Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-07-03 07:26:12 +00:00
Code Issues Actions Projects Releases Wiki Activity

Add ticket listing API endpoint with pagination and filters

Browse Source 
- Introduced `/api/1.0/ticket/ticket/list` endpoint for ticket retrieval.
- Added support for filtering by person and applied access control checks.
- Defined `TicketSimple` and updated `Collection` schemas in API specifications.
- Implemented `TicketListApiController` to handle ticket listing logic.
- Added unit tests for `TicketListApiController`.
This commit is contained in:
Julien Fastré 2025-07-02 18:41:09 +02:00
parent 9b7dccac9d
commit 7fef504f43
Signed by: julienfastre
GPG Key ID: BDE2190974723FCB
5 changed files with 354 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/Bundle/ChillMainBundle/chill.api.specs.yaml
View File

@ -10,6 +10,31 @@ servers:
components:
schemas:
Collection:
type: object
properties:
count:
type: number
format: u64
pagination:
type: object
properties:
first:
type: number
format: u64
items_per_page:
type: number
format: u64
next:
type: string
format: uri
nullable: true
previous:
type: string
format: uri
nullable: true
more:
type: boolean
EntityWorkflowAttachment:
type: object
properties:

39
src/Bundle/ChillTicketBundle/chill.api.specs.yaml
View File

@ -1,5 +1,10 @@
components:
schemas:
TicketSimple:
type: object
properties:
id:
type: integer
Motive:
type: object
properties:
@ -44,6 +49,40 @@ paths:
responses:
200:
description: "OK"
/1.0/ticket/ticket/list:
get:
tags:
- ticket
summary: List of tickets
parameters:
- name: byPerson
in: query
description: the id of the person
required: false
style: form
explode: false
schema:
type: array
items:
type: integer
format: integer
minimum: 1
responses:
200:
description: OK
content:
application/json:
schema:
allOf:
- $ref: '#components/schemas/Collection'
- type: object
properties:
results:
type: array
items:
$ref: '#component/schema/TicketSimple'
/1.0/ticket/motive.json:
get:
tags:

2
src/Bundle/ChillTicketBundle/src/Controller/TicketControllerApi.php
View File

@ -20,7 +20,7 @@ class TicketControllerApi
{
public function __construct(private readonly SerializerInterface $serializer) {}
#[Route('/api/1.0/ticket/ticket/{id}', methods: ['GET'])]
#[Route('/api/1.0/ticket/ticket/{id}', requirements: ['id' => '\d+'], methods: ['GET'])]
public function get(Ticket $ticket): JsonResponse
{
return new JsonResponse(

68
src/Bundle/ChillTicketBundle/src/Controller/TicketListApiController.php Normal file
View File

@ -0,0 +1,68 @@
<?php
declare(strict_types=1);
/*
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\TicketBundle\Controller;
use Chill\MainBundle\Pagination\PaginatorFactoryInterface;
use Chill\MainBundle\Serializer\Model\Collection;
use Chill\PersonBundle\Repository\PersonRepository;
use Chill\PersonBundle\Security\Authorization\PersonVoter;
use Chill\TicketBundle\Repository\TicketACLAwareRepositoryInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Serializer\SerializerInterface;
final readonly class TicketListApiController
{
public function __construct(
private Security $security,
private TicketACLAwareRepositoryInterface $ticketRepository,
private PaginatorFactoryInterface $paginatorFactory,
private SerializerInterface $serializer,
private PersonRepository $personRepository,
) {}
#[Route('/api/1.0/ticket/ticket/list', name: 'chill_ticket_list_api', methods: ['GET'])]
public function listTicket(Request $request): JsonResponse
{
if (!$this->security->isGranted('ROLE_USER')) {
throw new AccessDeniedHttpException('Only users are allowed to list tickets.');
}
$params = [];
if ($request->query->has('byPerson')) {
$params = explode(',', $request->query->get('byPerson'));
foreach ($params as $id) {
$params['byPerson'][] = $person = $this->personRepository->find($id);
if (!$this->security->isGranted(PersonVoter::SEE, $person)) {
throw new AccessDeniedHttpException(sprintf('Not allowed to see a person with id %d', $id));
}
}
}
$nb = $this->ticketRepository->countTickets($params);
$paginator = $this->paginatorFactory->create($nb);
$tickets = $this->ticketRepository->findTickets($params, $paginator->getCurrentPageFirstItemNumber(), $paginator->getItemsPerPage());
$collection = new Collection($tickets, $paginator);
return new JsonResponse(
$this->serializer->serialize($collection, 'json', ['groups' => 'read']),
json: true
);
}
}

221
src/Bundle/ChillTicketBundle/tests/Controller/TicketListApiControllerTest.php Normal file
View File

