Merge pull request #146 from ConductionNL/hotfix/aanbodendpoint

Dont set parent organisation

Author: rubenvdlinde

.phpqa.yml

@@ -0,0 +1,93 @@
+# PHPQA Configuration
+# This file configures the PHP Quality Analyzer tool
+# Run with: composer phpqa or composer qa:check
+
+# Directories to analyze
+analyzedDirs: lib
+
+# Build directory for reports
+buildDir: phpqa
+
+# Ignore patterns
+ignoredDirs:
+  - vendor
+  - node_modules
+  - tests
+  - build
+  - coverage
+  - phpmetrics
+
+ignoredFiles: []
+
+# Tools configuration
+tools:
+  # PHP CodeSniffer - Coding standards
+  phpcs:
+    standard: phpcs.xml
+    reports:
+      - full
+      - summary
+    ignoreWarnings: false
+    
+  # PHP Mess Detector - Code quality
+  phpmd:
+    ruleset: phpmd.xml
+    
+  # PHP Lines of Code - Code metrics
+  phploc:
+    enabled: true
+    
+  # PHP Metrics - Complexity and maintainability
+  phpmetrics:
+    enabled: true
+    config:
+      - '--report-html=phpqa/phpmetrics'
+      - '--report-json=phpqa/phpmetrics/metrics.json'
+      
+  # PHP Copy/Paste Detector - Duplicate code
+  phpcpd:
+    enabled: true
+    minLines: 5
+    minTokens: 70
+    
+  # Parallel Lint - Syntax checking
+  parallel-lint:
+    enabled: true
+    exclude:
+      - vendor
+      - node_modules
+      
+  # Security Checker - Check for known vulnerabilities
+  security-checker:
+    enabled: false # Requires composer.lock
+    
+# Report configuration
+report:
+  # Create HTML report
+  html: true
+  
+  # Create CLI output
+  cli: true
+  
+  # File formats
+  file:
+    # JSON report with all data
+    json: phpqa/phpqa.json
+    
+    # Offline HTML report
+    offline: phpqa/phpqa-offline.html
+    
+# Execution configuration
+execution:
+  # Number of parallel processes
+  parallel: 4
+  
+  # Timeout per tool in seconds
+  timeout: 300
+  
+# Thresholds - Set to 0 to report but not fail
+allowedErrorsCount: 0
+
+# Verbose output
+verbose: false
+

