soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Expand support API validation for writable resources
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
tests / ui (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Codex Agent
2026-01-28 20:46:12 +01:00
parent 981df2ee45
commit f0e8cee850
7 changed files with 367 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
app/Http/Requests/Support/Resources/SupportBlogPostResourceRequest.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
namespace App\Http\Requests\Support\Resources;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Validation\Rule;
class SupportBlogPostResourceRequest extends SupportResourceFormRequest
{
public static function rulesFor(string $action, ?Model $model = null): array
{
$postId = $model?->getKey();
$rules = [
'blog_category_id' => ['sometimes', 'integer', 'exists:blog_categories,id'],
'slug' => [
'sometimes',
'string',
'max:255',
Rule::unique('blog_posts', 'slug')->ignore($postId),
],
'banner' => ['sometimes', 'nullable', 'string', 'max:255'],
'published_at' => ['sometimes', 'nullable', 'date'],
'is_published' => ['sometimes', 'boolean'],
'title' => ['sometimes', 'array'],
'title.de' => ['required_with:title', 'string', 'max:255'],
'title.en' => ['nullable', 'string', 'max:255'],
'content' => ['sometimes', 'array'],
'content.de' => ['required_with:content', 'string'],
'content.en' => ['nullable', 'string'],
'excerpt' => ['sometimes', 'array'],
'excerpt.de' => ['nullable', 'string'],
'excerpt.en' => ['nullable', 'string'],
'meta_title' => ['sometimes', 'array'],
'meta_title.de' => ['nullable', 'string', 'max:255'],
'meta_title.en' => ['nullable', 'string', 'max:255'],
'meta_description' => ['sometimes', 'array'],
'meta_description.de' => ['nullable', 'string'],
'meta_description.en' => ['nullable', 'string'],
'translations' => ['sometimes', 'array'],
];
if ($action === 'create') {
$rules['blog_category_id'] = ['required', 'integer', 'exists:blog_categories,id'];
$rules['slug'] = ['required', 'string', 'max:255', Rule::unique('blog_posts', 'slug')];
$rules['title'] = ['required', 'array'];
$rules['title.de'] = ['required', 'string', 'max:255'];
$rules['content'] = ['required', 'array'];
$rules['content.de'] = ['required', 'string'];
}
return $rules;
}
public static function allowedFields(string $action): array
{
return [
'blog_category_id',
'slug',
'banner',
'published_at',
'is_published',
'title',
'content',
'excerpt',
'meta_title',
'meta_description',
'translations',
];
}
}

46
app/Http/Requests/Support/Resources/SupportEmotionResourceRequest.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
namespace App\Http\Requests\Support\Resources;
use Illuminate\Database\Eloquent\Model;
class SupportEmotionResourceRequest extends SupportResourceFormRequest
{
public static function rulesFor(string $action, ?Model $model = null): array
{
$rules = [
'name' => ['sometimes', 'array'],
'name.de' => ['required_with:name', 'string', 'max:255'],
'name.en' => ['required_with:name', 'string', 'max:255'],
'description' => ['sometimes', 'array'],
'description.de' => ['nullable', 'string'],
'description.en' => ['nullable', 'string'],
'icon' => ['sometimes', 'nullable', 'string', 'max:50'],
'color' => ['sometimes', 'nullable', 'string', 'max:7'],
'sort_order' => ['sometimes', 'integer', 'min:0'],
'is_active' => ['sometimes', 'boolean'],
'tenant_id' => ['sometimes', 'nullable', 'integer', 'exists:tenants,id'],
];
if ($action === 'create') {
$rules['name'] = ['required', 'array'];
$rules['name.de'] = ['required', 'string', 'max:255'];
$rules['name.en'] = ['required', 'string', 'max:255'];
}
return $rules;
}
public static function allowedFields(string $action): array
{
return [
'name',
'description',
'icon',
'color',
'sort_order',
'is_active',
'tenant_id',
];
}
}

