✨ Feature/company users rest api validation (#81)

✨add plugin execution logic before delete and update allows to execute plugins before delete and update so thats now possible to run checks for example do not let the customer deletes the own customer user or prevent the role update to remove the last admin role in the company
fond-of-impala · Aug 7, 2023 · ff64579 · ff64579
1 parent 2a9a116
commit ff64579
Show file tree

Hide file tree

Showing 28 changed files with 1,454 additions and 14 deletions.
diff --git a/composer.json b/composer.json
@@ -10,6 +10,10 @@
     {
       "name": "Felix Pfister",
       "email": "felix@pfister.de"
+    },
+    {
+      "name": "Julian Hyatt",
+      "email": "dev@jzit.de"
     }
   ],
   "scripts": {
@@ -20,13 +24,14 @@
   },
   "require": {
     "php": ">=8.0",
-    "fond-of-oryx/company-users-rest-api-extension": "^1.1.0 || ^2.0.0",
+    "fond-of-oryx/company-users-rest-api-extension": "^2.1.0",
     "fond-of-spryker/company-price-list": "dev-master",
     "fond-of-spryker/company-user-reference": "dev-master",
     "spryker/company": "^1.4.0",
     "spryker/company-business-unit": "^1.0.0 || ^2.0.0",
     "spryker/company-user": "^2.3.0",
     "spryker/company-role": "^1.0.0",
+    "spryker/company-roles-rest-api": "^1.0.0",
     "spryker/glue-application": "^1.0.0",
     "spryker/permission": "^1.0.0"
   },

diff --git a/src/FondOfImpala/Shared/CompanyUsersRestApi/CompanyUsersRestApiConstants.php b/src/FondOfImpala/Shared/CompanyUsersRestApi/CompanyUsersRestApiConstants.php
@@ -14,5 +14,18 @@ interface CompanyUsersRestApiConstants
     /**
      * @var string
      */
-    public const BASE_URI = 'FOND_OF_SPRYKER:COMPANY_USER_REST_API:BASE_URI';
+    public const BASE_URI = 'FOND_OF_IMPALA:COMPANY_USER_REST_API:BASE_URI';
+
+    /**
+     * @var string
+     */
+    public const PROTECTED_ROLES = 'FOND_OF_IMPALA:COMPANY_USER_REST_API:PROTECTED_ROLES';
+
+    /**
+     * @var array
+     */
+    public const PROTECTED_ROLES_DEFAULT = [
+        'super_administration',
+        'administration',
+    ];
 }
diff --git a/src/FondOfImpala/Zed/CompanyUsersRestApi/Business/CompanyUsersRestApiBusinessFactory.php b/src/FondOfImpala/Zed/CompanyUsersRestApi/Business/CompanyUsersRestApiBusinessFactory.php
@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 namespace FondOfImpala\Zed\CompanyUsersRestApi\Business;
 
@@ -28,6 +28,10 @@
 use FondOfImpala\Zed\CompanyUsersRestApi\Business\Reader\CustomerReaderInterface;
 use FondOfImpala\Zed\CompanyUsersRestApi\Business\Updater\CompanyUserUpdater;
 use FondOfImpala\Zed\CompanyUsersRestApi\Business\Updater\CompanyUserUpdaterInterface;
+use FondOfImpala\Zed\CompanyUsersRestApi\Business\Validation\CompanyUserDeleteValidation;
+use FondOfImpala\Zed\CompanyUsersRestApi\Business\Validation\CompanyUserDeleteValidationInterface;
+use FondOfImpala\Zed\CompanyUsersRestApi\Business\Validation\CompanyUserUpdateValidation;
+use FondOfImpala\Zed\CompanyUsersRestApi\Business\Validation\CompanyUserUpdateValidationInterface;
 use FondOfImpala\Zed\CompanyUsersRestApi\Business\Validation\RestApiError;
 use FondOfImpala\Zed\CompanyUsersRestApi\Business\Validation\RestApiErrorInterface;
 use FondOfImpala\Zed\CompanyUsersRestApi\Business\Writer\CustomerWriter;
@@ -69,6 +73,7 @@ public function createCompanyUserDeleter(): CompanyUserDeleterInterface
             $this->createCompanyUserReader(),
             $this->getCompanyUserFacade(),
             $this->getPermissionFacade(),
+            $this->createCompanyUserPluginExecutor(),
         );
     }
 
