create PM v0.5

tests/Feature/CustomerPressReleaseCreatePhase7Test.php

@@ -0,0 +1,179 @@
+<?php
+
+use App\Enums\PressReleaseStatus;
+use App\Models\Category;
+use App\Models\Company;
+use App\Models\Contact;
+use App\Models\PressRelease;
+use App\Models\User;
+use Database\Seeders\RolesAndPermissionsSeeder;
+use Livewire\Volt\Volt as LivewireVolt;
+use Tests\TestCase;
+
+beforeEach(function (): void {
+    /** @var TestCase $this */
+    $this->seed(RolesAndPermissionsSeeder::class);
+});
+
+test('mount picks the alphabetically first contact of the default company', function () {
+    /** @var TestCase $this */
+    $customer = User::factory()->create(['is_active' => true]);
+    $customer->assignRole('customer');
+    $company = Company::factory()->presseecho()->create(['name' => 'Alpha GmbH']);
+    $customer->companies()->attach($company->id, ['role' => 'owner']);
+
+    $contactZ = Contact::factory()->for($company)->create([
+        'first_name' => 'Zacharias',
+        'last_name' => 'Zimmer',
+        'portal' => $company->portal->value,
+    ]);
+    $contactA = Contact::factory()->for($company)->create([
+        'first_name' => 'Alfred',
+        'last_name' => 'Acker',
+        'portal' => $company->portal->value,
+    ]);
+
+    $this->actingAs($customer);
+
+    LivewireVolt::test('customer.press-releases.create')
+        ->assertSet('companyId', $company->id)
+        ->assertSet('contactId', $contactA->id);
+});
+
+test('changing the company resets the contactId to the new company default', function () {
+    /** @var TestCase $this */
+    $customer = User::factory()->create(['is_active' => true]);
+    $customer->assignRole('customer');
+
+    $alphaCo = Company::factory()->presseecho()->create(['name' => 'Alpha']);
+    $betaCo = Company::factory()->presseecho()->create(['name' => 'Beta']);
+    $customer->companies()->attach($alphaCo->id, ['role' => 'owner']);
+    $customer->companies()->attach($betaCo->id, ['role' => 'owner']);
+
+    $alphaContact = Contact::factory()->for($alphaCo)->create(['portal' => $alphaCo->portal->value]);
+    $betaContact = Contact::factory()->for($betaCo)->create(['portal' => $betaCo->portal->value]);
+
+    $this->actingAs($customer);
+
+    LivewireVolt::test('customer.press-releases.create')
+        ->set('companyId', $betaCo->id)
+        ->assertSet('contactId', $betaContact->id)
+        ->set('companyId', $alphaCo->id)
+        ->assertSet('contactId', $alphaContact->id);
+});
+
+test('save with all required fields persists the press release and syncs contact', function () {
+    /** @var TestCase $this */
+    $customer = User::factory()->create(['is_active' => true]);
+    $customer->assignRole('customer');
+    $company = Company::factory()->presseecho()->create(['boilerplate' => 'Über uns…']);
+    $customer->companies()->attach($company->id, ['role' => 'owner']);
+    $contact = Contact::factory()->for($company)->create(['portal' => $company->portal->value]);
+    $category = Category::factory()->create();
+
+    $this->actingAs($customer);
+
+    LivewireVolt::test('customer.press-releases.create')
+        ->set('title', 'Eine neue Eröffnung der Brauerei')
+        ->set('subtitle', 'Subline mit ein wenig Kontext.')
+        ->set('text', str_repeat('Inhaltlich relevanter Fließtext. ', 5))
+        ->set('categoryId', $category->id)
+        ->set('contactId', $contact->id)
+        ->set('keywords', 'Brauerei, Eröffnung')
+        ->set('useBoilerplateOverride', true)
+        ->set('boilerplateOverride', 'Spezielle Boilerplate für diese PM.')
