Solve api bugs

.github/workflows/test.yml

@@ -2,9 +2,9 @@ name: PHPUnit Tests
 
 on:
   push:
-    branches: [ master, main ]
+    branches: [ master, main, test_api ]
   pull_request:
-    branches: [ master, main ]
+    branches: [ master, main, test_api ]
 
 env:
   DB_NAME: facturascripts_test
@@ -161,6 +161,31 @@ jobs:
           EOF
           fi
 
+      - name: Add api to file
+        run: |
+          echo "define('FS_API_KEY', 'prueba');" >> config.php
+      - name: Start PHP built-in server
+        run: |
+          php -S 127.0.0.1:8000 -t . &
+          sleep 2
+
+      - name: Seed database
+        run: |
+          if [ "${{ matrix.database.type }}" = "mysql" ] || [ "${{ matrix.database.type }}" = "mariadb" ]; then
+            mysql --host=${{ env.DB_HOST }} --user=${{ env.DB_USER }} --password=${{ env.DB_PASS }} ${{ env.DB_NAME }} < seed.sql
+          else
+            PGPASSWORD=${{ env.DB_PASS }} psql -h ${{ env.DB_HOST }} -U ${{ env.DB_USER }} -d ${{ env.DB_NAME }} -f seed.sql
+          fi
+
+      - name: Run PHPUnit API tests
+        run: |
+          if [ -f phpunit-api.xml ] || [ -f phpunit-api.xml.dist ]; then
+            vendor/bin/phpunit --configuration phpunit-api.xml --coverage-text --coverage-clover=coverage.xml
+          else
+            echo "No PHPUnit configuration found. Running with default settings..."
+            vendor/bin/phpunit --bootstrap vendor/autoload.php tests/
+          fi
+
       - name: Run PHPUnit tests
         run: |
           if [ -f phpunit.xml ] || [ -f phpunit.xml.dist ]; then

Core/Model/ApiAccess.php

@@ -131,6 +131,26 @@ public static function primaryColumn(): string
         return 'id';
     }
 
+    /**
+     * Update HTTP method permissions for this API resource and save the changes.
+     *
+     * @param bool $get    Whether GET is allowed.
+     * @param bool $post   Whether POST is allowed.
+     * @param bool $put    Whether PUT is allowed.
+     * @param bool $delete Whether DELETE is allowed.
+     *
+     * @return bool True if saved successfully, false otherwise.
+     */
+    public function setAllowed(bool $get, bool $post, bool $put, bool $delete): bool
+    {
+        $this->allowget = $get;
+        $this->allowpost = $post;
+        $this->allowput = $put;
+        $this->allowdelete = $delete;
+
+        return $this->save();
+    }
+
     public static function tableName(): string
     {
         return 'api_access';

Core/Model/ApiKey.php

@@ -19,7 +19,9 @@
 
 namespace FacturaScripts\Core\Model;
 
+use FacturaScripts\Core\Base\DataBase\DataBaseWhere;
 use FacturaScripts\Core\Tools;
+use FacturaScripts\Dinamic\Model\ApiAccess;
 
 /**
  * ApiKey model to manage the connection tokens through the api
@@ -53,6 +55,38 @@ class ApiKey extends Base\ModelClass
     /** @var string */
     public $nick;
 
+    /**
+     * Adds a new API access entry for the given resource with the specified permissions.
+     *
+     * If the resource already exists for this API key, no changes are made.
+     *
+     * @param string $resource Resource name to grant access to.
+     * @param bool $state      Initial permission state (applied to all methods).
+     *
+     * @return bool True if created or already exists, false on failure.
+     */
+    public function addResourceAccess(string $resource, bool $state = false): bool
+    {
+        if (false !== $this->getResourceAccess($resource)) {
+            return true; // already exists
+        }
+
+        $apiAccess = new ApiAccess();
+
+        $apiAccess->idapikey = $this->id;
+        $apiAccess->resource = $resource;
+        $apiAccess->allowdelete = $state;
+        $apiAccess->allowget = $state;
+        $apiAccess->allowpost = $state;
+        $apiAccess->allowput = $state;
+
+        if (false === $apiAccess->save()) {
+            return false;
+        }
+
+        return true;
+    }
+
     public function clear()
     {
         parent::clear();
@@ -62,6 +96,31 @@ public function clear()
         $this->fullaccess = false;
     }
 
