@@ -297,6 +297,108 @@ public function testGetSubmissions(array $submissions, array $questions, array $
297297 $ this assertEquals (new DataResponse ($ expected$ this apiController ->getSubmissions (1 ));
298298 }
299299
300+ public function testGetSubmissions_limitIsCapped (): void {
301+ $ formnew Form ();
302+ $ formsetId (1 );
303+ $ formsetOwnerId ('otherUser ' );
304+
305+ $ this formsService ->expects ($ this once ())
306+ ->method ('getFormIfAllowed ' )
307+ ->with (1 , Constants::PERMISSION_RESULTS )
308+ ->willReturn ($ form
309+
310+ $ this formsService ->expects ($ this once ())
311+ ->method ('getPermissions ' )
312+ ->with ($ form
313+ ->willReturn ([Constants::PERMISSION_RESULTS ]);
314+
315+ // An overly large limit must be clamped to SUBMISSIONS_LIMIT_MAX
316+ $ this submissionService ->expects ($ this once ())
317+ ->method ('getSubmissions ' )
318+ ->with (1 , null , null , Constants::SUBMISSIONS_LIMIT_MAX , 0 )
319+ ->willReturn ([]);
320+
321+ $ this submissionMapper ->expects ($ this once ())
322+ ->method ('countSubmissions ' )
323+ ->with (1 )
324+ ->willReturn (0 );
325+
326+ $ this formsService ->expects ($ this once ())
327+ ->method ('getQuestions ' )
328+ ->with (1 )
329+ ->willReturn ([]);
330+
331+ $ this apiController ->getSubmissions (1 , limit: 100000 );
332+ }
333+
334+ public function testGetSubmissions_limitFloorIsOne (): void {
335+ $ formnew Form ();
336+ $ formsetId (1 );
337+ $ formsetOwnerId ('otherUser ' );
338+
339+ $ this formsService ->expects ($ this once ())
340+ ->method ('getFormIfAllowed ' )
341+ ->with (1 , Constants::PERMISSION_RESULTS )
342+ ->willReturn ($ form
343+
344+ $ this formsService ->expects ($ this once ())
345+ ->method ('getPermissions ' )
346+ ->with ($ form
347+ ->willReturn ([Constants::PERMISSION_RESULTS ]);
348+
349+ // A non-positive limit must be floored to 1
350+ $ this submissionService ->expects ($ this once ())
351+ ->method ('getSubmissions ' )
352+ ->with (1 , null , null , 1 , 0 )
353+ ->willReturn ([]);
354+
355+ $ this submissionMapper ->expects ($ this once ())
356+ ->method ('countSubmissions ' )
357+ ->with (1 )
358+ ->willReturn (0 );
359+
360+ $ this formsService ->expects ($ this once ())
361+ ->method ('getQuestions ' )
362+ ->with (1 )
363+ ->willReturn ([]);
364+
365+ $ this apiController ->getSubmissions (1 , limit: 0 );
366+ }
367+
368+ public function testGetSubmissions_nullLimitStaysNull (): void {
369+ $ formnew Form ();
370+ $ formsetId (1 );
371+ $ formsetOwnerId ('otherUser ' );
372+
373+ $ this formsService ->expects ($ this once ())
374+ ->method ('getFormIfAllowed ' )
375+ ->with (1 , Constants::PERMISSION_RESULTS )
376+ ->willReturn ($ form
377+
378+ $ this formsService ->expects ($ this once ())
379+ ->method ('getPermissions ' )
380+ ->with ($ form
381+ ->willReturn ([Constants::PERMISSION_RESULTS ]);
382+
383+ // null limit is preserved so the summary view can load all submissions
384+ $ this submissionService ->expects ($ this once ())
385+ ->method ('getSubmissions ' )
386+ ->with (1 , null , null , null , 0 )
387+ ->willReturn ([]);
388+
389+ $ this submissionMapper ->expects ($ this once ())
390+ ->method ('countSubmissions ' )
391+ ->with (1 )
392+ ->willReturn (0 );
393+
394+ $ this formsService ->expects ($ this once ())
395+ ->method ('getQuestions ' )
396+ ->with (1 )
397+ ->willReturn ([]);
398+
399+ $ this apiController ->getSubmissions (1 );
400+ }
401+
300402 public function testExportSubmissions_invalidForm () {
301403 $ this formsService ->expects ($ this once ())
302404 ->method ('getFormIfAllowed ' )
0 commit comments