daan/ledgerrz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Implement defensive point constraints and validation tests

Browse Source
This commit is contained in:
Daan Meijer 2026-06-23 11:41:20 +02:00
parent d68fc33bcb
commit cca5952470
4 changed files with 105 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/PredefinedMutationController.php
View File

@ -37,7 +37,7 @@ class PredefinedMutationController extends Controller
$request->validate([
'name' => ['required', 'string', 'max:255'],
'description' => ['nullable', 'string'],
'amount' => ['required', 'integer'],
'amount' => ['required', 'integer', 'not_in:0', 'min:-1000', 'max:1000'],
]);
$ledger->predefinedMutations()->create($request->all());
@ -69,7 +69,7 @@ class PredefinedMutationController extends Controller
$request->validate([
'name' => ['required', 'string', 'max:255'],
'description' => ['nullable', 'string'],
'amount' => ['required', 'integer'],
'amount' => ['required', 'integer', 'not_in:0', 'min:-1000', 'max:1000'],
]);
$predefinedMutation->update($request->all());

2
app/Http/Requests/StoreMutationRequest.php
View File

@ -25,7 +25,7 @@ class StoreMutationRequest extends FormRequest
public function rules(): array
{
return [
'amount' => ['required', 'integer'],
'amount' => ['required', 'integer', 'not_in:0', 'min:-1000', 'max:1000'],
'description' => ['required', 'string'],
'type' => ['nullable', 'string'],
'status' => ['nullable', 'string'],

51
tests/Feature/MutationTest.php
View File

@ -121,3 +121,54 @@ test('owner can approve a pending suggestion and it is updated and logged', func
expect($dynamicChatMessages->last()->user_id)->toBeNull();
expect($dynamicChatMessages->last()->content)->toBe("<user:{$owner->id}> APPROVED the suggestion \"Polished dungeon floors\" for +20 points on \"{$ledger->name}\" ledger.");
});
test('creating a mutation with 0 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.mutations.store', [$dynamic, $ledger]), [
'amount' => 0,
'description' => 'Zero point spam',
]);
$response->assertSessionHasErrors(['amount']);
expect(Mutation::where('description', 'Zero point spam')->exists())->toBeFalse();
});
test('creating a mutation with more than 1000 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.mutations.store', [$dynamic, $ledger]), [
'amount' => 1001,
'description' => 'Abusive positive point reward',
]);
$response->assertSessionHasErrors(['amount']);
expect(Mutation::where('description', 'Abusive positive point reward')->exists())->toBeFalse();
});
test('creating a mutation with less than -1000 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.mutations.store', [$dynamic, $ledger]), [
'amount' => -1001,
'description' => 'Abusive negative point demerit',
]);
$response->assertSessionHasErrors(['amount']);
expect(Mutation::where('description', 'Abusive negative point demerit')->exists())->toBeFalse();
});

51
tests/Feature/PredefinedMutationTest.php
View File

@ -164,3 +164,54 @@ test('owner can delete predefined mutation', function () {
'id' => $predefined->id,
]);
});
test('creating a predefined mutation with 0 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.predefined-mutations.store', [$dynamic->uuid, $ledger->uuid]), [
'name' => 'Zero point predefined',
'amount' => 0,
]);
$response->assertSessionHasErrors(['amount']);
expect(PredefinedMutation::where('name', 'Zero point predefined')->exists())->toBeFalse();
});
test('creating a predefined mutation with more than 1000 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.predefined-mutations.store', [$dynamic->uuid, $ledger->uuid]), [
'name' => 'Abusive positive predefined',
'amount' => 1001,
]);
$response->assertSessionHasErrors(['amount']);
expect(PredefinedMutation::where('name', 'Abusive positive predefined')->exists())->toBeFalse();
});
test('creating a predefined mutation with less than -1000 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.predefined-mutations.store', [$dynamic->uuid, $ledger->uuid]), [
'name' => 'Abusive negative predefined',
'amount' => -1001,
]);
$response->assertSessionHasErrors(['amount']);
expect(PredefinedMutation::where('name', 'Abusive negative predefined')->exists())->toBeFalse();
});