crewli/api/tests/Feature/FormBuilder/Bindings/Pipeline/SignatureContractPurposePipelineTest.php

<?php

declare(strict_types=1);

namespace Tests\Feature\FormBuilder\Bindings\Pipeline;

use App\Enums\FormBuilder\ApplyStatus;
use App\Enums\FormBuilder\FormFieldBindingMergeStrategy;
use App\Enums\FormBuilder\FormPurpose;
use App\Exceptions\FormBuilder\PurposeSubjectResolutionException;
use App\FormBuilder\Bindings\BindingPassResult;
use App\FormBuilder\Bindings\FormBindingApplicator;
use App\Models\FormBuilder\FormField;
use App\Models\FormBuilder\FormFieldBinding;
use App\Models\FormBuilder\FormSchema;
use App\Models\FormBuilder\FormSubmission;
use App\Models\FormBuilder\FormValue;
use App\Models\Organisation;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Tests\TestCase;

/**
 * End-to-end pipeline smoke for the signature_contract purpose.
 *
 * RFC §3 Q9 case matrix:
 *   - Happy path
 *   - Conflict resolution (trust precedence)
 *   - Missing required context (no auth user)
 *
 * Subject resolution: SignatureContractSubjectResolver returns the
 * authenticated User (via submission.submitted_by_user_id).
 *
 * Ref: ARCH-BINDINGS.md § 6.5
 */
final class SignatureContractPurposePipelineTest extends TestCase
{
    use RefreshDatabase;

    public function test_happy_path_applies_bindings_and_marks_completed(): void
    {
        $user = User::factory()->create(['first_name' => 'Old', 'last_name' => 'Name']);
        $submission = $this->makeSubmission($user, [
            'first_name' => ['value' => 'Jan', 'trust' => 70],
            'last_name' => ['value' => 'Jansen', 'trust' => 60],
        ]);

        $result = DB::transaction(fn (): BindingPassResult => resolve(FormBindingApplicator::class)->apply($submission));

        $this->assertSame(ApplyStatus::COMPLETED, $result->applyStatus());
        $this->assertSame('user', $result->provisionedSubjectType);
        $this->assertSame((string) $user->id, $result->provisionedSubjectId);

        $user->refresh();
        $this->assertSame('Jan', $user->first_name);
        $this->assertSame('Jansen', $user->last_name);
    }

    public function test_conflict_resolution_picks_highest_trust(): void
    {
        $user = User::factory()->create(['first_name' => 'Initial']);

        // Two bindings to the same target attribute, different trust levels.
        $submission = $this->makeSubmission($user, [
            'first_name__low' => ['value' => 'LowTrust', 'trust' => 30, 'attribute' => 'first_name'],
            'first_name__high' => ['value' => 'HighTrust', 'trust' => 90, 'attribute' => 'first_name'],
        ]);

        $result = DB::transaction(fn (): BindingPassResult => resolve(FormBindingApplicator::class)->apply($submission));

        $this->assertSame(ApplyStatus::COMPLETED, $result->applyStatus());
        $user->refresh();
        $this->assertSame('HighTrust', $user->first_name);
    }

    public function test_missing_auth_user_throws_resolution_exception(): void
    {
        $org = Organisation::factory()->create();
        $schema = FormSchema::factory()->create([
            'organisation_id' => $org->id,
            'purpose' => FormPurpose::SIGNATURE_CONTRACT->value,
        ]);

        // submitted_by_user_id deliberately null + subject_type/id null.
        $submission = FormSubmission::factory()->create([
            'form_schema_id' => $schema->id,
            'submitted_by_user_id' => null,
            'subject_type' => null,
            'subject_id' => null,
        ]);
        $submission->schema_snapshot = ['fields' => []];
        $submission->save();

        try {
            DB::transaction(fn () => resolve(FormBindingApplicator::class)->apply($submission->fresh()));
            $this->fail('Expected PurposeSubjectResolutionException');
        } catch (PurposeSubjectResolutionException $e) {
            $this->assertSame('signature_contract', $e->purposeSlug);
            $this->assertSame('no_auth', $e->reasonCode);
        }
    }

    /**
     * @param  array<string, array{value:string, trust:int, attribute?:string}>  $bindingSpecs
     */
    private function makeSubmission(User $user, array $bindingSpecs): FormSubmission
    {
        $org = Organisation::factory()->create();
        $schema = FormSchema::factory()->create([
            'organisation_id' => $org->id,
            'purpose' => FormPurpose::SIGNATURE_CONTRACT->value,
        ]);

        $submission = FormSubmission::factory()->create([
            'form_schema_id' => $schema->id,
            'submitted_by_user_id' => $user->id,
            'subject_type' => 'user',
            'subject_id' => $user->id,
        ]);

        $snapshotFields = [];
        foreach ($bindingSpecs as $slug => $spec) {
            $attribute = $spec['attribute'] ?? $slug;
            $field = FormField::factory()->create([
                'form_schema_id' => $schema->id,
                'slug' => $slug,
            ]);
            $binding = FormFieldBinding::factory()->forField($field)
                ->entityOwned('user', $attribute)
                ->create([
                    'merge_strategy' => FormFieldBindingMergeStrategy::Overwrite->value,
                    'trust_level' => $spec['trust'],
                ]);
            $snapshotFields[] = [
                'id' => (string) $field->id,
                'slug' => (string) $field->slug,
                'sort_order' => (int) $field->sort_order,
                'bindings' => [[
                    'id' => (string) $binding->id,
                    'mode' => 'entity_owned',
                    'entity' => 'user',
                    'column' => $attribute,
                    'merge_strategy' => 'overwrite',
                    'trust_level' => $spec['trust'],
                    'is_identity_key' => false,
                ]],
            ];
            $this->writeValue($submission->id, $field->id, $spec['value']);
        }

        $submission->schema_snapshot = ['fields' => $snapshotFields];
        $submission->save();

        return $submission->fresh();
    }

    private function writeValue(string $submissionId, string $fieldId, mixed $value): void
    {
        $row = new FormValue;
        $row->form_submission_id = $submissionId;
        $row->form_field_id = $fieldId;
        $row->setAttribute('value', $value);
        $row->value_anonymised = false;
        $row->save();
    }
}