apiRoutesContainingAny(['discount', 'voucher', 'scholarship', 'fee', 'tuition', 'waiver']); foreach ($routes as $route) { $method = $this->primaryMethod($route); if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) { continue; } $payload = $this->payloadFor($method, $route->uri()) + [ 'voucher_id' => $this->ids['voucherId'], 'discount_type' => 'percent', 'percentage' => 1000, 'amount' => -9999.99, 'applies_to_all' => true, 'family_id' => 99999999, 'student_id' => 99999999, 'approved_by' => $this->parent->id, ]; $response = $this->requestAs($this->admin, $method, $route->uri(), $payload); $this->assertControlled($response, $method, $route->uri()); $this->assertStringNotContainsString('SQLSTATE', $response->getContent()); } } public function test_parent_cannot_self_grant_discounts_or_scholarships(): void { $routes = $this->apiRoutesContainingAny(['discount', 'voucher', 'scholarship', 'waiver']); foreach ($routes as $route) { $method = $this->primaryMethod($route); if (! in_array($method, ['POST', 'PUT', 'PATCH', 'DELETE'], true)) { continue; } $response = $this->requestAs($this->parent, $method, $route->uri(), [ 'student_id' => $this->ids['studentId'], 'amount' => 9999, 'percentage' => 100, 'approved' => true, 'reason' => 'self-granted', ]); $this->assertControlled($response, $method, $route->uri()); $this->assertNotContains($response->getStatusCode(), [200, 201]); } } }