security fix and fix parent pages
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
This commit is contained in:
+44
-6
@@ -302,6 +302,12 @@ Route::prefix('v1')->group(function () {
|
||||
Route::get('{id}/file', [PrintRequestsController::class, 'download'])->whereNumber('id');
|
||||
});
|
||||
|
||||
Route::middleware(['auth:api', 'print_requests.admin'])->prefix('administrator/print-requests')->group(function () {
|
||||
Route::get('/', [PrintRequestsController::class, 'admin']);
|
||||
Route::patch('{id}/status', [PrintRequestsController::class, 'adminStatus'])->whereNumber('id');
|
||||
Route::post('{id}/status', [PrintRequestsController::class, 'adminStatus'])->whereNumber('id');
|
||||
});
|
||||
|
||||
Route::middleware('auth:api')->prefix('info-icon')->group(function () {
|
||||
Route::get('profile', [InfoIconController::class, 'profileIcon']);
|
||||
});
|
||||
@@ -318,6 +324,8 @@ Route::prefix('v1')->group(function () {
|
||||
|
||||
Route::get('teacher-submissions', [AdministratorTeacherSubmissionController::class, 'index']);
|
||||
Route::post('teacher-submissions/notify', [AdministratorTeacherSubmissionController::class, 'notify'])->middleware('school_year.editable');
|
||||
Route::get('progress', [ClassProgressController::class, 'index']);
|
||||
Route::get('progress/meta', [ClassProgressController::class, 'meta']);
|
||||
|
||||
Route::prefix('trophy')->group(function () {
|
||||
Route::get('/', [AdministratorTrophyController::class, 'index']);
|
||||
@@ -375,6 +383,7 @@ Route::prefix('v1')->group(function () {
|
||||
|
||||
Route::prefix('staff')->group(function () {
|
||||
Route::get('/', [StaffController::class, 'index']);
|
||||
Route::get('form-options', [StaffController::class, 'formOptions']);
|
||||
Route::get('{id}', [StaffController::class, 'show']);
|
||||
Route::post('/', [StaffController::class, 'store']);
|
||||
Route::patch('{id}', [StaffController::class, 'update']);
|
||||
@@ -425,6 +434,8 @@ Route::prefix('v1')->group(function () {
|
||||
|
||||
Route::prefix('reimbursements')->group(function () {
|
||||
Route::get('under-processing', [ReimbursementController::class, 'underProcessing']);
|
||||
Route::get('create-context', [ReimbursementController::class, 'createContext']);
|
||||
Route::get('{id}/edit-data', [ReimbursementController::class, 'editData'])->whereNumber('id');
|
||||
Route::post('mark-donation', [ReimbursementController::class, 'markDonation']);
|
||||
Route::post('batches', [ReimbursementController::class, 'createBatch']);
|
||||
Route::post('batches/assign', [ReimbursementController::class, 'updateBatchAssignment']);
|
||||
@@ -434,17 +445,29 @@ Route::prefix('v1')->group(function () {
|
||||
Route::post('batches/email', [ReimbursementController::class, 'sendBatchEmail']);
|
||||
Route::get('export', [ReimbursementController::class, 'export']);
|
||||
Route::get('batches/export', [ReimbursementController::class, 'exportBatch']);
|
||||
Route::post('batch/create', [ReimbursementController::class, 'createBatch']);
|
||||
Route::post('batch/update', [ReimbursementController::class, 'updateBatchAssignment']);
|
||||
Route::post('batch/lock', [ReimbursementController::class, 'lockBatch']);
|
||||
Route::post('batch/admin-file/upload', [ReimbursementController::class, 'uploadBatchAdminFile']);
|
||||
Route::post('batch/send', [ReimbursementController::class, 'sendBatchEmail']);
|
||||
Route::get('batch/export', [ReimbursementController::class, 'exportBatch']);
|
||||
Route::get('reimbursed-expenses', [ReimbursementController::class, 'reimbursedExpenses']);
|
||||
Route::get('/', [ReimbursementController::class, 'index']);
|
||||
Route::post('/', [ReimbursementController::class, 'store']);