74
app/Http/Requests/Support/Resources/SupportEventResourceRequest.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
namespace App\Http\Requests\Support\Resources;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Validation\Rule;
class SupportEventResourceRequest extends SupportResourceFormRequest
{
public static function rulesFor(string $action, ?Model $model = null): array
{
$eventId = $model?->getKey();
$rules = [
'name' => ['sometimes', 'array'],
'name.de' => ['required_with:name', 'string', 'max:255'],
'name.en' => ['nullable', 'string', 'max:255'],
'description' => ['sometimes', 'array'],
'description.de' => ['nullable', 'string'],
'description.en' => ['nullable', 'string'],
'slug' => [
'sometimes',
'string',
'max:255',
Rule::unique('events', 'slug')->ignore($eventId),
],
'date' => ['sometimes', 'date'],
'location' => ['sometimes', 'nullable', 'string', 'max:255'],
'max_participants' => ['sometimes', 'nullable', 'integer', 'min:0'],
'event_type_id' => ['sometimes', 'nullable', 'integer', 'exists:event_types,id'],
'default_locale' => ['sometimes', 'string', 'max:5'],
'is_active' => ['sometimes', 'boolean'],
'status' => ['sometimes', 'string', Rule::in(['draft', 'published', 'archived'])],
'settings' => ['sometimes', 'array'],
'join_link_enabled' => ['sometimes', 'boolean'],
'photo_upload_enabled' => ['sometimes', 'boolean'],
'task_checklist_enabled' => ['sometimes', 'boolean'],
];
if ($action === 'create') {
$rules['name'] = ['required', 'array'];
$rules['name.de'] = ['required', 'string', 'max:255'];
$rules['slug'] = [
'required',
'string',
'max:255',
Rule::unique('events', 'slug'),
];
$rules['date'] = ['required', 'date'];
}
return $rules;
}
public static function allowedFields(string $action): array
{
return [
'name',
'description',
'slug',
'date',
'location',
'max_participants',
'event_type_id',
'default_locale',
'is_active',
'status',
'settings',
'join_link_enabled',
'photo_upload_enabled',
'task_checklist_enabled',
];
}
}

31
app/Http/Requests/Support/Resources/SupportPhotoResourceRequest.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
namespace App\Http\Requests\Support\Resources;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Validation\Rule;
class SupportPhotoResourceRequest extends SupportResourceFormRequest
{
public static function rulesFor(string $action, ?Model $model = null): array
{
return [
'status' => ['sometimes', 'string', Rule::in(['pending', 'approved', 'rejected', 'hidden'])],
'moderation_notes' => ['nullable', 'required_if:status,rejected', 'string', 'max:1000'],
'is_featured' => ['sometimes', 'boolean'],
'emotion_id' => ['sometimes', 'nullable', 'integer', 'exists:emotions,id'],
'task_id' => ['sometimes', 'nullable', 'integer', 'exists:tasks,id'],
];
}
public static function allowedFields(string $action): array
{
return [
'status',
'moderation_notes',
'is_featured',
'emotion_id',
'task_id',
];
}
}

52
app/Http/Requests/Support/Resources/SupportTaskResourceRequest.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
namespace App\Http\Requests\Support\Resources;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Validation\Rule;
class SupportTaskResourceRequest extends SupportResourceFormRequest
{
public static function rulesFor(string $action, ?Model $model = null): array
{
$rules = [
'emotion_id' => ['sometimes', 'integer', 'exists:emotions,id'],
'event_type_id' => ['sometimes', 'nullable', 'integer', 'exists:event_types,id'],
'title' => ['sometimes', 'array'],
'title.de' => ['required_with:title', 'string', 'max:255'],
'title.en' => ['required_with:title', 'string', 'max:255'],
'description' => ['sometimes', 'array'],
'description.de' => ['nullable', 'string'],
'description.en' => ['nullable', 'string'],
'example_text' => ['sometimes', 'array'],
'example_text.de' => ['nullable', 'string'],
'example_text.en' => ['nullable', 'string'],
'difficulty' => ['sometimes', 'string', Rule::in(['easy', 'medium', 'hard'])],
'sort_order' => ['sometimes', 'integer', 'min:0'],
'is_active' => ['sometimes', 'boolean'],
];
if ($action === 'create') {
$rules['emotion_id'] = ['required', 'integer', 'exists:emotions,id'];
$rules['title'] = ['required', 'array'];
$rules['title.de'] = ['required', 'string', 'max:255'];
$rules['title.en'] = ['required', 'string', 'max:255'];
}
return $rules;
}
public static function allowedFields(string $action): array
{
return [
'emotion_id',
'event_type_id',
'title',
'description',
'example_text',
'difficulty',
'sort_order',
'is_active',
];
}
}

