Add: update list endpoint

Author: tatevikg1

src/Subscription/Controller/SubscriberListController.php

@@ -6,7 +6,7 @@
 
 use Doctrine\ORM\EntityManagerInterface;
 use OpenApi\Attributes as OA;
-use PhpList\Core\Domain\Common\Model\Filter\PaginatedFilter;
+use PhpList\Core\Domain\Identity\Model\Administrator;
 use PhpList\Core\Domain\Messaging\Model\Filter\SubscriberListFilter;
 use PhpList\Core\Domain\Subscription\Model\SubscriberList;
 use PhpList\Core\Domain\Subscription\Service\Manager\SubscriberListManager;
@@ -32,24 +32,15 @@
 #[Route('/lists', name: 'subscriber_list_')]
 class SubscriberListController extends BaseController
 {
-    private SubscriberListNormalizer $normalizer;
-    private SubscriberListManager $subscriberListManager;
-    private PaginatedDataProvider $paginatedDataProvider;
-    private EntityManagerInterface $entityManager;
-
     public function __construct(
         Authentication $authentication,
         RequestValidator $validator,
-        SubscriberListNormalizer $normalizer,
-        SubscriberListManager $subscriberListManager,
-        PaginatedDataProvider $paginatedDataProvider,
-        EntityManagerInterface $entityManager,
+        private readonly SubscriberListNormalizer $normalizer,
+        private readonly SubscriberListManager $subscriberListManager,
+        private readonly PaginatedDataProvider $paginatedDataProvider,
+        private readonly EntityManagerInterface $entityManager,
     ) {
         parent::__construct($authentication, $validator);
-        $this->normalizer = $normalizer;
-        $this->subscriberListManager = $subscriberListManager;
-        $this->paginatedDataProvider = $paginatedDataProvider;
-        $this->entityManager = $entityManager;
     }
 
     #[Route('', name: 'get_list', methods: ['GET'])]
@@ -174,12 +165,14 @@ public function getList(
         Request $request,
         #[MapEntity(mapping: ['listId' => 'id'])] ?SubscriberList $list = null
     ): JsonResponse {
-        $this->requireAuthentication($request);
+        $authUser = $this->requireAuthentication($request);
 
         if (!$list) {
             throw $this->createNotFoundException('Subscriber list not found.');
         }
 
+        $this->denyAccessUnlessOwnerOrPublic($list, $authUser);
+
         return $this->json($this->normalizer->normalize($list), Response::HTTP_OK);
     }
 
@@ -227,12 +220,14 @@ public function deleteList(
         Request $request,
         #[MapEntity(mapping: ['listId' => 'id'])] ?SubscriberList $list = null
     ): JsonResponse {
-        $this->requireAuthentication($request);
+        $authUser = $this->requireAuthentication($request);
 
         if (!$list) {
             throw $this->createNotFoundException('Subscriber list not found.');
         }
 
+        $this->denyAccessUnlessOwnerOrPublic($list, $authUser);
+
         $this->subscriberListManager->delete($list);
         $this->entityManager->flush();
 
@@ -289,4 +284,88 @@ public function createList(Request $request, SubscriberListNormalizer $normalize
 