|
||||
Route::post('process', [ReimbursementController::class, 'process']);
|
||||
Route::put('{id}', [ReimbursementController::class, 'update']);
|
||||
Route::post('{id}', [ReimbursementController::class, 'update'])->whereNumber('id');
|
||||
Route::put('{id}', [ReimbursementController::class, 'update'])->whereNumber('id');
|
||||
});
|
||||
|
||||
Route::prefix('printables')->group(function () {
|
||||
Route::prefix('badges')->group(function () {
|
||||
Route::get('form-options', [BadgeController::class, 'formData']);
|
||||
});
|
||||
Route::prefix('stickers')->group(function () {
|
||||
Route::get('form-options', [StickersController::class, 'formData']);
|
||||
Route::get('preview', [StickersController::class, 'preview']);
|
||||
Route::post('generate', [StickersController::class, 'print']);
|
||||
});
|
||||
Route::prefix('report-card')->group(function () {
|
||||
Route::get('meta', [ReportCardsController::class, 'meta']);
|
||||
});
|
||||
@@ -480,13 +503,19 @@ Route::prefix('v1')->group(function () {
|
||||
});
|
||||
});
|
||||
|
||||
Route::middleware(['multi.auth', 'admin.access'])->prefix('admin')->group(function () {
|
||||
Route::get('progress', [ClassProgressController::class, 'index']);
|
||||
Route::get('progress/meta', [ClassProgressController::class, 'meta']);
|
||||
});
|
||||
|
||||
Route::middleware(['multi.auth', 'account.active'])->prefix('school-years')->group(function () {
|
||||
Route::get('/', [SchoolYearController::class, 'index'])->middleware('perm:school_year.view');
|
||||
Route::get('current', [SchoolYearController::class, 'current'])->middleware('perm:school_year.select');
|
||||
Route::get('options', [SchoolYearController::class, 'options'])->middleware('perm:school_year.select');
|
||||
Route::get('/', [SchoolYearController::class, 'index']);
|
||||
Route::get('current', [SchoolYearController::class, 'current']);
|
||||
Route::get('options', [SchoolYearController::class, 'options']);
|
||||
Route::post('/', [SchoolYearController::class, 'store'])->middleware('perm:school_year.create');
|
||||
Route::patch('{schoolYear}', [SchoolYearController::class, 'update'])->middleware('perm:school_year.manage')->whereNumber('schoolYear');
|
||||
Route::get('{schoolYear}/summary', [SchoolYearController::class, 'summary'])->middleware('perm:school_year.view')->whereNumber('schoolYear');
|
||||
Route::get('{schoolYear}/reports/closing', [SchoolYearController::class, 'closingReport'])->middleware('perm:school_year.view')->whereNumber('schoolYear');
|
||||
Route::post('{schoolYear}/validate-close', [SchoolYearController::class, 'validateClose'])->middleware('perm:school_year.close')->whereNumber('schoolYear');
|
||||
Route::post('{schoolYear}/preview-close', [SchoolYearController::class, 'previewClose'])->middleware('perm:school_year.close')->whereNumber('schoolYear');
|
||||
Route::post('{schoolYear}/close', [SchoolYearController::class, 'close'])->middleware('perm:school_year.close')->whereNumber('schoolYear');
|
||||
@@ -538,7 +567,7 @@ Route::prefix('v1')->group(function () {
|
||||
});
|
||||
});
|
||||
|
||||
Route::middleware(app()->runningUnitTests() ? ['throttle:120,1', 'school_year.editable'] : ['multi.auth', 'school_year.editable'])->prefix('attendance-tracking')->group(function () {
|
||||
Route::middleware(['multi.auth', 'school_year.editable'])->prefix('attendance-tracking')->group(function () {
|
||||
Route::get('/pending-violations', [AttendanceTrackingController::class, 'pendingViolations']);
|
||||
Route::get('/notified-violations', [AttendanceTrackingController::class, 'notifiedViolations']);
|
||||
Route::get('/student-case/{studentId}', [AttendanceTrackingController::class, 'studentCase']);
