Roukmoute/Classeo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Permettre au super admin de se connecter et accéder à son dashboard

Browse Source 
Le super admin (table super_admins, master DB) ne pouvait pas se connecter
via /api/login car ce firewall n'utilisait que le provider tenant. De même,
le JWT n'était pas enrichi pour les super admins, l'endpoint /api/me/roles
les rejetait, et le frontend redirigeait systématiquement vers /dashboard.

Un chain provider (super_admin + tenant) résout l'authentification,
le JwtPayloadEnricher et MyRolesProvider gèrent désormais les deux types
d'utilisateurs, et le frontend redirige selon le rôle après login.
This commit is contained in:
Mathias STRASSER
2026-02-17 10:07:10 +01:00
parent c856dfdcda
commit 0951322d71
68 changed files with 4049 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/config/packages/doctrine.yaml
View File

@@ -33,6 +33,12 @@ doctrine:
dir: '%kernel.project_dir%/src/Communication/Infrastructure/Persistence/Mapping'
prefix: 'App\Communication\Infrastructure\Persistence\Mapping'
alias: Communication
SuperAdmin:
type: attribute
is_bundle: false
dir: '%kernel.project_dir%/src/SuperAdmin/Infrastructure/Persistence/Mapping'
prefix: 'App\SuperAdmin\Infrastructure\Persistence\Mapping'
alias: SuperAdmin
controller_resolver:
auto_mapping: false

17
backend/config/packages/security.yaml
View File

@@ -21,6 +21,13 @@ security:
# User provider for API authentication (Story 1.4)
app_user_provider:
id: App\Administration\Infrastructure\Security\DatabaseUserProvider
# Super Admin authentication — master database, not per-tenant (Story 2.10)
super_admin_provider:
id: App\SuperAdmin\Infrastructure\Security\SuperAdminUserProvider
# Chain provider: tries super admin first, then tenant user
all_users_provider:
chain:
providers: ['super_admin_provider', 'app_user_provider']
firewalls:
dev:
@@ -40,7 +47,12 @@ security:
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: App\Administration\Infrastructure\Security\LoginFailureHandler
provider: app_user_provider
provider: all_users_provider
super_admin_api:
pattern: ^/api/super-admin
stateless: true
jwt: ~
provider: super_admin_provider
api_public:
pattern: ^/api/(activation-tokens|activate|token/(refresh|logout)|password/(forgot|reset)|docs)(/|$)
stateless: true
@@ -49,7 +61,7 @@ security:
pattern: ^/api
stateless: true
jwt: ~
provider: app_user_provider
provider: all_users_provider
main:
lazy: true
provider: app_user_provider
@@ -58,6 +70,7 @@ security:
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/api/docs, roles: PUBLIC_ACCESS }
- { path: ^/api/super-admin, roles: ROLE_SUPER_ADMIN }
- { path: ^/api/login, roles: PUBLIC_ACCESS }
- { path: ^/api/activation-tokens, roles: PUBLIC_ACCESS }
- { path: ^/api/activate, roles: PUBLIC_ACCESS }

7
backend/config/services.yaml
View File

@@ -169,6 +169,13 @@ services:
App\Scolarite\Domain\Repository\TeacherReplacementRepository:
alias: App\Scolarite\Infrastructure\Persistence\Doctrine\DoctrineTeacherReplacementRepository
# Super Admin Repositories (Story 2.10 - Multi-établissements)
App\SuperAdmin\Domain\Repository\SuperAdminRepository:
alias: App\SuperAdmin\Infrastructure\Persistence\Doctrine\DoctrineSuperAdminRepository
App\SuperAdmin\Domain\Repository\EstablishmentRepository:
alias: App\SuperAdmin\Infrastructure\Persistence\Doctrine\DoctrineEstablishmentRepository
# Student Guardian Repository (Story 2.7 - Liaison parents-enfants)
App\Administration\Infrastructure\Persistence\Cache\CacheStudentGuardianRepository:
arguments:

67
backend/migrations/Version20260217090323.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
declare(strict_types=1);
namespace DoctrineMigrations;
use Doctrine\DBAL\Schema\Schema;
use Doctrine\Migrations\AbstractMigration;
final class Version20260217090323 extends AbstractMigration
{
public function getDescription(): string
{
return 'Create super_admins and establishments tables for multi-establishment management (Story 2.10)';
}
public function up(Schema $schema): void
{
$this->addSql(<<<'SQL'
CREATE TABLE IF NOT EXISTS super_admins (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
email VARCHAR(255) NOT NULL UNIQUE,
password_hash VARCHAR(255) NOT NULL,
first_name VARCHAR(100) NOT NULL DEFAULT '',
last_name VARCHAR(100) NOT NULL DEFAULT '',
status VARCHAR(20) NOT NULL DEFAULT 'active',
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
last_login_at TIMESTAMPTZ
)
SQL);
$this->addSql(<<<'SQL'
CREATE TABLE IF NOT EXISTS establishments (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
tenant_id UUID NOT NULL UNIQUE,
name VARCHAR(255) NOT NULL,
subdomain VARCHAR(100) NOT NULL UNIQUE,
database_name VARCHAR(100) NOT NULL UNIQUE,
status VARCHAR(20) NOT NULL DEFAULT 'active',
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
created_by UUID REFERENCES super_admins(id),
last_activity_at TIMESTAMPTZ
)
SQL);
$this->addSql('CREATE INDEX IF NOT EXISTS idx_establishments_subdomain ON establishments(subdomain)');
$this->addSql('CREATE INDEX IF NOT EXISTS idx_establishments_status ON establishments(status)');
$this->addSql(<<<'SQL'
CREATE TABLE IF NOT EXISTS establishment_metrics (
establishment_id UUID PRIMARY KEY REFERENCES establishments(id) ON DELETE CASCADE,
user_count INT NOT NULL DEFAULT 0,
student_count INT NOT NULL DEFAULT 0,
teacher_count INT NOT NULL DEFAULT 0,
last_login_at TIMESTAMPTZ,
updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
)
SQL);
}
public function down(Schema $schema): void
{
$this->addSql('DROP TABLE IF EXISTS establishment_metrics');
$this->addSql('DROP TABLE IF EXISTS establishments');
$this->addSql('DROP TABLE IF EXISTS super_admins');
}
}

11
backend/src/Administration/Infrastructure/Api/Provider/MyRolesProvider.php
View File

@@ -13,6 +13,7 @@ use App\Administration\Domain\Model\User\UserId;
use App\Administration\Domain\Repository\UserRepository;
use App\Administration\Infrastructure\Api\Resource\MyRolesOutput;
use App\Administration\Infrastructure\Security\SecurityUser;
use App\SuperAdmin\Infrastructure\Security\SecuritySuperAdmin;
use function array_map;
@@ -37,6 +38,16 @@ final readonly class MyRolesProvider implements ProviderInterface
public function provide(Operation $operation, array $uriVariables = [], array $context = []): MyRolesOutput
{
$currentUser = $this->security->getUser();
if ($currentUser instanceof SecuritySuperAdmin) {
$output = new MyRolesOutput();
$output->roles = [['value' => 'ROLE_SUPER_ADMIN', 'label' => 'Super Admin']];
$output->activeRole = 'ROLE_SUPER_ADMIN';
$output->activeRoleLabel = 'Super Admin';
return $output;
}
if (!$currentUser instanceof SecurityUser) {
throw new UnauthorizedHttpException('Bearer', 'Authentification requise.');
}

16
backend/src/Administration/Infrastructure/Security/JwtPayloadEnricher.php
View File

@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Administration\Infrastructure\Security;
use App\SuperAdmin\Infrastructure\Security\SecuritySuperAdmin;
use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent;
/**
@@ -12,7 +13,8 @@ use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent;
* Added claims:
* - sub: User email (Symfony Security identifier)
* - user_id: User UUID (for API consumers)
* - tenant_id: Tenant UUID for multi-tenant isolation
* - tenant_id: Tenant UUID for multi-tenant isolation (regular users only)
* - user_type: "super_admin" for super admins
* - roles: List of Symfony roles for authorization
*
* @see Story 1.4 - User login
@@ -22,13 +24,21 @@ final readonly class JwtPayloadEnricher
public function onJWTCreated(JWTCreatedEvent $event): void
{
$user = $event->getUser();
$payload = $event->getData();
if ($user instanceof SecuritySuperAdmin) {
$payload['user_id'] = $user->superAdminId();
$payload['user_type'] = 'super_admin';
$payload['roles'] = $user->getRoles();
$event->setData($payload);
return;
}
if (!$user instanceof SecurityUser) {
return;
}
$payload = $event->getData();
// Business claims for multi-tenant isolation and authorization
$payload['user_id'] = $user->userId();
$payload['tenant_id'] = $user->tenantId();

16
backend/src/SuperAdmin/Application/Command/CreateEstablishment/CreateEstablishmentCommand.php Normal file
View File

@@ -0,0 +1,16 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Command\CreateEstablishment;
final readonly class CreateEstablishmentCommand
{
public function __construct(
public string $name,
public string $subdomain,
public string $adminEmail,
public string $superAdminId,
) {
}
}

39
backend/src/SuperAdmin/Application/Command/CreateEstablishment/CreateEstablishmentHandler.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Command\CreateEstablishment;
use App\Shared\Domain\Clock;
use App\SuperAdmin\Domain\Model\Establishment\Establishment;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Domain\Repository\EstablishmentRepository;
final readonly class CreateEstablishmentHandler
{
public function __construct(
private EstablishmentRepository $establishmentRepository,
private Clock $clock,
) {
}
public function __invoke(CreateEstablishmentCommand $command): CreateEstablishmentResult
{
$establishment = Establishment::creer(
name: $command->name,
subdomain: $command->subdomain,
createdBy: SuperAdminId::fromString($command->superAdminId),
createdAt: $this->clock->now(),
);
$this->establishmentRepository->save($establishment);
return new CreateEstablishmentResult(
establishmentId: (string) $establishment->id,
tenantId: (string) $establishment->tenantId,
name: $establishment->name,
subdomain: $establishment->subdomain,
databaseName: $establishment->databaseName,
);
}
}

17
backend/src/SuperAdmin/Application/Command/CreateEstablishment/CreateEstablishmentResult.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Command\CreateEstablishment;
final readonly class CreateEstablishmentResult
{
public function __construct(
public string $establishmentId,
public string $tenantId,
public string $name,
public string $subdomain,
public string $databaseName,
) {
}
}

