fix(app): validar formato codigo rol en GetRolPermisos [UDT-005]

Agrega GetRolPermisosQueryValidator con regex ^[a-z][a-z0-9_]*$ para rechazar codigos invalidos con 400 en GET /api/v1/roles/{codigo}/permisos.
2026-04-15 15:56:49 -03:00
parent 885a8cef17
commit 1a864e9f8b
4 changed files with 72 additions and 3 deletions
--- a/tests/SIGCM2.Api.Tests/Permisos/PermisosEndpointTests.cs
+++ b/tests/SIGCM2.Api.Tests/Permisos/PermisosEndpointTests.cs
@@ -250,6 +250,17 @@ public sealed class PermisosEndpointTests : IAsyncLifetime
        }
    }

+    [Fact]
+    public async Task GetRolPermisos_InvalidCodigoFormat_Returns400()
+    {
+        var token = await GetBearerTokenAsync(AdminUsername, AdminPassword);
+        // "ROL-INVALIDO" no matchea ^[a-z][a-z0-9_]*$ (tiene guion y mayúsculas)
+        using var req = BuildRequest(HttpMethod.Get, "/api/v1/roles/ROL-INVALIDO/permisos", bearerToken: token);
+        var resp = await _client.SendAsync(req);
+
+        Assert.Equal(HttpStatusCode.BadRequest, resp.StatusCode);
+    }
+
    // ── PUT /api/v1/roles/{codigo}/permisos ──────────────────────────────────

    [Fact]