bert.hausmans
af8a9da038
WS-5a commit 1 of 4 per ARCH-CONSOLIDATION-ADDENDUM-2026-04-24 Q3. Creates the relational home for what was form_fields.binding JSON and form_field_library.default_binding JSON. Owner discriminator is polymorphic morph (owner_type/owner_id) — the pattern the rest of WS-5 (5b validation_rules, 5d options) will reuse. Migration backfills rows from both JSON sources in a single transaction and is genuinely reversible (rollback reconstructs the JSON). Old columns remain in place until commit 3 has switched all readers. Pattern B (binding=null) is represented by absence of row. mode enum covers entity_owned / mirrored only. Cascade on owner delete via observer — bindings are physical state, not historical audit. FormFieldBindingScope enforces multi-tenancy via UNION over both owner chains (form_field → schema → org OR form_field_library → org) — Q2's declarative tenantScopeStrategy() can't walk morph parents. Tests: migration forward/back, morph relation, cascade observer, scope isolation, enum coverage. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
78 lines
2.8 KiB
PHP
78 lines
2.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\FormBuilder\Bindings;
|
|
|
|
use App\Models\FormBuilder\FormField;
|
|
use App\Models\FormBuilder\FormFieldBinding;
|
|
use App\Models\FormBuilder\FormFieldLibrary;
|
|
use App\Models\FormBuilder\FormSchema;
|
|
use App\Models\Organisation;
|
|
use App\Models\Scopes\FormFieldBindingScope;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Routing\Route;
|
|
use Tests\TestCase;
|
|
|
|
/**
|
|
* Asserts `FormFieldBindingScope` isolates bindings per organisation across
|
|
* both owner types (form_field and form_field_library) and that the
|
|
* withoutGlobalScope escape hatch exposes cross-org rows.
|
|
*/
|
|
final class FormFieldBindingScopeTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
public function test_scope_isolates_bindings_per_organisation_for_both_owner_types(): void
|
|
{
|
|
[$orgA, $fieldA, $libraryA] = $this->seedOrgWithBindings();
|
|
[$orgB, $fieldB, $libraryB] = $this->seedOrgWithBindings();
|
|
|
|
$this->withOrgRoute($orgA);
|
|
$ownerIdsA = FormFieldBinding::query()->pluck('owner_id')->sort()->values()->all();
|
|
$expectedA = collect([$fieldA->id, $libraryA->id])->sort()->values()->all();
|
|
$this->assertSame($expectedA, $ownerIdsA);
|
|
|
|
$this->withOrgRoute($orgB);
|
|
$ownerIdsB = FormFieldBinding::query()->pluck('owner_id')->sort()->values()->all();
|
|
$expectedB = collect([$fieldB->id, $libraryB->id])->sort()->values()->all();
|
|
$this->assertSame($expectedB, $ownerIdsB);
|
|
}
|
|
|
|
public function test_without_global_scope_exposes_cross_org(): void
|
|
{
|
|
[$orgA, , ] = $this->seedOrgWithBindings();
|
|
$this->seedOrgWithBindings();
|
|
|
|
$this->withOrgRoute($orgA);
|
|
|
|
$this->assertSame(
|
|
4,
|
|
FormFieldBinding::query()->withoutGlobalScope(FormFieldBindingScope::class)->count(),
|
|
);
|
|
$this->assertSame(2, FormFieldBinding::query()->count());
|
|
}
|
|
|
|
/** @return array{0:Organisation,1:FormField,2:FormFieldLibrary} */
|
|
private function seedOrgWithBindings(): array
|
|
{
|
|
$org = Organisation::factory()->create();
|
|
$schema = FormSchema::factory()->create(['organisation_id' => $org->id]);
|
|
$field = FormField::factory()->create(['form_schema_id' => $schema->id]);
|
|
$library = FormFieldLibrary::factory()->create(['organisation_id' => $org->id]);
|
|
|
|
FormFieldBinding::factory()->forField($field)->entityOwned('person', 'email')->create();
|
|
FormFieldBinding::factory()->forLibrary($library)->entityOwned('person', 'first_name')->create();
|
|
|
|
return [$org, $field, $library];
|
|
}
|
|
|
|
private function withOrgRoute(Organisation $org): void
|
|
{
|
|
$route = new Route(['GET'], '/_test', static fn () => null);
|
|
$route->bind(request());
|
|
$route->setParameter('organisation', $org);
|
|
request()->setRouteResolver(static fn () => $route);
|
|
}
|
|
}
|