Skip to content
Snippets Groups Projects
Unverified Commit 402359a3 authored by Christian Hartmann's avatar Christian Hartmann
Browse files

Validate submission 


Signed-off-by: default avatarChristian Hartmann <chris-hartmann@gmx.de>
parent be009d47
No related branches found
No related tags found
No related merge requests found
Pipeline #18713 failed
Stage: build
Stage: test
Hide whitespace changes
Inline Side-by-side
lib/Controller/ApiController.php
+ 5
0
View file @ 402359a3
...@@ -976,6 +976,11 @@ class ApiController extends OCSController { ...@@ -976,6 +976,11 @@ class ApiController extends OCSController {
throw new OCSForbiddenException('Already submitted'); throw new OCSForbiddenException('Already submitted');
} }
// Is the submission valid
if (!$this->submissionService->validateSubmission($questions, $answers)) {
throw new OCSBadRequestException('At least one submitted answer is not valid');
}
// Create Submission // Create Submission
$submission = new Submission(); $submission = new Submission();
$submission->setFormId($formId); $submission->setFormId($formId);
......
lib/Service/SubmissionService.php
+ 55
0
View file @ 402359a3
...@@ -26,6 +26,7 @@ namespace OCA\Forms\Service; ...@@ -26,6 +26,7 @@ namespace OCA\Forms\Service;
use DateTimeZone; use DateTimeZone;
use OCA\Forms\Constants;
use OCA\Forms\Db\FormMapper; use OCA\Forms\Db\FormMapper;
use OCA\Forms\Db\QuestionMapper; use OCA\Forms\Db\QuestionMapper;
use OCA\Forms\Db\SubmissionMapper; use OCA\Forms\Db\SubmissionMapper;
...@@ -240,4 +241,58 @@ class SubmissionService { ...@@ -240,4 +241,58 @@ class SubmissionService {
return $csv->getContent(); return $csv->getContent();
} }
/**
* Validate all answers against the questions
* @param array $questions Array of the questions of the form
* @param array $answers Array of the submitted answers
* @return boolean If the submission is valid
*/
public function validateSubmission(array $questions, array $answers): bool {
// Check by questions
foreach ($questions as $question) {
$questionId = $question['id'];
$questionAnswered = array_key_exists($questionId, $answers);
// Check if all required questions have an answer
if ($question['isRequired'] && (!$questionAnswered || !array_filter($answers[$questionId], 'strlen'))) {
return false;
}
// Perform further checks only for answered questions
if ($questionAnswered) {
// Check if non multiple questions have not more than one answer
if ($question['type'] !== Constants::ANSWER_TYPE_MULTIPLE && count($answers[$questionId]) > 1) {
return false;
}
// Check if all answers are within the possible options
if (in_array($question['type'], Constants::ANSWER_PREDEFINED)) {
foreach ($answers[$questionId] as $answer) {
// Search corresponding option, return false if non-existent
if (array_search($answer, array_column($question['options'], 'id')) === false) {
return false;
}
}
}
// Check if date questions have valid answers
if (in_array($question['type'], [Constants::ANSWER_TYPE_DATE, Constants::ANSWER_TYPE_DATETIME]) && date_parse(array_values($answers[$questionId])[0])['error_count'] > 0) {
return false;
}
}
}
// Check for excess answers
foreach ($answers as $id => $answerArray) {
// Search corresponding question, return false if not found
$questionIndex = array_search($id, array_column($questions, 'id'));
if ($questionIndex === false) {
return false;
}
}
return true;
}
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment