feat: Liaison parents-enfants avec gestion des tuteurs

Les parents doivent pouvoir suivre la scolarité de leurs enfants (notes, emploi du temps, devoirs). Cela nécessite un lien formalisé entre le compte parent et le compte élève, géré par les administrateurs. Le lien est établi soit manuellement via l'interface d'administration, soit automatiquement lors de l'activation du compte parent lorsque l'invitation inclut un élève cible. Ce lien conditionne l'accès aux données scolaires de l'enfant (autorisations vérifiées par un voter dédié).
2026-02-12 08:38:19 +01:00
parent e930c505df
commit 44ebe5e511
91 changed files with 10071 additions and 39 deletions
--- a/backend/tests/Unit/Administration/Infrastructure/Api/Provider/GuardiansForStudentProviderTest.php
+++ b/backend/tests/Unit/Administration/Infrastructure/Api/Provider/GuardiansForStudentProviderTest.php
@@ -0,0 +1,159 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Tests\Unit\Administration\Infrastructure\Api\Provider;
+
+use ApiPlatform\Metadata\GetCollection;
+use App\Administration\Application\Query\GetParentsForStudent\GetParentsForStudentHandler;
+use App\Administration\Domain\Model\StudentGuardian\RelationshipType;
+use App\Administration\Domain\Model\StudentGuardian\StudentGuardian;
+use App\Administration\Domain\Model\User\Email;
+use App\Administration\Domain\Model\User\Role;
+use App\Administration\Domain\Model\User\User;
+use App\Administration\Domain\Model\User\UserId;
+use App\Administration\Domain\Repository\UserRepository;
+use App\Administration\Infrastructure\Api\Provider\GuardiansForStudentProvider;
+use App\Administration\Infrastructure\Api\Resource\StudentGuardianResource;
+use App\Administration\Infrastructure\Persistence\InMemory\InMemoryStudentGuardianRepository;
+use App\Administration\Infrastructure\Security\StudentGuardianVoter;
+use App\Shared\Domain\Tenant\TenantId;
+use App\Shared\Infrastructure\Tenant\TenantConfig;
+use App\Shared\Infrastructure\Tenant\TenantContext;
+use App\Shared\Infrastructure\Tenant\TenantId as InfraTenantId;
+use DateTimeImmutable;
+use PHPUnit\Framework\Attributes\Test;
+use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+
+final class GuardiansForStudentProviderTest extends TestCase
+{
+    private const string TENANT_ID = '550e8400-e29b-41d4-a716-446655440002';
+    private const string SUBDOMAIN = 'ecole-alpha';
+    private const string STUDENT_ID = '550e8400-e29b-41d4-a716-446655440010';
+    private const string GUARDIAN_ID = '550e8400-e29b-41d4-a716-446655440020';
+
+    private InMemoryStudentGuardianRepository $repository;
+    private TenantContext $tenantContext;
+
+    protected function setUp(): void
+    {
+        $this->repository = new InMemoryStudentGuardianRepository();
+
+        $this->tenantContext = new TenantContext();
+        $this->tenantContext->setCurrentTenant(new TenantConfig(
+            tenantId: InfraTenantId::fromString(self::TENANT_ID),
+            subdomain: self::SUBDOMAIN,
+            databaseUrl: 'postgresql://test',
+        ));
+    }
+
+    #[Test]
+    public function returnsGuardiansForStudent(): void
+    {
+        $link = StudentGuardian::lier(
+            studentId: UserId::fromString(self::STUDENT_ID),
+            guardianId: UserId::fromString(self::GUARDIAN_ID),
+            relationshipType: RelationshipType::FATHER,
+            tenantId: TenantId::fromString(self::TENANT_ID),
+            createdAt: new DateTimeImmutable('2026-02-10 10:00:00'),
+        );
+        $this->repository->save($link);
+
+        $provider = $this->createProvider();
+
+        $results = $provider->provide(
+            new GetCollection(),
+            ['studentId' => self::STUDENT_ID],
+        );
+
+        self::assertCount(1, $results);
+        self::assertInstanceOf(StudentGuardianResource::class, $results[0]);
+        self::assertSame((string) $link->id, $results[0]->id);
+        self::assertSame(self::GUARDIAN_ID, $results[0]->guardianId);
+        self::assertSame('père', $results[0]->relationshipType);
+        self::assertSame('Père', $results[0]->relationshipLabel);
+    }
+
+    #[Test]
+    public function returnsEmptyArrayWhenNoGuardians(): void
+    {
+        $provider = $this->createProvider();
+
+        $results = $provider->provide(
+            new GetCollection(),
