feat: Désignation de remplaçants temporaires avec corrections sécurité

Permet aux administrateurs de désigner un enseignant remplaçant pour un autre enseignant absent, sur des classes et matières précises, pour une période donnée. Le dashboard enseignant affiche les remplacements actifs avec les noms de classes/matières au lieu des identifiants bruts. Inclut les corrections de la code review : - Requête findActiveByTenant qui excluait les remplacements en cours mais incluait les futurs (manquait start_date <= :at) - Validation tenant et rôle enseignant dans le handler de désignation pour empêcher l'affectation cross-tenant ou de non-enseignants - Validation structurée du payload classes (Assert\Collection + UUID) pour éviter les erreurs serveur sur payloads malformés - API replaced-classes enrichie avec les noms classe/matière
2026-02-16 14:32:37 +01:00
parent fdc26eb334
commit c856dfdcda
63 changed files with 7694 additions and 236 deletions
--- a/backend/tests/Unit/Scolarite/Infrastructure/Api/Provider/ReplacedClassesProviderTest.php
+++ b/backend/tests/Unit/Scolarite/Infrastructure/Api/Provider/ReplacedClassesProviderTest.php
@@ -0,0 +1,208 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Tests\Unit\Scolarite\Infrastructure\Api\Provider;
+
+use ApiPlatform\Metadata\GetCollection;
+use App\Administration\Domain\Model\SchoolClass\AcademicYearId;
+use App\Administration\Domain\Model\SchoolClass\ClassId;
+use App\Administration\Domain\Model\SchoolClass\ClassName;
+use App\Administration\Domain\Model\SchoolClass\ClassStatus;
+use App\Administration\Domain\Model\SchoolClass\SchoolClass;
+use App\Administration\Domain\Model\SchoolClass\SchoolId;
+use App\Administration\Domain\Model\Subject\Subject;
+use App\Administration\Domain\Model\Subject\SubjectCode;
+use App\Administration\Domain\Model\Subject\SubjectId;
+use App\Administration\Domain\Model\Subject\SubjectName;
+use App\Administration\Domain\Model\Subject\SubjectStatus;
+use App\Administration\Domain\Model\User\UserId;
+use App\Administration\Infrastructure\Persistence\InMemory\InMemoryClassRepository;
+use App\Administration\Infrastructure\Persistence\InMemory\InMemorySubjectRepository;
+use App\Administration\Infrastructure\Security\SecurityUser;
+use App\Scolarite\Application\Query\GetReplacedClassesForTeacher\GetReplacedClassesForTeacherHandler;
+use App\Scolarite\Domain\Model\TeacherReplacement\ClassSubjectPair;
+use App\Scolarite\Domain\Model\TeacherReplacement\TeacherReplacement;
+use App\Scolarite\Infrastructure\Api\Provider\ReplacedClassesProvider;
+use App\Scolarite\Infrastructure\Api\Resource\ReplacedClassResource;
+use App\Scolarite\Infrastructure\Persistence\InMemory\InMemoryTeacherReplacementRepository;
+use App\Shared\Domain\Clock;
+use App\Shared\Domain\Tenant\TenantId;
+use App\Shared\Infrastructure\Tenant\TenantConfig;
+use App\Shared\Infrastructure\Tenant\TenantContext;
+use App\Shared\Infrastructure\Tenant\TenantId as InfraTenantId;
+use DateTimeImmutable;
+use PHPUnit\Framework\Attributes\Test;
+use PHPUnit\Framework\TestCase;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
+
+final class ReplacedClassesProviderTest extends TestCase
+{
+    private const string TENANT_UUID = '550e8400-e29b-41d4-a716-446655440001';
+    private const string REPLACED_TEACHER_ID = '550e8400-e29b-41d4-a716-446655440010';
+    private const string REPLACEMENT_TEACHER_ID = '550e8400-e29b-41d4-a716-446655440011';
+    private const string CLASS_ID = '550e8400-e29b-41d4-a716-446655440020';
+    private const string SUBJECT_ID = '550e8400-e29b-41d4-a716-446655440030';
+    private const string CREATED_BY_ID = '550e8400-e29b-41d4-a716-446655440099';
+    private const string SCHOOL_ID = '550e8400-e29b-41d4-a716-446655440040';
+    private const string ACADEMIC_YEAR_ID = '550e8400-e29b-41d4-a716-446655440041';
+
+    private InMemoryTeacherReplacementRepository $repository;
+    private InMemoryClassRepository $classRepository;
+    private InMemorySubjectRepository $subjectRepository;
+    private TenantContext $tenantContext;
+    private Clock $clock;
+
+    protected function setUp(): void
+    {
+        $this->repository = new InMemoryTeacherReplacementRepository();
+        $this->classRepository = new InMemoryClassRepository();
+        $this->subjectRepository = new InMemorySubjectRepository();
+        $this->tenantContext = new TenantContext();
+        $this->clock = new class implements Clock {
+            public function now(): DateTimeImmutable
+            {
+                return new DateTimeImmutable('2026-03-15 10:00:00');
+            }
+        };
+
+        $this->seedClassesAndSubjects();
+    }
+
+    #[Test]
+    public function itProvidesReplacedClassesForAuthenticatedTeacher(): void
+    {
+        $provider = $this->createProvider(self::REPLACEMENT_TEACHER_ID);