13
backend/src/SuperAdmin/Application/Command/SwitchTenant/SwitchTenantCommand.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Command\SwitchTenant;
final readonly class SwitchTenantCommand
{
public function __construct(
public string $tenantId,
) {
}
}

32
backend/src/SuperAdmin/Application/Command/SwitchTenant/SwitchTenantHandler.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Command\SwitchTenant;
use App\Shared\Domain\Tenant\TenantId;
use App\SuperAdmin\Domain\Exception\EstablishmentIntrouvableException;
use App\SuperAdmin\Domain\Repository\EstablishmentRepository;
use App\SuperAdmin\Infrastructure\Security\SuperAdminTenantContext;
final readonly class SwitchTenantHandler
{
public function __construct(
private EstablishmentRepository $establishmentRepository,
private SuperAdminTenantContext $superAdminTenantContext,
) {
}
public function __invoke(SwitchTenantCommand $command): void
{
$tenantId = TenantId::fromString($command->tenantId);
$establishment = $this->establishmentRepository->findByTenantId($tenantId);
if ($establishment === null) {
throw EstablishmentIntrouvableException::avecTenantId($tenantId);
}
$this->superAdminTenantContext->switchTo($tenantId);
}
}

19
backend/src/SuperAdmin/Application/Query/GetEstablishments/EstablishmentView.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Query\GetEstablishments;
final readonly class EstablishmentView
{
public function __construct(
public string $id,
public string $tenantId,
public string $name,
public string $subdomain,
public string $status,
public string $createdAt,
public ?string $lastActivityAt,
) {
}
}

36
backend/src/SuperAdmin/Application/Query/GetEstablishments/GetEstablishmentsHandler.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Query\GetEstablishments;
use App\SuperAdmin\Domain\Repository\EstablishmentRepository;
final readonly class GetEstablishmentsHandler
{
public function __construct(
private EstablishmentRepository $establishmentRepository,
) {
}
/**
* @return EstablishmentView[]
*/
public function __invoke(GetEstablishmentsQuery $query): array
{
$establishments = $this->establishmentRepository->findAll();
return array_map(
static fn ($e) => new EstablishmentView(
id: (string) $e->id,
tenantId: (string) $e->tenantId,
name: $e->name,
subdomain: $e->subdomain,
status: $e->status->value,
createdAt: $e->createdAt->format('c'),
lastActivityAt: $e->lastActivityAt?->format('c'),
),
$establishments,
);
}
}

9
backend/src/SuperAdmin/Application/Query/GetEstablishments/GetEstablishmentsQuery.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Query\GetEstablishments;
final readonly class GetEstablishmentsQuery
{
}

22
backend/src/SuperAdmin/Application/Query/GetEstablishmentsMetrics/EstablishmentMetricsView.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Query\GetEstablishmentsMetrics;
/**
* Anonymized metrics for an establishment — no personal data.
*/
final readonly class EstablishmentMetricsView
{
public function __construct(
public string $establishmentId,
public string $name,
public string $status,
public int $userCount,
public int $studentCount,
public int $teacherCount,
public ?string $lastLoginAt,
) {
}
}

71
backend/src/SuperAdmin/Application/Query/GetEstablishmentsMetrics/GetEstablishmentsMetricsHandler.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Query\GetEstablishmentsMetrics;
use Doctrine\DBAL\Connection;
/**
* Returns anonymized aggregate metrics for all establishments.
* No personal data (names, emails, grades) is ever exposed.
*/
final readonly class GetEstablishmentsMetricsHandler
{
public function __construct(
private Connection $connection,
) {
}
/**
* @return EstablishmentMetricsView[]
*/
public function __invoke(GetEstablishmentsMetricsQuery $query): array
{
$rows = $this->connection->fetchAllAssociative(
<<<'SQL'
SELECT
e.id AS establishment_id,
e.name,
e.status,
COALESCE(m.user_count, 0) AS user_count,
COALESCE(m.student_count, 0) AS student_count,
COALESCE(m.teacher_count, 0) AS teacher_count,
m.last_login_at
FROM establishments e
LEFT JOIN establishment_metrics m ON m.establishment_id = e.id
ORDER BY e.name ASC
SQL,
);
return array_map(
static function (array $row): EstablishmentMetricsView {
/** @var string $establishmentId */
$establishmentId = $row['establishment_id'];
/** @var string $name */
$name = $row['name'];
/** @var string $status */
$status = $row['status'];
/** @var int $userCount */
$userCount = $row['user_count'];
/** @var int $studentCount */
$studentCount = $row['student_count'];
/** @var int $teacherCount */
$teacherCount = $row['teacher_count'];
/** @var string|null $lastLoginAt */
$lastLoginAt = $row['last_login_at'];
return new EstablishmentMetricsView(
establishmentId: $establishmentId,
name: $name,
status: $status,
userCount: $userCount,
studentCount: $studentCount,
teacherCount: $teacherCount,
lastLoginAt: $lastLoginAt,
);
},
$rows,
);
}
}

9
backend/src/SuperAdmin/Application/Query/GetEstablishmentsMetrics/GetEstablishmentsMetricsQuery.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Application\Query\GetEstablishmentsMetrics;
final readonly class GetEstablishmentsMetricsQuery
{
}

36
backend/src/SuperAdmin/Domain/Event/EtablissementCree.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Event;
use App\Shared\Domain\DomainEvent;
use App\Shared\Domain\Tenant\TenantId;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentId;
use DateTimeImmutable;
use Override;
use Ramsey\Uuid\UuidInterface;
final readonly class EtablissementCree implements DomainEvent
{
public function __construct(
public EstablishmentId $establishmentId,
public TenantId $tenantId,
public string $name,
public string $subdomain,
private DateTimeImmutable $occurredOn,
) {
}
#[Override]
public function occurredOn(): DateTimeImmutable
{
return $this->occurredOn;
}
#[Override]
public function aggregateId(): UuidInterface
{
return $this->establishmentId->value;
}
}

32
backend/src/SuperAdmin/Domain/Event/EtablissementDesactive.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Event;
use App\Shared\Domain\DomainEvent;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentId;
use DateTimeImmutable;
use Override;
use Ramsey\Uuid\UuidInterface;
final readonly class EtablissementDesactive implements DomainEvent
{
public function __construct(
public EstablishmentId $establishmentId,
private DateTimeImmutable $occurredOn,
) {
}
#[Override]
public function occurredOn(): DateTimeImmutable
{
return $this->occurredOn;
}
#[Override]
public function aggregateId(): UuidInterface
{
return $this->establishmentId->value;
}
}

33
backend/src/SuperAdmin/Domain/Event/SuperAdminCree.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Event;
use App\Shared\Domain\DomainEvent;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use DateTimeImmutable;
use Override;
use Ramsey\Uuid\UuidInterface;
final readonly class SuperAdminCree implements DomainEvent
{
public function __construct(
public SuperAdminId $superAdminId,
public string $email,
private DateTimeImmutable $occurredOn,
) {
}
#[Override]
public function occurredOn(): DateTimeImmutable
{
return $this->occurredOn;
}
#[Override]
public function aggregateId(): UuidInterface
{
return $this->superAdminId->value;
}
}

32
backend/src/SuperAdmin/Domain/Event/SuperAdminDesactive.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Event;
use App\Shared\Domain\DomainEvent;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use DateTimeImmutable;
use Override;
use Ramsey\Uuid\UuidInterface;
final readonly class SuperAdminDesactive implements DomainEvent
{
public function __construct(
public SuperAdminId $superAdminId,
private DateTimeImmutable $occurredOn,
) {
}
#[Override]
public function occurredOn(): DateTimeImmutable
{
return $this->occurredOn;
}
#[Override]
public function aggregateId(): UuidInterface
{
return $this->superAdminId->value;
}
}

20
backend/src/SuperAdmin/Domain/Exception/EstablishmentDejaInactifException.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Exception;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentId;
use DomainException;
use function sprintf;
final class EstablishmentDejaInactifException extends DomainException
{
public static function pour(EstablishmentId $id): self
{
return new self(
sprintf('L\'établissement %s est déjà inactif.', $id),
);
}
}

28
backend/src/SuperAdmin/Domain/Exception/EstablishmentIntrouvableException.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Exception;
use App\Shared\Domain\Tenant\TenantId;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentId;
use DomainException;
use function sprintf;
final class EstablishmentIntrouvableException extends DomainException
{
public static function avecId(EstablishmentId $id): self
{
return new self(
sprintf('Établissement introuvable avec l\'id %s.', $id),
);
}
public static function avecTenantId(TenantId $tenantId): self
{
return new self(
sprintf('Établissement introuvable avec le tenant_id %s.', $tenantId),
);
}
}

20
backend/src/SuperAdmin/Domain/Exception/SuperAdminDejaActifException.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Exception;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use DomainException;
use function sprintf;
final class SuperAdminDejaActifException extends DomainException
{
public static function pourReactivation(SuperAdminId $id): self
{
return new self(
sprintf('Le Super Admin %s est déjà actif.', $id),
);
}
}

27
backend/src/SuperAdmin/Domain/Exception/SuperAdminIntrouvableException.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Exception;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use DomainException;
use function sprintf;
final class SuperAdminIntrouvableException extends DomainException
{
public static function avecId(SuperAdminId $id): self
{
return new self(
sprintf('Super Admin introuvable avec l\'id %s.', $id),
);
}
public static function avecEmail(string $email): self
{
return new self(
sprintf('Super Admin introuvable avec l\'email %s.', $email),
);
}
}

27
backend/src/SuperAdmin/Domain/Exception/SuperAdminNonActifException.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Exception;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use DomainException;
use function sprintf;
final class SuperAdminNonActifException extends DomainException
{
public static function pourConnexion(SuperAdminId $id): self
{
return new self(
sprintf('Le Super Admin %s ne peut pas se connecter car son compte est inactif.', $id),
);
}
public static function pourDesactivation(SuperAdminId $id): self
{
return new self(
sprintf('Le Super Admin %s est déjà inactif.', $id),
);
}
}

