBuilder\Bindings\BindingConflictResolver;
use App\FormBuilder\Bindings\BindingTypeRegistry;
use App\FormBuilder\Bindings\FormBindingApplicator;
use App\FormBuilder\Bindings\PersonProvisioner;
use App\FormBuilder\Purposes\PurposeRegistry;
use App\Listeners\FormBuilder\ApplyBindingsOnFormSectionSubmitted;
use App\Listeners\FormBuilder\ApplyBindingsOnFormSubmit;
use App\Listeners\FormBuilder\SyncTagPickerSelectionsOnSubmit;
use App\Listeners\FormBuilder\TriggerPersonIdentityMatchOnFormSubmit;
use App\Models\Company;
use App\Models\CrowdList;
use App\Models\CrowdType;
use App\Models\EmailChangeRequest;
use App\Models\EmailLog;
use App\Models\Event;
use App\Models\FestivalSection;
use App\Models\FormBuilder\FormField;
use App\Models\FormBuilder\FormFieldLibrary;
use App\Models\FormBuilder\FormSchema;
use App\Models\FormBuilder\FormSchemaSection;
use App\Models\FormBuilder\FormSchemaWebhook;
use App\Models\FormBuilder\FormSubmission;
use App\Models\FormBuilder\FormSubmissionDelegation;
use App\Models\FormBuilder\FormSubmissionSectionStatus;
use App\Models\FormBuilder\FormTemplate;
use App\Models\FormBuilder\FormValue;
use App\Models\FormBuilder\FormValueOption;
use App\Models\FormBuilder\FormWebhookDelivery;
use App\Models\ImpersonationSession;
use App\Models\Location;
use App\Models\MfaBackupCode;
use App\Models\MfaEmailCode;
use App\Models\Organisation;
use App\Models\OrganisationEmailSettings;
use App\Models\OrganisationEmailTemplate;
use App\Models\Person;
use App\Models\PersonIdentityMatch;
use App\Models\PersonSectionPreference;
use App\Models\PersonTag;
use App\Models\Shift;
use App\Models\ShiftAssignment;
use App\Models\ShiftWaitlist;
use App\Models\TimeSlot;
use App\Models\TrustedDevice;
use App\Models\User;
use App\Models\UserInvitation;
use App\Models\UserOrganisationTag;
use App\Models\UserProfile;
use App\Models\VolunteerAvailability;
use App\Observers\FormBuilder\FormFieldChildTablesCascadeObserver;
use App\Observers\FormBuilder\FormSubmissionObserver;
use App\Observers\FormBuilder\FormValueObserver;
use App\Observers\PersonObserver;
use App\Observers\UserObserver;
use Illuminate\Auth\Notifications\ResetPassword;
use Illuminate\Database\Eloquent\Relations\Relation;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\ServiceProvider;
use Spatie\Activitylog\Models\Activity;
class AppServiceProvider extends ServiceProvider
{
/**
* FQCN lookup for every `subject_type` alias that PurposeRegistry may
* return. Single source of truth for domain-subject → model mapping,
* consumed by the morph-map build in boot(). The `artist` class is
* declared as a string because the Artist model is not yet landed;
* it is safe to register the morph alias (lazily resolved).
*
* @var array<string, class-string|string>
*/
private const PURPOSE_SUBJECT_FQCN = [
'person' => Person::class,
'user' => User::class,
'company' => Company::class,
'artist' => 'App\\Models\\Artist',
];
public function register(): void
{
$this->mergeConfigFrom(
base_path('config/form_builder/purposes.php'),
'form_builder.purposes',
);
$this->mergeConfigFrom(
base_path('config/form_builder/binding_targets.php'),
'form_builder.binding_targets',
);
$this->app->singleton(PurposeRegistry::class);
$this->app->singleton(BindingTypeRegistry::class);
$this->app->singleton(PersonProvisioner::class);
$this->app->singleton(BindingConflictResolver::class);
$this->app->singleton(BindingActivityLogger::class);
$this->app->singleton(FormBindingApplicator::class);
// Telescope is a dev-only debugging dashboard. Three-layer
// defense keeps it out of production: composer `dont-discover`
// suppresses auto-registration, this block gates manual
// registration to local/testing, and TELESCOPE_ENABLED in .env
// is the runtime toggle (see /dev-docs/TELESCOPE.md). The vendor
// service provider registers routes/migrations/publishing;
// App\Providers\TelescopeServiceProvider attaches the gate +
// filter. Both must register for the dashboard to work.
if ($this->app->environment('local', 'testing')) {
$this->app->register(\Laravel\Telescope\TelescopeServiceProvider::class);
$this->app->register(\App\Providers\TelescopeServiceProvider::class);
}
}
public function boot(): void
{
$this->registerMorphMap();
// RFC-WS-6 V3 — explicit policy registration. Laravel's auto-discovery
// doesn't reliably resolve nested-namespace models like
// App\Models\FormBuilder\FormSubmissionActionFailure to
// App\Policies\FormBuilder\FormSubmissionActionFailurePolicy.
