fix(promo-codes): address review follow-ups for Tasks 8 and 9

caseylocker · claude · caseylocker · commit 5dd1ad7cee8d · 2026-04-08T21:29:59.000-05:00
Task 8: wrap INSTANCE OF chain in parentheses to preserve summit
scoping, simplify speaker email matching via getOwnerEmail(), and
exclude cancelled tickets from quantity-per-account count.

Task 9: add remaining_quantity_per_account (null) to all four
member/speaker serializers, re-add allowed_ticket_types to member
and speaker discount code serializers, and declare setter/getter
on IDomainAuthorizedPromoCode interface.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/app/ModelSerializers/Summit/Registration/PromoCodes/MemberSummitRegistrationDiscountCodeSerializer.php b/app/ModelSerializers/Summit/Registration/PromoCodes/MemberSummitRegistrationDiscountCodeSerializer.php
@@ -84,6 +84,19 @@ public function serialize($expand = null, array $fields = [], array $relations =
             }
         }
 
+        // Re-add allowed_ticket_types (parent discount serializer unsets it).
+        $needs_allowed_ticket_types = in_array('allowed_ticket_types', $relations)
+            || (!empty($expand) && str_contains($expand, 'allowed_ticket_types'));
+        if ($needs_allowed_ticket_types && !isset($values['allowed_ticket_types'])) {
+            $ticket_types = [];
+            foreach ($code->getAllowedTicketTypes() as $ticket_type) {
+                $ticket_types[] = $ticket_type->getId();
+            }
+            $values['allowed_ticket_types'] = $ticket_types;
+        }
+
+        $values['remaining_quantity_per_account'] = null;
+
         return $values;
     }
 }
diff --git a/app/ModelSerializers/Summit/Registration/PromoCodes/MemberSummitRegistrationPromoCodeSerializer.php b/app/ModelSerializers/Summit/Registration/PromoCodes/MemberSummitRegistrationPromoCodeSerializer.php
@@ -82,6 +82,8 @@ public function serialize($expand = null, array $fields = [], array $relations =
             }
         }
 
+        $values['remaining_quantity_per_account'] = null;
+
         return $values;
     }
 }
diff --git a/app/ModelSerializers/Summit/Registration/PromoCodes/SpeakerSummitRegistrationDiscountCodeSerializer.php b/app/ModelSerializers/Summit/Registration/PromoCodes/SpeakerSummitRegistrationDiscountCodeSerializer.php
@@ -77,6 +77,19 @@ public function serialize($expand = null, array $fields = [], array $relations =
             }
         }
 
+        // Re-add allowed_ticket_types (parent discount serializer unsets it).
+        $needs_allowed_ticket_types = in_array('allowed_ticket_types', $relations)
+            || (!empty($expand) && str_contains($expand, 'allowed_ticket_types'));
+        if ($needs_allowed_ticket_types && !isset($values['allowed_ticket_types'])) {
+            $ticket_types = [];
+            foreach ($code->getAllowedTicketTypes() as $ticket_type) {
+                $ticket_types[] = $ticket_type->getId();
+            }
+            $values['allowed_ticket_types'] = $ticket_types;
+        }
+
+        $values['remaining_quantity_per_account'] = null;
+
         return $values;
     }
 }
diff --git a/app/ModelSerializers/Summit/Registration/PromoCodes/SpeakerSummitRegistrationPromoCodeSerializer.php b/app/ModelSerializers/Summit/Registration/PromoCodes/SpeakerSummitRegistrationPromoCodeSerializer.php
@@ -78,6 +78,8 @@ public function serialize($expand = null, array $fields = [], array $relations =
             }
         }
 
