fix(promo-codes): address smarcet review — saga compensation, discover serializer, endpoint migration

- Implement ReserveOrderTask::undo() so ApplyPromoCodeTask failures (invalid
  code / canBeAppliedTo / domain reject / QuantityPerAccount) no longer leave
  orphaned Order+Ticket rows. Relies on SummitOrder::\$tickets cascade=remove +
  orphanRemoval=true to drop ticket rows.
- Defer CreatedSummitRegistrationOrder event dispatch from ReserveOrderTask::run
  to SummitOrderService::reserve, so listeners only observe fully-validated
  reservations.
- Use SerializerUtils::getExpand/getFields/getRelations in discover() to match
  the rest of the controller's API pattern.
- Seed discover-promo-codes endpoint via config migration
  Version20260412000000.php so deployed environments get the endpoint row
  without re-running the seeder.
- Fix ApiEndpointsSeeder: IGroup::Sponsors on get-sponsorship was in the scopes
  array; moved to authz_groups.
- Add tests/Unit/Services/SagaCompensationTest covering undo() no-op when no
  order persisted, undo() removes order+detaches tickets, and Saga::abort
  invokes undo in reverse order.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: caseylocker

app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitPromoCodesApiController.php

@@ -1614,12 +1614,9 @@ public function discover($summit_id)
 
             $codes = $this->promo_code_service->discoverPromoCodes($summit, $current_member);
 
-            $expand = Request::input('expand', '');
-            $fields = Request::input('fields', '');
-            $relations = Request::input('relations', '');
-
-            $relations = !empty($relations) ? explode(',', $relations) : ['allowed_ticket_types', 'badge_features', 'tags', 'ticket_types_rules'];
-            $fields = !empty($fields) ? explode(',', $fields) : [];
+            $expand    = SerializerUtils::getExpand();
+            $fields    = SerializerUtils::getFields();
+            $relations = SerializerUtils::getRelations();
 
             $data = [];
             foreach ($codes as $code) {

app/Services/Model/Imp/SummitOrderService.php

@@ -663,14 +663,36 @@ public function run(array $formerState): array
                 );
                 $invitation->addOrder($order);
             }
-            Event::dispatch(new CreatedSummitRegistrationOrder($order->getId()));
+            $this->formerState['order'] = $order;
             return ['order' => $order];
         });
     }
 
     public function undo()
     {
-        // TODO: Implement undo() method.
+        $order = $this->formerState['order'] ?? null;
+        if (is_null($order)) {
+            Log::warning("ReserveOrderTask::undo: no order in formerState, nothing to compensate");
+            return;
+        }
+
+        $this->tx_service->transaction(function () use ($order) {
+            Log::info(sprintf("ReserveOrderTask::undo: removing reserved order id %s number %s",
+                $order->getId(), $order->getNumber()));
+
+            // Detach tickets from their attendee owners so stale references don't survive.
+            // The OneToMany(SummitAttendeeTicket, cascade: ['remove'], orphanRemoval: true) on
+            // SummitOrder::$tickets then cascades ticket deletion when the order is removed.
+            foreach ($order->getTickets() as $ticket) {
+                $attendee = $ticket->getOwner();
+                if (!is_null($attendee)) {
+                    $attendee->removeTicket($ticket);
+                }
+            }
+
+            $this->summit->removeOrder($order);
+            App::make(ISummitOrderRepository::class)->delete($order);
+        });
     }
 }
 
@@ -1759,6 +1781,10 @@ public function reserve(?Member $owner, Summit $summit, array $payload): SummitO
 
             $state = $saga_factory->build($owner, $summit, $payload)->run();
 
+            // Dispatch only after the full saga (including ApplyPromoCodeTask validation) succeeds,
+            // so listeners never observe orders that were rolled back by compensation.
+            Event::dispatch(new CreatedSummitRegistrationOrder($state['order']->getId()));
+
             return $state['order'];
         } catch (ValidationException $ex) {
             Log::warning($ex);

database/migrations/config/Version20260412000000.php

@@ -0,0 +1,67 @@
+<?php namespace Database\Migrations\Config;
+/**
+ * Copyright 2026 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+use Doctrine\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+use App\Security\SummitScopes;
+
+/**
+ * Seed the discover-promo-codes endpoint.
+ *
+ * Adds the endpoint row plus its two scope associations (ReadSummitData,
+ * ReadAllSummitData). No authz groups — the endpoint is authenticated-user
+ * scoped and serves the caller their own qualifying codes.
+ *
+ * Idempotent via WHERE NOT EXISTS in APIEndpointsMigrationHelper.
+ */
+final class Version20260412000000 extends AbstractMigration
+{
+    use APIEndpointsMigrationHelper;
+
+    private const API_NAME = 'summits';
+    private const ENDPOINT_NAME = 'discover-promo-codes';
+    private const ENDPOINT_ROUTE = '/api/v1/summits/{id}/promo-codes/all/discover';
+
+    public function getDescription(): string
+    {
+        return 'Seed discover-promo-codes endpoint with ReadSummitData/ReadAllSummitData scopes';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $this->addSql($this->insertEndpoint(
+            self::API_NAME,
+            self::ENDPOINT_NAME,
+            self::ENDPOINT_ROUTE,
+            'GET'
+        ));
+
+        $this->addSql($this->insertEndpointScope(
+            self::API_NAME,
+            self::ENDPOINT_NAME,
+            SummitScopes::ReadSummitData
+        ));
+
+        $this->addSql($this->insertEndpointScope(
+            self::API_NAME,
+            self::ENDPOINT_NAME,
+            SummitScopes::ReadAllSummitData
+        ));
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql($this->deleteEndpoint(self::API_NAME, self::ENDPOINT_NAME));
+    }
+}