116
backend/src/SuperAdmin/Domain/Model/Establishment/Establishment.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Model\Establishment;
use App\Shared\Domain\AggregateRoot;
use App\Shared\Domain\Tenant\TenantId;
use App\SuperAdmin\Domain\Event\EtablissementCree;
use App\SuperAdmin\Domain\Event\EtablissementDesactive;
use App\SuperAdmin\Domain\Exception\EstablishmentDejaInactifException;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use DateTimeImmutable;
use function sprintf;
/**
* Aggregate Root for an Establishment (tenant) — lives in master database.
*
* Each Establishment maps to a tenant with its own database.
*/
final class Establishment extends AggregateRoot
{
public private(set) ?DateTimeImmutable $lastActivityAt = null;
private function __construct(
public private(set) EstablishmentId $id,
public private(set) TenantId $tenantId,
public private(set) string $name,
public private(set) string $subdomain,
public private(set) string $databaseName,
public private(set) EstablishmentStatus $status,
public private(set) DateTimeImmutable $createdAt,
public private(set) ?SuperAdminId $createdBy,
) {
}
public static function creer(
string $name,
string $subdomain,
SuperAdminId $createdBy,
DateTimeImmutable $createdAt,
): self {
$tenantId = TenantId::generate();
$establishment = new self(
id: EstablishmentId::generate(),
tenantId: $tenantId,
name: $name,
subdomain: $subdomain,
databaseName: sprintf('classeo_tenant_%s', str_replace('-', '', (string) $tenantId)),
status: EstablishmentStatus::ACTIF,
createdAt: $createdAt,
createdBy: $createdBy,
);
$establishment->recordEvent(new EtablissementCree(
establishmentId: $establishment->id,
tenantId: $establishment->tenantId,
name: $name,
subdomain: $subdomain,
occurredOn: $createdAt,
));
return $establishment;
}
public function desactiver(DateTimeImmutable $at): void
{
if ($this->status !== EstablishmentStatus::ACTIF) {
throw EstablishmentDejaInactifException::pour($this->id);
}
$this->status = EstablishmentStatus::INACTIF;
$this->recordEvent(new EtablissementDesactive(
establishmentId: $this->id,
occurredOn: $at,
));
}
public function enregistrerActivite(DateTimeImmutable $at): void
{
$this->lastActivityAt = $at;
}
/**
* @internal For Infrastructure use only
*/
public static function reconstitute(
EstablishmentId $id,
TenantId $tenantId,
string $name,
string $subdomain,
string $databaseName,
EstablishmentStatus $status,
DateTimeImmutable $createdAt,
?SuperAdminId $createdBy = null,
?DateTimeImmutable $lastActivityAt = null,
): self {
$establishment = new self(
id: $id,
tenantId: $tenantId,
name: $name,
subdomain: $subdomain,
databaseName: $databaseName,
status: $status,
createdAt: $createdAt,
createdBy: $createdBy,
);
$establishment->lastActivityAt = $lastActivityAt;
return $establishment;
}
}

11
backend/src/SuperAdmin/Domain/Model/Establishment/EstablishmentId.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Model\Establishment;
use App\Shared\Domain\EntityId;
final readonly class EstablishmentId extends EntityId
{
}

11
backend/src/SuperAdmin/Domain/Model/Establishment/EstablishmentStatus.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Model\Establishment;
enum EstablishmentStatus: string
{
case ACTIF = 'active';
case INACTIF = 'inactive';
}

125
backend/src/SuperAdmin/Domain/Model/SuperAdmin/SuperAdmin.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Model\SuperAdmin;
use App\Shared\Domain\AggregateRoot;
use App\SuperAdmin\Domain\Event\SuperAdminCree;
use App\SuperAdmin\Domain\Event\SuperAdminDesactive;
use App\SuperAdmin\Domain\Exception\SuperAdminDejaActifException;
use App\SuperAdmin\Domain\Exception\SuperAdminNonActifException;
use DateTimeImmutable;
/**
* Aggregate Root for Super Admin — lives in the master database, not per-tenant.
*
* A Super Admin can manage all establishments and switch between tenant contexts.
* Authentication is separate from regular users (different user provider, different table).
*/
final class SuperAdmin extends AggregateRoot
{
public private(set) ?DateTimeImmutable $lastLoginAt = null;
private function __construct(
public private(set) SuperAdminId $id,
public private(set) string $email,
public private(set) string $hashedPassword,
public private(set) string $firstName,
public private(set) string $lastName,
public private(set) SuperAdminStatus $status,
public private(set) DateTimeImmutable $createdAt,
) {
}
public static function creer(
string $email,
string $hashedPassword,
string $firstName,
string $lastName,
DateTimeImmutable $createdAt,
): self {
$superAdmin = new self(
id: SuperAdminId::generate(),
email: $email,
hashedPassword: $hashedPassword,
firstName: $firstName,
lastName: $lastName,
status: SuperAdminStatus::ACTIF,
createdAt: $createdAt,
);
$superAdmin->recordEvent(new SuperAdminCree(
superAdminId: $superAdmin->id,
email: $superAdmin->email,
occurredOn: $createdAt,
));
return $superAdmin;
}
public function enregistrerConnexion(DateTimeImmutable $at): void
{
if ($this->status !== SuperAdminStatus::ACTIF) {
throw SuperAdminNonActifException::pourConnexion($this->id);
}
$this->lastLoginAt = $at;
}
public function desactiver(DateTimeImmutable $at): void
{
if ($this->status !== SuperAdminStatus::ACTIF) {
throw SuperAdminNonActifException::pourDesactivation($this->id);
}
$this->status = SuperAdminStatus::INACTIF;
$this->recordEvent(new SuperAdminDesactive(
superAdminId: $this->id,
occurredOn: $at,
));
}
public function reactiver(DateTimeImmutable $at): void
{
if ($this->status === SuperAdminStatus::ACTIF) {
throw SuperAdminDejaActifException::pourReactivation($this->id);
}
$this->status = SuperAdminStatus::ACTIF;
}
public function peutSeConnecter(): bool
{
return $this->status === SuperAdminStatus::ACTIF;
}
/**
* @internal For Infrastructure use only
*/
public static function reconstitute(
SuperAdminId $id,
string $email,
string $hashedPassword,
string $firstName,
string $lastName,
SuperAdminStatus $status,
DateTimeImmutable $createdAt,
?DateTimeImmutable $lastLoginAt = null,
): self {
$superAdmin = new self(
id: $id,
email: $email,
hashedPassword: $hashedPassword,
firstName: $firstName,
lastName: $lastName,
status: $status,
createdAt: $createdAt,
);
$superAdmin->lastLoginAt = $lastLoginAt;
return $superAdmin;
}
}

11
backend/src/SuperAdmin/Domain/Model/SuperAdmin/SuperAdminId.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Model\SuperAdmin;
use App\Shared\Domain\EntityId;
final readonly class SuperAdminId extends EntityId
{
}

11
backend/src/SuperAdmin/Domain/Model/SuperAdmin/SuperAdminStatus.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Model\SuperAdmin;
enum SuperAdminStatus: string
{
case ACTIF = 'active';
case INACTIF = 'inactive';
}

26
backend/src/SuperAdmin/Domain/Repository/EstablishmentRepository.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Repository;
use App\Shared\Domain\Tenant\TenantId;
use App\SuperAdmin\Domain\Model\Establishment\Establishment;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentId;
interface EstablishmentRepository
{
public function save(Establishment $establishment): void;
/**
* @throws \App\SuperAdmin\Domain\Exception\EstablishmentIntrouvableException
*/
public function get(EstablishmentId $id): Establishment;
public function findByTenantId(TenantId $tenantId): ?Establishment;
/**
* @return Establishment[]
*/
public function findAll(): array;
}

20
backend/src/SuperAdmin/Domain/Repository/SuperAdminRepository.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Domain\Repository;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdmin;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
interface SuperAdminRepository
{
public function save(SuperAdmin $superAdmin): void;
/**
* @throws \App\SuperAdmin\Domain\Exception\SuperAdminIntrouvableException
*/
public function get(SuperAdminId $id): SuperAdmin;
public function findByEmail(string $email): ?SuperAdmin;
}

53
backend/src/SuperAdmin/Infrastructure/Api/Processor/CreateEstablishmentProcessor.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Api\Processor;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProcessorInterface;
use App\SuperAdmin\Application\Command\CreateEstablishment\CreateEstablishmentCommand;
use App\SuperAdmin\Application\Command\CreateEstablishment\CreateEstablishmentHandler;
use App\SuperAdmin\Infrastructure\Api\Resource\EstablishmentResource;
use App\SuperAdmin\Infrastructure\Security\SecuritySuperAdmin;
use Override;
use Symfony\Bundle\SecurityBundle\Security;
/**
* @implements ProcessorInterface<EstablishmentResource, EstablishmentResource>
*/
final readonly class CreateEstablishmentProcessor implements ProcessorInterface
{
public function __construct(
private CreateEstablishmentHandler $handler,
private Security $security,
) {
}
/**
* @param EstablishmentResource $data
*/
#[Override]
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): EstablishmentResource
{
/** @var SecuritySuperAdmin $user */
$user = $this->security->getUser();
$result = ($this->handler)(new CreateEstablishmentCommand(
name: $data->name,
subdomain: $data->subdomain,
adminEmail: $data->adminEmail,
superAdminId: $user->superAdminId(),
));
$resource = new EstablishmentResource();
$resource->id = $result->establishmentId;
$resource->tenantId = $result->tenantId;
$resource->name = $result->name;
$resource->subdomain = $result->subdomain;
$resource->databaseName = $result->databaseName;
$resource->status = 'active';
return $resource;
}
}

40
backend/src/SuperAdmin/Infrastructure/Api/Processor/SwitchTenantProcessor.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Api\Processor;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProcessorInterface;
use App\SuperAdmin\Application\Command\SwitchTenant\SwitchTenantCommand;
use App\SuperAdmin\Application\Command\SwitchTenant\SwitchTenantHandler;
use App\SuperAdmin\Domain\Exception\EstablishmentIntrouvableException;
use App\SuperAdmin\Infrastructure\Api\Resource\SwitchTenantInput;
use Override;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/**
* @implements ProcessorInterface<SwitchTenantInput, void>
*/
final readonly class SwitchTenantProcessor implements ProcessorInterface
{
public function __construct(
private SwitchTenantHandler $handler,
) {
}
/**
* @param SwitchTenantInput $data
*/
#[Override]
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): void
{
try {
($this->handler)(new SwitchTenantCommand(
tenantId: $data->tenantId,
));
} catch (EstablishmentIntrouvableException $e) {
throw new NotFoundHttpException($e->getMessage(), $e);
}
}
}