+        $values['remaining_quantity_per_account'] = null;
+
         return $values;
     }
 }
diff --git a/app/Models/Foundation/Summit/Registration/PromoCodes/IDomainAuthorizedPromoCode.php b/app/Models/Foundation/Summit/Registration/PromoCodes/IDomainAuthorizedPromoCode.php
@@ -36,4 +36,15 @@ public function getQuantityPerAccount(): int;
      * @return bool
      */
     public function matchesEmailDomain(string $email): bool;
+
+    /**
+     * @param int|null $remaining
+     * @return void
+     */
+    public function setRemainingQuantityPerAccount(?int $remaining): void;
+
+    /**
+     * @return int|null
+     */
+    public function getRemainingQuantityPerAccount(): ?int;
 }
diff --git a/app/Repositories/Summit/DoctrineSummitRegistrationPromoCodeRepository.php b/app/Repositories/Summit/DoctrineSummitRegistrationPromoCodeRepository.php
@@ -684,7 +684,7 @@ public function getDiscoverableByEmailForSummit(Summit $summit, string $email):
             ->from($this->getBaseEntity(), 'e')
             ->leftJoin('e.summit', 's')
             ->where('s.id = :summit_id')
-            ->andWhere("e INSTANCE OF {$daDiscountClass} OR e INSTANCE OF {$daPromoClass} OR e INSTANCE OF {$memberPromoClass} OR e INSTANCE OF {$memberDiscountClass} OR e INSTANCE OF {$speakerPromoClass} OR e INSTANCE OF {$speakerDiscountClass}")
+            ->andWhere("(e INSTANCE OF {$daDiscountClass} OR e INSTANCE OF {$daPromoClass} OR e INSTANCE OF {$memberPromoClass} OR e INSTANCE OF {$memberDiscountClass} OR e INSTANCE OF {$speakerPromoClass} OR e INSTANCE OF {$speakerDiscountClass})")
             ->setParameter('summit_id', $summit->getId());
 
         $candidates = $qb->getQuery()->getResult();
@@ -709,12 +709,9 @@ public function getDiscoverableByEmailForSummit(Summit $summit, string $email):
             }
 
             if ($code instanceof SpeakerSummitRegistrationPromoCode || $code instanceof SpeakerSummitRegistrationDiscountCode) {
-                $speaker = $code->getSpeaker();
-                if (!is_null($speaker) && $speaker->hasMember()) {
-                    $member = $speaker->getMember();
-                    if (!is_null($member) && strtolower($member->getEmail()) === $email && $code->isLive()) {
-                        $results[] = $code;
-                    }
+                $ownerEmail = $code->getOwnerEmail();
+                if (!empty($ownerEmail) && strtolower($ownerEmail) === $email && $code->isLive()) {
+                    $results[] = $code;
                 }
                 continue;
             }
@@ -739,6 +736,7 @@ public function getTicketCountByMemberAndPromoCode(Member $member, SummitRegistr
 WHERE t.PromoCodeID = :promo_code_id
 AND o.OwnerID = :member_id
 AND o.Status IN ('Paid', 'Confirmed')
+AND t.Status != 'Cancelled'
 SQL;
         $stm = $this->getEntityManager()->getConnection()->executeQuery($sql, [
             'promo_code_id' => $code->getId(),
diff --git a/doc/promo-codes-for-early-registration-access.md b/doc/promo-codes-for-early-registration-access.md
@@ -573,7 +573,9 @@ Deviations from the SDS captured during implementation. Each entry is either **O
 - Unit test for discovery query
 
