From 281462fab8330a3cecef4f7c78a7cf5f9a0c02b3 Mon Sep 17 00:00:00 2001 From: Marijn Doeve Date: Sun, 24 May 2026 19:43:30 +0200 Subject: [PATCH] Added Gedmo stuff, fix translations (#117) * Added Gedmo stuff, fix translations * Add CSRF token validation across backoffice forms - Added CSRF validations to candidate correction, penalty, answer saving, and elimination forms. - Updated corresponding Twig templates to include CSRF token inputs. - Adjusted column count in `tab_result` template to maintain layout consistency. * Add unique index constraint for `quiz_candidate` with soft delete support - Updated migration to include a unique index on `quiz_candidate` table that excludes soft-deleted records. - Adjusted `QuizCandidate` entity to reflect the new unique constraint with `deleted_at` condition. * Add CSRF token validation for quiz-related actions - Added CSRF validation to `enableQuiz`, `clearQuiz`, `deleteQuiz`, `toggleCandidate`, and `prepareElimination` actions. - Updated Twig templates to replace links with POST forms to include CSRF tokens. - Set HTTP method restrictions for related endpoints to `POST`. * Fix unique index condition for `quiz_candidate` with soft deletes - Updated condition in unique index definition of `quiz_candidate` to add parentheses for clarity. - Adjusted related migration to reflect the revised condition. * Remove if for post an use methods in Route instead * Refactor CSRF token validation in backoffice controllers - Applied `#[IsCsrfTokenValid]` attribute for CSRF checks to simplify and standardize validation. - Removed manual `isCsrfTokenValid` calls and associated exception throwing. - Updated method signatures across affected endpoints to remove unnecessary `Request` dependency. - Ensured consistency in route HTTP method restrictions where applicable. * Add rector and phpstan * Add validation for answering incorrect quiz question - Added logic to prevent candidates from answering questions out of sequence in `QuizController`. - Updated Dutch translations to include the new error message. * Things --- .github/workflows/ci.yml | 20 ++- .idea/TijdVoorDeTest.iml | 1 + .idea/inspectionProfiles/Project_Default.xml | 1 + .idea/php.xml | 1 + compose.override.yaml | 2 +- config/packages/doctrine.yaml | 4 + config/packages/stof_doctrine_extensions.yaml | 1 + config/packages/verify_email.yaml | 2 + config/reference.php | 6 + migrations/Version20260523095205.php | 34 ++++ migrations/Version20260523095302.php | 32 ++++ migrations/Version20260524135246.php | 30 ++++ .../PrepareEliminationController.php | 9 +- src/Controller/Backoffice/QuizController.php | 24 +-- src/Controller/EliminationController.php | 4 +- src/Controller/LoginController.php | 1 + src/Controller/QuizController.php | 11 +- src/DataFixtures/KrtekFixtures.php | 6 + src/Entity/Elimination.php | 11 +- src/Entity/GivenAnswer.php | 4 + src/Entity/Quiz.php | 2 +- src/Entity/QuizCandidate.php | 6 +- src/Entity/User.php | 7 - .../prepare_elimination/index.html.twig | 1 + .../quiz/tab_candidates_list.html.twig | 18 ++- .../backoffice/quiz/tab_overview.html.twig | 35 ++-- .../backoffice/quiz/tab_result.html.twig | 151 +++++++++--------- templates/backoffice/quiz_add.html.twig | 2 +- templates/flashes.html.twig | 2 +- translations/messages+intl-icu.nl.xliff | 26 +-- 30 files changed, 319 insertions(+), 135 deletions(-) create mode 100644 config/packages/verify_email.yaml create mode 100644 migrations/Version20260523095205.php create mode 100644 migrations/Version20260523095302.php create mode 100644 migrations/Version20260524135246.php diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 25bd701..d4cd6e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,12 +15,15 @@ concurrency: permissions: contents: read - packages: write jobs: tests: name: Tests runs-on: ubuntu-latest + permissions: + checks: write + pull-requests: write + contents: read steps: - name: Checkout uses: actions/checkout@v4 @@ -48,6 +51,10 @@ jobs: run: docker compose exec -T php vendor/bin/php-cs-fixer check --diff --show-progress=none - name: Twig Coding Style run: docker compose exec -T php vendor/bin/twig-cs-fixer check + - name: Static Analysis (PHPStan) + run: docker compose exec -T php vendor/bin/phpstan analyse --no-progress --no-ansi --error-format=github + - name: Rector + run: docker compose exec -T php vendor/bin/rector process --dry-run --no-progress-bar --output-format=github - name: Check HTTP reachability run: curl -v --fail-with-body http://localhost - name: Check Mercure reachability @@ -60,12 +67,21 @@ jobs: - name: Load fixtures run: docker compose exec -T php bin/console -e test doctrine:fixtures:load --no-interaction --group=test - name: Run PHPUnit - run: docker compose exec -T php vendor/bin/phpunit + run: docker compose exec -T php vendor/bin/phpunit --log-junit var/phpunit/junit.xml + - name: Publish PHPUnit test results + if: always() + uses: mikepenz/action-junit-report@v5 + with: + report_paths: var/phpunit/junit.xml + check_name: PHPUnit - name: Doctrine Schema Validator run: docker compose exec -T php bin/console -e test doctrine:schema:validate build-deploy: name: Build and deploy to ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }} + permissions: + contents: read + packages: write environment: name: ${{ startsWith(github.ref, 'refs/tags/') && 'production' || (github.ref == 'refs/heads/main' && 'acceptance' || '') }} url: ${{ vars.URL }} diff --git a/.idea/TijdVoorDeTest.iml b/.idea/TijdVoorDeTest.iml index f867990..0567d5f 100644 --- a/.idea/TijdVoorDeTest.iml +++ b/.idea/TijdVoorDeTest.iml @@ -166,6 +166,7 @@ + diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml index 5b777b1..84dda62 100644 --- a/.idea/inspectionProfiles/Project_Default.xml +++ b/.idea/inspectionProfiles/Project_Default.xml @@ -73,6 +73,7 @@ +