48
backend/src/SuperAdmin/Infrastructure/Api/Provider/EstablishmentCollectionProvider.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Api\Provider;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProviderInterface;
use App\SuperAdmin\Application\Query\GetEstablishments\GetEstablishmentsHandler;
use App\SuperAdmin\Application\Query\GetEstablishments\GetEstablishmentsQuery;
use App\SuperAdmin\Infrastructure\Api\Resource\EstablishmentResource;
use Override;
/**
* @implements ProviderInterface<EstablishmentResource>
*/
final readonly class EstablishmentCollectionProvider implements ProviderInterface
{
public function __construct(
private GetEstablishmentsHandler $handler,
) {
}
/**
* @return EstablishmentResource[]
*/
#[Override]
public function provide(Operation $operation, array $uriVariables = [], array $context = []): array
{
$views = ($this->handler)(new GetEstablishmentsQuery());
return array_map(
static function ($view): EstablishmentResource {
$resource = new EstablishmentResource();
$resource->id = $view->id;
$resource->tenantId = $view->tenantId;
$resource->name = $view->name;
$resource->subdomain = $view->subdomain;
$resource->status = $view->status;
$resource->createdAt = $view->createdAt;
$resource->lastActivityAt = $view->lastActivityAt;
return $resource;
},
$views,
);
}
}

52
backend/src/SuperAdmin/Infrastructure/Api/Provider/EstablishmentItemProvider.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Api\Provider;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProviderInterface;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentId;
use App\SuperAdmin\Domain\Repository\EstablishmentRepository;
use App\SuperAdmin\Infrastructure\Api\Resource\EstablishmentResource;
use Override;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Throwable;
/**
* @implements ProviderInterface<EstablishmentResource>
*/
final readonly class EstablishmentItemProvider implements ProviderInterface
{
public function __construct(
private EstablishmentRepository $establishmentRepository,
) {
}
#[Override]
public function provide(Operation $operation, array $uriVariables = [], array $context = []): EstablishmentResource
{
/** @var string $id */
$id = $uriVariables['id'] ?? throw new NotFoundHttpException();
try {
$establishment = $this->establishmentRepository->get(
EstablishmentId::fromString($id),
);
} catch (Throwable) {
throw new NotFoundHttpException();
}
$resource = new EstablishmentResource();
$resource->id = (string) $establishment->id;
$resource->tenantId = (string) $establishment->tenantId;
$resource->name = $establishment->name;
$resource->subdomain = $establishment->subdomain;
$resource->databaseName = $establishment->databaseName;
$resource->status = $establishment->status->value;
$resource->createdAt = $establishment->createdAt->format('c');
$resource->lastActivityAt = $establishment->lastActivityAt?->format('c');
return $resource;
}
}

48
backend/src/SuperAdmin/Infrastructure/Api/Provider/MetricsProvider.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Api\Provider;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProviderInterface;
use App\SuperAdmin\Application\Query\GetEstablishmentsMetrics\GetEstablishmentsMetricsHandler;
use App\SuperAdmin\Application\Query\GetEstablishmentsMetrics\GetEstablishmentsMetricsQuery;
use App\SuperAdmin\Infrastructure\Api\Resource\MetricsResource;
use Override;
/**
* @implements ProviderInterface<MetricsResource>
*/
final readonly class MetricsProvider implements ProviderInterface
{
public function __construct(
private GetEstablishmentsMetricsHandler $handler,
) {
}
/**
* @return MetricsResource[]
*/
#[Override]
public function provide(Operation $operation, array $uriVariables = [], array $context = []): array
{
$metrics = ($this->handler)(new GetEstablishmentsMetricsQuery());
return array_map(
static function ($view): MetricsResource {
$resource = new MetricsResource();
$resource->establishmentId = $view->establishmentId;
$resource->name = $view->name;
$resource->status = $view->status;
$resource->userCount = $view->userCount;
$resource->studentCount = $view->studentCount;
$resource->teacherCount = $view->teacherCount;
$resource->lastLoginAt = $view->lastLoginAt;
return $resource;
},
$metrics,
);
}
}

62
backend/src/SuperAdmin/Infrastructure/Api/Resource/EstablishmentResource.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Api\Resource;
use ApiPlatform\Metadata\ApiResource;
use ApiPlatform\Metadata\Get;
use ApiPlatform\Metadata\GetCollection;
use ApiPlatform\Metadata\Post;
use App\SuperAdmin\Infrastructure\Api\Processor\CreateEstablishmentProcessor;
use App\SuperAdmin\Infrastructure\Api\Provider\EstablishmentCollectionProvider;
use App\SuperAdmin\Infrastructure\Api\Provider\EstablishmentItemProvider;
use Symfony\Component\Validator\Constraints as Assert;
#[ApiResource(
shortName: 'Establishment',
operations: [
new GetCollection(
uriTemplate: '/super-admin/establishments',
provider: EstablishmentCollectionProvider::class,
security: "is_granted('ROLE_SUPER_ADMIN')",
name: 'super_admin_establishments_list',
),
new Get(
uriTemplate: '/super-admin/establishments/{id}',
provider: EstablishmentItemProvider::class,
security: "is_granted('ROLE_SUPER_ADMIN')",
name: 'super_admin_establishments_detail',
),
new Post(
uriTemplate: '/super-admin/establishments',
processor: CreateEstablishmentProcessor::class,
security: "is_granted('ROLE_SUPER_ADMIN')",
validationContext: ['groups' => ['Default', 'create']],
name: 'super_admin_establishments_create',
),
],
)]
final class EstablishmentResource
{
public ?string $id = null;
public ?string $tenantId = null;
#[Assert\NotBlank(groups: ['create'])]
#[Assert\Length(max: 255, groups: ['create'])]
public string $name = '';
#[Assert\NotBlank(groups: ['create'])]
#[Assert\Length(max: 100, groups: ['create'])]
#[Assert\Regex(pattern: '/^[a-z0-9-]+$/', message: 'Le sous-domaine ne peut contenir que des lettres minuscules, chiffres et tirets.', groups: ['create'])]
public string $subdomain = '';
#[Assert\NotBlank(groups: ['create'])]
#[Assert\Email(groups: ['create'])]
public string $adminEmail = '';
public ?string $databaseName = null;
public ?string $status = null;
public ?string $createdAt = null;
public ?string $lastActivityAt = null;
}

31
backend/src/SuperAdmin/Infrastructure/Api/Resource/MetricsResource.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Api\Resource;
use ApiPlatform\Metadata\ApiResource;
use ApiPlatform\Metadata\GetCollection;
use App\SuperAdmin\Infrastructure\Api\Provider\MetricsProvider;
#[ApiResource(
shortName: 'EstablishmentMetrics',
operations: [
new GetCollection(
uriTemplate: '/super-admin/metrics',
provider: MetricsProvider::class,
security: "is_granted('ROLE_SUPER_ADMIN')",
name: 'super_admin_metrics',
),
],
)]
final class MetricsResource
{
public string $establishmentId = '';
public string $name = '';
public string $status = '';
public int $userCount = 0;
public int $studentCount = 0;
public int $teacherCount = 0;
public ?string $lastLoginAt = null;
}

30
backend/src/SuperAdmin/Infrastructure/Api/Resource/SwitchTenantInput.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Api\Resource;
use ApiPlatform\Metadata\ApiResource;
use ApiPlatform\Metadata\Post;
use App\SuperAdmin\Infrastructure\Api\Processor\SwitchTenantProcessor;
use Symfony\Component\Validator\Constraints as Assert;
#[ApiResource(
shortName: 'SwitchTenant',
operations: [
new Post(
uriTemplate: '/super-admin/switch-tenant',
processor: SwitchTenantProcessor::class,
security: "is_granted('ROLE_SUPER_ADMIN')",
output: false,
status: 204,
name: 'super_admin_switch_tenant',
),
],
)]
final class SwitchTenantInput
{
#[Assert\NotBlank]
#[Assert\Uuid]
public string $tenantId = '';
}

107
backend/src/SuperAdmin/Infrastructure/Console/CreateTestSuperAdminCommand.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Console;
use App\Administration\Application\Port\PasswordHasher;
use App\Shared\Domain\Clock;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdmin;
use App\SuperAdmin\Domain\Repository\SuperAdminRepository;
use function sprintf;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
/**
* Creates an already-activated test super admin for E2E tests.
*/
#[AsCommand(
name: 'app:dev:create-test-super-admin',
description: 'Creates a test super admin for E2E tests',
)]
final class CreateTestSuperAdminCommand extends Command
{
public function __construct(
private readonly SuperAdminRepository $superAdminRepository,
private readonly PasswordHasher $passwordHasher,
private readonly Clock $clock,
) {
parent::__construct();
}
protected function configure(): void
{
$this
->addOption('email', null, InputOption::VALUE_OPTIONAL, 'Email address', 'sadmin@test.com')
->addOption('password', null, InputOption::VALUE_OPTIONAL, 'Password (plain text)', 'SuperAdmin123')
->addOption('first-name', null, InputOption::VALUE_OPTIONAL, 'First name', 'Super')
->addOption('last-name', null, InputOption::VALUE_OPTIONAL, 'Last name', 'Admin');
}
protected function execute(InputInterface $input, OutputInterface $output): int
{
$io = new SymfonyStyle($input, $output);
/** @var string $email */
$email = $input->getOption('email');
/** @var string $password */
$password = $input->getOption('password');
/** @var string $firstName */
$firstName = $input->getOption('first-name');
/** @var string $lastName */
$lastName = $input->getOption('last-name');
// Check if super admin already exists
$existing = $this->superAdminRepository->findByEmail($email);
if ($existing !== null) {
$io->warning(sprintf('Super admin with email "%s" already exists.', $email));
$io->table(
['Property', 'Value'],
[
['Super Admin ID', (string) $existing->id],
['Email', $email],
['Password', $password],
['Status', $existing->status->value],
]
);
return Command::SUCCESS;
}
$hashedPassword = $this->passwordHasher->hash($password);
$now = $this->clock->now();
$superAdmin = SuperAdmin::creer(
email: $email,
hashedPassword: $hashedPassword,
firstName: $firstName,
lastName: $lastName,
createdAt: $now,
);
$this->superAdminRepository->save($superAdmin);
$io->success('Test super admin created successfully!');
$io->table(
['Property', 'Value'],
[
['Super Admin ID', (string) $superAdmin->id],
['Email', $email],
['Password', $password],
['First Name', $firstName],
['Last Name', $lastName],
['Status', $superAdmin->status->value],
]
);
return Command::SUCCESS;
}
}

130
backend/src/SuperAdmin/Infrastructure/Persistence/Doctrine/DoctrineEstablishmentRepository.php Normal file
View File