 **Review Follow-ups:**
-- None
+- [x] **Summit scoping lost in DQL OR chain (MUST-FIX):** `getDiscoverableByEmailForSummit()` at line 683 builds `->where('s.id = :summit_id')->andWhere("e INSTANCE OF A OR e INSTANCE OF B OR ...")`. Doctrine's `andWhere()` wraps existing + new conditions in an `Andx` composite that renders as `(s.id = :summit_id AND e INSTANCE OF A OR e INSTANCE OF B OR ...)`. Due to SQL/DQL operator precedence (AND before OR), only the first `INSTANCE OF` branch is summit-scoped; all remaining branches match those types from any summit, leaking cross-summit promo codes into discovery results. **Fix:** wrap the entire `INSTANCE OF` chain in an extra pair of parentheses so it is treated as a single group: `->andWhere("(e INSTANCE OF {$daDiscountClass} OR e INSTANCE OF {$daPromoClass} OR e INSTANCE OF {$memberPromoClass} OR e INSTANCE OF {$memberDiscountClass} OR e INSTANCE OF {$speakerPromoClass} OR e INSTANCE OF {$speakerDiscountClass})")`. File: `app/Repositories/Summit/DoctrineSummitRegistrationPromoCodeRepository.php`, line 687.
+- [x] **Speaker email matching misses speakers without a linked Member (SHOULD-FIX):** `getDiscoverableByEmailForSummit()` at lines 711–720 guards on `$speaker->hasMember()` then accesses `$speaker->getMember()->getEmail()`. However, `PresentationSpeaker::getEmail()` (Speakers/PresentationSpeaker.php:1924) already falls through to `$this->registration_request->getEmail()` when no Member association exists. `SpeakerSummitRegistrationPromoCode::getOwnerEmail()` and `SpeakerSummitRegistrationDiscountCode::getOwnerEmail()` both call `$this->getSpeaker()->getEmail()` which uses this fallback. `SpeakerPromoCodeTrait::checkSubject()` validates via `getOwnerEmail()`. The discovery code and `checkSubject` are inconsistent: a speaker code whose speaker has only a `SpeakerRegistrationRequest` (no Member) passes checkout validation but is never returned by discovery. **Fix:** replace the `hasMember()` guard + `getMember()->getEmail()` path with a direct call to `$code->getOwnerEmail()` (which already exists on both speaker promo code types via `IOwnablePromoCode`): `$ownerEmail = $code->getOwnerEmail(); if (!empty($ownerEmail) && strtolower($ownerEmail) === $email && $code->isLive()) { $results[] = $code; }`. File: `app/Repositories/Summit/DoctrineSummitRegistrationPromoCodeRepository.php`, lines 711–719.
+- [x] **`getTicketCountByMemberAndPromoCode` counts cancelled tickets (SHOULD-FIX):** The raw SQL at lines 735–742 filters by `o.Status IN ('Paid', 'Confirmed')` (order status) but does not filter by ticket status. `SummitAttendeeTicket` has its own `Status` column — `isCancelled()` at SummitAttendeeTicket.php:559 checks against `IOrderConstants::CancelledStatus`. A ticket can be individually cancelled within a paid order without changing the order status. Such cancelled tickets are still counted toward `quantity_per_account`, over-inflating the count and potentially blocking users who cancelled and want to repurchase. **Fix:** add `AND t.Status != 'Cancelled'` to the WHERE clause (or equivalently `AND t.Status = 'Paid'` if only Paid is a valid active status for tickets). The constant value is `IOrderConstants::CancelledStatus = 'Cancelled'`. File: `app/Repositories/Summit/DoctrineSummitRegistrationPromoCodeRepository.php`, line 741.
 
 ---
 
@@ -697,7 +699,18 @@ Deviations from the SDS captured during implementation. Each entry is either **O
 - Integration test calling the endpoint
 
 **Review Follow-ups:**
-- None
+
+- [x] **`remaining_quantity_per_account` absent from member/speaker serializer output (MUST-FIX):**
+  All four member/speaker serializers (`MemberSummitRegistrationPromoCodeSerializer`, `MemberSummitRegistrationDiscountCodeSerializer`, `SpeakerSummitRegistrationPromoCodeSerializer`, `SpeakerSummitRegistrationDiscountCodeSerializer`) do not output `remaining_quantity_per_account`. The DoD requires every discover result to include this field, and the SDS sample response shows `"remaining_quantity_per_account": null` for `MEMBER_DISCOUNT_CODE` and `SPEAKER_PROMO_CODE`. The domain-authorized serializers correctly set it from a transient property; member/speaker serializers must emit `null` unconditionally (these types have no per-account limit concept).
+  **Fix:** In the `serialize()` override of each of the four member/speaker serializers, add `$values['remaining_quantity_per_account'] = null;` before returning `$values`. No entity change required — member/speaker entities do not need a transient property; the value is always `null` for these types.
+
+- [x] **`allowed_ticket_types` absent from member/speaker discount code responses (MUST-FIX):**
+  `SummitRegistrationDiscountCodeSerializer::serialize()` unconditionally calls `unset($values['allowed_ticket_types'])` (line 46). `MemberSummitRegistrationDiscountCodeSerializer` and `SpeakerSummitRegistrationDiscountCodeSerializer` both extend this class and never re-add the key, so `MEMBER_DISCOUNT_CODE` and `SPEAKER_DISCOUNT_CODE` results from the discover endpoint are missing `allowed_ticket_types`. `DomainAuthorizedSummitRegistrationDiscountCodeSerializer` already demonstrates the correct fix pattern at lines 47–56: check `in_array('allowed_ticket_types', $relations)` and rebuild the array from `$code->getAllowedTicketTypes()`.
+  **Fix:** In `MemberSummitRegistrationDiscountCodeSerializer::serialize()` and `SpeakerSummitRegistrationDiscountCodeSerializer::serialize()`, after calling `parent::serialize()`, re-add `allowed_ticket_types` using the same pattern as `DomainAuthorizedSummitRegistrationDiscountCodeSerializer.php:47–56`. The controller's default `$relations` already includes `'allowed_ticket_types'`, so no controller change is needed.
+
+- [x] **`IDomainAuthorizedPromoCode` interface missing `setRemainingQuantityPerAccount` / `getRemainingQuantityPerAccount` declarations (SHOULD-FIX):**
+  `SummitPromoCodeService::discoverPromoCodes()` narrows a code to `IDomainAuthorizedPromoCode` via `instanceof`, then calls `$code->setRemainingQuantityPerAccount(...)` (service lines 1035, 1037). The interface (`IDomainAuthorizedPromoCode.php`) declares only `getAllowedEmailDomains()`, `getQuantityPerAccount()`, and `matchesEmailDomain()` — neither setter nor getter is declared. PHP resolves the call dynamically at runtime (both concrete classes `DomainAuthorizedSummitRegistrationPromoCode` and `DomainAuthorizedSummitRegistrationDiscountCode` implement both methods), but static analysis tools (PHPStan/Psalm) will flag this as a call on an undefined method of the interface type.
+  **Fix:** Add `public function setRemainingQuantityPerAccount(?int $remaining): void;` and `public function getRemainingQuantityPerAccount(): ?int;` to `IDomainAuthorizedPromoCode.php`. Both concrete classes already implement these methods, so no implementation change is needed — only the interface declaration.
 