62
config/support-api.php
View File

@@ -1,7 +1,12 @@
<?php <?php
use App\Http\Requests\Support\Resources\SupportBlogPostResourceRequest;
use App\Http\Requests\Support\Resources\SupportDataExportResourceRequest; use App\Http\Requests\Support\Resources\SupportDataExportResourceRequest;
use App\Http\Requests\Support\Resources\SupportEmotionResourceRequest;
use App\Http\Requests\Support\Resources\SupportEventResourceRequest;
use App\Http\Requests\Support\Resources\SupportPhotoboothSettingResourceRequest; use App\Http\Requests\Support\Resources\SupportPhotoboothSettingResourceRequest;
use App\Http\Requests\Support\Resources\SupportPhotoResourceRequest;
use App\Http\Requests\Support\Resources\SupportTaskResourceRequest;
use App\Http\Requests\Support\Resources\SupportTenantFeedbackResourceRequest; use App\Http\Requests\Support\Resources\SupportTenantFeedbackResourceRequest;
use App\Http\Requests\Support\Resources\SupportTenantResourceRequest; use App\Http\Requests\Support\Resources\SupportTenantResourceRequest;
use App\Http\Requests\Support\Resources\SupportUserResourceRequest; use App\Http\Requests\Support\Resources\SupportUserResourceRequest;
@@ -90,14 +95,17 @@ return [
'events' => [ 'events' => [
'model' => Event::class, 'model' => Event::class,
'search' => ['name', 'slug'], 'search' => ['name', 'slug'],
'read_only' => true,
'abilities' => [ 'abilities' => [
'read' => ['support:read'], 'read' => ['support:read'],
'write' => ['support:write'],
],
'validation' => [
'update' => SupportEventResourceRequest::class,
], ],
'mutations' => [ 'mutations' => [
'create' => false, 'create' => false,
'update' => false, 'update' => true,
'delete' => false, 'delete' => true,
], ],
], ],
'event-types' => [ 'event-types' => [
@@ -116,9 +124,17 @@ return [
'photos' => [ 'photos' => [
'model' => Photo::class, 'model' => Photo::class,
'search' => ['id'], 'search' => ['id'],
'read_only' => true,
'abilities' => [ 'abilities' => [
'read' => ['support:read'], 'read' => ['support:read'],
'write' => ['support:write'],
],
'validation' => [
'update' => SupportPhotoResourceRequest::class,
],
'mutations' => [
'create' => false,
'update' => true,
'delete' => true,
], ],
], ],
'event-purchases' => [ 'event-purchases' => [
@@ -321,40 +337,52 @@ return [
'blog-posts' => [ 'blog-posts' => [
'model' => BlogPost::class, 'model' => BlogPost::class,
'search' => ['title', 'slug'], 'search' => ['title', 'slug'],
'read_only' => true,
'abilities' => [ 'abilities' => [
'read' => ['support:content'], 'read' => ['support:content'],
'write' => ['support:content'],
],
'validation' => [
'create' => SupportBlogPostResourceRequest::class,
'update' => SupportBlogPostResourceRequest::class,
], ],
'mutations' => [ 'mutations' => [
'create' => false, 'create' => true,
'update' => false, 'update' => true,
'delete' => false, 'delete' => true,
], ],
], ],
'emotions' => [ 'emotions' => [
'model' => Emotion::class, 'model' => Emotion::class,
'search' => ['name', 'slug'], 'search' => ['name', 'slug'],
'read_only' => true,
'abilities' => [ 'abilities' => [
'read' => ['support:content'], 'read' => ['support:content'],
'write' => ['support:content'],
],
'validation' => [
'create' => SupportEmotionResourceRequest::class,
'update' => SupportEmotionResourceRequest::class,
], ],
'mutations' => [ 'mutations' => [
'create' => false, 'create' => true,
'update' => false, 'update' => true,
'delete' => false, 'delete' => true,
], ],
], ],
'tasks' => [ 'tasks' => [
'model' => Task::class, 'model' => Task::class,
'search' => ['title'], 'search' => ['title'],
'read_only' => true,
'abilities' => [ 'abilities' => [
'read' => ['support:read'], 'read' => ['support:content'],
'write' => ['support:content'],
],
'validation' => [
'create' => SupportTaskResourceRequest::class,
'update' => SupportTaskResourceRequest::class,
], ],
'mutations' => [ 'mutations' => [
'create' => false, 'create' => true,
'update' => false, 'update' => true,
'delete' => false, 'delete' => true,
], ],
], ],
'task-collections' => [ 'task-collections' => [

48
tests/Feature/Support/SupportApiTest.php
View File

@@ -2,6 +2,8 @@
namespace Tests\Feature\Support; namespace Tests\Feature\Support;
use App\Models\BlogCategory;
use App\Models\Photo;
use App\Models\Tenant; use App\Models\Tenant;
use App\Models\User; use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase; use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -82,4 +84,50 @@ class SupportApiTest extends TestCase
Bus::assertDispatched(\App\Jobs\GenerateDataExport::class); Bus::assertDispatched(\App\Jobs\GenerateDataExport::class);
} }
public function test_support_photo_reject_requires_moderation_notes(): void
{
$user = User::factory()->create([
'role' => 'super_admin',
]);
$photo = Photo::factory()->create();
Sanctum::actingAs($user, ['support-admin', 'support:write']);
$response = $this->patchJson('/api/v1/support/photos/'.$photo->id, [
'data' => [
'status' => 'rejected',
],
]);
$response->assertStatus(422)
->assertJsonValidationErrors(['moderation_notes']);
}
public function test_support_blog_post_create_requires_title_and_content(): void
{
$user = User::factory()->create([
'role' => 'super_admin',
]);
$category = BlogCategory::create([
'slug' => 'news',
'name' => ['de' => 'News', 'en' => 'News'],
'is_visible' => true,
]);
Sanctum::actingAs($user, ['support-admin', 'support:content']);
$response = $this->postJson('/api/v1/support/blog-posts', [
'data' => [
'blog_category_id' => $category->id,
'slug' => 'missing-title',
'is_published' => false,
],
]);
$response->assertStatus(422)
->assertJsonValidationErrors(['title', 'content']);
}
} }