daan/ledgerrz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'feature/defensive-mutation-constraints'
Some checks failed
linter / quality (push) Failing after 12m11s
Details
tests / ci (8.3) (push) Has been cancelled
Details
tests / ci (8.4) (push) Failing after 1m7s
Details
tests / ci (8.5) (push) Failing after 1m6s
Details

Browse Source
This commit is contained in:
Daan Meijer 2026-06-23 11:55:03 +02:00
commit d751cd4fdd
4 changed files with 105 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/PredefinedMutationController.php
View File

@ -37,7 +37,7 @@ class PredefinedMutationController extends Controller
$request->validate([ $request->validate([
'name' => ['required', 'string', 'max:255'], 'name' => ['required', 'string', 'max:255'],
'description' => ['nullable', 'string'], 'description' => ['nullable', 'string'],
'amount' => ['required', 'integer'], 'amount' => ['required', 'integer', 'not_in:0', 'min:-1000', 'max:1000'],
]); ]);
$ledger->predefinedMutations()->create($request->all()); $ledger->predefinedMutations()->create($request->all());
@ -69,7 +69,7 @@ class PredefinedMutationController extends Controller
$request->validate([ $request->validate([
'name' => ['required', 'string', 'max:255'], 'name' => ['required', 'string', 'max:255'],
'description' => ['nullable', 'string'], 'description' => ['nullable', 'string'],
'amount' => ['required', 'integer'], 'amount' => ['required', 'integer', 'not_in:0', 'min:-1000', 'max:1000'],
]); ]);
$predefinedMutation->update($request->all()); $predefinedMutation->update($request->all());

2
app/Http/Requests/StoreMutationRequest.php
View File

@ -25,7 +25,7 @@ class StoreMutationRequest extends FormRequest
public function rules(): array public function rules(): array
{ {
return [ return [
'amount' => ['required', 'integer'], 'amount' => ['required', 'integer', 'not_in:0', 'min:-1000', 'max:1000'],
'description' => ['required', 'string'], 'description' => ['required', 'string'],
'type' => ['nullable', 'string'], 'type' => ['nullable', 'string'],
'status' => ['nullable', 'string'], 'status' => ['nullable', 'string'],

51
tests/Feature/MutationTest.php
View File

@ -121,3 +121,54 @@ test('owner can approve a pending suggestion and it is updated and logged', func
expect($dynamicChatMessages->last()->user_id)->toBeNull(); expect($dynamicChatMessages->last()->user_id)->toBeNull();
expect($dynamicChatMessages->last()->content)->toBe("<user:{$owner->id}> APPROVED the suggestion \"Polished dungeon floors\" for +20 points on \"{$ledger->name}\" ledger."); expect($dynamicChatMessages->last()->content)->toBe("<user:{$owner->id}> APPROVED the suggestion \"Polished dungeon floors\" for +20 points on \"{$ledger->name}\" ledger.");
}); });
test('creating a mutation with 0 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.mutations.store', [$dynamic, $ledger]), [
'amount' => 0,
'description' => 'Zero point spam',
]);
$response->assertSessionHasErrors(['amount']);
expect(Mutation::where('description', 'Zero point spam')->exists())->toBeFalse();
});
test('creating a mutation with more than 1000 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.mutations.store', [$dynamic, $ledger]), [
'amount' => 1001,
'description' => 'Abusive positive point reward',
]);
$response->assertSessionHasErrors(['amount']);
expect(Mutation::where('description', 'Abusive positive point reward')->exists())->toBeFalse();
});
test('creating a mutation with less than -1000 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.mutations.store', [$dynamic, $ledger]), [
'amount' => -1001,
'description' => 'Abusive negative point demerit',
]);
$response->assertSessionHasErrors(['amount']);
expect(Mutation::where('description', 'Abusive negative point demerit')->exists())->toBeFalse();
});

51
tests/Feature/PredefinedMutationTest.php
View File

@ -164,3 +164,54 @@ test('owner can delete predefined mutation', function () {
'id' => $predefined->id, 'id' => $predefined->id,
]); ]);
}); });
test('creating a predefined mutation with 0 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.predefined-mutations.store', [$dynamic->uuid, $ledger->uuid]), [
'name' => 'Zero point predefined',
'amount' => 0,
]);
$response->assertSessionHasErrors(['amount']);
expect(PredefinedMutation::where('name', 'Zero point predefined')->exists())->toBeFalse();
});
test('creating a predefined mutation with more than 1000 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.predefined-mutations.store', [$dynamic->uuid, $ledger->uuid]), [
'name' => 'Abusive positive predefined',
'amount' => 1001,
]);
$response->assertSessionHasErrors(['amount']);
expect(PredefinedMutation::where('name', 'Abusive positive predefined')->exists())->toBeFalse();
});
test('creating a predefined mutation with less than -1000 points fails validation', function () {
$owner = User::factory()->create();
$dynamic = Dynamic::factory()->create();
$dynamic->participants()->attach($owner->id, ['role' => 'owner']);
$ledger = Ledger::factory()->create(['dynamic_id' => $dynamic->id]);
$this->actingAs($owner);
$response = $this->post(route('dynamics.ledgers.predefined-mutations.store', [$dynamic->uuid, $ledger->uuid]), [
'name' => 'Abusive negative predefined',
'amount' => -1001,
]);
$response->assertSessionHasErrors(['amount']);
expect(PredefinedMutation::where('name', 'Abusive negative predefined')->exists())->toBeFalse();
});