 ---
 

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,19 @@ public function serialize($expand = null, array $fields = [], array $relations =`
`84`	`84`	`}`
`85`	`85`	`}`
`86`	`86`
	`87`	`+ // Re-add allowed_ticket_types (parent discount serializer unsets it).`
	`88`	`+ $needs_allowed_ticket_types = in_array('allowed_ticket_types', $relations)`
	`89`	`+ \|\| (!empty($expand) && str_contains($expand, 'allowed_ticket_types'));`
	`90`	`+ if ($needs_allowed_ticket_types && !isset($values['allowed_ticket_types'])) {`
	`91`	`+ $ticket_types = [];`
	`92`	`+ foreach ($code->getAllowedTicketTypes() as $ticket_type) {`
	`93`	`+ $ticket_types[] = $ticket_type->getId();`
	`94`	`+ }`
	`95`	`+ $values['allowed_ticket_types'] = $ticket_types;`
	`96`	`+ }`
	`97`	`+`
	`98`	`+ $values['remaining_quantity_per_account'] = null;`
	`99`	`+`
`87`	`100`	`return $values;`
`88`	`101`	`}`
`89`	`102`	`}`
Original file line number	Diff line number	Diff line change
`@@ -82,6 +82,8 @@ public function serialize($expand = null, array $fields = [], array $relations =`
`82`	`82`	`}`
`83`	`83`	`}`
`84`	`84`
	`85`	`+ $values['remaining_quantity_per_account'] = null;`
	`86`	`+`
`85`	`87`	`return $values;`
`86`	`88`	`}`
`87`	`89`	`}`
Original file line number	Diff line number	Diff line change
`@@ -77,6 +77,19 @@ public function serialize($expand = null, array $fields = [], array $relations =`
`77`	`77`	`}`
`78`	`78`	`}`
`79`	`79`
	`80`	`+ // Re-add allowed_ticket_types (parent discount serializer unsets it).`
	`81`	`+ $needs_allowed_ticket_types = in_array('allowed_ticket_types', $relations)`
	`82`	`+ \|\| (!empty($expand) && str_contains($expand, 'allowed_ticket_types'));`
	`83`	`+ if ($needs_allowed_ticket_types && !isset($values['allowed_ticket_types'])) {`
	`84`	`+ $ticket_types = [];`
	`85`	`+ foreach ($code->getAllowedTicketTypes() as $ticket_type) {`
	`86`	`+ $ticket_types[] = $ticket_type->getId();`
	`87`	`+ }`
	`88`	`+ $values['allowed_ticket_types'] = $ticket_types;`
	`89`	`+ }`
	`90`	`+`
	`91`	`+ $values['remaining_quantity_per_account'] = null;`
	`92`	`+`
`80`	`93`	`return $values;`
`81`	`94`	`}`
`82`	`95`	`}`
Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,8 @@ public function serialize($expand = null, array $fields = [], array $relations =`
`78`	`78`	`}`
`79`	`79`	`}`
`80`	`80`
	`81`	`+ $values['remaining_quantity_per_account'] = null;`
	`82`	`+`
`81`	`83`	`return $values;`
`82`	`84`	`}`
`83`	`85`	`}`