security fix and fix parent pages
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
This commit is contained in:
@@ -3,7 +3,9 @@
|
||||
namespace Tests\Feature\Api\V1\Settings;
|
||||
|
||||
use App\Models\User;
|
||||
use App\Services\Settings\SchoolCalendar\SchoolCalendarContextService;
|
||||
use App\Services\Settings\SchoolCalendar\SchoolCalendarMutationService;
|
||||
use App\Services\Settings\SchoolCalendar\SchoolCalendarNotificationService;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Laravel\Sanctum\Sanctum;
|
||||
@@ -44,6 +46,40 @@ class SchoolCalendarControllerTest extends TestCase
|
||||
$this->assertArrayHasKey('extendedProps', $response->json('data.events.0'));
|
||||
}
|
||||
|
||||
public function test_parent_can_list_only_parent_audience_events(): void
|
||||
{
|
||||
$this->seedConfig();
|
||||
$parent = $this->seedParentUser();
|
||||
$parentEventId = $this->seedEvent();
|
||||
$teacherEventId = DB::table('calendar_events')->insertGetId([
|
||||
'title' => 'Teacher Only',
|
||||
'date' => '2026-01-03',
|
||||
'description' => 'Hidden from parents',
|
||||
'notify_parent' => 0,
|
||||
'notify_admin' => 0,
|
||||
'notify_teacher' => 1,
|
||||
'no_school' => 0,
|
||||
'semester' => 'Fall',
|
||||
'school_year' => '2025-2026',
|
||||
'notification_sent' => 0,
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
]);
|
||||
|
||||
Sanctum::actingAs($parent);
|
||||
|
||||
$response = $this->getJson('/api/v1/settings/school-calendar/events?audience=parent&school_year=2025-2026&include_meetings=0');
|
||||
|
||||
$response->assertOk();
|
||||
$response->assertJsonPath('status', true);
|
||||
$ids = collect($response->json('data.events'))->pluck('id')->all();
|
||||
$this->assertContains($parentEventId, $ids);
|
||||
$this->assertNotContains($teacherEventId, $ids);
|
||||
|
||||
$this->getJson('/api/v1/settings/school-calendar/events?school_year=2025-2026')
|
||||
->assertForbidden();
|
||||
}
|
||||
|
||||
public function test_show_returns_event(): void
|
||||
{
|
||||
$this->seedConfig();
|
||||
@@ -136,7 +172,10 @@ class SchoolCalendarControllerTest extends TestCase
|
||||
Sanctum::actingAs($user);
|
||||
|
||||
$this->app->bind(SchoolCalendarMutationService::class, function () {
|
||||
return new class
|
||||
return new class(
|
||||
app(SchoolCalendarContextService::class),
|
||||
app(SchoolCalendarNotificationService::class),
|
||||
) extends SchoolCalendarMutationService
|
||||
{
|
||||
public function create(array $payload, array $targets = []): array
|
||||
{
|
||||
@@ -173,6 +212,14 @@ class SchoolCalendarControllerTest extends TestCase
|
||||
|
||||
private function seedUser(): User
|
||||
{
|
||||
$roleId = DB::table('roles')->insertGetId([
|
||||
'name' => 'administrator',
|
||||
'slug' => 'administrator',
|
||||
'is_active' => 1,
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
]);
|
||||
|
||||
$userId = DB::table('users')->insertGetId([
|
||||
'firstname' => 'Admin',
|
||||
'lastname' => 'User',
|
||||
@@ -188,6 +235,54 @@ class SchoolCalendarControllerTest extends TestCase
|
||||
'semester' => 'Fall',
|
||||
'school_year' => '2025-2026',
|
||||
'status' => 'Active',
|
||||
'is_verified' => 1,
|
||||
'is_suspended' => 0,
|
||||
]);
|
||||
|
||||
DB::table('user_roles')->insert([
|
||||
'user_id' => $userId,
|
||||
'role_id' => $roleId,
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
]);
|
||||
|
||||
return User::query()->findOrFail($userId);
|
||||
}
|
||||
|
||||
private function seedParentUser(): User
|
||||
{
|
||||
$roleId = DB::table('roles')->insertGetId([
|
||||
'name' => 'parent',
|
||||
'slug' => 'parent',
|
||||
'is_active' => 1,
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
]);
|
||||
|
||||
$userId = DB::table('users')->insertGetId([
|
||||
'firstname' => 'Parent',
|
||||
'lastname' => 'User',
|
||||
'cellphone' => '8888888888',
|
||||
'email' => 'calendar-parent@example.com',
|
||||
'address_street' => '123 Street',
|
||||
'city' => 'City',
|
||||
'state' => 'ST',
|
||||
'zip' => '12345',
|
||||
'accept_school_policy' => 1,
|
||||
'password' => bcrypt('password'),
|
||||
'user_type' => 'primary',
|
||||
'semester' => 'Fall',
|
||||
'school_year' => '2025-2026',
|
||||
'status' => 'Active',
|
||||
'is_verified' => 1,
|
||||
'is_suspended' => 0,
|
||||
]);
|
||||
|
||||
DB::table('user_roles')->insert([
|
||||
'user_id' => $userId,
|
||||
'role_id' => $roleId,
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
]);
|
||||
|
||||
return User::query()->findOrFail($userId);
|
||||
|
||||
Reference in New Issue
Block a user