audit items tests, controllers and UI

openfoodfoundation · Aug 15, 2024 · f527ca9 · f527ca9
1 parent d1516aa
commit f527ca9
Show file tree

Hide file tree

Showing 28 changed files with 1,295 additions and 17 deletions.
diff --git a/app/Console/Commands/TestCommand.php b/app/Console/Commands/TestCommand.php
@@ -2,6 +2,7 @@
 
 namespace App\Console\Commands;
 
+use App\Models\AuditItem;
 use App\Models\Team;
 use App\Models\User;
 use App\Models\Voucher;
@@ -33,5 +34,8 @@ public function handle()
         $teams       = Team::factory(100)->createQuietly();
         $vouchers    = Voucher::factory(100)->createQuietly();
         $voucherSets = VoucherSet::factory(100)->createQuietly();
+        $auditItems  = AuditItem::factory(100)->createQuietly([
+            'team_id' => 1
+        ]);
     }
 }
diff --git a/app/Enums/PersonalAccessTokenAbility.php b/app/Enums/PersonalAccessTokenAbility.php
@@ -7,17 +7,21 @@
  */
 enum PersonalAccessTokenAbility: string
 {
-    case SUPER_ADMIN              = 'super-admin'; // Allowed to do everything
-    case MY_PROFILE_CREATE        = 'my-profile-create';
-    case MY_PROFILE_READ          = 'my-profile-read';
-    case MY_PROFILE_UPDATE        = 'my-profile-update';
-    case MY_PROFILE_DELETE        = 'my-profile-delete';
-    case MY_TEAM_VOUCHERS_CREATE  = 'my-team-vouchers-create';
-    case MY_TEAM_VOUCHERS_READ    = 'my-team-vouchers-read';
-    case MY_TEAM_VOUCHERS_UPDATE  = 'my-team-vouchers-update';
-    case MY_TEAM_VOUCHERS_DELETE  = 'my-team-vouchers-delete';
-    case SYSTEM_STATISTICS_CREATE = 'system-statistics-create';
-    case SYSTEM_STATISTICS_READ   = 'system-statistics-read';
-    case SYSTEM_STATISTICS_UPDATE = 'system-statistics-update';
-    case SYSTEM_STATISTICS_DELETE = 'system-statistics-delete';
+    case SUPER_ADMIN                = 'super-admin'; // Allowed to do everything
+    case MY_PROFILE_CREATE          = 'my-profile-create';
+    case MY_PROFILE_READ            = 'my-profile-read';
+    case MY_PROFILE_UPDATE          = 'my-profile-update';
+    case MY_PROFILE_DELETE          = 'my-profile-delete';
+    case MY_TEAM_VOUCHERS_CREATE    = 'my-team-vouchers-create';
+    case MY_TEAM_VOUCHERS_READ      = 'my-team-vouchers-read';
+    case MY_TEAM_VOUCHERS_UPDATE    = 'my-team-vouchers-update';
+    case MY_TEAM_VOUCHERS_DELETE    = 'my-team-vouchers-delete';
+    case MY_TEAM_AUDIT_ITEMS_CREATE = 'my-team-audit-items-create';
+    case MY_TEAM_AUDIT_ITEMS_READ   = 'my-team-audit-items-read';
+    case MY_TEAM_AUDIT_ITEMS_UPDATE = 'my-team-audit-items-update';
+    case MY_TEAM_AUDIT_ITEMS_DELETE = 'my-team-audit-items-delete';
+    case SYSTEM_STATISTICS_CREATE   = 'system-statistics-create';
+    case SYSTEM_STATISTICS_READ     = 'system-statistics-read';
+    case SYSTEM_STATISTICS_UPDATE   = 'system-statistics-update';
