bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b6a3a17b0afbab7e08bf2466abf25b330c5e790e
crewli/api/app/Http/Resources/FormBuilder/FormFieldResource.php
bert.hausmans 4b7e66b83f feat(form-builder): API resources with FieldAccessService filtering 
Phase 4 of S2b. Nine resources that shape the universal form builder
responses. FieldAccessService::filterVisibleFields gates every field
array — the primary defence tested by FormResourceSecurityTest (§22.9).

- FormSchemaResource: includes fields_count, submissions_count,
  has_submissions, is_locked (derived from edit_lock_*), public_form_url
  when public_token is set, and filtered fields collection.
- FormSchemaSummaryResource: lean list-endpoint variant.
- FormFieldResource: effective_label / help_text / options resolved via
  FormLocaleResolver + translations JSON, plus TAG_PICKER available_tags
  filtered by validation_rules.tag_categories.
- FormSubmissionResource: values keyed by field slug with FieldAccessService
  filtering, section_statuses, active delegations, review_info,
  submitted_in_locale, submission_duration_seconds.
- FormSubmissionSummaryResource: lean list variant.
- FormTemplateResource, FormFieldLibraryResource.
- PublicFormSchemaResource: strictly limited per §10 — only
  is_portal_visible=true AND is_admin_only=false fields, no PII hints,
  no role_restrictions, no submissions_count.
- FormSchemaWebhookResource: url/secret never returned; only url_host +
  has_secret boolean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 21:13:40 +02:00

128 lines
4.3 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Http\Resources\FormBuilder;
use App\Enums\FormBuilder\FormFieldType;
use App\Models\FormBuilder\FormField;
use App\Models\PersonTag;
use App\Services\FormBuilder\FormLocaleResolver;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
/**
* @mixin FormField
*/
final class FormFieldResource extends JsonResource
{
/**
* @return array<string, mixed>
*/
public function toArray(Request $request): array
{
$locale = app(FormLocaleResolver::class)->resolve(
$this->resource->schema,
$request->user(),
);
return [
'id' => $this->id,
'form_schema_id' => $this->form_schema_id,
'form_schema_section_id' => $this->form_schema_section_id,
'library_field_id' => $this->library_field_id,
'field_type' => $this->field_type,
'slug' => $this->slug,
'label' => $this->resolvedLabel($locale),
'help_text' => $this->resolvedHelpText($locale),
'section' => $this->section,
'options' => $this->normalizedOptions($locale),
'available_tags' => $this->when(
$this->field_type === FormFieldType::TAG_PICKER->value,
fn () => $this->availableTags(),
),
'validation_rules' => $this->validation_rules,
'is_required' => (bool) $this->is_required,
'is_filterable' => (bool) $this->is_filterable,
'is_portal_visible' => (bool) $this->is_portal_visible,
'is_admin_only' => (bool) $this->is_admin_only,
'is_unique' => (bool) $this->is_unique,
'is_pii' => (bool) $this->is_pii,
'display_width' => $this->display_width instanceof \BackedEnum ? $this->display_width->value : $this->display_width,
'binding' => $this->binding,
'conditional_logic' => $this->conditional_logic,
'role_restrictions' => $this->role_restrictions,
'translations' => $this->translations,
'value_storage_hint' => $this->value_storage_hint instanceof \BackedEnum ? $this->value_storage_hint->value : $this->value_storage_hint,
'review_required' => (bool) $this->review_required,
'sort_order' => (int) $this->sort_order,
];
}
private function resolvedLabel(string $locale): string
{
$translations = $this->translations ?? [];
if (isset($translations[$locale]['label']) && $translations[$locale]['label'] !== '') {
return (string) $translations[$locale]['label'];
}
return (string) $this->label;
}
private function resolvedHelpText(string $locale): ?string
{
$translations = $this->translations ?? [];
if (isset($translations[$locale]['help_text'])) {
return (string) $translations[$locale]['help_text'];
}
return $this->help_text;
}
/**
* @return array<int, mixed>|null
*/
private function normalizedOptions(string $locale): ?array
{
$options = $this->options;
if (! is_array($options)) {
return null;
}
$translations = $this->translations ?? [];
if (isset($translations[$locale]['options']) && is_array($translations[$locale]['options'])) {
return array_values($translations[$locale]['options']);
}
return array_values($options);
}
/**
* @return array<int, array<string, string>>
*/
private function availableTags(): array
{
$organisationId = $this->resource->schema?->organisation_id;
if ($organisationId === null) {
return [];
}
$categoryFilter = (array) (($this->validation_rules['tag_categories'] ?? null) ?: []);
$query = PersonTag::withoutGlobalScopes()
->where('organisation_id', $organisationId)
->where('is_active', true);
if ($categoryFilter !== []) {
$query->whereIn('category', $categoryFilter);
}
return $query->get(['id', 'name', 'category'])
->map(fn ($t) => [
'id' => (string) $t->id,
'name' => (string) $t->name,
'category' => (string) $t->category,
])
->all();
}
}
Reference in New Issue View Git Blame Copy Permalink