@@ -92,6 +97,28 @@ public function createCompanyUserWriter(): CompanyUserWriterInterface
         );
     }
 
+    /**
+     * @return \FondOfImpala\Zed\CompanyUsersRestApi\Business\Validation\CompanyUserDeleteValidationInterface
+     */
+    public function createCompanyUserDeleteValidation(): CompanyUserDeleteValidationInterface
+    {
+        return new CompanyUserDeleteValidation(
+            $this->getRepository(),
+            $this->getConfig(),
+        );
+    }
+
+    /**
+     * @return \FondOfImpala\Zed\CompanyUsersRestApi\Business\Validation\CompanyUserUpdateValidationInterface
+     */
+    public function createCompanyUserUpdateValidation(): CompanyUserUpdateValidationInterface
+    {
+        return new CompanyUserUpdateValidation(
+            $this->getRepository(),
+            $this->getConfig(),
+        );
+    }
+
     /**
      * @return \FondOfImpala\Zed\CompanyUsersRestApi\Business\Validation\RestApiErrorInterface
      */
@@ -229,6 +256,8 @@ protected function createCompanyUserPluginExecutor(): CompanyUserPluginExecutorI
         return new CompanyUserPluginExecutor(
             $this->getCompanyUserPreCreatePlugins(),
             $this->getCompanyUserPostCreatePlugins(),
+            $this->getCompanyUserPreDeleteValidationPlugins(),
+            $this->getCompanyUserPreUpdateValidationPlugins(),
         );
     }
 
@@ -242,6 +271,26 @@ protected function getCompanyUserPostCreatePlugins(): array
         );
     }
 
+    /**
+     * @return array<\FondOfOryx\Zed\CompanyUsersRestApiExtension\Dependency\Plugin\CompanyUserPreDeleteValidationPluginInterface>
+     */
+    protected function getCompanyUserPreDeleteValidationPlugins(): array
+    {
+        return $this->getProvidedDependency(
+            CompanyUsersRestApiDependencyProvider::PLUGINS_COMPANY_USER_PRE_DELETE_VALIDATION,
+        );
+    }
+
+    /**
+     * @return array<\FondOfOryx\Zed\CompanyUsersRestApiExtension\Dependency\Plugin\CompanyUserPreUpdateValidationPluginInterface>
+     */
+    protected function getCompanyUserPreUpdateValidationPlugins(): array
+    {
+        return $this->getProvidedDependency(
+            CompanyUsersRestApiDependencyProvider::PLUGINS_COMPANY_USER_PRE_UPDATE_VALIDATION,
+        );
+    }
+
     /**
      * @return array<\FondOfOryx\Zed\CompanyUsersRestApiExtension\Dependency\Plugin\CompanyUserPreCreatePluginInterface>
      */
@@ -262,6 +311,7 @@ public function createCompanyUserUpdater(): CompanyUserUpdaterInterface
             $this->createCompanyRoleCollectionReader(),
             $this->getCompanyUserFacade(),
             $this->getPermissionFacade(),
+            $this->createCompanyUserPluginExecutor(),
         );
     }
 

diff --git a/src/FondOfImpala/Zed/CompanyUsersRestApi/Business/CompanyUsersRestApiFacade.php b/src/FondOfImpala/Zed/CompanyUsersRestApi/Business/CompanyUsersRestApiFacade.php
@@ -4,6 +4,7 @@
 
 namespace FondOfImpala\Zed\CompanyUsersRestApi\Business;
 
