Add stored object creation endpoint

Introduced a new API endpoint to create stored objects with access control for roles 'ROLE_ADMIN' and 'ROLE_USER'. Updated corresponding routes, removed unused dependencies, and added unit tests to ensure functionality.
2025-06-07 18:44:08 +00:00 · 2024-08-28 15:34:42 +02:00 · 2024-08-28 15:34:42 +02:00 · 7ab52ff09e
commit 7ab52ff09e
parent 2d82c1e105
4 changed files with 97 additions and 34 deletions
--- a/src/Bundle/ChillDocStoreBundle/Controller/StoredObjectApiController.php
+++ b/src/Bundle/ChillDocStoreBundle/Controller/StoredObjectApiController.php
@ -11,6 +11,46 @@ declare(strict_types=1);

 namespace Chill\DocStoreBundle\Controller;

+use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\MainBundle\CRUD\Controller\ApiController;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
+use Symfony\Component\Serializer\SerializerInterface;

-class StoredObjectApiController extends ApiController {}
+class StoredObjectApiController extends ApiController
+{
+    public function __construct(
+        private readonly Security $security,
+        private readonly SerializerInterface $serializer,
+        private readonly EntityManagerInterface $entityManager
+    ) {}
+
+    /**
+     * Creates a new stored object.
+     *
+     * @return JsonResponse the response containing the serialized object in JSON format
+     *
+     * @throws AccessDeniedHttpException if the user does not have the necessary role to create a stored object
+     */
+    #[Route('/api/1.0/doc-store/stored-object/create', methods: ['POST'])]
+    public function createStoredObject(): JsonResponse
+    {
+        if (!($this->security->isGranted('ROLE_ADMIN') || $this->security->isGranted('ROLE_USER'))) {
+            throw new AccessDeniedHttpException('Must be user or admin to create a stored object');
+        }
+
+        $object = new StoredObject();
+
+        $this->entityManager->persist($object);
+        $this->entityManager->flush();
+
+        return new JsonResponse(
+            $this->serializer->serialize($object, 'json', [AbstractNormalizer::GROUPS => ['read']]),
+            json: true
+        );
+    }
+}
--- a/src/Bundle/ChillDocStoreBundle/DependencyInjection/ChillDocStoreExtension.php
+++ b/src/Bundle/ChillDocStoreBundle/DependencyInjection/ChillDocStoreExtension.php
@ -11,7 +11,6 @@ declare(strict_types=1);

 namespace Chill\DocStoreBundle\DependencyInjection;

-use Chill\DocStoreBundle\Controller\StoredObjectApiController;
 use Chill\DocStoreBundle\Security\Authorization\AccompanyingCourseDocumentVoter;
 use Chill\DocStoreBundle\Security\Authorization\PersonDocumentVoter;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectVoterInterface;
@ -19,7 +18,6 @@ use Symfony\Component\Config\FileLocator;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Extension\PrependExtensionInterface;
 use Symfony\Component\DependencyInjection\Loader;
-use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\DependencyInjection\Extension;

 /**
@ -53,29 +51,6 @@ class ChillDocStoreExtension extends Extension implements PrependExtensionInterf
        $this->prependRoute($container);
        $this->prependAuthorization($container);
        $this->prependTwig($container);
-        $this->prependApis($container);
-    }
-
-    protected function prependApis(ContainerBuilder $container)
-    {
-        $container->prependExtensionConfig('chill_main', [
-            'apis' => [
-                [
-                    'class' => \Chill\DocStoreBundle\Entity\StoredObject::class,
-                    'controller' => StoredObjectApiController::class,
-                    'name' => 'stored_object',
-                    'base_path' => '/api/1.0/docstore/stored-object',
-                    'base_role' => 'ROLE_USER',
-                    'actions' => [
-                        '_entity' => [
-                            'methods' => [
-                                Request::METHOD_POST => true,
-                            ],
-                        ],
-                    ],
-                ],
-            ],
-        ]);
    }

    protected function prependAuthorization(ContainerBuilder $container)
--- a/src/Bundle/ChillDocStoreBundle/Tests/Controller/StoredObjectApiControllerTest.php
+++ b/src/Bundle/ChillDocStoreBundle/Tests/Controller/StoredObjectApiControllerTest.php
@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\DocStoreBundle\Tests\Controller;
+
+use Chill\DocStoreBundle\Controller\StoredObjectApiController;
+use Chill\DocStoreBundle\Entity\StoredObject;
+use Doctrine\ORM\EntityManagerInterface;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Serializer\SerializerInterface;
+
+/**
+ * @internal
+ *
+ * @coversNothing
+ */
+class StoredObjectApiControllerTest extends TestCase
+{
+    public function testCreate(): void
+    {
+        $security = $this->createMock(Security::class);
+        $security->expects($this->atLeastOnce())->method('isGranted')
+            ->with($this->logicalOr($this->identicalTo('ROLE_ADMIN'), $this->identicalTo('ROLE_USER')))
+            ->willReturn(true)
+        ;
+
+        $entityManager = $this->createMock(EntityManagerInterface::class);
+        $entityManager->expects($this->once())->method('persist')->with($this->isInstanceOf(StoredObject::class));
+        $entityManager->expects($this->once())->method('flush');
+
+        $serializer = $this->createMock(SerializerInterface::class);
+        $serializer->expects($this->once())->method('serialize')
+            ->with($this->isInstanceOf(StoredObject::class), 'json', $this->anything())
+            ->willReturn($r = <<<'JSON'
+            {"type":  "stored-object", "id":  1}
+            JSON);
+
+        $controller = new StoredObjectApiController($security, $serializer, $entityManager);
+
+        $actual = $controller->createStoredObject();
+
+        self::assertInstanceOf(JsonResponse::class, $actual);
+        self::assertEquals($r, $actual->getContent());
+    }
+}
--- a/src/Bundle/ChillDocStoreBundle/chill.api.specs.yaml
+++ b/src/Bundle/ChillDocStoreBundle/chill.api.specs.yaml
@ -21,18 +21,11 @@ components:
          type: string

 paths:
-  /1.0/docstore/stored-object.json:
+  /1.0/doc-store/stored-object/create:
    post:
      tags:
        - storedobject
      summary: Create a stored object
-      requestBody:
-        description: "A stored object"
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: "#/components/schemas/StoredObject"
      responses:
        200:
          description: "OK"