|
||||
@@ -655,6 +684,7 @@ Route::prefix('v1')->group(function () {
|
||||
|
||||
Route::prefix('staff')->group(function () {
|
||||
Route::get('/', [StaffController::class, 'index']);
|
||||
Route::get('form-options', [StaffController::class, 'formOptions']);
|
||||
Route::get('{id}', [StaffController::class, 'show']);
|
||||
Route::post('/', [StaffController::class, 'store']);
|
||||
Route::patch('{id}', [StaffController::class, 'update']);
|
||||
@@ -733,9 +763,11 @@ Route::prefix('v1')->group(function () {
|
||||
Route::get('/', [RoleSwitcherController::class, 'index']);
|
||||
Route::post('switch', [RoleSwitcherController::class, 'switch']);
|
||||
});
|
||||
Route::prefix('settings/school-calendar')->group(function () {
|
||||
Route::get('events', [SchoolCalendarController::class, 'index']);
|
||||
});
|
||||
Route::middleware('admin.access')->prefix('settings/school-calendar')->group(function () {
|
||||
Route::get('options', [SchoolCalendarController::class, 'options']);
|
||||
Route::get('events', [SchoolCalendarController::class, 'index']);
|
||||
Route::get('events/{eventId}', [SchoolCalendarController::class, 'show']);
|
||||
Route::post('events', [SchoolCalendarController::class, 'store']);
|
||||
Route::patch('events/{eventId}', [SchoolCalendarController::class, 'update']);
|
||||
@@ -817,6 +849,8 @@ Route::prefix('v1')->group(function () {
|
||||
Route::get('invoices', [ParentApiController::class, 'invoices']);
|
||||
Route::get('enrollments', [ParentApiController::class, 'enrollments']);
|
||||
Route::post('enrollments', [ParentApiController::class, 'updateEnrollments']);
|
||||
Route::get('progress', [ParentApiController::class, 'progress']);
|
||||
Route::get('progress/{class_progress}', [ParentApiController::class, 'progressDetail'])->whereNumber('class_progress');
|
||||
|
||||
Route::prefix('promotions')->group(function () {
|
||||
Route::get('/', [ParentPromotionController::class, 'overview']);
|
||||
@@ -901,12 +935,15 @@ Route::prefix('v1')->group(function () {
|
||||
|
||||
Route::get('categories', [InventoryCategoryController::class, 'index']);
|
||||
Route::post('categories', [InventoryCategoryController::class, 'store']);
|
||||
Route::post('category', [InventoryCategoryController::class, 'store']);
|
||||
Route::patch('categories/{id}', [InventoryCategoryController::class, 'update']);
|
||||
Route::delete('categories/{id}', [InventoryCategoryController::class, 'destroy']);
|
||||
|
||||
Route::get('movements', [InventoryMovementController::class, 'index']);
|
||||
Route::get('movements/{id}/edit', [InventoryMovementController::class, 'editForm'])->whereNumber('id');
|
||||
Route::post('movements', [InventoryMovementController::class, 'store']);
|
||||
Route::patch('movements/{id}', [InventoryMovementController::class, 'update']);
|
||||
Route::put('movements/{id}', [InventoryMovementController::class, 'update']);
|
||||
Route::delete('movements/{id}', [InventoryMovementController::class, 'destroy']);
|
||||
Route::post('movements/bulk-delete', [InventoryMovementController::class, 'bulkDelete']);
|
||||
|
||||
@@ -1182,6 +1219,7 @@ Route::prefix('v1')->group(function () {
|
||||
Route::prefix('reports/stickers')->group(function () {
|
||||
Route::get('form-data', [StickersController::class, 'formData']);
|
||||
Route::get('students', [StickersController::class, 'studentsByClass']);
|
||||
Route::get('preview', [StickersController::class, 'preview']);
|
||||
Route::post('print', [StickersController::class, 'print']);
|
||||
});
|
||||
Route::prefix('reports/report-cards')->group(function () {
|
||||
|
||||
Reference in New Issue
Block a user