@@ -0,0 +1,130 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Persistence\Doctrine;
use App\Shared\Domain\Tenant\TenantId;
use App\SuperAdmin\Domain\Exception\EstablishmentIntrouvableException;
use App\SuperAdmin\Domain\Model\Establishment\Establishment;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentId;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentStatus;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Domain\Repository\EstablishmentRepository;
use DateTimeImmutable;
use Doctrine\DBAL\Connection;
use Override;
final readonly class DoctrineEstablishmentRepository implements EstablishmentRepository
{
public function __construct(
private Connection $connection,
) {
}
#[Override]
public function save(Establishment $establishment): void
{
$this->connection->executeStatement(
<<<'SQL'
INSERT INTO establishments (id, tenant_id, name, subdomain, database_name, status, created_at, created_by, last_activity_at)
VALUES (:id, :tenant_id, :name, :subdomain, :database_name, :status, :created_at, :created_by, :last_activity_at)
ON CONFLICT (id) DO UPDATE SET
name = EXCLUDED.name,
status = EXCLUDED.status,
last_activity_at = EXCLUDED.last_activity_at
SQL,
[
'id' => (string) $establishment->id,
'tenant_id' => (string) $establishment->tenantId,
'name' => $establishment->name,
'subdomain' => $establishment->subdomain,
'database_name' => $establishment->databaseName,
'status' => $establishment->status->value,
'created_at' => $establishment->createdAt->format('Y-m-d H:i:sP'),
'created_by' => $establishment->createdBy !== null ? (string) $establishment->createdBy : null,
'last_activity_at' => $establishment->lastActivityAt?->format('Y-m-d H:i:sP'),
],
);
}
#[Override]
public function get(EstablishmentId $id): Establishment
{
$row = $this->connection->fetchAssociative(
'SELECT * FROM establishments WHERE id = :id',
['id' => (string) $id],
);
if ($row === false) {
throw EstablishmentIntrouvableException::avecId($id);
}
return $this->hydrate($row);
}
#[Override]
public function findByTenantId(TenantId $tenantId): ?Establishment
{
$row = $this->connection->fetchAssociative(
'SELECT * FROM establishments WHERE tenant_id = :tenant_id',
['tenant_id' => (string) $tenantId],
);
if ($row === false) {
return null;
}
return $this->hydrate($row);
}
/**
* @return Establishment[]
*/
#[Override]
public function findAll(): array
{
$rows = $this->connection->fetchAllAssociative(
'SELECT * FROM establishments ORDER BY name ASC',
);
return array_map($this->hydrate(...), $rows);
}
/**
* @param array<string, mixed> $row
*/
private function hydrate(array $row): Establishment
{
/** @var string $id */
$id = $row['id'];
/** @var string $tenantId */
$tenantId = $row['tenant_id'];
/** @var string $name */
$name = $row['name'];
/** @var string $subdomain */
$subdomain = $row['subdomain'];
/** @var string $databaseName */
$databaseName = $row['database_name'];
/** @var string $status */
$status = $row['status'];
/** @var string $createdAt */
$createdAt = $row['created_at'];
/** @var string|null $createdBy */
$createdBy = $row['created_by'];
/** @var string|null $lastActivityAt */
$lastActivityAt = $row['last_activity_at'];
return Establishment::reconstitute(
id: EstablishmentId::fromString($id),
tenantId: TenantId::fromString($tenantId),
name: $name,
subdomain: $subdomain,
databaseName: $databaseName,
status: EstablishmentStatus::from($status),
createdAt: new DateTimeImmutable($createdAt),
createdBy: $createdBy !== null ? SuperAdminId::fromString($createdBy) : null,
lastActivityAt: $lastActivityAt !== null ? new DateTimeImmutable($lastActivityAt) : null,
);
}
}

114
backend/src/SuperAdmin/Infrastructure/Persistence/Doctrine/DoctrineSuperAdminRepository.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Persistence\Doctrine;
use App\SuperAdmin\Domain\Exception\SuperAdminIntrouvableException;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdmin;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminStatus;
use App\SuperAdmin\Domain\Repository\SuperAdminRepository;
use DateTimeImmutable;
use Doctrine\DBAL\Connection;
use Override;
final readonly class DoctrineSuperAdminRepository implements SuperAdminRepository
{
public function __construct(
private Connection $connection,
) {
}
#[Override]
public function save(SuperAdmin $superAdmin): void
{
$this->connection->executeStatement(
<<<'SQL'
INSERT INTO super_admins (id, email, password_hash, first_name, last_name, status, created_at, last_login_at)
VALUES (:id, :email, :password_hash, :first_name, :last_name, :status, :created_at, :last_login_at)
ON CONFLICT (id) DO UPDATE SET
email = EXCLUDED.email,
password_hash = EXCLUDED.password_hash,
first_name = EXCLUDED.first_name,
last_name = EXCLUDED.last_name,
status = EXCLUDED.status,
last_login_at = EXCLUDED.last_login_at
SQL,
[
'id' => (string) $superAdmin->id,
'email' => $superAdmin->email,
'password_hash' => $superAdmin->hashedPassword,
'first_name' => $superAdmin->firstName,
'last_name' => $superAdmin->lastName,
'status' => $superAdmin->status->value,
'created_at' => $superAdmin->createdAt->format('Y-m-d H:i:sP'),
'last_login_at' => $superAdmin->lastLoginAt?->format('Y-m-d H:i:sP'),
],
);
}
#[Override]
public function get(SuperAdminId $id): SuperAdmin
{
$row = $this->connection->fetchAssociative(
'SELECT * FROM super_admins WHERE id = :id',
['id' => (string) $id],
);
if ($row === false) {
throw SuperAdminIntrouvableException::avecId($id);
}
return $this->hydrate($row);
}
#[Override]
public function findByEmail(string $email): ?SuperAdmin
{
$row = $this->connection->fetchAssociative(
'SELECT * FROM super_admins WHERE email = :email',
['email' => $email],
);
if ($row === false) {
return null;
}
return $this->hydrate($row);
}
/**
* @param array<string, mixed> $row
*/
private function hydrate(array $row): SuperAdmin
{
/** @var string $id */
$id = $row['id'];
/** @var string $email */
$email = $row['email'];
/** @var string $passwordHash */
$passwordHash = $row['password_hash'];
/** @var string $firstName */
$firstName = $row['first_name'];
/** @var string $lastName */
$lastName = $row['last_name'];
/** @var string $status */
$status = $row['status'];
/** @var string $createdAt */
$createdAt = $row['created_at'];
/** @var string|null $lastLoginAt */
$lastLoginAt = $row['last_login_at'];
return SuperAdmin::reconstitute(
id: SuperAdminId::fromString($id),
email: $email,
hashedPassword: $passwordHash,
firstName: $firstName,
lastName: $lastName,
status: SuperAdminStatus::from($status),
createdAt: new DateTimeImmutable($createdAt),
lastLoginAt: $lastLoginAt !== null ? new DateTimeImmutable($lastLoginAt) : null,
);
}
}

52
backend/src/SuperAdmin/Infrastructure/Persistence/InMemory/InMemoryEstablishmentRepository.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Persistence\InMemory;
use App\Shared\Domain\Tenant\TenantId;
use App\SuperAdmin\Domain\Exception\EstablishmentIntrouvableException;
use App\SuperAdmin\Domain\Model\Establishment\Establishment;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentId;
use App\SuperAdmin\Domain\Repository\EstablishmentRepository;
use Override;
final class InMemoryEstablishmentRepository implements EstablishmentRepository
{
/** @var array<string, Establishment> */
private array $establishments = [];
#[Override]
public function save(Establishment $establishment): void
{
$this->establishments[(string) $establishment->id] = $establishment;
}
#[Override]
public function get(EstablishmentId $id): Establishment
{
return $this->establishments[(string) $id]
?? throw EstablishmentIntrouvableException::avecId($id);
}
#[Override]
public function findByTenantId(TenantId $tenantId): ?Establishment
{
foreach ($this->establishments as $establishment) {
if ($establishment->tenantId->equals($tenantId)) {
return $establishment;
}
}
return null;
}
/**
* @return Establishment[]
*/
#[Override]
public function findAll(): array
{
return array_values($this->establishments);
}
}

42
backend/src/SuperAdmin/Infrastructure/Persistence/InMemory/InMemorySuperAdminRepository.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Persistence\InMemory;
use App\SuperAdmin\Domain\Exception\SuperAdminIntrouvableException;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdmin;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Domain\Repository\SuperAdminRepository;
use Override;
final class InMemorySuperAdminRepository implements SuperAdminRepository
{
/** @var array<string, SuperAdmin> */
private array $superAdmins = [];
#[Override]
public function save(SuperAdmin $superAdmin): void
{
$this->superAdmins[(string) $superAdmin->id] = $superAdmin;
}
#[Override]
public function get(SuperAdminId $id): SuperAdmin
{
return $this->superAdmins[(string) $id]
?? throw SuperAdminIntrouvableException::avecId($id);
}
#[Override]
public function findByEmail(string $email): ?SuperAdmin
{
foreach ($this->superAdmins as $superAdmin) {
if ($superAdmin->email === $email) {
return $superAdmin;
}
}
return null;
}
}

57
backend/src/SuperAdmin/Infrastructure/Security/SecuritySuperAdmin.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Security;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use Override;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\UserInterface;
final readonly class SecuritySuperAdmin implements UserInterface, PasswordAuthenticatedUserInterface
{
/** @var non-empty-string */
private string $email;
/**
* @param non-empty-string $email
*/
public function __construct(
private SuperAdminId $superAdminId,
string $email,
private string $hashedPassword,
) {
$this->email = $email;
}
#[Override]
public function getUserIdentifier(): string
{
return $this->email;
}
public function superAdminId(): string
{
return (string) $this->superAdminId;
}
#[Override]
public function getPassword(): string
{
return $this->hashedPassword;
}
/**
* @return list<string>
*/
#[Override]
public function getRoles(): array
{
return ['ROLE_SUPER_ADMIN'];
}
public function eraseCredentials(): void
{
}
}

38
backend/src/SuperAdmin/Infrastructure/Security/SuperAdminTenantContext.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Security;
use App\Shared\Domain\Tenant\TenantId;
/**
* Stores the currently selected tenant for a Super Admin session.
*
* When a Super Admin switches to an establishment context,
* they get ROLE_ADMIN rights within that tenant scope.
*/
final class SuperAdminTenantContext
{
private ?TenantId $currentTenantId = null;
public function switchTo(TenantId $tenantId): void
{
$this->currentTenantId = $tenantId;
}
public function currentTenantId(): ?TenantId
{
return $this->currentTenantId;
}
public function hasTenant(): bool
{
return $this->currentTenantId !== null;
}
public function clear(): void
{
$this->currentTenantId = null;
}
}