         return $this->json($normalizer->normalize($data), Response::HTTP_CREATED);
     }
+
+    #[Route('{listId}', name: 'update', requirements: ['listId' => '\d+'], methods: ['PUT'])]
+    #[OA\Post(
+        path: '/api/v2/lists/{listId}',
+        description: '🚧 **Status: Beta** – This method is under development. Avoid using in production. ' .
+        'Returns updated list.',
+        summary: 'Update a subscriber list.',
+        requestBody: new OA\RequestBody(
+            description: 'Pass parameters to create a new subscriber list.',
+            required: true,
+            content: new OA\JsonContent(ref: '#/components/schemas/CreateSubscriberListRequest')
+        ),
+        tags: ['lists'],
+        parameters: [
+            new OA\Parameter(
+                name: 'php-auth-pw',
+                description: 'Session key obtained from login',
+                in: 'header',
+                required: true,
+                schema: new OA\Schema(type: 'string')
+            ),
+            new OA\Parameter(
+                name: 'listId',
+                description: 'List ID',
+                in: 'path',
+                required: true,
+                schema: new OA\Schema(type: 'string')
+            ),
+        ],
+        responses: [
+            new OA\Response(
+                response: 201,
+                description: 'Success',
+                content: new OA\JsonContent(ref: '#/components/schemas/SubscriberList')
+            ),
+            new OA\Response(
+                response: 403,
+                description: 'Failure',
+                content: new OA\JsonContent(ref: '#/components/schemas/UnauthorizedResponse')
+            ),
+            new OA\Response(
+                response: 422,
+                description: 'Failure',
+                content: new OA\JsonContent(ref: '#/components/schemas/ValidationErrorResponse')
+            ),
+        ]
+    )]
+    public function updateList(
+        Request $request,
+        SubscriberListNormalizer $normalizer,
+        #[MapEntity(mapping: ['listId' => 'id'])] ?SubscriberList $list = null,
+    ): JsonResponse {
+        $authUser = $this->requireAuthentication($request);
+
+        if (!$list) {
+            throw $this->createNotFoundException('Subscriber list not found.');
+        }
+
+        $this->denyAccessUnlessOwnerOrPublic($list, $authUser);
+
+        /** @var CreateSubscriberListRequest $subscriberListRequest */
+        $subscriberListRequest = $this->validator->validate($request, CreateSubscriberListRequest::class);
+        $data = $this->subscriberListManager->updateSubscriberList(
+            $list,
+            $subscriberListRequest->getDto(),
+            $authUser,
+        );
+        $this->entityManager->flush();
+
+        return $this->json($normalizer->normalize($data), Response::HTTP_CREATED);
+    }
+
+    private function denyAccessUnlessOwnerOrPublic(SubscriberList $list, Administrator $user): void
+    {
+        if ($list->isPublic()) {
+            return;
+        }
+
+        if ($list->getOwner()?->getId() === $user->getId()) {
+            return;
+        }
+
+        throw $this->createAccessDeniedException('Access denied.');
+    }
 }

src/Subscription/Request/CreateSubscriberListRequest.php

@@ -17,6 +17,9 @@
         new OA\Property(property: 'description', type: 'string', example: 'News (and some fun stuff)'),
         new OA\Property(property: 'list_position', type: 'number', example: 12),
         new OA\Property(property: 'public', type: 'boolean', example: true),
+        new OA\Property(property: 'category', type: 'string', example: 'Marketing'),
+        new OA\Property(property: 'subject_prefix', type: 'string', example: '[News]'),
+        new OA\Property(property: 'rss_feed', type: 'string', example: 'https://example.com/blog/rss'),
     ],
     type: 'object'
 )]
@@ -31,6 +34,9 @@ class CreateSubscriberListRequest implements RequestInterface
     public ?int $listPosition = null;
 
     public ?string $description = null;
+    public ?string $category = null;
+    public ?string $subjectPrefix = null;
+    public ?string $rssFeed = null;
 
     public function getDto(): CreateSubscriberListDto
     {
@@ -39,6 +45,9 @@ public function getDto(): CreateSubscriberListDto
             isPublic: $this->public,
             listPosition: $this->listPosition,
             description: $this->description,
+            category: $this->category,
+            subjectPrefix: $this->subjectPrefix,
+            rssFeed: $this->rssFeed,
         );
     }
 }

src/Subscription/Serializer/SubscriberListNormalizer.php

@@ -21,9 +21,10 @@
             example: '2022-12-01T10:00:00Z'
         ),
         new OA\Property(property: 'list_position', type: 'integer', example: 1),
-        new OA\Property(property: 'subject_prefix', type: 'string', example: 'Newsletter: '),
+        new OA\Property(property: 'subject_prefix', type: 'string', example: '[News]'),
         new OA\Property(property: 'public', type: 'boolean', example: true),
-        new OA\Property(property: 'category', type: 'string', example: 'News'),
+        new OA\Property(property: 'category', type: 'string', example: 'Marketing'),
+        new OA\Property(property: 'rss_feed', type: 'string', example: 'https://example.com/blog/rss'),
     ],
     type: 'object'
 )]
@@ -47,6 +48,7 @@ public function normalize($object, string $format = null, array $context = []):
             'subject_prefix' => $object->getSubjectPrefix(),
             'public' => $object->isPublic(),
             'category' => $object->getCategory(),
+            'rss_feed' => $object->getRssFeed(),
         ];
     }
 

