matt
/
auditionadmin
1
0
Fork 0
Code Issues 16 Pull Requests Packages Projects Releases Wiki Activity

Entry Security 

Block deletion or modification of scores for an entry in a published audition

Closes #39
This commit is contained in:
Matt Young 2024-07-17 17:10:01 -05:00
parent e30a5d8f9d
commit f94586fbe4
5 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/Admin/EntryController.php
View File

@ -192,6 +192,10 @@ class EntryController extends Controller
return redirect()->route('admin.entries.index')->with('error', 'Cannot delete an entry that is seated'); return redirect()->route('admin.entries.index')->with('error', 'Cannot delete an entry that is seated');
} }
if ($entry->scoreSheets()->count() > 0) {
return redirect()->route('admin.entries.index')->with('error', 'Cannot delete an entry that has been scored');
}
$entry->delete(); $entry->delete();
return redirect()->route('admin.entries.index')->with('success', 'Entry Deleted'); return redirect()->route('admin.entries.index')->with('success', 'Entry Deleted');

3
app/Http/Controllers/Tabulation/BonusScoreController.php
View File

@ -48,6 +48,9 @@ class BonusScoreController extends Controller
public function saveEntryBonusScoreSheet(Entry $entry, GetBonusScoreRelatedEntries $getRelatedEntries, EnterBonusScore $saveBonusScore) public function saveEntryBonusScoreSheet(Entry $entry, GetBonusScoreRelatedEntries $getRelatedEntries, EnterBonusScore $saveBonusScore)
{ {
if ($entry->audition->hasFlag('seats_published') || $entry->audition->hasFlag('results_published')) {
return redirect()->route('bonus-scores.entryBonusScoreSheet', ['entry_id' => $entry->id])->with('error', 'Bonus scores cannot be modified after results are published');
}
$validData = request()->validate([ $validData = request()->validate([
'judge_id' => 'required|exists:users,id', 'judge_id' => 'required|exists:users,id',
'entry_id' => 'required|exists:entries,id', 'entry_id' => 'required|exists:entries,id',

6
app/Http/Controllers/Tabulation/ScoreController.php
View File

@ -21,6 +21,12 @@ class ScoreController extends Controller
public function destroyScore(ScoreSheet $score) public function destroyScore(ScoreSheet $score)
{ {
if ($score->entry->audition->hasFlag('seats_published')) {
return redirect()->back()->with('error', 'Cannot delete scores for an entry where seats are published');
}
if ($score->entry->audition->hasFlag('advancement_published')) {
return redirect()->back()->with('error', 'Cannot delete scores for an entry where advancement is published');
}
$score->delete(); $score->delete();
return redirect()->back()->with('success', 'Score Deleted'); return redirect()->back()->with('success', 'Score Deleted');

2
database/factories/BonusScoreDefinitionFactory.php
View File

@ -17,7 +17,7 @@ class BonusScoreDefinitionFactory extends Factory
public function definition(): array public function definition(): array
{ {
return [ return [
'name' => $this->faker->word, 'name' => $this->faker->word.$this->faker->word.$this->faker->word,
'max_score' => $this->faker->randomNumber(2), 'max_score' => $this->faker->randomNumber(2),
'weight' => $this->faker->randomFloat(2, 0, 2), 'weight' => $this->faker->randomFloat(2, 0, 2),
]; ];

2
tests/Feature/Pages/Admin/EntriesEditTest.php
View File

@ -190,7 +190,7 @@ it('does not allow an administrator to update an entry in an audition with publi
it('always sets for_seating to true if advancement is not enabled', function () { it('always sets for_seating to true if advancement is not enabled', function () {
//arrange //arrange
Settings::set('advanceTo', ''); Settings::set('advanceTo', '');
$newAudition = Audition::factory()->create(); $newAudition = Audition::factory()->create(['minimum_grade' => 1, 'maximum_grade' => 20]);
actAsAdmin(); actAsAdmin();
// Act & Assert // Act & Assert
/** @noinspection PhpUnhandledExceptionInspection */ /** @noinspection PhpUnhandledExceptionInspection */