67
backend/src/SuperAdmin/Infrastructure/Security/SuperAdminUserProvider.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
declare(strict_types=1);
namespace App\SuperAdmin\Infrastructure\Security;
use App\SuperAdmin\Domain\Repository\SuperAdminRepository;
use InvalidArgumentException;
use Override;
use Symfony\Component\Security\Core\Exception\UserNotFoundException as SymfonyUserNotFoundException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
/**
* User provider for Super Admin authentication.
*
* Separate from the regular DatabaseUserProvider because Super Admins
* live in the master database and are not scoped by tenant.
*
* @implements UserProviderInterface<SecuritySuperAdmin>
*/
final readonly class SuperAdminUserProvider implements UserProviderInterface
{
public function __construct(
private SuperAdminRepository $superAdminRepository,
) {
}
#[Override]
public function loadUserByIdentifier(string $identifier): UserInterface
{
$superAdmin = $this->superAdminRepository->findByEmail($identifier);
if ($superAdmin === null) {
throw new SymfonyUserNotFoundException();
}
if (!$superAdmin->peutSeConnecter()) {
throw new SymfonyUserNotFoundException();
}
/** @var non-empty-string $email */
$email = $superAdmin->email;
return new SecuritySuperAdmin(
superAdminId: $superAdmin->id,
email: $email,
hashedPassword: $superAdmin->hashedPassword,
);
}
#[Override]
public function refreshUser(UserInterface $user): UserInterface
{
if (!$user instanceof SecuritySuperAdmin) {
throw new InvalidArgumentException('Expected instance of ' . SecuritySuperAdmin::class);
}
return $this->loadUserByIdentifier($user->getUserIdentifier());
}
#[Override]
public function supportsClass(string $class): bool
{
return $class === SecuritySuperAdmin::class;
}
}

129
backend/tests/Unit/Administration/Infrastructure/Api/Provider/MyRolesProviderTest.php Normal file
View File

@@ -0,0 +1,129 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\Administration\Infrastructure\Api\Provider;
use ApiPlatform\Metadata\Get;
use App\Administration\Application\Port\ActiveRoleStore;
use App\Administration\Application\Service\RoleContext;
use App\Administration\Domain\Model\User\Email;
use App\Administration\Domain\Model\User\Role;
use App\Administration\Domain\Model\User\StatutCompte;
use App\Administration\Domain\Model\User\User;
use App\Administration\Domain\Model\User\UserId;
use App\Administration\Domain\Repository\UserRepository;
use App\Administration\Infrastructure\Api\Provider\MyRolesProvider;
use App\Administration\Infrastructure\Security\SecurityUser;
use App\Shared\Domain\Tenant\TenantId;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Infrastructure\Security\SecuritySuperAdmin;
use DateTimeImmutable;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
final class MyRolesProviderTest extends TestCase
{
#[Test]
public function provideReturnsSuperAdminRoleForSecuritySuperAdmin(): void
{
$security = $this->createMock(Security::class);
$security->method('getUser')->willReturn(
new SecuritySuperAdmin(
superAdminId: SuperAdminId::generate(),
email: 'sadmin@test.com',
hashedPassword: 'hashed',
)
);
$userRepository = $this->createMock(UserRepository::class);
$roleContext = new RoleContext(new NullActiveRoleStore());
$provider = new MyRolesProvider($security, $userRepository, $roleContext);
$output = $provider->provide(new Get());
self::assertSame('ROLE_SUPER_ADMIN', $output->activeRole);
self::assertSame('Super Admin', $output->activeRoleLabel);
self::assertCount(1, $output->roles);
self::assertSame('ROLE_SUPER_ADMIN', $output->roles[0]['value']);
self::assertSame('Super Admin', $output->roles[0]['label']);
}
#[Test]
public function provideReturnsUserRolesForSecurityUser(): void
{
$userId = UserId::generate();
$tenantId = TenantId::fromString('550e8400-e29b-41d4-a716-446655440002');
$securityUser = new SecurityUser(
userId: $userId,
email: 'user@example.com',
hashedPassword: 'hashed',
tenantId: $tenantId,
roles: ['ROLE_PARENT'],
);
$security = $this->createMock(Security::class);
$security->method('getUser')->willReturn($securityUser);
$user = User::reconstitute(
id: $userId,
email: new Email('user@example.com'),
roles: [Role::PARENT],
tenantId: $tenantId,
schoolName: 'Test',
statut: StatutCompte::ACTIF,
dateNaissance: null,
createdAt: new DateTimeImmutable(),
hashedPassword: 'hashed',
activatedAt: new DateTimeImmutable(),
consentementParental: null,
);
$userRepository = $this->createMock(UserRepository::class);
$userRepository->method('get')->willReturn($user);
$roleContext = new RoleContext(new NullActiveRoleStore());
$provider = new MyRolesProvider($security, $userRepository, $roleContext);
$output = $provider->provide(new Get());
self::assertSame('ROLE_PARENT', $output->activeRole);
}
#[Test]
public function provideThrowsUnauthorizedForUnknownUserType(): void
{
$security = $this->createMock(Security::class);
$security->method('getUser')->willReturn(null);
$userRepository = $this->createMock(UserRepository::class);
$roleContext = new RoleContext(new NullActiveRoleStore());
$provider = new MyRolesProvider($security, $userRepository, $roleContext);
$this->expectException(UnauthorizedHttpException::class);
$provider->provide(new Get());
}
}
/**
* @internal
*/
final class NullActiveRoleStore implements ActiveRoleStore
{
public function store(User $user, Role $role): void
{
}
public function get(User $user): ?Role
{
return null;
}
public function clear(User $user): void
{
}
}

71
backend/tests/Unit/Administration/Infrastructure/Security/JwtPayloadEnricherSuperAdminTest.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\Administration\Infrastructure\Security;
use App\Administration\Infrastructure\Security\JwtPayloadEnricher;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Infrastructure\Security\SecuritySuperAdmin;
use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
final class JwtPayloadEnricherSuperAdminTest extends TestCase
{
private JwtPayloadEnricher $enricher;
protected function setUp(): void
{
$this->enricher = new JwtPayloadEnricher();
}
#[Test]
public function onJWTCreatedAddsSuperAdminClaimsToPayload(): void
{
$superAdminId = SuperAdminId::generate();
$securitySuperAdmin = new SecuritySuperAdmin(
superAdminId: $superAdminId,
email: 'sadmin@test.com',
hashedPassword: 'hashed',
);
$initialPayload = ['username' => 'sadmin@test.com'];
$event = new JWTCreatedEvent($initialPayload, $securitySuperAdmin);
$this->enricher->onJWTCreated($event);
$payload = $event->getData();
self::assertSame((string) $superAdminId, $payload['user_id']);
self::assertSame('super_admin', $payload['user_type']);
self::assertSame(['ROLE_SUPER_ADMIN'], $payload['roles']);
self::assertArrayNotHasKey('tenant_id', $payload);
}
#[Test]
public function onJWTCreatedPreservesExistingPayloadForSuperAdmin(): void
{
$securitySuperAdmin = new SecuritySuperAdmin(
superAdminId: SuperAdminId::generate(),
email: 'sadmin@test.com',
hashedPassword: 'hashed',
);
$initialPayload = [
'username' => 'sadmin@test.com',
'iat' => 1706436600,
'exp' => 1706438400,
];
$event = new JWTCreatedEvent($initialPayload, $securitySuperAdmin);
$this->enricher->onJWTCreated($event);
$payload = $event->getData();
self::assertSame('sadmin@test.com', $payload['username']);
self::assertSame(1706436600, $payload['iat']);
self::assertSame(1706438400, $payload['exp']);
}
}

74
backend/tests/Unit/SuperAdmin/Application/Command/CreateEstablishment/CreateEstablishmentHandlerTest.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\SuperAdmin\Application\Command\CreateEstablishment;
use App\Shared\Domain\Clock;
use App\SuperAdmin\Application\Command\CreateEstablishment\CreateEstablishmentCommand;
use App\SuperAdmin\Application\Command\CreateEstablishment\CreateEstablishmentHandler;
use App\SuperAdmin\Infrastructure\Persistence\InMemory\InMemoryEstablishmentRepository;
use DateTimeImmutable;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
final class CreateEstablishmentHandlerTest extends TestCase
{
private const string SUPER_ADMIN_ID = '550e8400-e29b-41d4-a716-446655440001';
private InMemoryEstablishmentRepository $repository;
private CreateEstablishmentHandler $handler;
protected function setUp(): void
{
$this->repository = new InMemoryEstablishmentRepository();
$clock = new class implements Clock {
public function now(): DateTimeImmutable
{
return new DateTimeImmutable('2026-02-16 10:00:00');
}
};
$this->handler = new CreateEstablishmentHandler(
$this->repository,
$clock,
);
}
#[Test]
public function createsEstablishmentAndReturnsResult(): void
{
$command = new CreateEstablishmentCommand(
name: 'École Alpha',
subdomain: 'ecole-alpha',
adminEmail: 'admin@ecole-alpha.fr',
superAdminId: self::SUPER_ADMIN_ID,
);
$result = ($this->handler)($command);
self::assertNotEmpty($result->establishmentId);
self::assertNotEmpty($result->tenantId);
self::assertSame('École Alpha', $result->name);
self::assertSame('ecole-alpha', $result->subdomain);
self::assertStringStartsWith('classeo_tenant_', $result->databaseName);
}
#[Test]
public function savesEstablishmentToRepository(): void
{
$command = new CreateEstablishmentCommand(
name: 'École Beta',
subdomain: 'ecole-beta',
adminEmail: 'admin@ecole-beta.fr',
superAdminId: self::SUPER_ADMIN_ID,
);
$result = ($this->handler)($command);
$establishments = $this->repository->findAll();
self::assertCount(1, $establishments);
self::assertSame($result->establishmentId, (string) $establishments[0]->id);
}
}