+        ->call('save', 'draft')
+        ->assertHasNoErrors();
+
+    $pr = PressRelease::query()->where('user_id', $customer->id)->latest('id')->firstOrFail();
+
+    expect($pr->title)->toBe('Eine neue Eröffnung der Brauerei');
+    expect($pr->subtitle)->toBe('Subline mit ein wenig Kontext.');
+    expect($pr->boilerplate_override)->toBe('Spezielle Boilerplate für diese PM.');
+    expect($pr->company_id)->toBe($company->id);
+    expect($pr->category_id)->toBe($category->id);
+    expect($pr->status)->toBe(PressReleaseStatus::Draft);
+    expect($pr->contacts)->toHaveCount(1);
+    expect($pr->contacts->first()->id)->toBe($contact->id);
+});
+
+test('save without a contact id fails validation', function () {
+    /** @var TestCase $this */
+    $customer = User::factory()->create(['is_active' => true]);
+    $customer->assignRole('customer');
+    $company = Company::factory()->presseecho()->create();
+    $customer->companies()->attach($company->id, ['role' => 'owner']);
+    $category = Category::factory()->create();
+
+    $this->actingAs($customer);
+
+    LivewireVolt::test('customer.press-releases.create')
+        ->set('contactId', null)
+        ->set('title', 'Titel mit genug Zeichen')
+        ->set('text', str_repeat('x', 60))
+        ->set('categoryId', $category->id)
+        ->call('save', 'draft')
+        ->assertHasErrors(['contactId']);
+});
+
+test('boilerplate override is null when toggle is off even if text is filled', function () {
+    /** @var TestCase $this */
+    $customer = User::factory()->create(['is_active' => true]);
+    $customer->assignRole('customer');
+    $company = Company::factory()->presseecho()->create();
+    $customer->companies()->attach($company->id, ['role' => 'owner']);
+    $contact = Contact::factory()->for($company)->create(['portal' => $company->portal->value]);
+    $category = Category::factory()->create();
+
+    $this->actingAs($customer);
+
+    LivewireVolt::test('customer.press-releases.create')
+        ->set('title', 'Genug Zeichen Titel')
+        ->set('text', str_repeat('x', 60))
+        ->set('categoryId', $category->id)
+        ->set('contactId', $contact->id)
+        ->set('useBoilerplateOverride', false)
+        ->set('boilerplateOverride', 'Wird nicht gespeichert.')
+        ->call('save', 'draft')
+        ->assertHasNoErrors();
+
+    $pr = PressRelease::query()->where('user_id', $customer->id)->latest('id')->firstOrFail();
+
+    expect($pr->boilerplate_override)->toBeNull();
+});
+
+test('addTag appends to keywords and removeTag drops it', function () {
+    /** @var TestCase $this */
+    $customer = User::factory()->create(['is_active' => true]);
+    $customer->assignRole('customer');
+    $company = Company::factory()->presseecho()->create();
+    $customer->companies()->attach($company->id, ['role' => 'owner']);
+
+    $this->actingAs($customer);
+
+    LivewireVolt::test('customer.press-releases.create')
+        ->call('addTag', 'Brauerei')
+        ->call('addTag', 'Tegernsee')
+        ->call('addTag', 'Brauerei')
+        ->assertSet('keywords', 'Brauerei, Tegernsee')
+        ->call('removeTag', 'Brauerei')
+        ->assertSet('keywords', 'Tegernsee');
+});
+
+test('addTag stops adding once the 5-tag limit is reached', function () {
+    /** @var TestCase $this */
+    $customer = User::factory()->create(['is_active' => true]);
+    $customer->assignRole('customer');
