fix(app): validar formato codigo rol en GetRolPermisos [UDT-005]

Agrega GetRolPermisosQueryValidator con regex ^[a-z][a-z0-9_]*$ para rechazar codigos invalidos con 400 en GET /api/v1/roles/{codigo}/permisos.
2026-04-15 15:56:49 -03:00
parent 885a8cef17
commit 1a864e9f8b
4 changed files with 72 additions and 3 deletions
--- a/tests/SIGCM2.Api.Tests/Permisos/PermisosEndpointTests.cs
+++ b/tests/SIGCM2.Api.Tests/Permisos/PermisosEndpointTests.cs
@@ -250,6 +250,17 @@ public sealed class PermisosEndpointTests : IAsyncLifetime
        }
    }

+    [Fact]
+    public async Task GetRolPermisos_InvalidCodigoFormat_Returns400()
+    {
+        var token = await GetBearerTokenAsync(AdminUsername, AdminPassword);
+        // "ROL-INVALIDO" no matchea ^[a-z][a-z0-9_]*$ (tiene guion y mayúsculas)
+        using var req = BuildRequest(HttpMethod.Get, "/api/v1/roles/ROL-INVALIDO/permisos", bearerToken: token);
+        var resp = await _client.SendAsync(req);
+
+        Assert.Equal(HttpStatusCode.BadRequest, resp.StatusCode);
+    }
+
    // ── PUT /api/v1/roles/{codigo}/permisos ──────────────────────────────────

    [Fact]
--- a/tests/SIGCM2.Application.Tests/Permisos/GetByRol/GetRolPermisosQueryHandlerTests.cs
+++ b/tests/SIGCM2.Application.Tests/Permisos/GetByRol/GetRolPermisosQueryHandlerTests.cs
@@ -1,3 +1,4 @@
+using FluentValidation;
 using NSubstitute;
 using SIGCM2.Application.Abstractions.Persistence;
 using SIGCM2.Application.Permisos.GetByRol;
@@ -89,3 +90,33 @@ public class GetRolPermisosQueryHandlerTests
        Assert.Equal(18, result.Count);
    }
 }
+
+public class GetRolPermisosQueryValidatorTests
+{
+    private readonly IValidator<GetRolPermisosQuery> _validator =
+        new GetRolPermisosQueryValidator();
+
+    [Theory]
+    [InlineData("ROL-INVALIDO")]
+    [InlineData("ROL:INVALIDO")]
+    [InlineData("123abc")]
+    [InlineData("UPPER")]
+    [InlineData("con espacio")]
+    [InlineData("")]
+    public async Task Validate_InvalidCodigoFormat_ReturnsInvalid(string codigo)
+    {
+        var result = await _validator.ValidateAsync(new GetRolPermisosQuery(codigo));
+        Assert.False(result.IsValid);
+    }
+
+    [Theory]
+    [InlineData("admin")]
+    [InlineData("cajero")]
+    [InlineData("rol_valido")]
+    [InlineData("abc123")]
+    public async Task Validate_ValidCodigoFormat_ReturnsValid(string codigo)
+    {
+        var result = await _validator.ValidateAsync(new GetRolPermisosQuery(codigo));
+        Assert.True(result.IsValid);
+    }
+}