Entry Security

Block deletion or modification of scores for an entry in a published audition Closes #39
2024-07-17 17:10:01 -05:00 · 2024-07-17 17:10:01 -05:00 · f94586fbe4
parent e30a5d8f9d
commit f94586fbe4
5 changed files with 15 additions and 2 deletions
--- a/app/Http/Controllers/Admin/EntryController.php
+++ b/app/Http/Controllers/Admin/EntryController.php
@ -192,6 +192,10 @@ class EntryController extends Controller
            return redirect()->route('admin.entries.index')->with('error', 'Cannot delete an entry that is seated');
        }

+        if ($entry->scoreSheets()->count() > 0) {
+            return redirect()->route('admin.entries.index')->with('error', 'Cannot delete an entry that has been scored');
+        }
+
        $entry->delete();

        return redirect()->route('admin.entries.index')->with('success', 'Entry Deleted');
--- a/app/Http/Controllers/Tabulation/BonusScoreController.php
+++ b/app/Http/Controllers/Tabulation/BonusScoreController.php
@ -48,6 +48,9 @@ class BonusScoreController extends Controller

    public function saveEntryBonusScoreSheet(Entry $entry, GetBonusScoreRelatedEntries $getRelatedEntries, EnterBonusScore $saveBonusScore)
    {
+        if ($entry->audition->hasFlag('seats_published') || $entry->audition->hasFlag('results_published')) {
+            return redirect()->route('bonus-scores.entryBonusScoreSheet', ['entry_id' => $entry->id])->with('error', 'Bonus scores cannot be modified after results are published');
+        }
        $validData = request()->validate([
            'judge_id' => 'required|exists:users,id',
            'entry_id' => 'required|exists:entries,id',
--- a/app/Http/Controllers/Tabulation/ScoreController.php
+++ b/app/Http/Controllers/Tabulation/ScoreController.php
@ -21,6 +21,12 @@ class ScoreController extends Controller

    public function destroyScore(ScoreSheet $score)
    {
+        if ($score->entry->audition->hasFlag('seats_published')) {
+            return redirect()->back()->with('error', 'Cannot delete scores for an entry where  seats are published');
+        }
+        if ($score->entry->audition->hasFlag('advancement_published')) {
+            return redirect()->back()->with('error', 'Cannot delete scores for an entry where advancement is published');
+        }
        $score->delete();

        return redirect()->back()->with('success', 'Score Deleted');
--- a/database/factories/BonusScoreDefinitionFactory.php
+++ b/database/factories/BonusScoreDefinitionFactory.php
@ -17,7 +17,7 @@ class BonusScoreDefinitionFactory extends Factory
    public function definition(): array
    {
        return [
-            'name' => $this->faker->word,
+            'name' => $this->faker->word.$this->faker->word.$this->faker->word,
            'max_score' => $this->faker->randomNumber(2),
            'weight' => $this->faker->randomFloat(2, 0, 2),
        ];
--- a/tests/Feature/Pages/Admin/EntriesEditTest.php
+++ b/tests/Feature/Pages/Admin/EntriesEditTest.php
@ -190,7 +190,7 @@ it('does not allow an administrator to update an entry in an audition with publi
 it('always sets for_seating to true if advancement is not enabled', function () {
    //arrange
    Settings::set('advanceTo', '');
-    $newAudition = Audition::factory()->create();
+    $newAudition = Audition::factory()->create(['minimum_grade' => 1, 'maximum_grade' => 20]);
    actAsAdmin();
    // Act & Assert
    /** @noinspection PhpUnhandledExceptionInspection */