61
backend/tests/Unit/SuperAdmin/Application/Query/GetEstablishments/GetEstablishmentsHandlerTest.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\SuperAdmin\Application\Query\GetEstablishments;
use App\SuperAdmin\Application\Query\GetEstablishments\GetEstablishmentsHandler;
use App\SuperAdmin\Application\Query\GetEstablishments\GetEstablishmentsQuery;
use App\SuperAdmin\Domain\Model\Establishment\Establishment;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Infrastructure\Persistence\InMemory\InMemoryEstablishmentRepository;
use DateTimeImmutable;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
final class GetEstablishmentsHandlerTest extends TestCase
{
private const string SUPER_ADMIN_ID = '550e8400-e29b-41d4-a716-446655440001';
private InMemoryEstablishmentRepository $repository;
private GetEstablishmentsHandler $handler;
protected function setUp(): void
{
$this->repository = new InMemoryEstablishmentRepository();
$this->handler = new GetEstablishmentsHandler($this->repository);
}
#[Test]
public function returnsEmptyArrayWhenNoEstablishments(): void
{
$result = ($this->handler)(new GetEstablishmentsQuery());
self::assertSame([], $result);
}
#[Test]
public function returnsAllEstablishments(): void
{
$this->repository->save(Establishment::creer(
name: 'École Alpha',
subdomain: 'ecole-alpha',
createdBy: SuperAdminId::fromString(self::SUPER_ADMIN_ID),
createdAt: new DateTimeImmutable('2026-02-16 10:00:00'),
));
$this->repository->save(Establishment::creer(
name: 'École Beta',
subdomain: 'ecole-beta',
createdBy: SuperAdminId::fromString(self::SUPER_ADMIN_ID),
createdAt: new DateTimeImmutable('2026-02-16 11:00:00'),
));
$result = ($this->handler)(new GetEstablishmentsQuery());
self::assertCount(2, $result);
self::assertSame('École Alpha', $result[0]->name);
self::assertSame('ecole-alpha', $result[0]->subdomain);
self::assertSame('active', $result[0]->status);
}
}

148
backend/tests/Unit/SuperAdmin/Domain/Model/Establishment/EstablishmentTest.php Normal file
View File

@@ -0,0 +1,148 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\SuperAdmin\Domain\Model\Establishment;
use App\Shared\Domain\Tenant\TenantId;
use App\SuperAdmin\Domain\Event\EtablissementCree;
use App\SuperAdmin\Domain\Event\EtablissementDesactive;
use App\SuperAdmin\Domain\Exception\EstablishmentDejaInactifException;
use App\SuperAdmin\Domain\Model\Establishment\Establishment;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentId;
use App\SuperAdmin\Domain\Model\Establishment\EstablishmentStatus;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use DateTimeImmutable;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
final class EstablishmentTest extends TestCase
{
private const string SUPER_ADMIN_ID = '550e8400-e29b-41d4-a716-446655440001';
private const string ESTABLISHMENT_NAME = 'École Alpha';
private const string SUBDOMAIN = 'ecole-alpha';
#[Test]
public function creerCreatesActiveEstablishment(): void
{
$establishment = $this->createEstablishment();
self::assertSame(EstablishmentStatus::ACTIF, $establishment->status);
self::assertSame(self::ESTABLISHMENT_NAME, $establishment->name);
self::assertSame(self::SUBDOMAIN, $establishment->subdomain);
self::assertNull($establishment->lastActivityAt);
self::assertNotEmpty($establishment->databaseName);
self::assertStringStartsWith('classeo_tenant_', $establishment->databaseName);
}
#[Test]
public function creerRecordsEtablissementCreeEvent(): void
{
$establishment = $this->createEstablishment();
$events = $establishment->pullDomainEvents();
self::assertCount(1, $events);
self::assertInstanceOf(EtablissementCree::class, $events[0]);
self::assertTrue($establishment->id->equals($events[0]->establishmentId));
self::assertTrue($establishment->tenantId->equals($events[0]->tenantId));
self::assertSame(self::ESTABLISHMENT_NAME, $events[0]->name);
self::assertSame(self::SUBDOMAIN, $events[0]->subdomain);
}
#[Test]
public function creerGeneratesTenantIdAndDatabaseName(): void
{
$establishment = $this->createEstablishment();
self::assertInstanceOf(TenantId::class, $establishment->tenantId);
self::assertStringStartsWith('classeo_tenant_', $establishment->databaseName);
}
#[Test]
public function desactiverChangesStatusToInactif(): void
{
$establishment = $this->createEstablishment();
$establishment->desactiver(new DateTimeImmutable('2026-02-16 12:00:00'));
self::assertSame(EstablishmentStatus::INACTIF, $establishment->status);
}
#[Test]
public function desactiverRecordsEtablissementDesactiveEvent(): void
{
$establishment = $this->createEstablishment();
$establishment->pullDomainEvents(); // Clear creation event
$establishment->desactiver(new DateTimeImmutable('2026-02-16 12:00:00'));
$events = $establishment->pullDomainEvents();
self::assertCount(1, $events);
self::assertInstanceOf(EtablissementDesactive::class, $events[0]);
}
#[Test]
public function desactiverThrowsWhenAlreadyInactive(): void
{
$establishment = $this->createEstablishment();
$establishment->desactiver(new DateTimeImmutable('2026-02-16 12:00:00'));
$this->expectException(EstablishmentDejaInactifException::class);
$establishment->desactiver(new DateTimeImmutable('2026-02-16 13:00:00'));
}
#[Test]
public function enregistrerActiviteUpdatesLastActivityAt(): void
{
$establishment = $this->createEstablishment();
$activityAt = new DateTimeImmutable('2026-02-16 15:00:00');
$establishment->enregistrerActivite($activityAt);
self::assertEquals($activityAt, $establishment->lastActivityAt);
}
#[Test]
public function reconstituteRestoresAllProperties(): void
{
$id = EstablishmentId::generate();
$tenantId = TenantId::generate();
$createdBy = SuperAdminId::fromString(self::SUPER_ADMIN_ID);
$createdAt = new DateTimeImmutable('2026-01-01 10:00:00');
$lastActivityAt = new DateTimeImmutable('2026-02-16 14:30:00');
$establishment = Establishment::reconstitute(
id: $id,
tenantId: $tenantId,
name: self::ESTABLISHMENT_NAME,
subdomain: self::SUBDOMAIN,
databaseName: 'classeo_tenant_abc123',
status: EstablishmentStatus::ACTIF,
createdAt: $createdAt,
createdBy: $createdBy,
lastActivityAt: $lastActivityAt,
);
self::assertTrue($id->equals($establishment->id));
self::assertTrue($tenantId->equals($establishment->tenantId));
self::assertSame(self::ESTABLISHMENT_NAME, $establishment->name);
self::assertSame(self::SUBDOMAIN, $establishment->subdomain);
self::assertSame('classeo_tenant_abc123', $establishment->databaseName);
self::assertSame(EstablishmentStatus::ACTIF, $establishment->status);
self::assertEquals($createdAt, $establishment->createdAt);
self::assertTrue($createdBy->equals($establishment->createdBy));
self::assertEquals($lastActivityAt, $establishment->lastActivityAt);
self::assertEmpty($establishment->pullDomainEvents());
}
private function createEstablishment(): Establishment
{
return Establishment::creer(
name: self::ESTABLISHMENT_NAME,
subdomain: self::SUBDOMAIN,
createdBy: SuperAdminId::fromString(self::SUPER_ADMIN_ID),
createdAt: new DateTimeImmutable('2026-02-16 10:00:00'),
);
}
}

181
backend/tests/Unit/SuperAdmin/Domain/Model/SuperAdmin/SuperAdminTest.php Normal file
View File

