[FIX] SIM-06 + EmailService + WebhookService + supplier assessment

- ServicesController::provision(): created_by usa userId (INT) non string - EmailService::logEmail(): rimosso sent_at (colonna non esiste in email_log) - WebhookService::incidentPayload(): status ?? 'detected' (null-safe) - simulate-nis2.php: supplier assessment usa formato assessment_responses corretto [{question, weight, value: yes|partial|no}] Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-09 09:56:39 +01:00 · 2026-03-09 09:56:39 +01:00 · 13df162ec4
commit 13df162ec4
parent 4be541e9b5
4 changed files with 12 additions and 9 deletions
--- a/application/controllers/ServicesController.php
+++ b/application/controllers/ServicesController.php
@ -647,7 +647,7 @@ class ServicesController extends BaseController
                $orgId, $keyName, $keyPrefix, $keyHash,
                json_encode(['read:all', 'write:all', 'admin:org', 'sso:login']),
                $expiresAt,
-                'provision:' . ($caller['system'] ?? 'external'),
+                $userId,  // created_by: admin utente provisioned
            ]
        );

--- a/application/services/EmailService.php
+++ b/application/services/EmailService.php
@ -609,7 +609,6 @@ class EmailService
                'recipient'  => $to,
                'subject'    => mb_substr($subject, 0, 255),
                'status'     => $success ? 'sent' : 'failed',
-                'sent_at'    => date('Y-m-d H:i:s'),
            ]);
        } catch (\Throwable $e) {
            error_log('[EmailService] Errore log email: ' . $e->getMessage());
--- a/application/services/WebhookService.php
+++ b/application/services/WebhookService.php
@ -237,7 +237,7 @@ class WebhookService
                'title'           => $incident['title'],
                'classification'  => $incident['classification'],
                'severity'        => $incident['severity'],
-                'status'          => $incident['status'],
+                'status'          => $incident['status'] ?? 'detected',
                'is_significant'  => (bool)$incident['is_significant'],
                'detected_at'     => $incident['detected_at'],
                'art23_deadlines' => [
--- a/simulate-nis2.php
+++ b/simulate-nis2.php
@ -809,13 +809,17 @@ foreach ($COMPANIES as $slug => $comp) {

        // Assessment fornitore
        if ($supId) {
+            // assessment_responses: array di {question, weight, value: yes|partial|no}
+            $highRisk = in_array($supDef['risk_level'], ['high', 'critical']);
            $assessRes = api('POST', "/supply-chain/{$supId}/assess", [
-                'has_security_controls'    => 1,
-                'has_incident_procedure'   => $supDef['risk_level'] !== 'low' ? 1 : 0,
-                'gdpr_compliant'           => 1,
-                'nis2_contractual_clauses' => $supDef['critical'] ? 1 : 0,
-                'last_audit_date'          => date('Y-m-d', strtotime('-6 months')),
-                'notes'                    => "Assessment automatico — fornitore {$supDef['service_type']}",
+                'assessment_responses' => [
+                    ['question' => 'Controlli sicurezza implementati',       'weight' => 3, 'value' => 'yes'],
+                    ['question' => 'Procedura gestione incidenti',           'weight' => 2, 'value' => $highRisk ? 'yes' : 'partial'],
+                    ['question' => 'Conformità GDPR',                        'weight' => 2, 'value' => 'yes'],
+                    ['question' => 'Clausole NIS2 nel contratto',            'weight' => 2, 'value' => $supDef['critical'] ? 'yes' : 'partial'],
+                    ['question' => 'Audit sicurezza negli ultimi 12 mesi',   'weight' => 1, 'value' => $highRisk ? 'yes' : 'partial'],
+                    ['question' => 'Piano business continuity documentato',  'weight' => 2, 'value' => 'partial'],
+                ],
            ], $jwt, $orgId);
            if (apiOk($assessRes, "supplier.assess")) {
                ok("Assessment fornitore: {$supDef['name']}");