dmolinari/SIG-CM2.0
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(app): validar formato codigo rol en GetRolPermisos [UDT-005]

Browse Source 
Agrega GetRolPermisosQueryValidator con regex ^[a-z][a-z0-9_]*$ para
rechazar codigos invalidos con 400 en GET /api/v1/roles/{codigo}/permisos.
This commit is contained in:
dmolinari
2026-04-15 15:56:49 -03:00
parent 885a8cef17
commit 1a864e9f8b
4 changed files with 72 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/api/SIGCM2.Api/Controllers/PermisosController.cs
View File

@@ -16,13 +16,16 @@ public sealed class PermisosController : ControllerBase
{
private readonly IDispatcher _dispatcher;
private readonly IValidator<AssignPermisosToRolCommand> _assignValidator;
private readonly IValidator<GetRolPermisosQuery> _getRolPermisosValidator;
public PermisosController(
IDispatcher dispatcher,
IValidator<AssignPermisosToRolCommand> assignValidator)
IValidator<AssignPermisosToRolCommand> assignValidator,
IValidator<GetRolPermisosQuery> getRolPermisosValidator)
{
_dispatcher = dispatcher;
_assignValidator = assignValidator;
_getRolPermisosValidator = getRolPermisosValidator;
}
/// <summary>Lists all permisos in the canonical catalog. Requires admin role.</summary>
@@ -39,13 +42,23 @@ public sealed class PermisosController : ControllerBase
/// <summary>Gets all permisos assigned to a rol. Requires admin role.</summary>
[HttpGet("roles/{codigo}/permisos")]
[ProducesResponseType(typeof(IReadOnlyList<PermisoDto>), StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status401Unauthorized)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<IActionResult> GetRolPermisos(string codigo)
{
var result = await _dispatcher.Send<GetRolPermisosQuery, IReadOnlyList<PermisoDto>>(
new GetRolPermisosQuery(codigo));
var query = new GetRolPermisosQuery(codigo);
var validation = await _getRolPermisosValidator.ValidateAsync(query);
if (!validation.IsValid)
{
var errors = validation.Errors
.GroupBy(e => e.PropertyName)
.ToDictionary(g => g.Key, g => g.Select(e => e.ErrorMessage).ToArray());
return BadRequest(new { errors });
}
var result = await _dispatcher.Send<GetRolPermisosQuery, IReadOnlyList<PermisoDto>>(query);
return Ok(result);
}