From f09ef73312a24402a7bbb26a88b98bed201a3446 Mon Sep 17 00:00:00 2001 From: Jake Jackson Date: Thu, 4 Jun 2026 11:56:49 +1000 Subject: [PATCH] Make Conditional Logic Schema rule properties required Flag the nested conditional logic rule properties (fieldId, operator, value) as required in the REST schema so the API rejects incomplete rules. Add PHPUnit coverage asserting both the schema requirement and that a rule missing a required property is rejected. Co-Authored-By: Claude Opus 4.8 (1M context) --- src/Helper/Helper_Options_Fields.php | 11 +++--- .../Rest/Test_Rest_Form_Settings.php | 35 +++++++++++++++++++ 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/src/Helper/Helper_Options_Fields.php b/src/Helper/Helper_Options_Fields.php index ae2e29a83..fa65bdad0 100644 --- a/src/Helper/Helper_Options_Fields.php +++ b/src/Helper/Helper_Options_Fields.php @@ -380,14 +380,17 @@ public function get_registered_fields() { 'additionalProperties' => false, 'properties' => [ 'fieldId' => [ - 'type' => 'string', + 'type' => 'string', + 'required' => true, ], 'operator' => [ - 'type' => 'string', - 'enum' => [ 'is', 'isnot', '<>', 'not in', 'in', '>', '<', 'contains', 'starts_with', 'ends_with', 'like', '>=', '<=' ], + 'type' => 'string', + 'enum' => [ 'is', 'isnot', '<>', 'not in', 'in', '>', '<', 'contains', 'starts_with', 'ends_with', 'like', '>=', '<=' ], + 'required' => true, ], 'value' => [ - 'type' => 'string', + 'type' => 'string', + 'required' => true, ], ], ], diff --git a/tests/phpunit/integration/Rest/Test_Rest_Form_Settings.php b/tests/phpunit/integration/Rest/Test_Rest_Form_Settings.php index 900ba8451..ce123761e 100644 --- a/tests/phpunit/integration/Rest/Test_Rest_Form_Settings.php +++ b/tests/phpunit/integration/Rest/Test_Rest_Form_Settings.php @@ -811,6 +811,12 @@ public function test_get_item_schema() { $this->assertArrayHasKey( 'logicType', $args['conditionalLogic']['properties'] ); $this->assertArrayHasKey( 'rules', $args['conditionalLogic']['properties'] ); + /* Each conditional logic rule property should be flagged as required in the schema */ + $rule_properties = $args['conditionalLogic']['properties']['rules']['items']['properties']; + $this->assertTrue( $rule_properties['fieldId']['required'] ); + $this->assertTrue( $rule_properties['operator']['required'] ); + $this->assertTrue( $rule_properties['value']['required'] ); + $this->assertContains( 'A4', $args['pdf_size']['enum'] ); $this->assertContains( 'CUSTOM', $args['pdf_size']['enum'] ); @@ -945,6 +951,35 @@ public function test_input_validation_update() { $this->assertSame( 'rest_invalid_hex_color', $data['data']['details']['font_colour']['code'] ); } + /** + * Check the REST API rejects conditional logic rules that are missing a required property + */ + public function test_input_validation_conditional_logic_rule_required() { + wp_set_current_user( self::$admin_id ); + + $request = new WP_REST_Request( 'POST', '/gravity-pdf/v1/form/' . $this->form_id ); + $request->add_header( 'content-type', 'application/x-www-form-urlencoded' ); + + /* The single rule omits the required "value" property */ + $request->set_body_params( [ + 'name' => 'Label', + 'template' => 'rubix', + 'conditionalLogic' => [ + 'actionType' => 'show', + 'logicType' => 'any', + 'rules' => [ + [ 'fieldId' => '7', 'operator' => 'is' ], + ], + ], + ] ); + + $response = rest_get_server()->dispatch( $request ); + $data = $response->get_data(); + + $this->assertSame( 400, $response->get_status() ); + $this->assertSame( 'rest_property_required', $data['data']['details']['conditionalLogic']['code'] ); + } + /** * Check the REST API auto-validates inputs on the DELETE endpoint */