sipo/Teren-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use DB-backed whitelist in TokenValueResolver; add whitelist merge test

Browse Source
This commit is contained in:
Simon Pocrnjič 2025-10-06 19:16:24 +02:00
parent 38562fbabe
commit 80b3c7230b
2 changed files with 80 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Services/Documents/TokenValueResolver.php
View File

@ -19,8 +19,12 @@ public function resolve(array $tokens, DocumentTemplate $template, Contract $con
{
$values = [];
$unresolved = [];
$globalWhitelist = config('documents.whitelist', []);
$templateEntities = $template->entities ?: array_keys($globalWhitelist);
// Retrieve whitelist from DB settings (if present) and merge with config baseline (config acts as baseline; DB can add or override entity arrays)
$settingsWhitelist = app(\App\Services\Documents\DocumentSettings::class)->get()->whitelist ?? [];
$configWhitelist = config('documents.whitelist', []);
// Merge preserving DB additions/overrides
$globalWhitelist = array_replace($configWhitelist, $settingsWhitelist);
$templateEntities = $template->entities ?: array_keys($globalWhitelist);
foreach ($tokens as $token) {
[$entity,$attr] = explode('.', $token, 2);
if ($entity === 'generation') {

74
tests/Feature/DocumentSettingsWhitelistTest.php Normal file
View File

@ -0,0 +1,74 @@
<?php
namespace Tests\Feature;
use App\Models\Contract;
use App\Models\DocumentSetting;
use App\Models\Role;
use App\Models\User;
use Illuminate\Support\Facades\Storage;
use Tests\TestCase;
class DocumentSettingsWhitelistTest extends TestCase
{
/**
* Ensure that adding a new attribute to the DB whitelist allows its usage in a template token
* without modifying config/documents.php.
*/
public function test_db_whitelist_extension_allows_new_attribute(): void
{
Storage::fake('public');
$user = User::factory()->create();
$role = Role::firstOrCreate(['slug' => 'admin'], ['name' => 'Admin']);
$user->roles()->sync([$role->id]);
$this->actingAs($user);
// Extend DB whitelist: add duplicate safe attribute (description already in config but we will ensure merge works)
$settings = DocumentSetting::instance();
$wl = $settings->whitelist;
$wl['contract'] = array_values(array_unique(array_merge($wl['contract'] ?? [], ['reference','description'])));
$settings->whitelist = $wl;
$settings->save();
app(\App\Services\Documents\DocumentSettings::class)->refresh();
// Build minimal docx with new token {{contract.amount}}
$tmp = tempnam(sys_get_temp_dir(), 'doc');
$zip = new \ZipArchive;
$zip->open($tmp, \ZipArchive::OVERWRITE);
$zip->addFromString('[Content_Types].xml', '<Types></Types>');
$zip->addFromString('word/document.xml', '<w:document><w:body>{{contract.description}}</w:body></w:document>');
$zip->close();
$bytes = file_get_contents($tmp);
Storage::disk('public')->put('templates/whitelist-attr.docx', $bytes);
$template = new \App\Models\DocumentTemplate;
$template->fill([
'name' => 'WL Test',
'slug' => 'wl-template',
'core_entity' => 'contract',
'version' => 1,
'engine' => 'docx',
'file_path' => 'templates/whitelist-attr.docx',
'file_hash' => sha1($bytes),
'file_size' => strlen($bytes),
'mime_type' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'active' => true,
'output_filename_pattern' => null,
'fail_on_unresolved' => false,
'entities' => [],
'columns' => [],
'tokens' => [],
'created_by' => $user->id,
'updated_by' => $user->id,
]);
$template->save();
$contract = Contract::factory()->create(['description' => 'Opis test']);
$resp = $this->postJson(route('contracts.generate-document', ['contract' => $contract->uuid]), [
'template_slug' => 'wl-template',
]);
$resp->assertOk();
}
}