+        $this->setTenant();
+
+        $replacement = $this->createReplacement();
+        $this->repository->save($replacement);
+
+        $result = $provider->provide(new GetCollection());
+
+        self::assertCount(1, $result);
+        self::assertContainsOnlyInstancesOf(ReplacedClassResource::class, $result);
+        self::assertSame((string) $replacement->id, $result[0]->replacementId);
+        self::assertSame(self::REPLACED_TEACHER_ID, $result[0]->replacedTeacherId);
+        self::assertSame(self::CLASS_ID, $result[0]->classId);
+        self::assertSame(self::SUBJECT_ID, $result[0]->subjectId);
+    }
+
+    #[Test]
+    public function itReturnsEmptyWhenNoReplacements(): void
+    {
+        $provider = $this->createProvider(self::REPLACEMENT_TEACHER_ID);
+        $this->setTenant();
+
+        $result = $provider->provide(new GetCollection());
+
+        self::assertSame([], $result);
+    }
+
+    #[Test]
+    public function itThrowsWhenUserNotAuthenticated(): void
+    {
+        $security = $this->createMock(Security::class);
+        $security->method('getUser')->willReturn(null);
+
+        $handler = new GetReplacedClassesForTeacherHandler(
+            $this->repository,
+            $this->classRepository,
+            $this->subjectRepository,
+            $this->clock,
+        );
+
+        $provider = new ReplacedClassesProvider($handler, $this->tenantContext, $security);
+        $this->setTenant();
+
+        $this->expectException(UnauthorizedHttpException::class);
+        $this->expectExceptionMessage('Authentification requise.');
+        $provider->provide(new GetCollection());
+    }
+
+    #[Test]
+    public function itThrowsWhenTenantNotSet(): void
+    {
+        $provider = $this->createProvider(self::REPLACEMENT_TEACHER_ID);
+
+        $this->expectException(UnauthorizedHttpException::class);
+        $this->expectExceptionMessage('Tenant non défini.');
+        $provider->provide(new GetCollection());
+    }
+
+    private function setTenant(): void
+    {
+        $this->tenantContext->setCurrentTenant(new TenantConfig(
+            tenantId: InfraTenantId::fromString(self::TENANT_UUID),
+            subdomain: 'test',
+            databaseUrl: 'sqlite:///:memory:',
+        ));
+    }
+
+    private function createProvider(string $userId): ReplacedClassesProvider
+    {
+        $securityUser = new SecurityUser(
+            UserId::fromString($userId),
+            'teacher@test.com',
+            'hashed',
+            TenantId::fromString(self::TENANT_UUID),
+            ['ROLE_PROF'],
+        );
+
+        $security = $this->createMock(Security::class);
+        $security->method('getUser')->willReturn($securityUser);
+
+        $handler = new GetReplacedClassesForTeacherHandler(
+            $this->repository,
+            $this->classRepository,
+            $this->subjectRepository,
+            $this->clock,
+        );
+
+        return new ReplacedClassesProvider($handler, $this->tenantContext, $security);
+    }
+
+    private function seedClassesAndSubjects(): void
+    {
+        $tenantId = TenantId::fromString(self::TENANT_UUID);
+        $schoolId = SchoolId::fromString(self::SCHOOL_ID);
+        $academicYearId = AcademicYearId::fromString(self::ACADEMIC_YEAR_ID);
+        $now = new DateTimeImmutable('2026-01-01');
+
+        $class = SchoolClass::reconstitute(
+            ClassId::fromString(self::CLASS_ID), $tenantId, $schoolId, $academicYearId,
+            new ClassName('6ème A'), null, null,
+            ClassStatus::ACTIVE,
+            null, $now, $now, null,
+        );
+        $this->classRepository->save($class);
+
+        $subject = Subject::reconstitute(
+            SubjectId::fromString(self::SUBJECT_ID), $tenantId, $schoolId,
+            new SubjectName('Mathématiques'), new SubjectCode('MATH'), null,
+            SubjectStatus::ACTIVE, null, $now, $now, null,
+        );
+        $this->subjectRepository->save($subject);
+    }
+
+    private function createReplacement(): TeacherReplacement
+    {
+        return TeacherReplacement::designer(
+            tenantId: TenantId::fromString(self::TENANT_UUID),
+            replacedTeacherId: UserId::fromString(self::REPLACED_TEACHER_ID),
+            replacementTeacherId: UserId::fromString(self::REPLACEMENT_TEACHER_ID),
+            startDate: new DateTimeImmutable('2026-03-01'),
+            endDate: new DateTimeImmutable('2026-03-31'),
+            classes: [
+                new ClassSubjectPair(
+                    ClassId::fromString(self::CLASS_ID),
+                    SubjectId::fromString(self::SUBJECT_ID),
+                ),
+            ],
+            reason: null,
+            createdBy: UserId::fromString(self::CREATED_BY_ID),
+            now: new DateTimeImmutable('2026-02-15 10:00:00'),
+        );
+    }
+}