+use Generated\Shared\Transfer\CompanyUserTransfer;
 use Generated\Shared\Transfer\RestCompanyUsersRequestAttributesTransfer;
 use Generated\Shared\Transfer\RestCompanyUsersResponseTransfer;
 use Generated\Shared\Transfer\RestDeleteCompanyUserRequestTransfer;
@@ -56,4 +57,34 @@ public function updateCompanyUserByRestWriteCompanyUserRequest(
             ->createCompanyUserUpdater()
             ->updateByRestWriteCompanyUserRequest($restWriteCompanyUserRequestTransfer);
     }
+
+    /**
+     * @param \Generated\Shared\Transfer\CompanyUserTransfer $companyUserTransfer
+     * @param \Generated\Shared\Transfer\RestDeleteCompanyUserRequestTransfer $restDeleteCompanyUserRequestTransfer
+     *
+     * @return bool
+     */
+    public function canDeleteCompanyUser(
+        CompanyUserTransfer $companyUserTransfer,
+        RestDeleteCompanyUserRequestTransfer $restDeleteCompanyUserRequestTransfer
+    ): bool {
+        return $this->getFactory()
+            ->createCompanyUserDeleteValidation()
+            ->validate($companyUserTransfer, $restDeleteCompanyUserRequestTransfer);
+    }
+
+    /**
+     * @param \Generated\Shared\Transfer\CompanyUserTransfer $companyUserTransfer
+     * @param \Generated\Shared\Transfer\RestWriteCompanyUserRequestTransfer $restWriteCompanyUserRequestTransfer
+     *
+     * @return bool
+     */
+    public function canUpdateCompanyUser(
+        CompanyUserTransfer $companyUserTransfer,
+        RestWriteCompanyUserRequestTransfer $restWriteCompanyUserRequestTransfer
+    ): bool {
+        return $this->getFactory()
+            ->createCompanyUserUpdateValidation()
+            ->validate($companyUserTransfer, $restWriteCompanyUserRequestTransfer);
+    }
 }
diff --git a/src/FondOfImpala/Zed/CompanyUsersRestApi/Business/CompanyUsersRestApiFacadeInterface.php b/src/FondOfImpala/Zed/CompanyUsersRestApi/Business/CompanyUsersRestApiFacadeInterface.php
@@ -4,6 +4,7 @@
 
 namespace FondOfImpala\Zed\CompanyUsersRestApi\Business;
 
+use Generated\Shared\Transfer\CompanyUserTransfer;
 use Generated\Shared\Transfer\RestCompanyUsersRequestAttributesTransfer;
 use Generated\Shared\Transfer\RestCompanyUsersResponseTransfer;
 use Generated\Shared\Transfer\RestDeleteCompanyUserRequestTransfer;
@@ -39,4 +40,26 @@ public function deleteCompanyUserByRestDeleteCompanyUserRequest(
     public function updateCompanyUserByRestWriteCompanyUserRequest(
         RestWriteCompanyUserRequestTransfer $restWriteCompanyUserRequestTransfer
     ): RestWriteCompanyUserResponseTransfer;
+
+    /**
+     * @param \Generated\Shared\Transfer\CompanyUserTransfer $companyUserTransfer
+     * @param \Generated\Shared\Transfer\RestDeleteCompanyUserRequestTransfer $restDeleteCompanyUserRequestTransfer
+     *
+     * @return bool
+     */
+    public function canDeleteCompanyUser(
+        CompanyUserTransfer $companyUserTransfer,
+        RestDeleteCompanyUserRequestTransfer $restDeleteCompanyUserRequestTransfer
+    ): bool;
+
+    /**
+     * @param \Generated\Shared\Transfer\CompanyUserTransfer $companyUserTransfer
+     * @param \Generated\Shared\Transfer\RestWriteCompanyUserRequestTransfer $restWriteCompanyUserRequestTransfer
+     *
+     * @return bool
+     */
+    public function canUpdateCompanyUser(
+        CompanyUserTransfer $companyUserTransfer,
+        RestWriteCompanyUserRequestTransfer $restWriteCompanyUserRequestTransfer
+    ): bool;
 }
diff --git a/src/FondOfImpala/Zed/CompanyUsersRestApi/Business/Deleter/CompanyUserDeleter.php b/src/FondOfImpala/Zed/CompanyUsersRestApi/Business/Deleter/CompanyUserDeleter.php
@@ -2,6 +2,7 @@
 
 namespace FondOfImpala\Zed\CompanyUsersRestApi\Business\Deleter;
 
+use FondOfImpala\Zed\CompanyUsersRestApi\Business\PluginExecutor\CompanyUserPluginExecutorInterface;
 use FondOfImpala\Zed\CompanyUsersRestApi\Business\Reader\CompanyUserReaderInterface;
 use FondOfImpala\Zed\CompanyUsersRestApi\Communication\Plugin\PermissionExtension\DeleteCompanyUserPermissionPlugin;
 use FondOfImpala\Zed\CompanyUsersRestApi\Dependency\Facade\CompanyUsersRestApiToCompanyUserFacadeInterface;
@@ -26,19 +27,27 @@ class CompanyUserDeleter implements CompanyUserDeleterInterface
      */
     protected $permissionFacade;
 