+    $company = Company::factory()->presseecho()->create();
+    $customer->companies()->attach($company->id, ['role' => 'owner']);
+
+    $this->actingAs($customer);
+
+    $component = LivewireVolt::test('customer.press-releases.create');
+
+    foreach (['A', 'B', 'C', 'D', 'E'] as $tag) {
+        $component->call('addTag', $tag);
+    }
+    $component->call('addTag', 'F'); // Soft-cap, kein Fehler
+    $component->assertSet('keywords', 'A, B, C, D, E');
+});

tests/Feature/PressReleaseHtmlSanitizerTest.php

@@ -0,0 +1,125 @@
+<?php
+
+use App\Models\PressRelease;
+use App\Services\PressRelease\PressReleaseHtmlSanitizer;
+
+function sanitizer(): PressReleaseHtmlSanitizer
+{
+    return app(PressReleaseHtmlSanitizer::class);
+}
+
+test('clean strips script and style tags', function () {
+    $dirty = '<p>Hallo</p><script>alert("xss")</script><style>body{}</style>';
+
+    $clean = sanitizer()->clean($dirty);
+
+    expect($clean)->toContain('<p>Hallo</p>');
+    expect($clean)->not->toContain('<script');
+    expect($clean)->not->toContain('alert');
+    expect($clean)->not->toContain('<style');
+});
+
+test('clean strips iframes and event handlers', function () {
+    $dirty = '<p onclick="bad()">Hallo</p><iframe src="https://evil.test"></iframe>';
+
+    $clean = sanitizer()->clean($dirty);
+
+    expect($clean)->not->toContain('onclick');
+    expect($clean)->not->toContain('<iframe');
+});
+
+test('clean keeps allowed tags in press release allowlist', function () {
+    $dirty = '<h2>Headline</h2><p>Absatz mit <strong>fett</strong> und <em>kursiv</em>.</p>'
+        .'<ul><li>Punkt A</li><li>Punkt B</li></ul>'
+        .'<blockquote>Zitat</blockquote>'
+        .'<a href="https://example.test">Link</a>';
+
+    $clean = sanitizer()->clean($dirty);
+
+    expect($clean)->toContain('<h2>Headline</h2>');
+    expect($clean)->toContain('<strong>fett</strong>');
+    expect($clean)->toContain('<em>kursiv</em>');
+    expect($clean)->toContain('<ul>');
+    expect($clean)->toContain('<li>Punkt A</li>');
+    expect($clean)->toContain('<blockquote>');
+    expect($clean)->toContain('href="https://example.test"');
+});
+
+test('clean removes disallowed tags like h1 table img', function () {
+    $dirty = '<h1>Big</h1><table><tr><td>x</td></tr></table><img src="x.jpg">';
+
+    $clean = sanitizer()->clean($dirty);
+
+    expect($clean)->not->toContain('<h1');
+    expect($clean)->not->toContain('<table');
+    expect($clean)->not->toContain('<img');
+});
+
+test('external links get rel nofollow and target blank', function () {
+    $dirty = '<p><a href="https://example.test">Link</a></p>';
+
+    $clean = sanitizer()->clean($dirty);
+
+    expect($clean)->toContain('rel=');
+    expect($clean)->toContain('nofollow');
+    expect($clean)->toContain('target="_blank"');
+});
+
+test('clean returns empty string for null and whitespace input', function () {
+    expect(sanitizer()->clean(null))->toBe('');
+    expect(sanitizer()->clean('   '))->toBe('');
+});
+
+test('isHtml detects html content', function () {
+    expect(sanitizer()->isHtml('<p>Hi</p>'))->toBeTrue();
+    expect(sanitizer()->isHtml('<strong>foo</strong>'))->toBeTrue();
+    expect(sanitizer()->isHtml('Plain text only'))->toBeFalse();
+    expect(sanitizer()->isHtml(''))->toBeFalse();
+    expect(sanitizer()->isHtml(null))->toBeFalse();
+});
+
+test('render wraps legacy plain text into paragraphs and br tags', function () {
