2026-04-15 19:02:03 +00:00
4 changed files with 72 additions and 3 deletions
--- a/src/api/SIGCM2.Api/Controllers/PermisosController.cs
+++ b/src/api/SIGCM2.Api/Controllers/PermisosController.cs
@@ -16,13 +16,16 @@ public sealed class PermisosController : ControllerBase
 {
    private readonly IDispatcher _dispatcher;
    private readonly IValidator<AssignPermisosToRolCommand> _assignValidator;
+    private readonly IValidator<GetRolPermisosQuery> _getRolPermisosValidator;

    public PermisosController(
        IDispatcher dispatcher,
-        IValidator<AssignPermisosToRolCommand> assignValidator)
+        IValidator<AssignPermisosToRolCommand> assignValidator,
+        IValidator<GetRolPermisosQuery> getRolPermisosValidator)
    {
        _dispatcher = dispatcher;
        _assignValidator = assignValidator;
+        _getRolPermisosValidator = getRolPermisosValidator;
    }

    /// <summary>Lists all permisos in the canonical catalog. Requires admin role.</summary>
@@ -39,13 +42,23 @@ public sealed class PermisosController : ControllerBase
    /// <summary>Gets all permisos assigned to a rol. Requires admin role.</summary>
    [HttpGet("roles/{codigo}/permisos")]
    [ProducesResponseType(typeof(IReadOnlyList<PermisoDto>), StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status400BadRequest)]
    [ProducesResponseType(StatusCodes.Status401Unauthorized)]
    [ProducesResponseType(StatusCodes.Status403Forbidden)]
    [ProducesResponseType(StatusCodes.Status404NotFound)]
    public async Task<IActionResult> GetRolPermisos(string codigo)
    {
-        var result = await _dispatcher.Send<GetRolPermisosQuery, IReadOnlyList<PermisoDto>>(
-            new GetRolPermisosQuery(codigo));
+        var query = new GetRolPermisosQuery(codigo);
+        var validation = await _getRolPermisosValidator.ValidateAsync(query);
+        if (!validation.IsValid)
+        {
+            var errors = validation.Errors
+                .GroupBy(e => e.PropertyName)
+                .ToDictionary(g => g.Key, g => g.Select(e => e.ErrorMessage).ToArray());
+            return BadRequest(new { errors });
+        }
+
+        var result = await _dispatcher.Send<GetRolPermisosQuery, IReadOnlyList<PermisoDto>>(query);
        return Ok(result);
    }

--- a/src/api/SIGCM2.Application/Permisos/GetByRol/GetRolPermisosQueryValidator.cs
+++ b/src/api/SIGCM2.Application/Permisos/GetByRol/GetRolPermisosQueryValidator.cs
@@ -0,0 +1,14 @@
+using FluentValidation;
+
+namespace SIGCM2.Application.Permisos.GetByRol;
+
+public sealed class GetRolPermisosQueryValidator : AbstractValidator<GetRolPermisosQuery>
+{
+    public GetRolPermisosQueryValidator()
+    {
+        RuleFor(x => x.RolCodigo)
+            .NotEmpty().WithMessage("El código del rol es requerido.")
+            .Matches(@"^[a-z][a-z0-9_]*$")
+                .WithMessage("El código del rol debe empezar con una letra minúscula y contener solo minúsculas, dígitos o guion bajo.");
+    }
+}
--- a/tests/SIGCM2.Api.Tests/Permisos/PermisosEndpointTests.cs
+++ b/tests/SIGCM2.Api.Tests/Permisos/PermisosEndpointTests.cs
@@ -250,6 +250,17 @@ public sealed class PermisosEndpointTests : IAsyncLifetime
        }
    }

+    [Fact]
+    public async Task GetRolPermisos_InvalidCodigoFormat_Returns400()
+    {
+        var token = await GetBearerTokenAsync(AdminUsername, AdminPassword);
+        // "ROL-INVALIDO" no matchea ^[a-z][a-z0-9_]*$ (tiene guion y mayúsculas)
+        using var req = BuildRequest(HttpMethod.Get, "/api/v1/roles/ROL-INVALIDO/permisos", bearerToken: token);
+        var resp = await _client.SendAsync(req);
+
+        Assert.Equal(HttpStatusCode.BadRequest, resp.StatusCode);
+    }
+
    // ── PUT /api/v1/roles/{codigo}/permisos ──────────────────────────────────

    [Fact]
--- a/tests/SIGCM2.Application.Tests/Permisos/GetByRol/GetRolPermisosQueryHandlerTests.cs
+++ b/tests/SIGCM2.Application.Tests/Permisos/GetByRol/GetRolPermisosQueryHandlerTests.cs
@@ -1,3 +1,4 @@
+using FluentValidation;
 using NSubstitute;
 using SIGCM2.Application.Abstractions.Persistence;
 using SIGCM2.Application.Permisos.GetByRol;
@@ -89,3 +90,33 @@ public class GetRolPermisosQueryHandlerTests
        Assert.Equal(18, result.Count);
    }
 }
+
+public class GetRolPermisosQueryValidatorTests
+{
+    private readonly IValidator<GetRolPermisosQuery> _validator =
+        new GetRolPermisosQueryValidator();
+
+    [Theory]
+    [InlineData("ROL-INVALIDO")]
+    [InlineData("ROL:INVALIDO")]
+    [InlineData("123abc")]
+    [InlineData("UPPER")]
+    [InlineData("con espacio")]
+    [InlineData("")]
+    public async Task Validate_InvalidCodigoFormat_ReturnsInvalid(string codigo)
+    {
+        var result = await _validator.ValidateAsync(new GetRolPermisosQuery(codigo));
+        Assert.False(result.IsValid);
+    }
+
+    [Theory]
+    [InlineData("admin")]
+    [InlineData("cajero")]
+    [InlineData("rol_valido")]
+    [InlineData("abc123")]
+    public async Task Validate_ValidCodigoFormat_ReturnsValid(string codigo)
+    {
+        var result = await _validator.ValidateAsync(new GetRolPermisosQuery(codigo));
+        Assert.True(result.IsValid);
+    }
+}