composer.json

@@ -22,11 +22,28 @@
 			"@composer bin all update --ansi"
 		],
 		"lint": "find . -name \\*.php -not -path './vendor/*' -not -path './vendor-bin/*' -not -path './build/*' -print0 | xargs -0 -n1 php -l",
-		"cs:check": "php-cs-fixer fix --dry-run --diff",
-		"cs:fix": "php-cs-fixer fix",
+		"cs:check": "./vendor/bin/phpcs --standard=phpcs.xml",
+		"cs:fix": "./vendor/bin/phpcbf --standard=phpcs.xml",
+		"phpcs": "./vendor/bin/phpcs --standard=phpcs.xml",
+		"phpcs:fix": "./vendor/bin/phpcbf --standard=phpcs.xml",
+		"phpmd": "phpmd lib text phpmd.xml || echo 'PHPMD not installed, skipping...'",
+		"phpmetrics": "./vendor/bin/phpmetrics --report-html=phpmetrics lib/",
 		"psalm": "psalm --threads=1 --no-cache",
 		"test:unit": "phpunit tests -c tests/phpunit.xml --colors=always --fail-on-warning --fail-on-risky",
-		"openapi": "generate-spec"
+		"test:all": "./vendor/bin/phpunit --colors=always || echo 'Tests require Nextcloud environment, skipping...'",
+		"openapi": "generate-spec",
+		"grumphp": "./vendor/bin/grumphp run",
+		"grumphp:init": "./vendor/bin/grumphp git:init",
+		"grumphp:deinit": "./vendor/bin/grumphp git:deinit",
+		"phpqa": "./vendor/bin/phpqa --report --analyzedDirs lib --buildDir phpqa",
+		"phpqa:full": "./vendor/bin/phpqa --report --analyzedDirs lib --buildDir phpqa --tools phpcs:0,phpmd:0,phploc:0,phpmetrics,phpcpd:0,parallel-lint:0",
+		"phpqa:ci": "./vendor/bin/phpqa --report --analyzedDirs lib --buildDir phpqa --tools phpcs,phpmd,phploc,phpmetrics,phpcpd,parallel-lint",
+		"qa:check": [
+			"@phpqa"
+		],
+		"qa:full": [
+			"@phpqa:full"
+		]
 	},
 	"require": {
 		"php": "^8.1",
@@ -40,14 +57,21 @@
 		"twig/twig": "^3.8"
 	},
 	"require-dev": {
+		"edgedesign/phpqa": "^1.30",
+		"guzzlehttp/guzzle": "^7.8",
+		"phpmd/phpmd": "^2.15",
+		"phpmetrics/phpmetrics": "^2.8",
+		"phpro/grumphp": "^2.9",
 		"phpunit/phpunit": "^10.5",
 		"roave/security-advisories": "dev-latest",
-		"guzzlehttp/guzzle": "^7.8"
+		"squizlabs/php_codesniffer": "^3.9"
 	},
 	"config": {
 		"allow-plugins": {
 			"bamarni/composer-bin-plugin": true,
-			"php-http/discovery": true
+			"php-http/discovery": true,
+			"phpro/grumphp": true,
+			"dealerdirect/phpcodesniffer-composer-installer": true
 		},
 		"optimize-autoloader": true,
 		"sort-packages": true,

grumphp.yml

@@ -0,0 +1,125 @@
+grumphp:
+  # Process runs mode (linux/windows)
+  process_timeout: 300
+  
+  # Stop on first failure
+  stop_on_failure: true
+  
+  # Ignore unstaged changes
+  ignore_unstaged_changes: false
+  
+  # Hide circumvention tip
+  hide_circumvention_tip: false
+  
+  # Git hooks configuration
+  git_hook_variables:
+    EXEC_GRUMPHP_COMMAND: 'docker exec -u 33 master-nextcloud-1 bash -c "cd /var/www/html/apps-extra/openregister && php vendor/bin/grumphp"'
+  
+  # Environment configuration
+  environment:
+    files: []
+    variables: {}
+    paths: []
+  
+  # Fixer configuration - automatically fix issues when possible
+  fixer:
+    enabled: true
+    fix_by_default: false
+  
+  # Tasks to run
+  tasks:
+    # PHP Lint - Check for syntax errors
+    phplint:
+      exclude: ['vendor', 'node_modules']
+      jobs: ~
+      short_open_tag: false
+      ignore_patterns: []
+      triggered_by: ['php']
+      
+    # PHP CodeSniffer - Check coding standards
+    phpcs:
+      standard: phpcs.xml
+      triggered_by: [php]
+      whitelist_patterns: []
+      encoding: UTF-8
+      ignore_patterns:
+        - vendor/
+        - node_modules/
+      sniffs: []
+      severity: ~
+      error_severity: ~
+      warning_severity: ~
+      tab_width: ~
+      report: full
+      report_width: ~
+      
+    # PHP Mess Detector - Check for code smells
+    phpmd:
+      ruleset: ['phpmd.xml']
+      triggered_by: ['php']
+      exclude:
+        - vendor
+        - node_modules
+        - tests
+      
+    # PHPUnit - Run unit tests
+    phpunit:
+      config_file: phpunit.xml
+      testsuite: ~
+      group: []
+      always_execute: false
+      order: ~
+      
+    # Composer validation
+    composer:
+      file: composer.json
+      no_check_all: false
+      no_check_lock: false
+      no_check_publish: false
+      with_dependencies: false
+      strict: false
+      
+    # YAML Lint - Check YAML files
+    yamllint:
+      whitelist_patterns: []
+      ignore_patterns:
+        - vendor/
+        - node_modules/
+      object_support: false
+      exception_on_invalid_type: false
+      parse_constant: false
+      parse_custom_tags: false
+      
+    # JSON Lint - Check JSON files
+    jsonlint:
+      detect_key_conflicts: true
+      ignore_patterns:
+        - vendor/
+        - node_modules/
+        
+  # Test suites - Group tasks together
+  testsuites:
+    # Quick checks for pre-commit
+    git_commit_msg:
+      tasks: []
+      
+    git_pre_commit:
+      tasks:
+        - phplint
+        - phpcs
+        - jsonlint
+        - yamllint
+        - composer
+        
+    # Full checks for pre-push
+    git_pre_push:
+      tasks:
+        - phplint
+        - phpcs
+        - phpmd
+        - phpunit
+        - composer
+        
+  # Extensions configuration
+  extensions: []
+

