From 4d36265017fa47e546ee4dc12471c13f29981874 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Wed, 18 Feb 2026 14:30:44 +0100
Subject: [PATCH] fix(api): improve scheduled tasks validation and delete logic

- Use explicit has() checks for timeout and enabled fields to properly handle falsy values
- Add validation to prevent empty update requests
- Optimize delete endpoint to use direct query deletion instead of fetch-then-delete
- Update factory to use Team::factory() for proper test isolation
---
 .../Controllers/Api/ScheduledTasksController.php   | 14 ++++++++------
 database/factories/ScheduledTaskFactory.php        |  3 ++-
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/app/Http/Controllers/Api/ScheduledTasksController.php b/app/Http/Controllers/Api/ScheduledTasksController.php
index cf3574f1c..6245dc2ec 100644
--- a/app/Http/Controllers/Api/ScheduledTasksController.php
+++ b/app/Http/Controllers/Api/ScheduledTasksController.php
@@ -93,8 +93,8 @@ private function createTask(Request $request, Application|Service $resource): \I
         $task->command = $request->command;
         $task->frequency = $request->frequency;
         $task->container = $request->container;
-        $task->timeout = $request->timeout ?? 300;
-        $task->enabled = $request->enabled ?? true;
+        $task->timeout = $request->has('timeout') ? $request->timeout : 300;
+        $task->enabled = $request->has('enabled') ? $request->enabled : true;
         $task->team_id = $teamId;
 
         if ($resource instanceof Application) {
@@ -117,6 +117,10 @@ private function updateTask(Request $request, Application|Service $resource): \I
             return $return;
         }
 
+        if ($request->all() === []) {
+            return response()->json(['message' => 'At least one field must be provided.'], 422);
+        }
+
         $allowedFields = ['name', 'command', 'frequency', 'container', 'timeout', 'enabled'];
 
         $validator = customApiValidator($request->all(), [
@@ -164,13 +168,11 @@ private function deleteTask(Request $request, Application|Service $resource): \I
     {
         $this->authorize('update', $resource);
 
-        $task = $resource->scheduled_tasks()->where('uuid', $request->task_uuid)->first();
-        if (! $task) {
+        $deleted = $resource->scheduled_tasks()->where('uuid', $request->task_uuid)->delete();
+        if (! $deleted) {
             return response()->json(['message' => 'Scheduled task not found.'], 404);
         }
 
-        $task->delete();
-
         return response()->json(['message' => 'Scheduled task deleted.']);
     }
 
diff --git a/database/factories/ScheduledTaskFactory.php b/database/factories/ScheduledTaskFactory.php
index 5f6519288..6e4d6d740 100644
--- a/database/factories/ScheduledTaskFactory.php
+++ b/database/factories/ScheduledTaskFactory.php
@@ -2,6 +2,7 @@
 
 namespace Database\Factories;
 
+use App\Models\Team;
 use Illuminate\Database\Eloquent\Factories\Factory;
 
 class ScheduledTaskFactory extends Factory
@@ -14,7 +15,7 @@ public function definition(): array
             'frequency' => '* * * * *',
             'timeout' => 300,
             'enabled' => true,
-            'team_id' => 1,
+            'team_id' => Team::factory(),
         ];
     }
 }