Gate::policy(
\App\Models\FormBuilder\FormSubmissionActionFailure::class,
\App\Policies\FormBuilder\FormSubmissionActionFailurePolicy::class,
);
// RFC-WS-6 v1.1 §3 Q5 — explicit route model binding for the
// form-failures admin endpoints. Implicit binding on nested route
// groups triggers Laravel's scoped-binding logic that tries to
// resolve the failure as a relation of the route's parent
// ({organisation}) — Organisation has no formSubmissionActionFailures()
// relation, so the implicit lookup silently fails and the
// controller receives a string. Route::bind sidesteps the
// scoped-binding path entirely. Bypass global scopes so cross-
// tenant access reaches the policy (which translates denied → 404
// per RFC V3 in the controller).
\Illuminate\Support\Facades\Route::bind('formSubmissionActionFailure', static function (string $value): \App\Models\FormBuilder\FormSubmissionActionFailure {
$model = \App\Models\FormBuilder\FormSubmissionActionFailure::query()
->withoutGlobalScopes()
->find($value);
if ($model === null) {
throw new \Illuminate\Database\Eloquent\ModelNotFoundException;
}
return $model;
});
Person::observe(PersonObserver::class);
User::observe(UserObserver::class);
FormValue::observe(FormValueObserver::class);
\App\Models\FormBuilder\FormSubmission::observe(FormSubmissionObserver::class);
// Cascade binding / validation-rule / config rows on owner delete.
// Children are physical state; deleted on soft-delete as well as
// hard-delete of the owner (WS-5a bindings, WS-5b validation rules
// + configs).
FormField::observe(FormFieldChildTablesCascadeObserver::class);
FormFieldLibrary::observe(FormFieldChildTablesCascadeObserver::class);
// RFC-WS-6 §3 (Q1) — sync chain on FormSubmissionSubmitted, in
// this exact order:
// 1. ApplyBindingsOnFormSubmit (sync)
// 2. TriggerPersonIdentityMatchOnFormSubmit (sync)
// Queued listeners on the same event (SyncTagPickerSelectionsOnSubmit,
// future webhook dispatcher, mailables) run in parallel after the
// sync chain via the queue. Their relative registration position
// is irrelevant.
// RFC Q1 — applies bindings sync before identity match runs.
\Illuminate\Support\Facades\Event::listen(
FormSubmissionSubmitted::class,
ApplyBindingsOnFormSubmit::class,
);
// ARCH §31.10 — FORM-02 TAG_PICKER sync listener (queued).
\Illuminate\Support\Facades\Event::listen(
FormSubmissionSubmitted::class,
SyncTagPickerSelectionsOnSubmit::class,
);
// ARCH §31.1 — identity-match trigger on event_registration (sync).
\Illuminate\Support\Facades\Event::listen(
FormSubmissionSubmitted::class,
TriggerPersonIdentityMatchOnFormSubmit::class,
);
// RFC Q10 — section-level apply stub. Runtime gated by feature flag.
\Illuminate\Support\Facades\Event::listen(
FormSubmissionSectionSubmitted::class,
ApplyBindingsOnFormSectionSubmitted::class,
);
// RFC-WS-7 §3.6 / §3.11 — tag captured Sentry events with the queue
// attempt count. Default stack-trace grouping is preserved (no
// per-attempt fingerprinting).