+    /**
+     * @var \FondOfImpala\Zed\CompanyUsersRestApi\Business\PluginExecutor\CompanyUserPluginExecutorInterface
+     */
+    protected $pluginExecutor;
+
     /**
      * @param \FondOfImpala\Zed\CompanyUsersRestApi\Business\Reader\CompanyUserReaderInterface $companyUserReader
      * @param \FondOfImpala\Zed\CompanyUsersRestApi\Dependency\Facade\CompanyUsersRestApiToCompanyUserFacadeInterface $companyUserFacade
      * @param \FondOfImpala\Zed\CompanyUsersRestApi\Dependency\Facade\CompanyUsersRestApiToPermissionFacadeInterface $permissionFacade
+     * @param \FondOfImpala\Zed\CompanyUsersRestApi\Business\PluginExecutor\CompanyUserPluginExecutorInterface $pluginExecutor
      */
     public function __construct(
         CompanyUserReaderInterface $companyUserReader,
         CompanyUsersRestApiToCompanyUserFacadeInterface $companyUserFacade,
-        CompanyUsersRestApiToPermissionFacadeInterface $permissionFacade
+        CompanyUsersRestApiToPermissionFacadeInterface $permissionFacade,
+        CompanyUserPluginExecutorInterface $pluginExecutor
     ) {
         $this->companyUserReader = $companyUserReader;
         $this->companyUserFacade = $companyUserFacade;
         $this->permissionFacade = $permissionFacade;
+        $this->pluginExecutor = $pluginExecutor;
     }
 
     /**
@@ -67,7 +76,7 @@ public function deleteByRestDeleteCompanyUserRequest(
             $restDeleteCompanyUserRequestTransfer,
         );
 
-        if ($companyUserTransfer === null) {
+        if ($companyUserTransfer === null || $this->pluginExecutor->executePreDeleteValidationPlugins($companyUserTransfer, $restDeleteCompanyUserRequestTransfer) === false) {
             return $restDeleteCompanyUserResponseTransfer;
         }
 

diff --git a/...ondOfImpala/Zed/CompanyUsersRestApi/Business/PluginExecutor/CompanyUserPluginExecutor.php b/...ondOfImpala/Zed/CompanyUsersRestApi/Business/PluginExecutor/CompanyUserPluginExecutor.php
@@ -4,6 +4,8 @@
 
 use Generated\Shared\Transfer\CompanyUserTransfer;
 use Generated\Shared\Transfer\RestCompanyUsersRequestAttributesTransfer;
+use Generated\Shared\Transfer\RestDeleteCompanyUserRequestTransfer;
+use Generated\Shared\Transfer\RestWriteCompanyUserRequestTransfer;
 
 class CompanyUserPluginExecutor implements CompanyUserPluginExecutorInterface
 {
@@ -17,16 +19,32 @@ class CompanyUserPluginExecutor implements CompanyUserPluginExecutorInterface
      */
     protected $companyUserPreCreatePlugins;
 
+    /**
+     * @var array<\FondOfOryx\Zed\CompanyUsersRestApiExtension\Dependency\Plugin\CompanyUserPreDeleteValidationPluginInterface>
+     */
+    protected $companyUserPreDeletePlugins;
+
+    /**
+     * @var array<\FondOfOryx\Zed\CompanyUsersRestApiExtension\Dependency\Plugin\CompanyUserPreUpdateValidationPluginInterface>
+     */
+    protected $companyUserPreUpdatePlugins;
+
     /**
      * @param array<\FondOfOryx\Zed\CompanyUsersRestApiExtension\Dependency\Plugin\CompanyUserPreCreatePluginInterface> $companyUserPreCreatePlugins
      * @param array<\FondOfOryx\Zed\CompanyUsersRestApiExtension\Dependency\Plugin\CompanyUserPostCreatePluginInterface> $companyUserPostCreatePlugins
+     * @param array<\FondOfOryx\Zed\CompanyUsersRestApiExtension\Dependency\Plugin\CompanyUserPreDeleteValidationPluginInterface> $companyUserPreDeletePlugins
+     * @param array<\FondOfOryx\Zed\CompanyUsersRestApiExtension\Dependency\Plugin\CompanyUserPreUpdateValidationPluginInterface> $companyUserPreUpdatePlugins
      */
     public function __construct(
         array $companyUserPreCreatePlugins,
-        array $companyUserPostCreatePlugins
+        array $companyUserPostCreatePlugins,
+        array $companyUserPreDeletePlugins,
+        array $companyUserPreUpdatePlugins
     ) {
         $this->companyUserPreCreatePlugins = $companyUserPreCreatePlugins;
         $this->companyUserPostCreatePlugins = $companyUserPostCreatePlugins;
+        $this->companyUserPreDeletePlugins = $companyUserPreDeletePlugins;
+        $this->companyUserPreUpdatePlugins = $companyUserPreUpdatePlugins;
     }
 