lib/BackgroundJob/CronjobContextTrait.php

@@ -232,3 +232,5 @@ protected function getCronjobOrganisationUuid(): ?string
     abstract protected function getLogger(): LoggerInterface;
 }
 
+
+

lib/Service/OrganisatieService.php

@@ -215,6 +215,11 @@ private function mapStatus(string $status): bool
     /**
      * Internal method to create organization entity
      *
+     * HOTFIX: Parent organisation setting has been disabled due to RBAC issues.
+     * Previously, new organisations were automatically set as children of the active organisation,
+     * but this caused permission problems where users could not access newly created organisations.
+     * TODO: Re-enable parent organisation setting after fixing RBAC logic.
+     *
      * @param \OCA\OpenRegister\Service\OrganisationService $organisationService The organisation service
      * @param array                                         $mappedData          The mapped data
      * @param string                                        $organizationUuid    The organization UUID
@@ -227,14 +232,17 @@ private function createOrganisationEntityInternal(
         string $organizationUuid
     ): \OCA\OpenRegister\Db\Organisation {
 
-        // Get the currently active organisation UUID to set as parent.
-        $parentOrganisationUuid = $this->getActiveOrganisationUuid($organisationService);
+        // HOTFIX: Commented out automatic parent organisation setting due to RBAC issues.
+        // When child organisations are created, the parent relationship causes permission problems
+        // where users cannot access the newly created organisations due to hierarchical RBAC filtering.
+        // TODO: Investigate and fix RBAC logic to properly handle parent-child organisation relationships.
+        // $parentOrganisationUuid = $this->getActiveOrganisationUuid($organisationService);
 
         $this->logger->info('OrganisatieService: Creating organisation entity', [
             'uuid' => $organizationUuid,
             'name' => $mappedData['naam'],
             'active' => $mappedData['active'],
-            'parentOrganisation' => $parentOrganisationUuid
+            // 'parentOrganisation' => $parentOrganisationUuid // HOTFIX: Commented out
         ]);
 
         // Use OrganisationService to create the entity with correct parameters.
@@ -252,10 +260,14 @@ private function createOrganisationEntityInternal(
             $organisationEntity->setActive($mappedData['active']);
             $organisationEntity->setUsers([]); // Will be populated by contact person processing.
 
-            // Set the parent organisation to the currently active organisation.
-            if ($parentOrganisationUuid !== null) {
-                $organisationEntity->setParent($parentOrganisationUuid);
-            }
+            // HOTFIX: Commented out automatic parent organisation setting due to RBAC issues.
+            // Setting the parent organisation causes users to lose access to newly created organisations
+            // because the RBAC filtering expects users to belong to the parent organisation chain.
+            // This needs to be properly resolved with RBAC logic updates.
+            // TODO: Re-enable this once RBAC properly handles parent-child organisation relationships.
+            // if ($parentOrganisationUuid !== null) {
+            //     $organisationEntity->setParent($parentOrganisationUuid);
+            // }
 
             // Save the updated entity.
             $organisationMapper = $this->container->get('OCA\OpenRegister\Db\OrganisationMapper');