thatguygriff
9c900d6553
CI / Tests (PHP 8.1) (pull_request) Successful in 47s
CI / No Debug Code (pull_request) Successful in 2s
CI / Build Plugin Zip (pull_request) Has been skipped
CI / Coding Standards (pull_request) Successful in 52s
CI / PHPStan (pull_request) Successful in 1m1s
CI / Tests (PHP 8.2) (pull_request) Successful in 48s
CI / Tests (PHP 8.3) (pull_request) Successful in 45s
Implements #16: invite-only student self-registration through a front-end page, accepting signup-scoped policies at account creation. Policy domain: - us_policies.acceptance_scope (signup/booking/both); Policy::appliesTo(); PolicyRepository::findForScope(); scope threaded through PolicyService, the REST create, the admin controller, and the Policies form. - PolicyAcceptance::REG_ACCOUNT (registration_id = the new user's ID). Auth: - Invite value object + InviteRepository; us_invites table. - RegistrationController + Invites admin page (manage_students): invite an email, share the registration link, revoke. - RegistrationPage ([us_student_register] shortcode): validates the invite token, collects name/password, renders signup-scoped published policies with required acceptance, creates the us_student user, records account-type acceptances, marks the invite accepted, and logs the user in. - RoleManager: manage_students cap added to STUDIO_ADMIN_CAPS. Invite-only is implemented; the us_registration_mode self_approval path is a documented future seam. Docs: docs/features/account-registration.md; policies.md updated. Tests: tests/Unit/Auth/ (Invite, InviteRepository) plus Policy scope updates. composer test (104), cs, and PHPStan level 6 all pass. Refs #16 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
203 lines
5.8 KiB
PHP
203 lines
5.8 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace Unsupervised\Schedular\Policy;
|
|
|
|
use Unsupervised\Schedular\Auth\RoleManager;
|
|
|
|
class PolicyEndpoint {
|
|
|
|
public function __construct(
|
|
private PolicyRepository $policies,
|
|
private PolicyVersionRepository $versions,
|
|
private PolicyService $service,
|
|
) {}
|
|
|
|
public function registerRoutes( string $route_namespace ): void {
|
|
register_rest_route(
|
|
$route_namespace,
|
|
'/policies',
|
|
[
|
|
[
|
|
'methods' => \WP_REST_Server::READABLE,
|
|
'callback' => [ $this, 'index' ],
|
|
'permission_callback' => '__return_true',
|
|
],
|
|
[
|
|
'methods' => \WP_REST_Server::CREATABLE,
|
|
'callback' => [ $this, 'create' ],
|
|
'permission_callback' => [ $this, 'canManage' ],
|
|
],
|
|
]
|
|
);
|
|
|
|
register_rest_route(
|
|
$route_namespace,
|
|
'/policies/(?P<id>\d+)/versions',
|
|
[
|
|
[
|
|
'methods' => \WP_REST_Server::CREATABLE,
|
|
'callback' => [ $this, 'addVersion' ],
|
|
'permission_callback' => [ $this, 'canManage' ],
|
|
],
|
|
]
|
|
);
|
|
|
|
register_rest_route(
|
|
$route_namespace,
|
|
'/policies/(?P<id>\d+)/versions/(?P<vid>\d+)',
|
|
[
|
|
[
|
|
'methods' => \WP_REST_Server::EDITABLE,
|
|
'callback' => [ $this, 'updateVersion' ],
|
|
'permission_callback' => [ $this, 'canManage' ],
|
|
],
|
|
]
|
|
);
|
|
|
|
register_rest_route(
|
|
$route_namespace,
|
|
'/policies/(?P<id>\d+)/versions/(?P<vid>\d+)/publish',
|
|
[
|
|
[
|
|
'methods' => \WP_REST_Server::CREATABLE,
|
|
'callback' => [ $this, 'publish' ],
|
|
'permission_callback' => [ $this, 'canManage' ],
|
|
],
|
|
]
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Public: the current published version of every policy (the registration gate).