+    case SYSTEM_STATISTICS_DELETE   = 'system-statistics-delete';
 }
diff --git a/app/Http/Controllers/Api/V1/Admin/ApiAdminAuditItemsController.php b/app/Http/Controllers/Api/V1/Admin/ApiAdminAuditItemsController.php
@@ -0,0 +1,101 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1\Admin;
+
+use App\Enums\ApiResponse;
+use App\Exceptions\DisallowedApiFieldException;
+use App\Http\Controllers\Api\HandlesAPIRequests;
+use App\Http\Controllers\Controller;
+use App\Models\AuditItem;
+use Illuminate\Http\JsonResponse;
+
+class ApiAdminAuditItemsController extends Controller
+{
+    use HandlesAPIRequests;
+
+    /**
+     * Set the related data the GET request is allowed to ask for
+     */
+    public array $availableRelations = [
+        'team'
+    ];
+
+    public static array $searchableFields = [];
+
+    /**
+     * GET /
+     *
+     * @return JsonResponse
+     *
+     * @throws DisallowedApiFieldException
+     */
+    public function index(): JsonResponse
+    {
+        $this->query = AuditItem::with($this->associatedData);
+        $this->query = $this->updateReadQueryBasedOnUrl();
+        $this->data  = $this->query->paginate($this->limit);
+
+        return $this->respond();
+    }
+
+    /**
+     * POST /
+     *
+     * @return JsonResponse
+     */
+    public function store(): JsonResponse
+    {
+        $this->responseCode = 403;
+        $this->message      = ApiResponse::RESPONSE_METHOD_NOT_ALLOWED->value;
+
+        return $this->respond();
+    }
+
+    /**
+     * GET /{id}
+     *
+     * @param int $id
+     *
+     * @return JsonResponse
+     *
+     * @throws DisallowedApiFieldException
+     */
+    public function show(int $id)
+    {
+        $this->query = AuditItem::with($this->associatedData);
+        $this->query = $this->updateReadQueryBasedOnUrl();
+        $this->data  = $this->query->find($id);
+
+        return $this->respond();
+    }
+
+    /**
+     * PUT /{id}
+     *
+     * @param string $id
+     *
+     * @return JsonResponse
+     */
+    public function update(string $id)
+    {
+        $this->responseCode = 403;
+        $this->message      = ApiResponse::RESPONSE_METHOD_NOT_ALLOWED->value;
+
+        return $this->respond();
+    }
+
+    /**
+     * DELETE / {id}
+     *
+     * @param string $id
+     *
+     * @return JsonResponse
+     */
+    public function destroy(string $id)
+    {
+        $this->responseCode = 403;
+        $this->message      = ApiResponse::RESPONSE_METHOD_NOT_ALLOWED->value;
+
+        return $this->respond();
+    }
+}
diff --git a/app/Http/Controllers/Api/V1/Admin/ApiAdminSearchController.php b/app/Http/Controllers/Api/V1/Admin/ApiAdminSearchController.php
@@ -21,9 +21,7 @@ class ApiAdminSearchController extends Controller
      */
     public array $availableRelations = [];
 
