From f94586fbe4c79828b7091f7a449ee53ad7cec20a Mon Sep 17 00:00:00 2001 From: Matt Young Date: Wed, 17 Jul 2024 17:10:01 -0500 Subject: [PATCH] Entry Security Block deletion or modification of scores for an entry in a published audition Closes #39 --- app/Http/Controllers/Admin/EntryController.php | 4 ++++ app/Http/Controllers/Tabulation/BonusScoreController.php | 3 +++ app/Http/Controllers/Tabulation/ScoreController.php | 6 ++++++ database/factories/BonusScoreDefinitionFactory.php | 2 +- tests/Feature/Pages/Admin/EntriesEditTest.php | 2 +- 5 files changed, 15 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/Admin/EntryController.php b/app/Http/Controllers/Admin/EntryController.php index 362b9df..4132e73 100644 --- a/app/Http/Controllers/Admin/EntryController.php +++ b/app/Http/Controllers/Admin/EntryController.php @@ -192,6 +192,10 @@ class EntryController extends Controller return redirect()->route('admin.entries.index')->with('error', 'Cannot delete an entry that is seated'); } + if ($entry->scoreSheets()->count() > 0) { + return redirect()->route('admin.entries.index')->with('error', 'Cannot delete an entry that has been scored'); + } + $entry->delete(); return redirect()->route('admin.entries.index')->with('success', 'Entry Deleted'); diff --git a/app/Http/Controllers/Tabulation/BonusScoreController.php b/app/Http/Controllers/Tabulation/BonusScoreController.php index 57cfbaa..d0cb4ab 100644 --- a/app/Http/Controllers/Tabulation/BonusScoreController.php +++ b/app/Http/Controllers/Tabulation/BonusScoreController.php @@ -48,6 +48,9 @@ class BonusScoreController extends Controller public function saveEntryBonusScoreSheet(Entry $entry, GetBonusScoreRelatedEntries $getRelatedEntries, EnterBonusScore $saveBonusScore) { + if ($entry->audition->hasFlag('seats_published') || $entry->audition->hasFlag('results_published')) { + return redirect()->route('bonus-scores.entryBonusScoreSheet', ['entry_id' => $entry->id])->with('error', 'Bonus scores cannot be modified after results are published'); + } $validData = request()->validate([ 'judge_id' => 'required|exists:users,id', 'entry_id' => 'required|exists:entries,id', diff --git a/app/Http/Controllers/Tabulation/ScoreController.php b/app/Http/Controllers/Tabulation/ScoreController.php index 4620418..e714a9f 100644 --- a/app/Http/Controllers/Tabulation/ScoreController.php +++ b/app/Http/Controllers/Tabulation/ScoreController.php @@ -21,6 +21,12 @@ class ScoreController extends Controller public function destroyScore(ScoreSheet $score) { + if ($score->entry->audition->hasFlag('seats_published')) { + return redirect()->back()->with('error', 'Cannot delete scores for an entry where seats are published'); + } + if ($score->entry->audition->hasFlag('advancement_published')) { + return redirect()->back()->with('error', 'Cannot delete scores for an entry where advancement is published'); + } $score->delete(); return redirect()->back()->with('success', 'Score Deleted'); diff --git a/database/factories/BonusScoreDefinitionFactory.php b/database/factories/BonusScoreDefinitionFactory.php index 4dbb036..112cba3 100644 --- a/database/factories/BonusScoreDefinitionFactory.php +++ b/database/factories/BonusScoreDefinitionFactory.php @@ -17,7 +17,7 @@ class BonusScoreDefinitionFactory extends Factory public function definition(): array { return [ - 'name' => $this->faker->word, + 'name' => $this->faker->word.$this->faker->word.$this->faker->word, 'max_score' => $this->faker->randomNumber(2), 'weight' => $this->faker->randomFloat(2, 0, 2), ]; diff --git a/tests/Feature/Pages/Admin/EntriesEditTest.php b/tests/Feature/Pages/Admin/EntriesEditTest.php index 105e245..121d0c2 100644 --- a/tests/Feature/Pages/Admin/EntriesEditTest.php +++ b/tests/Feature/Pages/Admin/EntriesEditTest.php @@ -190,7 +190,7 @@ it('does not allow an administrator to update an entry in an audition with publi it('always sets for_seating to true if advancement is not enabled', function () { //arrange Settings::set('advanceTo', ''); - $newAudition = Audition::factory()->create(); + $newAudition = Audition::factory()->create(['minimum_grade' => 1, 'maximum_grade' => 20]); actAsAdmin(); // Act & Assert /** @noinspection PhpUnhandledExceptionInspection */