|
|
*/
|
|
public function index(): \WP_REST_Response {
|
|
$out = [];
|
|
|
|
foreach ( $this->policies->findAll() as $policy ) {
|
|
if ( null === $policy->currentVersionId ) {
|
|
continue;
|
|
}
|
|
|
|
$version = $this->versions->findById( $policy->currentVersionId );
|
|
if ( null === $version || ! $version->isPublished() ) {
|
|
continue;
|
|
}
|
|
|
|
$out[] = [
|
|
'id' => $policy->id,
|
|
'title' => $policy->title,
|
|
'slug' => $policy->slug,
|
|
'policy_version_id' => $version->id,
|
|
'version_number' => $version->versionNumber,
|
|
'body' => $version->body,
|
|
];
|
|
}
|
|
|
|
return new \WP_REST_Response( $out, 200 );
|
|
}
|
|
|
|
public function create( \WP_REST_Request $request ): \WP_REST_Response|\WP_Error {
|
|
$title = sanitize_text_field( (string) $request->get_param( 'title' ) );
|
|
if ( '' === $title ) {
|
|
return $this->invalid( __( 'A policy title is required.', 'unsupervised-schedular' ) );
|
|
}
|
|
|
|
$slugParam = sanitize_text_field( (string) $request->get_param( 'slug' ) );
|
|
$slug = sanitize_title( '' !== $slugParam ? $slugParam : $title );
|
|
if ( '' === $slug ) {
|
|
return $this->invalid( __( 'A valid policy slug is required.', 'unsupervised-schedular' ) );
|
|
}
|
|
|
|
if ( null !== $this->policies->findBySlug( $slug ) ) {
|
|
return new \WP_Error( 'duplicate_slug', __( 'A policy with that slug already exists.', 'unsupervised-schedular' ), [ 'status' => 409 ] );
|
|
}
|
|
|
|
$scope = (string) ( $request->get_param( 'acceptance_scope' ) ?? Policy::SCOPE_BOOKING );
|
|
if ( ! in_array( $scope, Policy::VALID_SCOPES, true ) ) {
|
|
return $this->invalid( __( 'Invalid acceptance scope.', 'unsupervised-schedular' ) );
|
|
}
|
|
|
|
$id = $this->service->createPolicy( $title, $slug, $scope );
|
|
|
|
return new \WP_REST_Response( [ 'id' => $id ], 201 );
|
|
}
|
|
|
|
public function addVersion( \WP_REST_Request $request ): \WP_REST_Response|\WP_Error {
|
|
$policy = $this->policies->findById( absint( $request->get_param( 'id' ) ) );
|
|
if ( null === $policy ) {
|
|
return $this->notFound();
|
|
}
|
|
|
|
$body = wp_kses_post( (string) $request->get_param( 'body' ) );
|
|
$id = $this->service->addDraftVersion( (int) $policy->id, $body );
|
|
|
|
return new \WP_REST_Response( [ 'id' => $id ], 201 );
|
|
}
|
|
|
|
public function updateVersion( \WP_REST_Request $request ): \WP_REST_Response|\WP_Error {
|
|
$version = $this->loadVersionForPolicy( $request );
|
|
if ( $version instanceof \WP_Error ) {
|
|
return $version;
|
|
}
|
|
|
|
if ( PolicyVersion::STATUS_DRAFT !== $version->status ) {
|
|
return $this->invalid( __( 'Only draft versions can be edited.', 'unsupervised-schedular' ) );
|
|
}
|
|
|
|
$body = wp_kses_post( (string) $request->get_param( 'body' ) );
|
|
$this->versions->updateBody( (int) $version->id, $body );
|
|
|
|
return new \WP_REST_Response(
|
|
[
|
|
'id' => $version->id,
|
|
'body' => $body,
|
|
],
|
|
200
|
|
);
|
|
}
|
|
|
|
public function publish( \WP_REST_Request $request ): \WP_REST_Response|\WP_Error {
|
|
$version = $this->loadVersionForPolicy( $request );
|
|
if ( $version instanceof \WP_Error ) {
|
|
return $version;
|
|
}
|
|
|
|
$this->service->publishVersion( (int) $request->get_param( 'id' ), (int) $version->id );
|
|
|
|
return new \WP_REST_Response(
|
|
[
|
|
'id' => $version->id,
|
|
'status' => PolicyVersion::STATUS_PUBLISHED,
|
|
],
|
|
200
|
|
);
|
|
}
|
|
|
|
public function canManage(): bool {
|
|
return is_user_logged_in() && current_user_can( RoleManager::CAP_MANAGE_POLICIES );
|
|
}
|
|
|
|
/**
|
|
* Load the version named in the route and confirm it belongs to the policy.
|
|
*/
|
|
private function loadVersionForPolicy( \WP_REST_Request $request ): PolicyVersion|\WP_Error {
|
|
$policyId = absint( $request->get_param( 'id' ) );
|
|
$version = $this->versions->findById( absint( $request->get_param( 'vid' ) ) );
|
|
|
|
if ( null === $version || $version->policyId !== $policyId ) {
|
|
return $this->notFound();
|
|
}
|
|
|
|
return $version;
|
|
}
|
|
|
|
private function notFound(): \WP_Error {
|
|
return new \WP_Error( 'not_found', __( 'Policy or version not found.', 'unsupervised-schedular' ), [ 'status' => 404 ] );
|
|
}
|
|
|
|
private function invalid( string $message ): \WP_Error {
|
|
return new \WP_Error( 'invalid_policy', $message, [ 'status' => 400 ] );
|
|
}
|
|
}
|