     /**
@@ -62,4 +80,44 @@ public function executePreCreatePlugins(
 
         return $companyUserTransfer;
     }
+
+    /**
+     * @param \Generated\Shared\Transfer\CompanyUserTransfer $companyUserTransfer
+     * @param \Generated\Shared\Transfer\RestDeleteCompanyUserRequestTransfer $restDeleteCompanyUserRequestTransfer
+     *
+     * @return bool
+     */
+    public function executePreDeleteValidationPlugins(
+        CompanyUserTransfer $companyUserTransfer,
+        RestDeleteCompanyUserRequestTransfer $restDeleteCompanyUserRequestTransfer
+    ): bool {
+        foreach ($this->companyUserPreDeletePlugins as $plugin) {
+            $state = $plugin->validate($companyUserTransfer, $restDeleteCompanyUserRequestTransfer);
+            if ($state === false) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * @param \Generated\Shared\Transfer\CompanyUserTransfer $companyUserTransfer
+     * @param \Generated\Shared\Transfer\RestWriteCompanyUserRequestTransfer $restWriteCompanyUserRequestTransfer
+     *
+     * @return bool
+     */
+    public function executePreUpdateValidationPlugins(
+        CompanyUserTransfer $companyUserTransfer,
+        RestWriteCompanyUserRequestTransfer $restWriteCompanyUserRequestTransfer
+    ): bool {
+        foreach ($this->companyUserPreUpdatePlugins as $plugin) {
+            $state = $plugin->validate($companyUserTransfer, $restWriteCompanyUserRequestTransfer);
+            if ($state === false) {
+                return false;
+            }
+        }
+
+        return true;
+    }
 }
diff --git a/...la/Zed/CompanyUsersRestApi/Business/PluginExecutor/CompanyUserPluginExecutorInterface.php b/...la/Zed/CompanyUsersRestApi/Business/PluginExecutor/CompanyUserPluginExecutorInterface.php
@@ -4,6 +4,8 @@
 
 use Generated\Shared\Transfer\CompanyUserTransfer;
 use Generated\Shared\Transfer\RestCompanyUsersRequestAttributesTransfer;
+use Generated\Shared\Transfer\RestDeleteCompanyUserRequestTransfer;
+use Generated\Shared\Transfer\RestWriteCompanyUserRequestTransfer;
 
 interface CompanyUserPluginExecutorInterface
 {
@@ -28,4 +30,26 @@ public function executePreCreatePlugins(
         CompanyUserTransfer $companyUserTransfer,
         RestCompanyUsersRequestAttributesTransfer $companyUsersRequestAttributesTransfer
     ): CompanyUserTransfer;
+
+    /**
+     * @param \Generated\Shared\Transfer\CompanyUserTransfer $companyUserTransfer
+     * @param \Generated\Shared\Transfer\RestDeleteCompanyUserRequestTransfer $restDeleteCompanyUserRequestTransfer
+     *
+     * @return bool
+     */
+    public function executePreDeleteValidationPlugins(
+        CompanyUserTransfer $companyUserTransfer,
+        RestDeleteCompanyUserRequestTransfer $restDeleteCompanyUserRequestTransfer
+    ): bool;
+
+    /**
+     * @param \Generated\Shared\Transfer\CompanyUserTransfer $companyUserTransfer
+     * @param \Generated\Shared\Transfer\RestWriteCompanyUserRequestTransfer $restWriteCompanyUserRequestTransfer
+     *
+     * @return bool
+     */
+    public function executePreUpdateValidationPlugins(
+        CompanyUserTransfer $companyUserTransfer,
+        RestWriteCompanyUserRequestTransfer $restWriteCompanyUserRequestTransfer
+    ): bool;
 }