@ -0,0 +1,221 @@
<?php
declare(strict_types=1);
/*
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\TicketBundle\Tests\Controller;
use Chill\MainBundle\Pagination\PaginatorFactoryInterface;
use Chill\MainBundle\Pagination\PaginatorInterface;
use Chill\MainBundle\Serializer\Model\Collection;
use Chill\PersonBundle\Entity\Person;
use Chill\PersonBundle\Repository\PersonRepository;
use Chill\PersonBundle\Security\Authorization\PersonVoter;
use Chill\TicketBundle\Controller\TicketListApiController;
use Chill\TicketBundle\Entity\Ticket;
use Chill\TicketBundle\Repository\TicketACLAwareRepositoryInterface;
use PHPUnit\Framework\TestCase;
use Prophecy\Argument;
use Prophecy\PhpUnit\ProphecyTrait;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Serializer\SerializerInterface;
/**
* @internal
*
* @covers \Chill\TicketBundle\Controller\TicketListApiController
*/
final class TicketListApiControllerTest extends TestCase
{
use ProphecyTrait;
public function testListTicketNoParameter(): void
{
// Mock dependencies
$security = $this->prophesize(Security::class);
$security->isGranted('ROLE_USER')->willReturn(true);
$ticketRepository = $this->prophesize(TicketACLAwareRepositoryInterface::class);
$tickets = [new Ticket(), new Ticket()];
$ticketRepository->countTickets([])->willReturn(2);
$ticketRepository->findTickets([], 0, 10)->willReturn($tickets);
$paginator = $this->prophesize(PaginatorInterface::class);
$paginator->getCurrentPageFirstItemNumber()->willReturn(0);
$paginator->getItemsPerPage()->willReturn(10);
$paginatorFactory = $this->prophesize(PaginatorFactoryInterface::class);
$paginatorFactory->create(2)->willReturn($paginator->reveal());
$serializer = $this->prophesize(SerializerInterface::class);
$serializer->serialize(
Argument::that(function (Collection $collection) use ($tickets) {
return $collection->getItems() === $tickets;
}),
'json',
['groups' => 'read']
)->willReturn('{"items":[{},{}],"pagination":{}}');
$personRepository = $this->prophesize(PersonRepository::class);
// Create controller
$controller = new TicketListApiController(
$security->reveal(),
$ticketRepository->reveal(),
$paginatorFactory->reveal(),
$serializer->reveal(),
$personRepository->reveal()
);
// Create request
$request = new Request();
// Call controller method
$response = $controller->listTicket($request);
// Assert response
$this->assertInstanceOf(JsonResponse::class, $response);
$this->assertEquals('{"items":[{},{}],"pagination":{}}', $response->getContent());
}
public function testListTicketWithPersonFilter(): void
{
// Mock dependencies
$security = $this->prophesize(Security::class);
$security->isGranted('ROLE_USER')->willReturn(true);
$person = new Person();
$security->isGranted(PersonVoter::SEE, $person)->willReturn(true);
$ticketRepository = $this->prophesize(TicketACLAwareRepositoryInterface::class);
$tickets = [new Ticket(), new Ticket()];
$ticketRepository->countTickets(Argument::that(function ($params) use ($person) {
return isset($params['byPerson']) && in_array($person, $params['byPerson']);
}))->willReturn(2);
$ticketRepository->findTickets(
Argument::that(function ($params) use ($person) {
return isset($params['byPerson']) && in_array($person, $params['byPerson']);
}),
0,
10
)->willReturn($tickets);
$paginator = $this->prophesize(PaginatorInterface::class);
$paginator->getCurrentPageFirstItemNumber()->willReturn(0);
$paginator->getItemsPerPage()->willReturn(10);
$paginatorFactory = $this->prophesize(PaginatorFactoryInterface::class);
$paginatorFactory->create(2)->willReturn($paginator->reveal());
$serializer = $this->prophesize(SerializerInterface::class);
$serializer->serialize(
Argument::that(function (Collection $collection) use ($tickets) {
return $collection->getItems() === $tickets;
}),
'json',
['groups' => 'read']
)->willReturn('{"items":[{},{}],"pagination":{}}');
$personRepository = $this->prophesize(PersonRepository::class);
$personRepository->find(123)->willReturn($person);
// Create controller
$controller = new TicketListApiController(
$security->reveal(),
$ticketRepository->reveal(),
$paginatorFactory->reveal(),
$serializer->reveal(),
$personRepository->reveal()
);
// Create request with person filter
$request = new Request(
query: ['byPerson' => '123']
);
// Call controller method
$response = $controller->listTicket($request);
// Assert response
$this->assertInstanceOf(JsonResponse::class, $response);
$this->assertEquals('{"items":[{},{}],"pagination":{}}', $response->getContent());
}
public function testListTicketWithoutUserRole(): void
{
// Mock dependencies
$security = $this->prophesize(Security::class);
$security->isGranted('ROLE_USER')->willReturn(false);
$ticketRepository = $this->prophesize(TicketACLAwareRepositoryInterface::class);
$paginatorFactory = $this->prophesize(PaginatorFactoryInterface::class);
$serializer = $this->prophesize(SerializerInterface::class);
$personRepository = $this->prophesize(PersonRepository::class);
// Create controller
$controller = new TicketListApiController(
$security->reveal(),
$ticketRepository->reveal(),
$paginatorFactory->reveal(),
$serializer->reveal(),
$personRepository->reveal()
);
// Create request
$request = new Request();
// Expect exception
$this->expectException(AccessDeniedHttpException::class);
$this->expectExceptionMessage('Only users are allowed to list tickets.');
// Call controller method
$controller->listTicket($request);
}
public function testListTicketWithPersonWithoutAccess(): void
{
// Mock dependencies
$security = $this->prophesize(Security::class);
$security->isGranted('ROLE_USER')->willReturn(true);
$person = new Person();
$security->isGranted(PersonVoter::SEE, $person)->willReturn(false);
$ticketRepository = $this->prophesize(TicketACLAwareRepositoryInterface::class);
$paginatorFactory = $this->prophesize(PaginatorFactoryInterface::class);
$serializer = $this->prophesize(SerializerInterface::class);
$personRepository = $this->prophesize(PersonRepository::class);
$personRepository->find(123)->willReturn($person);
// Create controller
$controller = new TicketListApiController(
$security->reveal(),
$ticketRepository->reveal(),
$paginatorFactory->reveal(),
$serializer->reveal(),
$personRepository->reveal()
);
// Create request with person filter
$request = new Request(
query: ['byPerson' => '123']
);
// Expect exception
$this->expectException(AccessDeniedHttpException::class);
$this->expectExceptionMessage('Not allowed to see a person with id 123');
// Call controller method
$controller->listTicket($request);
}
}