bert.hausmans
6ba921442c
Five models that the public form endpoints touch carry a global
OrganisationScope: FormSchema, Event, TimeSlot, FestivalSection,
PersonTag. The initial S2c implementation relied on the scope no-opping
because /public/forms/* has no `{organisation}` route parameter and
OrganisationScope::resolveOrganisationId returns null in that case.
That's accidentally-correct. Any middleware that sets an implicit org
context later (route model binding for platform admin, impersonation,
default-org fallback on an authed Sanctum session) would start
filtering public schema resolution by the wrong org.
- PublicFormTokenResolver: both FormSchema::query() calls now pass
withoutGlobalScope(OrganisationScope::class). public_token is
globally unique so this is safe.
- PublicFormController::timeSlots() / sections() / festivalEventIds():
Event, TimeSlot, FestivalSection queries all explicit now, including
the eager-loaded event relation on time-slots.
- PublicFormController::ownerEvent(): narrowed from
Event::withoutGlobalScopes() to withoutGlobalScope(OrganisationScope)
so future scopes (soft-delete, archived) aren't accidentally
stripped.
- PublicFormSchemaResource::availableTagsByCategory: same narrowing on
the PersonTag query.
PublicFormCrossOrgScopeTest pins the expectation — 4 cases hit every
public endpoint under a stashed foreign-org route parameter and assert
the owner-org data still surfaces. Verified the tests fail when the
fix is reverted (all 4 return `SCHEMA_NOT_FOUND` with the bypass
absent).
Full suite 893 → 897 green.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
156 lines
5.7 KiB
PHP
156 lines
5.7 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Resources\FormBuilder;
|
|
|
|
use App\Enums\FormBuilder\FormFieldType;
|
|
use App\Models\FormBuilder\FormField;
|
|
use App\Models\FormBuilder\FormSchema;
|
|
use App\Models\PersonTag;
|
|
use App\Models\Scopes\OrganisationScope;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Http\Resources\Json\JsonResource;
|
|
|
|
/**
|
|
* Public-facing schema response for /public/forms/{public_token}. Strictly
|
|
* limited per ARCH §10: only fields with is_portal_visible=true AND
|
|
* is_admin_only=false; no PII hints, no role_restrictions bleed, no
|
|
* submissions_count.
|
|
*
|
|
* Carries TAG_PICKER `available_tags` so the portal can render the picker
|
|
* without a second request (S2c D1). Also surfaces `version` + `opened_at`
|
|
* so the portal can later detect schema drift at submit time (D5).
|
|
*
|
|
* @mixin FormSchema
|
|
*/
|
|
final class PublicFormSchemaResource extends JsonResource
|
|
{
|
|
/**
|
|
* @return array<string, mixed>
|
|
*/
|
|
public function toArray(Request $request): array
|
|
{
|
|
$this->resource->loadMissing(['fields', 'sections']);
|
|
|
|
$visibleFields = $this->fields
|
|
->filter(fn ($f) => (bool) $f->is_portal_visible && ! (bool) $f->is_admin_only)
|
|
->values();
|
|
|
|
$organisationId = $this->organisation_id;
|
|
$availableTagsByCategory = $this->availableTagsByCategory($organisationId, $visibleFields);
|
|
|
|
return [
|
|
'id' => $this->id,
|
|
'name' => $this->name,
|
|
'slug' => $this->slug,
|
|
'purpose' => $this->purpose instanceof \BackedEnum ? $this->purpose->value : $this->purpose,
|
|
'description' => $this->description,
|
|
'locale' => $this->locale,
|
|
'version' => (int) $this->version,
|
|