-    public static array $searchableFields = [
-        'id',
-    ];
+    public static array $searchableFields = [];
 
     /**
      * GET /

diff --git a/app/Http/Controllers/Api/V1/ApiMyTeamAuditItemsController.php b/app/Http/Controllers/Api/V1/ApiMyTeamAuditItemsController.php
@@ -0,0 +1,98 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Enums\ApiResponse;
+use App\Exceptions\DisallowedApiFieldException;
+use App\Http\Controllers\Api\HandlesAPIRequests;
+use App\Http\Controllers\Controller;
+use App\Models\AuditItem;
+use Auth;
+use Illuminate\Http\JsonResponse;
+
+class ApiMyTeamAuditItemsController extends Controller
+{
+    use HandlesAPIRequests;
+
+    /**
+     * Set the related data the GET request is allowed to ask for
+     */
+    public array $availableRelations = [];
+
+    public static array $searchableFields = [];
+
+    /**
+     * GET /
+     *
+     * @return JsonResponse
+     *
+     * @throws DisallowedApiFieldException
+     */
+    public function index(): JsonResponse
+    {
+        $this->query = AuditItem::where('team_id', Auth::user()->current_team_id)->with($this->associatedData);
+        $this->query = $this->updateReadQueryBasedOnUrl();
+        $this->data  = $this->query->paginate($this->limit);
+
+        return $this->respond();
+    }
+
+    /**
+     * POST /
+     *
+     * @return JsonResponse
+     */
+    public function store(): JsonResponse
+    {
+        $this->responseCode = 403;
+        $this->message      = ApiResponse::RESPONSE_METHOD_NOT_ALLOWED->value;
+
+        return $this->respond();
+    }
+
+    /**
+     * GET /{id}
+     *
+     * @param int $id
+     *
+     * @return JsonResponse
+     */
+    public function show(int $id)
+    {
+        $this->query = AuditItem::where('team_id', Auth::user()->current_team_id)->with($this->associatedData);
+        $this->query = $this->updateReadQueryBasedOnUrl();
+        $this->data  = $this->query->find($id);
+
+        return $this->respond();
+    }
+
+    /**
+     * PUT /{id}
+     *
+     * @param string $id
+     *
+     * @return JsonResponse
+     */
+    public function update(string $id)
+    {
+        $this->responseCode = 403;
+        $this->message      = ApiResponse::RESPONSE_METHOD_NOT_ALLOWED->value;
+
+        return $this->respond();
+    }
+
+    /**
+     * DELETE / {id}
+     *
+     * @param string $id
+     *
+     * @return JsonResponse
+     */
+    public function destroy(string $id)
+    {
+        $this->responseCode = 403;
+        $this->message      = ApiResponse::RESPONSE_METHOD_NOT_ALLOWED->value;
+
+        return $this->respond();
+    }
+}
diff --git a/app/Models/AuditItem.php b/app/Models/AuditItem.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Database\Eloquent\Relations\HasOne;
+use Illuminate\Database\Eloquent\Relations\MorphTo;
+
+class AuditItem extends Model
+{
+    use HasFactory;
+
+    public function auditable(): MorphTo
+    {
+        return $this->morphTo();
+    }
+
+    public function team(): BelongsTo
+    {
+        return $this->belongsTo( Team::class, 'team_id', 'id');
+    }
+}
diff --git a/app/Models/Team.php b/app/Models/Team.php
@@ -5,6 +5,7 @@
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Database\Eloquent\Relations\MorphMany;
 use Illuminate\Database\Eloquent\SoftDeletes;
 
 class Team extends Model
@@ -16,4 +17,9 @@ public function teamUsers(): HasMany
     {
         return $this->hasMany(TeamUser::class, 'team_id', 'id');
     }
+
+    public function auditItems(): MorphMany
+    {
+        return $this->morphMany(AuditItem::class, 'auditable');
+    }
 }
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -5,6 +5,7 @@
 // use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Database\Eloquent\Relations\MorphMany;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Laravel\Sanctum\HasApiTokens;
@@ -53,4 +54,9 @@ public function teamUsers(): HasMany
     {
         return $this->hasMany(TeamUser::class);
     }
+
+    public function auditItems(): MorphMany
+    {
+        return $this->morphMany(AuditItem::class, 'auditable');
+    }
 }
diff --git a/database/factories/AuditItemFactory.php b/database/factories/AuditItemFactory.php
@@ -0,0 +1,47 @@
+<?php
+
+namespace Database\Factories;
+
+use App\Models\Team;
+use App\Models\User;
+use App\Models\Voucher;
+use App\Models\VoucherSet;
+use Illuminate\Database\Eloquent\Factories\Factory;
+
+/**
+ * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\AuditItem>
+ */
+class AuditItemFactory extends Factory
+{
+    /**
+     * Define the model's default state.
+     *
+     * @return array<string, mixed>
+     */
+    public function definition(): array
+    {
+        $num = rand(0, 3);
+
+        // If $num == 0, stays as user
+        $auditable = User::factory()->createQuietly();
+
+        if ($num === 1) {
+            $auditable = Team::factory()->createQuietly();
+        }
+
+        if ($num === 2) {
+            $auditable = Voucher::factory()->createQuietly();
+        }
+
+        if ($num === 3) {
+            $auditable = VoucherSet::factory()->createQuietly();
+        }
+
+        return [
+            'auditable_type' => get_class($auditable),
+            'auditable_id'   => $auditable->id,
+            'auditable_text' => $this->faker->randomElement(['created', 'updated', 'deleted']),
+            'team_id'        => $this->faker->randomDigitNotNull(),
+        ];
+    }
+}