tests/Integration/Subscription/Controller/SubscriberListControllerTest.php

@@ -76,6 +76,7 @@ public function testGetListsWithCurrentSessionKeyReturnsListData()
                     'subject_prefix' => 'phpList',
                     'public' => true,
                     'category' => 'news',
+                    'rss_feed' => null,
                 ],
                 [
                     'id' => 2,
@@ -86,6 +87,7 @@ public function testGetListsWithCurrentSessionKeyReturnsListData()
                     'subject_prefix' => '',
                     'public' => true,
                     'category' => '',
+                    'rss_feed' => null,
                 ],
                 [
                     'id' => 3,
@@ -96,6 +98,7 @@ public function testGetListsWithCurrentSessionKeyReturnsListData()
                     'subject_prefix' => '',
                     'public' => true,
                     'category' => '',
+                    'rss_feed' => null,
                 ],
             ],
             'pagination' => [
@@ -148,6 +151,7 @@ public function testGetListWithCurrentSessionKeyReturnsListData()
                 'subject_prefix' => 'phpList',
                 'public' => true,
                 'category' => 'news',
+                'rss_feed' => null,
             ]
         );
     }
@@ -279,6 +283,7 @@ public function testGetListMembersWithCurrentSessionKeyForExistingListWithSubscr
                                 'subject_prefix' => '',
                                 'public' => true,
                                 'category' => '',
+                                'rss_feed' => null,
                             ],
                         ],
                         'history' => [],
@@ -304,6 +309,7 @@ public function testGetListMembersWithCurrentSessionKeyForExistingListWithSubscr
                                 'subject_prefix' => '',
                                 'public' => true,
                                 'category' => '',
+                                'rss_feed' => null,
                             ],
                             [
                                 'id' => 1,
@@ -314,6 +320,7 @@ public function testGetListMembersWithCurrentSessionKeyForExistingListWithSubscr
                                 'subject_prefix' => 'phpList',
                                 'public' => true,
                                 'category' => 'news',
+                                'rss_feed' => null,
                             ],
                         ],
                         'history' => [],
@@ -366,4 +373,33 @@ public function testCreateListWithoutSessionKeyReturnsForbidden(): void
 
         $this->assertHttpForbidden();
     }
+
+    public function testUpdateListWithValidPayloadReturnsUpdatedListData(): void
+    {
+        $this->loadFixtures([SubscriberListFixture::class]);
+
+        $payload = json_encode([
+            'name' => 'Updated News',
+            'description' => 'Updated description',
+            'listPosition' => 7,
+            'public' => false,
+            'category' => 'announcements',
+            'subjectPrefix' => '[Upd]',
+            'rssFeed' => 'https://example.com/rss.xml',
+        ]);
+
+        $this->authenticatedJsonRequest('PUT', '/api/v2/lists/1', [], [], [], $payload);
+
+        $this->assertHttpCreated();
+        $response = $this->getDecodedJsonResponseContent();
+
+        self::assertSame(1, $response['id']);
+        self::assertSame('Updated News', $response['name']);
+        self::assertSame('Updated description', $response['description']);
+        self::assertSame(7, $response['list_position']);
+        self::assertFalse($response['public']);
+        self::assertSame('announcements', $response['category']);
+        self::assertSame('[Upd]', $response['subject_prefix']);
+        self::assertSame('https://example.com/rss.xml', $response['rss_feed']);
+    }
 }

tests/Unit/Subscription/Serializer/SubscriberListNormalizerTest.php

@@ -44,6 +44,7 @@ public function testNormalize(): void
             'subject_prefix' => 'tech',
             'public' => true,
             'category' => 'technology',
+            'rss_feed' => null,
         ], $result);
     }
 

tests/Unit/Subscription/Serializer/SubscriberNormalizerTest.php

@@ -76,6 +76,7 @@ public function testNormalize(): void
                     'subject_prefix' => null,
                     'public' => true,
                     'category' => '',
+                    'rss_feed' => null,
                 ]
             ],
             'history' => [],