database/seeders/ApiEndpointsSeeder.php

@@ -2703,12 +2703,12 @@ private function seedSummitEndpoints()
                 'scopes' => [
                     SummitScopes::ReadSummitData,
                     SummitScopes::ReadAllSummitData,
-                    IGroup::Sponsors,
                 ],
                 'authz_groups' => [
                     IGroup::SuperAdmins,
                     IGroup::Administrators,
                     IGroup::SummitAdministrators,
+                    IGroup::Sponsors,
                 ]
             ],
             [

tests/Unit/Services/SagaCompensationTest.php

@@ -0,0 +1,239 @@
+<?php namespace Tests\Unit\Services;
+/**
+ * Copyright 2026 OpenStack Foundation
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+
+use App\Models\Foundation\Summit\Repositories\ISummitOrderRepository;
+use App\Services\Model\AbstractTask;
+use App\Services\Model\ReserveOrderTask;
+use App\Services\Model\Saga;
+use libs\utils\ITransactionService;
+use Mockery;
+use models\main\Member;
+use models\summit\Summit;
+use models\summit\SummitAttendee;
+use models\summit\SummitAttendeeTicket;
+use models\summit\SummitOrder;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Class SagaCompensationTest
+ *
+ * Regression tests for the saga reorder introduced by the domain-authorized
+ * promo code feature (ApplyPromoCodeTask moved after ReserveOrderTask). Two
+ * concerns are exercised:
+ *
+ * 1. If any task downstream of ReserveOrderTask throws, Saga::abort() invokes
+ *    undo() on previously-run tasks in reverse order. ReserveOrderTask::undo()
+ *    must therefore remove the persisted order and its tickets.
+ * 2. Tasks that have not yet run must not be undone.
+ *
+ * Uses Mockery on concrete classes; no Laravel, DB, or Redis required. The
+ * actual dispatch of CreatedSummitRegistrationOrder after a successful
+ * SummitOrderService::reserve() is covered by
+ * OAuth2SummitPromoCodesApiTest/OAuth2SummitOrdersApiTest integration tests.
+ *
+ * @package Tests\Unit\Services
+ */
+class SagaCompensationTest extends TestCase
+{
+    protected function setUp(): void
+    {
+        parent::setUp();
+        // Minimal container so the Log/App facades the code under test touches
+        // resolve to no-ops. No DB, no full Laravel bootstrap.
+        $container = new \Illuminate\Container\Container();
+        $container->instance('app', $container);
+        $container->instance('log', new class {
+            public function __call($name, $args) { /* silently swallow log calls */ }
+        });
+        \Illuminate\Support\Facades\Facade::setFacadeApplication($container);
+    }
+
+    protected function tearDown(): void
+    {
+        \Illuminate\Support\Facades\Facade::clearResolvedInstances();
+        \Illuminate\Support\Facades\Facade::setFacadeApplication(null);
+        Mockery::close();
+        parent::tearDown();
+    }
+
+    /**
+     * ReserveOrderTask::undo() with no order in formerState is a safe no-op
+     * (run() may have thrown before persisting the order).
+     */
+    public function testUndoIsNoOpWhenOrderWasNotPersisted(): void
+    {
+        $tx_service = Mockery::mock(ITransactionService::class);
+        // transaction() must NOT be called — nothing to compensate.
+        $tx_service->shouldNotReceive('transaction');
+
+        $task = $this->buildTask(
+            $tx_service,
+            Mockery::mock(Summit::class),
+            Mockery::mock(Member::class)
+        );
+
+        // formerState deliberately missing the 'order' key
+        $this->invokeUndo($task, []);
+
+        // Assertion is implicit via Mockery expectations
+        $this->addToAssertionCount(1);
+    }
+
+    /**
+     * When ReserveOrderTask::run() persisted an order, undo() must:
+     *  - detach each ticket from its attendee owner (so stale references don't linger)
+     *  - remove the order from the summit
+     *  - delete the order via the repository (cascade removes tickets via orphanRemoval)
+     */
+    public function testUndoDeletesOrderAndDetachesTicketsFromAttendees(): void
+    {
+        $attendee1 = Mockery::mock(SummitAttendee::class);
+        $attendee2 = Mockery::mock(SummitAttendee::class);
+
+        $ticket1 = Mockery::mock(SummitAttendeeTicket::class);
+        $ticket1->shouldReceive('getOwner')->andReturn($attendee1);
+        $ticket2 = Mockery::mock(SummitAttendeeTicket::class);
+        $ticket2->shouldReceive('getOwner')->andReturn($attendee2);
+        // Unassigned ticket: getOwner may return null, undo must not explode
+        $ticket3 = Mockery::mock(SummitAttendeeTicket::class);