+    $plain = "Zeile eins\nZeile zwei\n\nNeuer Absatz";
+
+    $html = (string) sanitizer()->render($plain);
+
+    expect($html)->toContain('<p>');
+    expect($html)->toContain('Zeile eins<br');
+    expect($html)->toContain('Zeile zwei');
+    expect($html)->toContain('Neuer Absatz');
+});
+
+test('render escapes html-special chars in legacy plain text', function () {
+    $plain = 'Skript: <script>alert(1)</script>';
+
+    $html = (string) sanitizer()->render($plain);
+
+    expect($html)->not->toContain('<script');
+    expect($html)->toContain('&lt;script');
+});
+
+test('render returns sanitized html for stored html content', function () {
+    $stored = '<p>Hallo</p><script>bad()</script>';
+
+    $html = (string) sanitizer()->render($stored);
+
+    expect($html)->toContain('<p>Hallo</p>');
+    expect($html)->not->toContain('<script');
+});
+
+test('plainTextLength counts chars without html noise', function () {
+    expect(sanitizer()->plainTextLength('<p>Hallo Welt</p>'))->toBe(10);
+    expect(sanitizer()->plainTextLength('<p>Eins</p> <p>Zwei</p>'))->toBe(9);
+    expect(sanitizer()->plainTextLength(null))->toBe(0);
+});
+
+test('PressRelease::renderedText uses the sanitizer', function () {
+    $pr = PressRelease::factory()->create([
+        'text' => '<p>Hallo</p><script>bad()</script>',
+    ]);
+
+    $rendered = (string) $pr->renderedText();
+
+    expect($rendered)->toContain('<p>Hallo</p>');
+    expect($rendered)->not->toContain('<script');
+});

tests/Feature/PressReleasePhase7SchemaTest.php

@@ -0,0 +1,54 @@
+<?php
+
+use App\Models\Company;
+use App\Models\PressRelease;
+use App\Models\PressReleaseAttachment;
+
+test('press release accepts new phase 7 fields', function () {
+    $pr = PressRelease::factory()->create([
+        'subtitle' => 'Eine sinnvolle Subline',
+        'boilerplate_override' => 'PM-spezifischer Boilerplate-Text.',
+        'scheduled_at' => now()->addDay(),
+        'embargo_at' => now()->addDays(2),
+    ]);
+
+    $fresh = $pr->fresh();
+
+    expect($fresh->subtitle)->toBe('Eine sinnvolle Subline');
+    expect($fresh->boilerplate_override)->toBe('PM-spezifischer Boilerplate-Text.');
+    expect($fresh->scheduled_at)->not->toBeNull();
+    expect($fresh->embargo_at)->not->toBeNull();
+});
+
+test('company accepts a boilerplate field', function () {
+    $company = Company::factory()->create([
+        'boilerplate' => 'Über die Beispiel GmbH: gegründet 1900, …',
+    ]);
+
+    expect($company->fresh()->boilerplate)->toBe('Über die Beispiel GmbH: gegründet 1900, …');
+});
+
+test('press release attachments table works via factory and relation', function () {
+    $pr = PressRelease::factory()->create();
+
+    $attachment = PressReleaseAttachment::factory()->create([
+        'press_release_id' => $pr->id,
+        'original_name' => 'pressemappe.pdf',
+        'mime' => 'application/pdf',
+        'size' => 1_234_567,
+        'sort_order' => 1,
+    ]);
+
+    expect($pr->fresh()->attachments)->toHaveCount(1);
+    expect($pr->fresh()->attachments->first()->original_name)->toBe('pressemappe.pdf');
+    expect($attachment->pressRelease->is($pr))->toBeTrue();
+});
+
+test('attachment is removed when press release is force-deleted', function () {
+    $pr = PressRelease::factory()->create();
+    PressReleaseAttachment::factory()->for($pr)->create();
+
+    $pr->forceDelete();
+
+    expect(PressReleaseAttachment::query()->withTrashed()->count())->toBe(0);
+});