Files
alrahma_sunday_school_api/tests/Feature/Api/V1/FullSurface/ApiCalendarScheduleConflictContractTest.php
T
2026-06-11 11:46:12 -04:00

57 lines
2.4 KiB
PHP

<?php
namespace Tests\Feature\Api\V1\FullSurface;
use Tests\Feature\Api\V1\FullSurface\Support\FullSurfaceE2EContractCase;
class ApiCalendarScheduleConflictContractTest extends FullSurfaceE2EContractCase
{
public function test_calendar_event_and_school_schedule_routes_handle_conflicts_and_invalid_ranges(): void
{
$routes = $this->apiRoutesContainingAny(['calendar', 'schedule', 'event', 'school-day', 'semester']);
foreach ($routes as $route) {
$method = $this->primaryMethod($route);
if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) {
continue;
}
$uri = $route->uri();
$payload = $this->payloadFor($method, $uri) + [
'title' => 'E2E Conflict Probe',
'start_date' => '2026-06-20',
'end_date' => '2025-09-01',
'start_time' => '18:00',
'end_time' => '08:00',
'school_year' => self::E2E_PREV_SCHOOL_YEAR,
'recurrence' => 'FREQ=MINUTELY;INTERVAL=0',
];
$response = $this->requestAs($this->admin, $method, $uri, $payload);
$this->assertNoServerError($response, "$method $uri invalid schedule conflict");
$this->assertControlled($response, $method, $uri);
}
}
public function test_calendar_list_routes_tolerate_window_queries_and_do_not_leak_unscoped_private_events(): void
{
$routes = $this->apiRoutesContainingAny(['calendar', 'schedule', 'event']);
foreach ($routes as $route) {
if ($this->primaryMethod($route) !== 'GET') {
continue;
}
$uri = $route->uri();
$query = '?from=1900-01-01&to=2100-12-31&scope=all&include_private=true';
foreach (['parent' => $this->parent, 'teacher' => $this->teacher, 'student' => $this->studentUser] as $label => $actor) {
$response = $this->requestAs($actor, 'GET', $uri.$query);
$this->assertNoServerError($response, "$label GET $uri calendar scope");
$this->assertStatusIn($response, [200, 204, 302, 400, 401, 403, 404, 409, 419, 422], "$label GET $uri calendar scope");
$this->assertStringNotContainsStringIgnoringCase('private_note', $response->getContent(), "$uri should not expose private event notes to $label.");
}
}
}
}