apiRoutesContainingAny(['teacher', 'roster', 'class-progress', 'attendance', 'scores', 'homework', 'quiz']); foreach ($routes as $route) { $method = $this->primaryMethod($route); $payload = $this->payloadFor($method, $route->uri()) + [ 'teacher_id' => $this->admin->id, 'class_section_id' => 99999999, 'student_id' => 99999999, 'include_unassigned' => true, 'all_classes' => true, 'bypass_assignment' => true, ]; $response = $this->requestAs($this->teacher, $method, $route->uri(), $payload); $this->assertControlled($response, $method, $route->uri()); $this->assertStringNotContainsString('password', strtolower($response->getContent())); $this->assertStringNotContainsString('remember_token', strtolower($response->getContent())); } } public function test_unassigned_teacher_mutations_are_denied_or_validated(): void { $routes = $this->apiRoutesContainingAny(['attendance', 'scores', 'homework', 'quiz', 'class-progress', 'report-card']); foreach ($routes as $route) { $method = $this->primaryMethod($route); if (! in_array($method, ['POST', 'PUT', 'PATCH', 'DELETE'], true)) { continue; } $payload = $this->payloadFor($method, $route->uri()) + [ 'class_section_id' => 99999999, 'student_id' => $this->ids['studentId'], 'teacher_id' => $this->teacher->id, 'status' => 'finalized', 'score' => 100, ]; $response = $this->requestAs($this->teacher, $method, $route->uri(), $payload); $this->assertControlled($response, $method, $route->uri()); $this->assertNotContains($response->getStatusCode(), [500, 501, 502, 503]); } } }