+    /**
+     * Retrieves the API access entry for the specified resource.
+     *
+     * Use addResourceAccess() first if the resource does not exist.
+     *
+     * @param string $resource Resource name to look up.
+     *
+     * @return ApiAccess|bool The ApiAccess object if found, false otherwise.
+     */
+    public function getResourceAccess(string $resource): ApiAccess|bool
+    {
+        $apiAccess = new ApiAccess();
+
+        $where = [
+            new DataBaseWhere('idapikey', $this->id),
+            new DataBaseWhere('resource', $resource)
+        ];
+
+        if ($apiAccess->loadFromCode('', $where)) {
+            return $apiAccess;
+        } else {
+            return false;
+        }
+    }
+
     public static function primaryColumn(): string
     {
         return 'id';

Core/Template/ApiController.php

@@ -130,7 +130,7 @@ private function clientHasManyIncidents(): bool
                 $ipCount++;
             }
         }
-        return $ipCount > self::MAX_INCIDENT_COUNT;
+        return $ipCount >= self::MAX_INCIDENT_COUNT;
     }
 
     private function getIpList(): array

Test/API/CRUDTest.php

@@ -0,0 +1,99 @@
+<?php
+namespace FacturaScripts\Test\API;
+
+use FacturaScripts\Test\Traits\ApiTrait;
+use FacturaScripts\Test\Traits\LogErrorsTrait;
+use PHPUnit\Framework\TestCase;
+
+class CRUDTest extends TestCase
+{
+
+    use ApiTrait;
+    use LogErrorsTrait;
+
+    protected function setUp(): void
+    {
+        $this->startAPIServer();
+    }
+
+    public function testListResources()
+    {
+
+        $result = $this->makeGETCurl();
+
+        $expected = [ 'resources' => $this->getResourcesList() ];
+
+        $this->assertEquals($expected, $result, 'response-not-equal');
+
+    }
+
+    public function testCreateData(){
+        $form = [
+           'coddivisa' => '123',
+           'descripcion' => 'Divisa 123',
+        ];
+
+
+        $result = $this->makePOSTCurl("divisas", $form);
+
+
+        $expected = [ 
+            'ok' => 'Registro actualizado correctamente.',
+            'data' => [
+                'coddivisa' => '123',
+                'codiso' => null,
+                'descripcion' => 'Divisa 123',
+                'simbolo' => '?',
+                'tasaconv' => 1,
+                'tasaconvcompra' => 1
+            ]
+        ];
+
+
+        $this->assertEquals($expected, $result, 'response-not-equal');
+    }
+
+
+    public function testUpdateData(){
+        $result = $this->makePUTCurl("divisas/123", [
+            'descripcion' => 'Divisa 123 Actualizada'
+        ]);
+        $expected = [
+            'ok' => 'Registro actualizado correctamente.',
+            'data' => [
+                'coddivisa' => '123',
+                'codiso' => null,
+                'descripcion' => 'Divisa 123 Actualizada',
+                'simbolo' => '?',
+                'tasaconv' => 1,
+                'tasaconvcompra' => 1
+            ]
+        ];
+        $this->assertEquals($expected, $result, 'response-not-equal');
+    }
+
+    public function testDeleteData()
+    {
+        $result = $this->makeDELETECurl("divisas/123");
+
+        $expected = [
+            'ok' => 'Registro eliminado correctamente!',
+            'data' => [
+                'coddivisa' => '123',
+                'codiso' => null,
+                'descripcion' => 'Divisa 123 Actualizada',
+                'simbolo' => '?',
+                'tasaconv' => 1,
+                'tasaconvcompra' => 1
+            ]
+        ];
+
+        $this->assertEquals($expected, $result, 'response-not-equal');
+    }
+
+    protected function tearDown(): void
+    {
+        $this->stopAPIServer();
+        $this->logErrors();
+    }
+}