'opened_at' => now()->toIso8601String(),
|
|
'consent_version' => $this->consent_version,
|
|
'submission_deadline' => optional($this->submission_deadline)->toIso8601String(),
|
|
'section_level_submit' => (bool) $this->section_level_submit,
|
|
'sections' => $this->sections->map(fn ($s) => [
|
|
'id' => $s->id,
|
|
'slug' => $s->slug,
|
|
'name' => $s->name,
|
|
'description' => $s->description,
|
|
'sort_order' => (int) $s->sort_order,
|
|
])->values()->all(),
|
|
'fields' => $visibleFields->map(function (FormField $f) use ($availableTagsByCategory): array {
|
|
$isTagPicker = $f->field_type === FormFieldType::TAG_PICKER->value;
|
|
|
|
return [
|
|
'id' => $f->id,
|
|
'slug' => $f->slug,
|
|
'field_type' => $f->field_type,
|
|
'label' => $f->label,
|
|
'help_text' => $f->help_text,
|
|
'options' => is_array($f->options) ? array_values($f->options) : null,
|
|
'available_tags' => $isTagPicker
|
|
? $this->tagsForField($f, $availableTagsByCategory)
|
|
: null,
|
|
'validation_rules' => $f->validation_rules,
|
|
'is_required' => (bool) $f->is_required,
|
|
'display_width' => $f->display_width instanceof \BackedEnum ? $f->display_width->value : $f->display_width,
|
|
'conditional_logic' => $f->conditional_logic,
|
|
'sort_order' => (int) $f->sort_order,
|
|
'form_schema_section_id' => $f->form_schema_section_id,
|
|
];
|
|
})->values()->all(),
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Prefetch every active person_tag for the org once and bucket by
|
|
* category so TAG_PICKER fields can apply their own category filter
|
|
* without N+1 queries.
|
|
*
|
|
* @param \Illuminate\Support\Collection<int, FormField> $visibleFields
|
|
* @return array<string, array<int, array<string, string>>> categoryKey → rows
|
|
*/
|
|
private function availableTagsByCategory(?string $organisationId, $visibleFields): array
|
|
{
|
|
if ($organisationId === null) {
|
|
return [];
|
|
}
|
|
$hasTagPicker = $visibleFields->contains(fn ($f) => $f->field_type === FormFieldType::TAG_PICKER->value);
|
|
if (! $hasTagPicker) {
|
|
return [];
|
|
}
|
|
|
|
// Named-scope bypass only — don't unintentionally strip future
|
|
// soft-delete or is_active scopes if any land later.
|
|
$rows = PersonTag::query()
|
|
->withoutGlobalScope(OrganisationScope::class)
|
|
->where('organisation_id', $organisationId)
|
|
->where('is_active', true)
|
|
->orderBy('sort_order')
|
|
->orderBy('name')
|
|
->get(['id', 'name', 'category']);
|
|
|
|
$grouped = [];
|
|
foreach ($rows as $tag) {
|
|
$category = (string) ($tag->category ?? '');
|
|
$grouped[$category][] = [
|
|
'id' => (string) $tag->id,
|
|
'name' => (string) $tag->name,
|
|
'category' => $category,
|
|
];
|
|
}
|
|
|
|
return $grouped;
|
|
}
|
|
|
|
/**
|
|
* @param array<string, array<int, array<string, string>>> $byCategory
|
|
* @return array<int, array<string, string>>
|
|
*/
|
|
private function tagsForField(FormField $field, array $byCategory): array
|
|
{
|
|
$filter = (array) (($field->validation_rules['tag_categories'] ?? null) ?: []);
|
|
|
|
if ($filter === []) {
|
|
$out = [];
|
|
foreach ($byCategory as $rows) {
|
|
foreach ($rows as $row) {
|
|
$out[] = $row;
|
|
}
|
|
}
|
|
|
|
return $out;
|
|
}
|
|
|
|
$out = [];
|
|
foreach ($filter as $category) {
|
|
foreach ($byCategory[(string) $category] ?? [] as $row) {
|
|
$out[] = $row;
|
|
}
|
|
}
|
|
|
|
return $out;
|
|
}
|
|
}
|