+        $ticket3->shouldReceive('getOwner')->andReturn(null);
+
+        $attendee1->shouldReceive('removeTicket')->once()->with($ticket1);
+        $attendee2->shouldReceive('removeTicket')->once()->with($ticket2);
+
+        $order = Mockery::mock(SummitOrder::class);
+        $order->shouldReceive('getId')->andReturn(9001);
+        $order->shouldReceive('getNumber')->andReturn('ORD-TEST-0001');
+        $order->shouldReceive('getTickets')->andReturn([$ticket1, $ticket2, $ticket3]);
+
+        $summit = Mockery::mock(Summit::class);
+        $summit->shouldReceive('removeOrder')->once()->with($order);
+
+        $owner = Mockery::mock(Member::class);
+
+        $order_repo = Mockery::mock(ISummitOrderRepository::class);
+        $order_repo->shouldReceive('delete')->once()->with($order);
+
+        // Bind the repo into the container so App::make() inside undo() resolves it.
+        $container = \Illuminate\Support\Facades\Facade::getFacadeApplication();
+        $container->instance(ISummitOrderRepository::class, $order_repo);
+
+        $tx_service = Mockery::mock(ITransactionService::class);
+        $tx_service->shouldReceive('transaction')->once()->andReturnUsing(function ($fn) {
+            return $fn();
+        });
+
+        $task = $this->buildTask($tx_service, $summit, $owner);
+        $this->invokeUndo($task, ['order' => $order]);
+
+        $this->addToAssertionCount(1);
+    }
+
+    /**
+     * Integration-ish: drive a real Saga whose last task throws and verify
+     * that a preceding "ReserveOrder-like" task has its undo() invoked exactly
+     * once, in reverse order.
+     */
+    public function testSagaAbortCallsUndoInReverseOrder(): void
+    {
+        $order_of_calls = [];
+
+        $first  = new RecordingTask('first', $order_of_calls);
+        $second = new RecordingTask('second', $order_of_calls);
+        $failing = new class extends AbstractTask {
+            public function run(array $formerState): array
+            {
+                throw new \RuntimeException('downstream failure');
+            }
+            public function undo() { /* never runs — it threw in run() */ }
+        };
+
+        $saga = Saga::start()
+            ->addTask($first)
+            ->addTask($second)
+            ->addTask($failing);
+
+        try {
+            $saga->run();
+            $this->fail('Expected saga to propagate the downstream exception');
+        } catch (\RuntimeException $ex) {
+            $this->assertSame('downstream failure', $ex->getMessage());
+        }
+
+        // run: first, second, (failing throws); undo: second, first
+        $this->assertSame(
+            ['run:first', 'run:second', 'undo:second', 'undo:first'],
+            $order_of_calls
+        );
+    }
+
+    /**
+     * Construct a ReserveOrderTask with only the fields undo() needs. run() is
+     * not exercised here, so most collaborators can be plain Mockery doubles.
+     */
+    private function buildTask(ITransactionService $tx, Summit $summit, Member $owner): ReserveOrderTask
+    {
+        $reflector = new \ReflectionClass(ReserveOrderTask::class);
+        /** @var ReserveOrderTask $task */
+        $task = $reflector->newInstanceWithoutConstructor();
+
+        $this->setPrivate($task, 'tx_service', $tx);
+        $this->setPrivate($task, 'summit', $summit);
+        $this->setPrivate($task, 'owner', $owner);
+
+        return $task;
+    }
+
+    private function setPrivate(object $instance, string $property, $value): void
+    {
+        $r = new \ReflectionClass($instance);
+        $p = $r->getProperty($property);
+        $p->setAccessible(true);
+        $p->setValue($instance, $value);
+    }
+
+    private function invokeUndo(ReserveOrderTask $task, array $formerState): void
+    {
+        $this->setPrivate($task, 'formerState', $formerState);
+        $task->undo();
+    }
+}
+
+/**
+ * Minimal AbstractTask implementation that records run/undo invocation order.
+ * Declared at file scope (not inside the TestCase) so PHP can resolve the
+ * AbstractTask parent at class-load time without coupling to test lifecycle.
+ */
+final class RecordingTask extends AbstractTask
+{
+    private $label;
+    private $log;
+
+    public function __construct(string $label, array &$log)
+    {
+        $this->label = $label;
+        $this->log = &$log;
+    }
+
+    public function run(array $formerState): array
+    {
+        $this->log[] = 'run:' . $this->label;
+        return $formerState;
+    }
+
+    public function undo()
+    {
+        $this->log[] = 'undo:' . $this->label;
+    }
+}