\Illuminate\Support\Facades\Event::listen(
\Illuminate\Queue\Events\JobProcessing::class,
\App\Listeners\Observability\TagJobAttemptOnSentry::class,
);
ResetPassword::createUrlUsing(function ($user, string $token) {
return config('crewli.portal_url').'/wachtwoord-resetten?token='.$token.'&email='.urlencode($user->email);
});
// Tag activity log entries with impersonation context
Activity::saving(function (Activity $activity) {
$request = request();
$impersonator = $request->attributes->get('impersonator');
$session = $request->attributes->get('impersonation_session');
if ($impersonator && $session) {
$properties = $activity->properties?->toArray() ?? [];
$properties['impersonated_by'] = [
'user_id' => $impersonator->id,
'name' => $impersonator->full_name,
'email' => $impersonator->email,
];
$properties['impersonation_session_id'] = $session->id;
$activity->properties = collect($properties);
}
});
}
/**
* Morph-map is built from three labelled blocks:
*
* 1. Domain subject types — derived from PurposeRegistry. These are
* the aliases allowed on `form_submissions.subject_type`.
* 2. Non-purpose domain types — form_schemas owner_types that are
* not subjects (`organisation`, `event`, `user_profile`) plus
* domain models referenced as activity-log subjects/causers.
* 3. Framework types — spatie/activitylog subjects.
*
* Sanctum's `personal_access_tokens.tokenable_type` is intentionally
* absent (addendum Q4: framework polymorphie uses framework defaults,
* not the domain morph-map). `MorphMapAlignmentTest` guards blocks
* 1 and 2 against drift.
*/
private function registerMorphMap(): void
{
/** @var PurposeRegistry $registry */
$registry = $this->app->make(PurposeRegistry::class);
// Block 1 — domain subject types, derived from PurposeRegistry.
$domainSubjectTypes = [];
foreach ($registry->allSubjectTypes() as $alias) {
$fqcn = self::PURPOSE_SUBJECT_FQCN[$alias] ?? null;
if ($fqcn === null) {
throw new \RuntimeException(
"No FQCN mapping for purpose subject_type '{$alias}'. "
.'Add it to AppServiceProvider::PURPOSE_SUBJECT_FQCN.'
);
}
$domainSubjectTypes[$alias] = $fqcn;
}
// Block 2 — non-purpose domain types.
$nonPurposeDomainTypes = [
// form_schemas owner_type candidates that are not subject_types.
'organisation' => Organisation::class,
'event' => Event::class,
'user_profile' => UserProfile::class,
// Domain models referenced as activity-log subjects/causers.
'crowd_list' => CrowdList::class,
'crowd_type' => CrowdType::class,
'email_change_request' => EmailChangeRequest::class,
'email_log' => EmailLog::class,
'festival_section' => FestivalSection::class,
'impersonation_session' => ImpersonationSession::class,
'location' => Location::class,
'mfa_backup_code' => MfaBackupCode::class,
'mfa_email_code' => MfaEmailCode::class,
'organisation_email_settings' => OrganisationEmailSettings::class,
'organisation_email_template' => OrganisationEmailTemplate::class,
'person_identity_match' => PersonIdentityMatch::class,
'person_section_preference' => PersonSectionPreference::class,
'person_tag' => PersonTag::class,
'shift' => Shift::class,
'shift_assignment' => ShiftAssignment::class,
'shift_waitlist' => ShiftWaitlist::class,
'time_slot' => TimeSlot::class,
'trusted_device' => TrustedDevice::class,
'user_invitation' => UserInvitation::class,
'user_organisation_tag' => UserOrganisationTag::class,
'volunteer_availability' => VolunteerAvailability::class,
// Form-builder models used as activity-log subjects and (S2+)
// polymorphic webhook payload subjects.
'form_schema' => FormSchema::class,
'form_schema_section' => FormSchemaSection::class,
'form_field' => FormField::class,
'form_field_library' => FormFieldLibrary::class,
'form_submission' => FormSubmission::class,
'form_submission_section_status' => FormSubmissionSectionStatus::class,
'form_submission_delegation' => FormSubmissionDelegation::class,
'form_submission_action_failure' => \App\Models\FormBuilder\FormSubmissionActionFailure::class,
'form_value' => FormValue::class,
'form_value_option' => FormValueOption::class,
'form_template' => FormTemplate::class,
'form_schema_webhook' => FormSchemaWebhook::class,
'form_webhook_delivery' => FormWebhookDelivery::class,
];
// Block 3 — framework types (spatie/activitylog). Sanctum is absent
// on purpose; see class-level docblock.
$frameworkTypes = [
// activitylog causer/subject fall-back entries are not needed
// here because every framework morph value lands on a registered
// domain alias above. Reserved for future framework extensions.
];
Relation::enforceMorphMap(array_merge(
$domainSubjectTypes,
$nonPurposeDomainTypes,
$frameworkTypes,
));
}
}
Reference in New Issue View Git Blame Copy Permalink