Files
alrahma_sunday_school_api/tests/Feature/Api/V1/FullSurface/ApiBusinessRuleEdgeCaseContractTest.php
T
2026-06-11 11:46:12 -04:00

86 lines
3.8 KiB
PHP

<?php
namespace Tests\Feature\Api\V1\FullSurface;
use Tests\Feature\Api\V1\FullSurface\Support\FullSurfaceE2EContractCase;
class ApiBusinessRuleEdgeCaseContractTest extends FullSurfaceE2EContractCase
{
public function test_school_year_semester_and_class_mismatch_payloads_fail_without_crashing(): void
{
$routes = $this->apiRoutesContainingAny(['students', 'class', 'attendance', 'scores', 'report-card', 'teacher']);
foreach ($routes as $route) {
$method = $this->primaryMethod($route);
if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) {
continue;
}
$uri = $route->uri();
$payload = $this->payloadFor($method, $uri) + [
'school_year' => '1900-1901',
'semester' => 'Summer-Does-Not-Exist',
'class_section_id' => 999999,
'student_id' => 999999,
];
$response = $this->requestAs($this->actorFor($uri), $method, $uri, $payload);
$this->assertNoServerError($response, "$method $uri mismatched academic context");
$this->assertStatusIn($response, [200, 201, 202, 204, 302, 400, 401, 403, 404, 409, 419, 422], "$method $uri mismatched academic context");
$this->assertStringNotContainsStringIgnoringCase('foreign key constraint', $response->getContent(), $uri.' should validate academic context before DB failure leaks.');
}
}
public function test_financial_amount_rules_reject_zero_negative_and_precision_abuse_cleanly(): void
{
$routes = $this->apiRoutesContainingAny(['finance', 'payment', 'refund', 'invoice', 'fee', 'installment', 'charge']);
$amounts = [0, -0.01, -999999, '0.0000000000001', '1000000000000000000000000.99'];
foreach ($routes as $route) {
$method = $this->primaryMethod($route);
if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) {
continue;
}
foreach ($amounts as $amount) {
$uri = $route->uri();
$payload = $this->payloadFor($method, $uri);
$payload['amount'] = $amount;
$payload['total'] = $amount;
$payload['balance'] = $amount;
$response = $this->requestAs($this->admin, $method, $uri, $payload);
$this->assertNoServerError($response, "$method $uri amount $amount");
$this->assertStringNotContainsStringIgnoringCase('decimal', $response->getContent(), $uri.' should not leak decimal cast internals.');
$this->assertStringNotContainsStringIgnoringCase('SQLSTATE', $response->getContent(), $uri.' should not leak SQLSTATE for financial edge cases.');
}
}
}
public function test_attendance_status_and_time_edge_cases_are_controlled(): void
{
$routes = $this->apiRoutesContainingAny(['attendance', 'late', 'dismissal', 'absence']);
$statuses = ['present', 'absent', 'late', 'excused', 'early_dismissal', 'not-a-real-status'];
foreach ($routes as $route) {
$method = $this->primaryMethod($route);
if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) {
continue;
}
foreach ($statuses as $status) {
$uri = $route->uri();
$payload = $this->payloadFor($method, $uri) + [
'status' => $status,
'arrival_time' => '25:99',
'dismissal_time' => '-01:00',
];
$response = $this->requestAs($this->actorFor($uri), $method, $uri, $payload);
$this->assertNoServerError($response, "$method $uri status $status");
$this->assertControlled($response, $method, $uri);
}
}
}
}