Nezobrazovat detail logu anonymnímu uživateli #2 - i v tabulce s deklarovanými výsledky byl lokátor a utíkaly informace závodníkům před uzávěrkou.

2026-01-10 13:19:44 +01:00
parent 1e484aef47
commit cdc1082ae8
4 changed files with 287 additions and 60 deletions
--- a/tests/Feature/Results/LogResultControllerTest.php
+++ b/tests/Feature/Results/LogResultControllerTest.php
@@ -138,4 +138,90 @@ class LogResultControllerTest extends TestCase
            'log_id' => $log->id,
        ])->assertStatus(403);
    }
+
+    public function test_claimed_results_redact_locator_and_odx_for_anonymous(): void
+    {
+        $round = $this->createRound();
+        $claimedRun = $this->createEvaluationRun([
+            'round_id' => $round->id,
+            'rules_version' => 'CLAIMED',
+        ]);
+        $log = $this->createLog([
+            'round_id' => $round->id,
+            'pwwlo' => 'JN79',
+            'codxc' => 'OK2XYZ',
+        ]);
+        $result = $this->createLogResult([
+            'evaluation_run_id' => $claimedRun->id,
+            'log_id' => $log->id,
+        ]);
+
+        $response = $this->getJson("/api/log-results?round_id={$round->id}&status=CLAIMED");
+
+        $response->assertStatus(200);
+        $row = collect($response->json('data'))->firstWhere('id', $result->id);
+        $this->assertNotNull($row);
+        $this->assertNull($row['log']['pwwlo']);
+        $this->assertNull($row['log']['codxc']);
+    }
+
+    public function test_admin_sees_locator_and_odx_for_claimed_results(): void
+    {
+        $this->actingAsAdmin();
+        $round = $this->createRound();
+        $claimedRun = $this->createEvaluationRun([
+            'round_id' => $round->id,
+            'rules_version' => 'CLAIMED',
+        ]);
+        $log = $this->createLog([
+            'round_id' => $round->id,
+            'pwwlo' => 'JN79',
+            'codxc' => 'OK2XYZ',
+        ]);
+        $result = $this->createLogResult([
+            'evaluation_run_id' => $claimedRun->id,
+            'log_id' => $log->id,
+        ]);
+
+        $response = $this->getJson("/api/log-results?round_id={$round->id}&status=CLAIMED");
+
+        $response->assertStatus(200);
+        $row = collect($response->json('data'))->firstWhere('id', $result->id);
+        $this->assertNotNull($row);
+        $this->assertSame('JN79', $row['log']['pwwlo']);
+        $this->assertSame('OK2XYZ', $row['log']['codxc']);
+    }
+
+    public function test_claimed_result_show_reveals_locator_after_final_published(): void
+    {
+        $round = $this->createRound();
+        $claimedRun = $this->createEvaluationRun([
+            'round_id' => $round->id,
+            'rules_version' => 'CLAIMED',
+        ]);
+        $officialRun = $this->createEvaluationRun([
+            'round_id' => $round->id,
+            'rules_version' => 'OFFICIAL',
+            'status' => 'SUCCEEDED',
+            'result_type' => 'FINAL',
+        ]);
+        $round->official_evaluation_run_id = $officialRun->id;
+        $round->save();
+
+        $log = $this->createLog([
+            'round_id' => $round->id,
+            'pwwlo' => 'JN79',
+            'codxc' => 'OK2XYZ',
+        ]);
+        $result = $this->createLogResult([
+            'evaluation_run_id' => $claimedRun->id,
+            'log_id' => $log->id,
+        ]);
+
+        $response = $this->getJson("/api/log-results/{$result->id}");
+
+        $response->assertStatus(200);
+        $this->assertSame('JN79', $response->json('log.pwwlo'));
+        $this->assertSame('OK2XYZ', $response->json('log.codxc'));
+    }
 }