+            ['studentId' => self::STUDENT_ID],
+        );
+
+        self::assertSame([], $results);
+    }
+
+    #[Test]
+    public function throwsUnauthorizedWhenNoTenant(): void
+    {
+        $tenantContext = new TenantContext();
+
+        $provider = $this->createProvider(tenantContext: $tenantContext);
+
+        $this->expectException(UnauthorizedHttpException::class);
+
+        $provider->provide(
+            new GetCollection(),
+            ['studentId' => self::STUDENT_ID],
+        );
+    }
+
+    #[Test]
+    public function throwsAccessDeniedWhenNotAuthorizedToViewStudent(): void
+    {
+        $authChecker = $this->createMock(AuthorizationCheckerInterface::class);
+        $authChecker->method('isGranted')
+            ->with(StudentGuardianVoter::VIEW_STUDENT, self::STUDENT_ID)
+            ->willReturn(false);
+
+        $provider = $this->createProvider(authorizationChecker: $authChecker);
+
+        $this->expectException(AccessDeniedHttpException::class);
+
+        $provider->provide(
+            new GetCollection(),
+            ['studentId' => self::STUDENT_ID],
+        );
+    }
+
+    private function createProvider(
+        ?TenantContext $tenantContext = null,
+        ?AuthorizationCheckerInterface $authorizationChecker = null,
+    ): GuardiansForStudentProvider {
+        $guardianUser = User::creer(
+            email: new Email('guardian@example.com'),
+            role: Role::PARENT,
+            tenantId: TenantId::fromString(self::TENANT_ID),
+            schoolName: 'École Test',
+            dateNaissance: null,
+            createdAt: new DateTimeImmutable('2026-02-10 10:00:00'),
+        );
+
+        $userRepository = $this->createMock(UserRepository::class);
+        $userRepository->method('get')->willReturn($guardianUser);
+
+        $handler = new GetParentsForStudentHandler($this->repository, $userRepository);
+
+        $tenantContext ??= $this->tenantContext;
+
+        if ($authorizationChecker === null) {
+            $authorizationChecker = $this->createMock(AuthorizationCheckerInterface::class);
+            $authorizationChecker->method('isGranted')
+                ->with(StudentGuardianVoter::VIEW_STUDENT, self::STUDENT_ID)
+                ->willReturn(true);
+        }
+
+        return new GuardiansForStudentProvider(
+            $handler,
+            $tenantContext,
+            $authorizationChecker,
+        );
+    }
+}
--- a/backend/tests/Unit/Administration/Infrastructure/Api/Provider/MyChildrenProviderTest.php
+++ b/backend/tests/Unit/Administration/Infrastructure/Api/Provider/MyChildrenProviderTest.php
@@ -0,0 +1,167 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Tests\Unit\Administration\Infrastructure\Api\Provider;
+
+use ApiPlatform\Metadata\GetCollection;
+use App\Administration\Application\Query\GetStudentsForParent\GetStudentsForParentHandler;
+use App\Administration\Domain\Model\StudentGuardian\RelationshipType;
+use App\Administration\Domain\Model\StudentGuardian\StudentGuardian;
+use App\Administration\Domain\Model\User\Email;
+use App\Administration\Domain\Model\User\Role;
+use App\Administration\Domain\Model\User\User;
+use App\Administration\Domain\Model\User\UserId;
+use App\Administration\Domain\Repository\UserRepository;
+use App\Administration\Infrastructure\Api\Provider\MyChildrenProvider;
+use App\Administration\Infrastructure\Api\Resource\MyChildrenResource;
+use App\Administration\Infrastructure\Persistence\InMemory\InMemoryStudentGuardianRepository;
+use App\Administration\Infrastructure\Security\SecurityUser;
+use App\Shared\Domain\Tenant\TenantId;
+use App\Shared\Infrastructure\Tenant\TenantConfig;
+use App\Shared\Infrastructure\Tenant\TenantContext;
+use App\Shared\Infrastructure\Tenant\TenantId as InfraTenantId;
+use DateTimeImmutable;
+use PHPUnit\Framework\Attributes\Test;
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+final class MyChildrenProviderTest extends TestCase
+{
+    private const string TENANT_ID = '550e8400-e29b-41d4-a716-446655440002';
+    private const string SUBDOMAIN = 'ecole-alpha';
+    private const string PARENT_ID = '550e8400-e29b-41d4-a716-446655440020';
+    private const string STUDENT_ID = '550e8400-e29b-41d4-a716-446655440010';
+
+    private InMemoryStudentGuardianRepository $repository;
+    private TenantContext $tenantContext;
