add school year and security fix
API CI/CD / Validate (composer + pint) (push) Successful in 3m14s
API CI/CD / Test (PHPUnit) (push) Failing after 3m28s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 56s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped

This commit is contained in:
root
2026-07-06 00:55:01 -04:00
parent 99782c2a3c
commit 39228168c8
40 changed files with 20370 additions and 70 deletions
+78
View File
@@ -6,6 +6,8 @@ use App\Models\Configuration;
use App\Models\Role;
use App\Models\SchoolYear;
use App\Models\User;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Schema;
use Laravel\Sanctum\Sanctum;
trait CreatesApiTestUsers
@@ -64,6 +66,7 @@ trait CreatesApiTestUsers
{
$roles = $this->seedApiRoles();
$this->seedApiTestConfig();
$this->seedSchoolYearClosurePermissionsForTests($roles);
$user = User::factory()->create(array_merge([
'status' => 'Active',
@@ -91,6 +94,81 @@ trait CreatesApiTestUsers
return $user;
}
/**
* Keep test fixtures aligned with explicit permission middleware.
* Production receives these through the closure permission migration.
*
* @param array<string, Role> $roles
*/
protected function seedSchoolYearClosurePermissionsForTests(array $roles): void
{
if (! Schema::hasTable('permissions') || ! Schema::hasTable('role_permissions')) {
return;
}
$permissions = [
'school_year.view',
'school_year.view_closed',
'school_year.create',
'school_year.close',
'school_year.reopen',
'school_year.archive',
'school_year.manage',
'school_year.select',
'student_enrollment.view',
'student_enrollment.promote',
'finance.view',
'finance.balance_transfer.view',
'reports.view',
];
foreach ($permissions as $permission) {
DB::table('permissions')->updateOrInsert(
['name' => $permission],
['description' => 'Test permission '.$permission, 'created_at' => now(), 'updated_at' => now()]
);
}
$adminRoleIds = collect([$roles['administrator'] ?? null, $roles['admin'] ?? null])->filter()->map(fn (Role $role) => (int) $role->id)->all();
$teacherRoleId = isset($roles['teacher']) ? (int) $roles['teacher']->id : null;
$parentRoleId = isset($roles['parent']) ? (int) $roles['parent']->id : null;
$this->grantTestPermissions($adminRoleIds, $permissions);
if ($teacherRoleId) {
$this->grantTestPermissions([$teacherRoleId], ['school_year.view', 'school_year.view_closed', 'school_year.select', 'student_enrollment.view']);
}
if ($parentRoleId) {
$this->grantTestPermissions([$parentRoleId], ['school_year.view', 'school_year.select', 'finance.view']);
}
}
/** @param list<int> $roleIds */
private function grantTestPermissions(array $roleIds, array $permissions): void
{
foreach ($roleIds as $roleId) {
foreach ($permissions as $permission) {
$permissionId = (int) DB::table('permissions')->where('name', $permission)->value('id');
if ($permissionId <= 0) {
continue;
}
DB::table('role_permissions')->updateOrInsert(
['role_id' => $roleId, 'permission_id' => $permissionId],
[
'can_create' => true,
'can_read' => true,
'can_update' => true,
'can_delete' => true,
'can_manage' => true,
'created_at' => now(),
'updated_at' => now(),
]
);
}
}
}
/**
* @return array<string, mixed>
*/