security fix and fix parent pages
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
This commit is contained in:
@@ -30,6 +30,29 @@ class ReportCardsControllerTest extends TestCase
|
||||
$this->assertArrayHasKey('class_section_id', $response->json('data.classSections.0'));
|
||||
}
|
||||
|
||||
public function test_parent_meta_is_scoped_to_only_their_students(): void
|
||||
{
|
||||
$this->seedConfig();
|
||||
$admin = $this->seedUser();
|
||||
$parent = $this->seedParentUser(10);
|
||||
$data = $this->seedReportCardData($admin->id);
|
||||
$other = $this->seedOtherScoredStudent($admin->id);
|
||||
|
||||
Sanctum::actingAs($parent);
|
||||
|
||||
$response = $this->getJson('/api/v1/reports/report-cards/meta?school_year=2025-2026&semester=Fall');
|
||||
|
||||
$response->assertOk();
|
||||
$response->assertJsonPath('status', true);
|
||||
$this->assertSame([$data['student_id']], collect($response->json('data.students'))->pluck('id')->all());
|
||||
|
||||
$this->getJson('/api/v1/reports/report-cards/students/'.$other['student_id'].'?school_year=2025-2026&semester=Fall')
|
||||
->assertForbidden();
|
||||
|
||||
$this->getJson('/api/v1/reports/report-cards/classes/'.$data['class_section_id'].'?school_year=2025-2026&semester=Fall')
|
||||
->assertForbidden();
|
||||
}
|
||||
|
||||
public function test_completeness_returns_summary_and_students(): void
|
||||
{
|
||||
$this->seedConfig();
|
||||
@@ -155,6 +178,48 @@ class ReportCardsControllerTest extends TestCase
|
||||
'semester' => 'Fall',
|
||||
'school_year' => '2025-2026',
|
||||
'status' => 'Active',
|
||||
'is_verified' => 1,
|
||||
'is_suspended' => 0,
|
||||
]);
|
||||
|
||||
return User::query()->findOrFail($userId);
|
||||
}
|
||||
|
||||
private function seedParentUser(int $userId): User
|
||||
{
|
||||
$roleId = DB::table('roles')->insertGetId([
|
||||
'name' => 'parent',
|
||||
'slug' => 'parent',
|
||||
'is_active' => 1,
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
]);
|
||||
|
||||
DB::table('users')->insert([
|
||||
'id' => $userId,
|
||||
'firstname' => 'Parent',
|
||||
'lastname' => 'User',
|
||||
'cellphone' => '8888888888',
|
||||
'email' => 'parent-reportcards@example.com',
|
||||
'address_street' => '123 Parent',
|
||||
'city' => 'City',
|
||||
'state' => 'ST',
|
||||
'zip' => '12345',
|
||||
'accept_school_policy' => 1,
|
||||
'password' => bcrypt('password'),
|
||||
'user_type' => 'primary',
|
||||
'semester' => 'Fall',
|
||||
'school_year' => '2025-2026',
|
||||
'status' => 'Active',
|
||||
'is_verified' => 1,
|
||||
'is_suspended' => 0,
|
||||
]);
|
||||
|
||||
DB::table('user_roles')->insert([
|
||||
'user_id' => $userId,
|
||||
'role_id' => $roleId,
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
]);
|
||||
|
||||
return User::query()->findOrFail($userId);
|
||||
@@ -280,6 +345,59 @@ class ReportCardsControllerTest extends TestCase
|
||||
];
|
||||
}
|
||||
|
||||
private function seedOtherScoredStudent(int $userId): array
|
||||
{
|
||||
DB::table('students')->insert([
|
||||
'id' => 102,
|
||||
'school_id' => 'SCH3',
|
||||
'firstname' => 'Other',
|
||||
'lastname' => 'Student',
|
||||
'age' => 10,
|
||||
'gender' => 'Female',
|
||||
'photo_consent' => 1,
|
||||
'parent_id' => 11,
|
||||
'year_of_registration' => '2025-2026',
|
||||
'semester' => 'Fall',
|
||||
'school_year' => '2025-2026',
|
||||
'is_active' => 1,
|
||||
]);
|
||||
|
||||
DB::table('student_class')->insert([
|
||||
'student_id' => 102,
|
||||
'class_section_id' => 200,
|
||||
'school_year' => '2025-2026',
|
||||
'semester' => 'Fall',
|
||||
'is_event_only' => 0,
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
]);
|
||||
|
||||
DB::table('semester_scores')->insert([
|
||||
'student_id' => 102,
|
||||
'school_id' => 'SCH3',
|
||||
'class_section_id' => 200,
|
||||
'updated_by' => $userId,
|
||||
'homework_avg' => 87,
|
||||
'quiz_avg' => 86,
|
||||
'project_avg' => 85,
|
||||
'test_avg' => 84,
|
||||
'midterm_exam_score' => 83,
|
||||
'final_exam_score' => 82,
|
||||
'attendance_score' => 81,
|
||||
'ptap_score' => 80,
|
||||
'semester_score' => 84,
|
||||
'semester' => 'Fall',
|
||||
'school_year' => '2025-2026',
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
]);
|
||||
|
||||
return [
|
||||
'student_id' => 102,
|
||||
'class_section_id' => 200,
|
||||
];
|
||||
}
|
||||
|
||||
private function seedAcknowledgement(int $studentId): void
|
||||
{
|
||||
DB::table('report_card_acknowledgements')->insert([
|
||||
|
||||
Reference in New Issue
Block a user