@@ -0,0 +1,181 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\SuperAdmin\Domain\Model\SuperAdmin;
use App\SuperAdmin\Domain\Event\SuperAdminCree;
use App\SuperAdmin\Domain\Event\SuperAdminDesactive;
use App\SuperAdmin\Domain\Exception\SuperAdminDejaActifException;
use App\SuperAdmin\Domain\Exception\SuperAdminNonActifException;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdmin;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminStatus;
use DateTimeImmutable;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
final class SuperAdminTest extends TestCase
{
private const string EMAIL = 'superadmin@classeo.fr';
private const string FIRST_NAME = 'Jean';
private const string LAST_NAME = 'Dupont';
private const string HASHED_PASSWORD = '$argon2id$hashed';
#[Test]
public function creerCreatesActiveSuperAdmin(): void
{
$superAdmin = $this->createSuperAdmin();
self::assertSame(SuperAdminStatus::ACTIF, $superAdmin->status);
self::assertSame(self::EMAIL, $superAdmin->email);
self::assertSame(self::FIRST_NAME, $superAdmin->firstName);
self::assertSame(self::LAST_NAME, $superAdmin->lastName);
self::assertSame(self::HASHED_PASSWORD, $superAdmin->hashedPassword);
self::assertNull($superAdmin->lastLoginAt);
}
#[Test]
public function creerRecordsSuperAdminCreeEvent(): void
{
$superAdmin = $this->createSuperAdmin();
$events = $superAdmin->pullDomainEvents();
self::assertCount(1, $events);
self::assertInstanceOf(SuperAdminCree::class, $events[0]);
self::assertSame($superAdmin->id, $events[0]->superAdminId);
self::assertSame(self::EMAIL, $events[0]->email);
}
#[Test]
public function enregistrerConnexionUpdatesLastLoginAt(): void
{
$superAdmin = $this->createSuperAdmin();
$loginAt = new DateTimeImmutable('2026-02-16 14:30:00');
$superAdmin->enregistrerConnexion($loginAt);
self::assertEquals($loginAt, $superAdmin->lastLoginAt);
}
#[Test]
public function enregistrerConnexionThrowsWhenNotActive(): void
{
$superAdmin = $this->createSuperAdmin();
$superAdmin->desactiver(new DateTimeImmutable('2026-02-16 10:00:00'));
$this->expectException(SuperAdminNonActifException::class);
$superAdmin->enregistrerConnexion(new DateTimeImmutable('2026-02-16 14:30:00'));
}
#[Test]
public function desactiverChangeStatusToInactif(): void
{
$superAdmin = $this->createSuperAdmin();
$superAdmin->desactiver(new DateTimeImmutable('2026-02-16 10:00:00'));
self::assertSame(SuperAdminStatus::INACTIF, $superAdmin->status);
}
#[Test]
public function desactiverRecordsSuperAdminDesactiveEvent(): void
{
$superAdmin = $this->createSuperAdmin();
$superAdmin->pullDomainEvents(); // Clear creation event
$superAdmin->desactiver(new DateTimeImmutable('2026-02-16 10:00:00'));
$events = $superAdmin->pullDomainEvents();
self::assertCount(1, $events);
self::assertInstanceOf(SuperAdminDesactive::class, $events[0]);
}
#[Test]
public function desactiverThrowsWhenAlreadyInactive(): void
{
$superAdmin = $this->createSuperAdmin();
$superAdmin->desactiver(new DateTimeImmutable('2026-02-16 10:00:00'));
$this->expectException(SuperAdminNonActifException::class);
$superAdmin->desactiver(new DateTimeImmutable('2026-02-16 11:00:00'));
}
#[Test]
public function reactiverChangesStatusToActif(): void
{
$superAdmin = $this->createSuperAdmin();
$superAdmin->desactiver(new DateTimeImmutable('2026-02-16 10:00:00'));
$superAdmin->reactiver(new DateTimeImmutable('2026-02-16 11:00:00'));
self::assertSame(SuperAdminStatus::ACTIF, $superAdmin->status);
}
#[Test]
public function reactiverThrowsWhenAlreadyActive(): void
{
$superAdmin = $this->createSuperAdmin();
$this->expectException(SuperAdminDejaActifException::class);
$superAdmin->reactiver(new DateTimeImmutable('2026-02-16 11:00:00'));
}
#[Test]
public function peutSeConnecterReturnsTrueWhenActive(): void
{
$superAdmin = $this->createSuperAdmin();
self::assertTrue($superAdmin->peutSeConnecter());
}
#[Test]
public function peutSeConnecterReturnsFalseWhenInactive(): void
{
$superAdmin = $this->createSuperAdmin();
$superAdmin->desactiver(new DateTimeImmutable('2026-02-16 10:00:00'));
self::assertFalse($superAdmin->peutSeConnecter());
}
#[Test]
public function reconstituteRestoresAllProperties(): void
{
$id = SuperAdminId::generate();
$createdAt = new DateTimeImmutable('2026-01-01 10:00:00');
$lastLoginAt = new DateTimeImmutable('2026-02-16 14:30:00');
$superAdmin = SuperAdmin::reconstitute(
id: $id,
email: self::EMAIL,
hashedPassword: self::HASHED_PASSWORD,
firstName: self::FIRST_NAME,
lastName: self::LAST_NAME,
status: SuperAdminStatus::ACTIF,
createdAt: $createdAt,
lastLoginAt: $lastLoginAt,
);
self::assertTrue($id->equals($superAdmin->id));
self::assertSame(self::EMAIL, $superAdmin->email);
self::assertSame(self::HASHED_PASSWORD, $superAdmin->hashedPassword);
self::assertSame(self::FIRST_NAME, $superAdmin->firstName);
self::assertSame(self::LAST_NAME, $superAdmin->lastName);
self::assertSame(SuperAdminStatus::ACTIF, $superAdmin->status);
self::assertEquals($createdAt, $superAdmin->createdAt);
self::assertEquals($lastLoginAt, $superAdmin->lastLoginAt);
self::assertEmpty($superAdmin->pullDomainEvents());
}
private function createSuperAdmin(): SuperAdmin
{
return SuperAdmin::creer(
email: self::EMAIL,
hashedPassword: self::HASHED_PASSWORD,
firstName: self::FIRST_NAME,
lastName: self::LAST_NAME,
createdAt: new DateTimeImmutable('2026-02-16 10:00:00'),
);
}
}

60
backend/tests/Unit/SuperAdmin/Infrastructure/Api/Processor/CreateEstablishmentProcessorTest.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\SuperAdmin\Infrastructure\Api\Processor;
use ApiPlatform\Metadata\Post;
use App\Shared\Domain\Clock;
use App\SuperAdmin\Application\Command\CreateEstablishment\CreateEstablishmentHandler;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Infrastructure\Api\Processor\CreateEstablishmentProcessor;
use App\SuperAdmin\Infrastructure\Api\Resource\EstablishmentResource;
use App\SuperAdmin\Infrastructure\Persistence\InMemory\InMemoryEstablishmentRepository;
use App\SuperAdmin\Infrastructure\Security\SecuritySuperAdmin;
use DateTimeImmutable;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
use Symfony\Bundle\SecurityBundle\Security;
final class CreateEstablishmentProcessorTest extends TestCase
{
private const string SUPER_ADMIN_ID = '550e8400-e29b-41d4-a716-446655440001';
#[Test]
public function processCreatesEstablishmentAndReturnsResource(): void
{
$repository = new InMemoryEstablishmentRepository();
$clock = new class implements Clock {
public function now(): DateTimeImmutable
{
return new DateTimeImmutable('2026-02-16 10:00:00');
}
};
$handler = new CreateEstablishmentHandler($repository, $clock);
$securityUser = new SecuritySuperAdmin(
SuperAdminId::fromString(self::SUPER_ADMIN_ID),
'superadmin@classeo.fr',
'hashed',
);
$security = $this->createMock(Security::class);
$security->method('getUser')->willReturn($securityUser);
$processor = new CreateEstablishmentProcessor($handler, $security);
$input = new EstablishmentResource();
$input->name = 'École Gamma';
$input->subdomain = 'ecole-gamma';
$input->adminEmail = 'admin@ecole-gamma.fr';
$result = $processor->process($input, new Post());
self::assertNotNull($result->id);
self::assertNotNull($result->tenantId);
self::assertSame('École Gamma', $result->name);
self::assertSame('ecole-gamma', $result->subdomain);
self::assertSame('active', $result->status);
}
}

54
backend/tests/Unit/SuperAdmin/Infrastructure/Api/Provider/EstablishmentCollectionProviderTest.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\SuperAdmin\Infrastructure\Api\Provider;
use ApiPlatform\Metadata\GetCollection;
use App\SuperAdmin\Application\Query\GetEstablishments\GetEstablishmentsHandler;
use App\SuperAdmin\Domain\Model\Establishment\Establishment;
use App\SuperAdmin\Domain\Model\SuperAdmin\SuperAdminId;
use App\SuperAdmin\Infrastructure\Api\Provider\EstablishmentCollectionProvider;
use App\SuperAdmin\Infrastructure\Persistence\InMemory\InMemoryEstablishmentRepository;
use DateTimeImmutable;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
final class EstablishmentCollectionProviderTest extends TestCase
{
private const string SUPER_ADMIN_ID = '550e8400-e29b-41d4-a716-446655440001';
#[Test]
public function provideReturnsEmptyArrayWhenNoEstablishments(): void
{
$repository = new InMemoryEstablishmentRepository();
$handler = new GetEstablishmentsHandler($repository);
$provider = new EstablishmentCollectionProvider($handler);
$result = $provider->provide(new GetCollection());
self::assertSame([], $result);
}
#[Test]
public function provideReturnsMappedResources(): void
{
$repository = new InMemoryEstablishmentRepository();
$repository->save(Establishment::creer(
name: 'École Alpha',
subdomain: 'ecole-alpha',
createdBy: SuperAdminId::fromString(self::SUPER_ADMIN_ID),
createdAt: new DateTimeImmutable('2026-02-16 10:00:00'),
));
$handler = new GetEstablishmentsHandler($repository);
$provider = new EstablishmentCollectionProvider($handler);
$result = $provider->provide(new GetCollection());
self::assertCount(1, $result);
self::assertSame('École Alpha', $result[0]->name);
self::assertSame('ecole-alpha', $result[0]->subdomain);
self::assertSame('active', $result[0]->status);
}
}

106
backend/tests/Unit/SuperAdmin/Infrastructure/Console/CreateTestSuperAdminCommandTest.php Normal file
View File

@@ -0,0 +1,106 @@
<?php
declare(strict_types=1);
namespace App\Tests\Unit\SuperAdmin\Infrastructure\Console;
use App\Administration\Application\Port\PasswordHasher;
use App\Shared\Domain\Clock;
use App\SuperAdmin\Infrastructure\Console\CreateTestSuperAdminCommand;
use App\SuperAdmin\Infrastructure\Persistence\InMemory\InMemorySuperAdminRepository;
use DateTimeImmutable;
use PHPUnit\Framework\Attributes\Test;
use PHPUnit\Framework\TestCase;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Tester\CommandTester;
final class CreateTestSuperAdminCommandTest extends TestCase
{
private InMemorySuperAdminRepository $repository;
private CommandTester $commandTester;
protected function setUp(): void
{
$this->repository = new InMemorySuperAdminRepository();
$clock = new class implements Clock {
public function now(): DateTimeImmutable
{
return new DateTimeImmutable('2026-02-17 10:00:00');
}
};
$passwordHasher = new class implements PasswordHasher {
public function hash(string $plainPassword): string
{
return 'hashed_' . $plainPassword;
}
public function verify(string $hashedPassword, string $plainPassword): bool
{
return $hashedPassword === 'hashed_' . $plainPassword;
}
};
$command = new CreateTestSuperAdminCommand(
$this->repository,
$passwordHasher,
$clock,
);
$this->commandTester = new CommandTester($command);
}
#[Test]
public function createsNewSuperAdmin(): void
{
$exitCode = $this->commandTester->execute([
'--email' => 'sadmin@test.com',
'--password' => 'SuperAdmin123',
'--first-name' => 'Super',
'--last-name' => 'Admin',
]);
self::assertSame(Command::SUCCESS, $exitCode);
self::assertStringContainsString('Test super admin created successfully', $this->commandTester->getDisplay());
$superAdmin = $this->repository->findByEmail('sadmin@test.com');
self::assertNotNull($superAdmin);
self::assertSame('sadmin@test.com', $superAdmin->email);
self::assertSame('Super', $superAdmin->firstName);
self::assertSame('Admin', $superAdmin->lastName);
self::assertSame('hashed_SuperAdmin123', $superAdmin->hashedPassword);
}
#[Test]
public function returnsSuccessForExistingEmail(): void
{
// Create first
$this->commandTester->execute([
'--email' => 'sadmin@test.com',
'--password' => 'SuperAdmin123',
]);
// Create again with same email
$exitCode = $this->commandTester->execute([
'--email' => 'sadmin@test.com',
'--password' => 'SuperAdmin123',
]);
self::assertSame(Command::SUCCESS, $exitCode);
self::assertStringContainsString('already exists', $this->commandTester->getDisplay());
}
#[Test]
public function usesDefaultValues(): void
{
$exitCode = $this->commandTester->execute([]);
self::assertSame(Command::SUCCESS, $exitCode);
$superAdmin = $this->repository->findByEmail('sadmin@test.com');
self::assertNotNull($superAdmin);
self::assertSame('Super', $superAdmin->firstName);
self::assertSame('Admin', $superAdmin->lastName);
}
}