security fix and fix parent pages
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped

This commit is contained in:
root
2026-07-06 02:14:16 -04:00
parent 39228168c8
commit 90f9857b06
43 changed files with 4323 additions and 132 deletions
@@ -3,7 +3,9 @@
namespace Tests\Feature\Api\V1\Settings;
use App\Models\User;
use App\Services\Settings\SchoolCalendar\SchoolCalendarContextService;
use App\Services\Settings\SchoolCalendar\SchoolCalendarMutationService;
use App\Services\Settings\SchoolCalendar\SchoolCalendarNotificationService;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Laravel\Sanctum\Sanctum;
@@ -44,6 +46,40 @@ class SchoolCalendarControllerTest extends TestCase
$this->assertArrayHasKey('extendedProps', $response->json('data.events.0'));
}
public function test_parent_can_list_only_parent_audience_events(): void
{
$this->seedConfig();
$parent = $this->seedParentUser();
$parentEventId = $this->seedEvent();
$teacherEventId = DB::table('calendar_events')->insertGetId([
'title' => 'Teacher Only',
'date' => '2026-01-03',
'description' => 'Hidden from parents',
'notify_parent' => 0,
'notify_admin' => 0,
'notify_teacher' => 1,
'no_school' => 0,
'semester' => 'Fall',
'school_year' => '2025-2026',
'notification_sent' => 0,
'created_at' => now(),
'updated_at' => now(),
]);
Sanctum::actingAs($parent);
$response = $this->getJson('/api/v1/settings/school-calendar/events?audience=parent&school_year=2025-2026&include_meetings=0');
$response->assertOk();
$response->assertJsonPath('status', true);
$ids = collect($response->json('data.events'))->pluck('id')->all();
$this->assertContains($parentEventId, $ids);
$this->assertNotContains($teacherEventId, $ids);
$this->getJson('/api/v1/settings/school-calendar/events?school_year=2025-2026')
->assertForbidden();
}
public function test_show_returns_event(): void
{
$this->seedConfig();
@@ -136,7 +172,10 @@ class SchoolCalendarControllerTest extends TestCase
Sanctum::actingAs($user);
$this->app->bind(SchoolCalendarMutationService::class, function () {
return new class
return new class(
app(SchoolCalendarContextService::class),
app(SchoolCalendarNotificationService::class),
) extends SchoolCalendarMutationService
{
public function create(array $payload, array $targets = []): array
{
@@ -173,6 +212,14 @@ class SchoolCalendarControllerTest extends TestCase
private function seedUser(): User
{
$roleId = DB::table('roles')->insertGetId([
'name' => 'administrator',
'slug' => 'administrator',
'is_active' => 1,
'created_at' => now(),
'updated_at' => now(),
]);
$userId = DB::table('users')->insertGetId([
'firstname' => 'Admin',
'lastname' => 'User',
@@ -188,6 +235,54 @@ class SchoolCalendarControllerTest extends TestCase
'semester' => 'Fall',
'school_year' => '2025-2026',
'status' => 'Active',
'is_verified' => 1,
'is_suspended' => 0,
]);
DB::table('user_roles')->insert([
'user_id' => $userId,
'role_id' => $roleId,
'created_at' => now(),
'updated_at' => now(),
]);
return User::query()->findOrFail($userId);
}
private function seedParentUser(): User
{
$roleId = DB::table('roles')->insertGetId([
'name' => 'parent',
'slug' => 'parent',
'is_active' => 1,
'created_at' => now(),
'updated_at' => now(),
]);
$userId = DB::table('users')->insertGetId([
'firstname' => 'Parent',
'lastname' => 'User',
'cellphone' => '8888888888',
'email' => 'calendar-parent@example.com',
'address_street' => '123 Street',
'city' => 'City',
'state' => 'ST',
'zip' => '12345',
'accept_school_policy' => 1,
'password' => bcrypt('password'),
'user_type' => 'primary',
'semester' => 'Fall',
'school_year' => '2025-2026',
'status' => 'Active',
'is_verified' => 1,
'is_suspended' => 0,
]);
DB::table('user_roles')->insert([
'user_id' => $userId,
'role_id' => $roleId,
'created_at' => now(),
'updated_at' => now(),
]);
return User::query()->findOrFail($userId);