feat(offers): 補齊 provider-verification 可見性缺口——子端點過濾與預約入口檢查
Run Tests / test (pull_request) Successful in 1m56s

實作 openspec change provider-verification-gaps(8/8 tasks):
- schedules/reviews publicList 套用 visibleToPublic,隱藏課程回 404
- MemberBookingController::store Layer 1 擋未驗證教練課程的新預約(422)
- 政策:教練被取消驗證只擋新預約,既有 pending/confirmed/completed 照常
- 主規格 Notes 已知限制轉為正式 Requirements
- 測試 +5(可見性子端點 3、預約入口 2),既有 booking/review 測試 helper
  補 verified ProviderProfile
- 容器內全套件 151 passed / 388 assertions;另以 demo 資料端到端驗證
  (已驗證教練 200/200/200、未驗證 404/404/404)

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
2026-06-11 22:48:59 +08:00
parent c226275fc2
commit 90d0a57e73
9 changed files with 130 additions and 14 deletions
+47 -2
View File
@@ -7,6 +7,7 @@ use App\Enums\ScheduleStatus;
use App\Models\Booking;
use App\Models\CourseSchedule;
use App\Models\DivingOffer;
use App\Models\ProviderProfile;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Notification;
@@ -37,9 +38,16 @@ class BookingLifecycleTest extends TestCase
return User::factory()->create(['role' => 'member']);
}
private function makeProvider(): User
private function makeProvider(bool $isVerified = true): User
{
return User::factory()->create(['role' => 'provider']);
$provider = User::factory()->create(['role' => 'provider']);
ProviderProfile::create([
'user_id' => $provider->id,
'is_verified' => $isVerified,
]);
return $provider;
}
private function makeOffer(User $provider): DivingOffer
@@ -140,6 +148,43 @@ class BookingLifecycleTest extends TestCase
])->assertStatus(422);
}
// ── 可見性繞過防護(provider-verification 規格) ─────────
public function test_cannot_book_unverified_provider_course_via_schedule_id(): void
{
$unverified = $this->makeProvider(isVerified: false);
$schedule = $this->makeSchedule($this->makeOffer($unverified));
$this->actingAs($this->makeMember())->postJson('/api/member/bookings', [
'schedule_id' => $schedule->id,
'participants' => 1,
])->assertStatus(422)
->assertJsonPath('message', '此課程目前不開放預約');
$this->assertSame(0, Booking::count());
}
public function test_existing_confirmed_booking_survives_provider_unverification(): void
{
$provider = $this->makeProvider();
$schedule = $this->makeSchedule($this->makeOffer($provider), ['current_participants' => 1]);
$member = $this->makeMember();
$booking = $this->makeBooking($member, $schedule, BookingStatus::Confirmed);
// 教練在預約成立後被取消驗證:只擋新預約,不毀既有合約
$provider->providerProfile->update(['is_verified' => false]);
$this->actingAs($member)
->getJson("/api/bookings/{$booking->id}/messages")
->assertOk();
$this->actingAs($provider)
->putJson("/api/provider/bookings/{$booking->id}/complete")
->assertOk();
$this->assertSame(BookingStatus::Completed, $booking->fresh()->status);
}
// ── Provider 確認 / 拒絕 ─────────────────────────────────
public function test_provider_confirms_pending_booking_and_occupies_spots(): void