+    private SecurityUser $securityUser;
+
+    protected function setUp(): void
+    {
+        $this->repository = new InMemoryStudentGuardianRepository();
+
+        $this->tenantContext = new TenantContext();
+        $this->tenantContext->setCurrentTenant(new TenantConfig(
+            tenantId: InfraTenantId::fromString(self::TENANT_ID),
+            subdomain: self::SUBDOMAIN,
+            databaseUrl: 'postgresql://test',
+        ));
+
+        $this->securityUser = new SecurityUser(
+            userId: UserId::fromString(self::PARENT_ID),
+            email: 'parent@example.com',
+            hashedPassword: '$argon2id$hashed',
+            tenantId: TenantId::fromString(self::TENANT_ID),
+            roles: [Role::PARENT->value],
+        );
+    }
+
+    #[Test]
+    public function returnsChildrenForAuthenticatedParent(): void
+    {
+        $link = StudentGuardian::lier(
+            studentId: UserId::fromString(self::STUDENT_ID),
+            guardianId: UserId::fromString(self::PARENT_ID),
+            relationshipType: RelationshipType::FATHER,
+            tenantId: TenantId::fromString(self::TENANT_ID),
+            createdAt: new DateTimeImmutable('2026-02-10 10:00:00'),
+        );
+        $this->repository->save($link);
+
+        $provider = $this->createProvider();
+
+        $results = $provider->provide(new GetCollection());
+
+        self::assertCount(1, $results);
+        self::assertInstanceOf(MyChildrenResource::class, $results[0]);
+        self::assertSame((string) $link->id, $results[0]->id);
+        self::assertSame(self::STUDENT_ID, $results[0]->studentId);
+        self::assertSame('père', $results[0]->relationshipType);
+        self::assertSame('Père', $results[0]->relationshipLabel);
+    }
+
+    #[Test]
+    public function returnsEmptyArrayWhenNoChildren(): void
+    {
+        $provider = $this->createProvider();
+
+        $results = $provider->provide(new GetCollection());
+
+        self::assertSame([], $results);
+    }
+
+    #[Test]
+    public function throwsUnauthorizedWhenNotAuthenticated(): void
+    {
+        $security = $this->createMock(Security::class);
+        $security->method('getUser')->willReturn(null);
+
+        $provider = $this->createProvider(security: $security);
+
+        $this->expectException(UnauthorizedHttpException::class);
+
+        $provider->provide(new GetCollection());
+    }
+
+    #[Test]
+    public function throwsUnauthorizedWhenNoTenant(): void
+    {
+        $tenantContext = new TenantContext();
+
+        $provider = $this->createProvider(tenantContext: $tenantContext);
+
+        $this->expectException(UnauthorizedHttpException::class);
+
+        $provider->provide(new GetCollection());
+    }
+
+    #[Test]
+    public function throwsUnauthorizedWhenNotSecurityUser(): void
+    {
+        $nonSecurityUser = $this->createMock(UserInterface::class);
+
+        $security = $this->createMock(Security::class);
+        $security->method('getUser')->willReturn($nonSecurityUser);
+
+        $provider = $this->createProvider(security: $security);
+
+        $this->expectException(UnauthorizedHttpException::class);
+
+        $provider->provide(new GetCollection());
+    }
+
+    private function createProvider(
+        ?TenantContext $tenantContext = null,
+        ?Security $security = null,
+    ): MyChildrenProvider {
+        $studentUser = User::creer(
+            email: new Email('student@example.com'),
+            role: Role::ELEVE,
+            tenantId: TenantId::fromString(self::TENANT_ID),
+            schoolName: 'École Test',
+            dateNaissance: null,
+            createdAt: new DateTimeImmutable('2026-02-10 10:00:00'),
+        );
+
+        $userRepository = $this->createMock(UserRepository::class);
+        $userRepository->method('get')->willReturn($studentUser);
+
+        $handler = new GetStudentsForParentHandler($this->repository, $userRepository);
+
+        $tenantContext ??= $this->tenantContext;
+
+        if ($security === null) {
+            $security = $this->createMock(Security::class);
+            $security->method('getUser')->willReturn($this->securityUser);
+        }
+
+        return new MyChildrenProvider(
+            $handler,
+            $security,
+            $tenantContext,
+        );
+    }
+}