snipe-it/tests/Feature/Api/Assets/AssetUpdateTest.php

<?php

namespace Tests\Feature\Api\Assets;

use App\Models\Asset;
use App\Models\CustomField;
use App\Models\User;
use Illuminate\Support\Facades\Crypt;
use Tests\TestCase;

class AssetUpdateTest extends TestCase
{
    public function testEncryptedCustomFieldCanBeUpdated()
    {
        $field = CustomField::factory()->testEncrypted()->create();
        $asset = Asset::factory()->hasEncryptedCustomField($field)->create();
        $superuser = User::factory()->superuser()->create();

        $this->actingAsForApi($superuser)
            ->patchJson(route('api.assets.update', $asset->id), [
                $field->db_column_name() => 'This is encrypted field'
            ])
            ->assertStatusMessageIs('success')
            ->assertOk();

        $asset->refresh();
        $this->assertEquals('This is encrypted field', Crypt::decrypt($asset->{$field->db_column_name()}));
    }

    public function testPermissionNeededToUpdateEncryptedField()
    {
        $field = CustomField::factory()->testEncrypted()->create();
        $asset = Asset::factory()->hasEncryptedCustomField($field)->create();
        $normal_user = User::factory()->editAssets()->create();

        $asset->{$field->db_column_name()} = Crypt::encrypt("encrypted value should not change");
        $asset->save();

        // test that a 'normal' user *cannot* change the encrypted custom field
        $this->actingAsForApi($normal_user)
            ->patchJson(route('api.assets.update', $asset->id), [
                $field->db_column_name() => 'Some Other Value Entirely!'
            ])
            ->assertStatusMessageIs('success')
            ->assertOk()
            ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions');

        $asset->refresh();
        $this->assertEquals("encrypted value should not change", Crypt::decrypt($asset->{$field->db_column_name()}));
    }
}
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`<?php`

			`namespace Tests\Feature\Api\Assets;`

			`use App\Models\Asset;`
			`use App\Models\CustomField;`
			`use App\Models\User;`
Import facade 2024-04-16 17:14:17 -07:00			`use Illuminate\Support\Facades\Crypt;`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`use Tests\TestCase;`

			`class AssetUpdateTest extends TestCase`
			`{`
			`public function testEncryptedCustomFieldCanBeUpdated()`
			`{`
			`$field = CustomField::factory()->testEncrypted()->create();`
Improve model factories 2024-04-16 16:58:28 -07:00			`$asset = Asset::factory()->hasEncryptedCustomField($field)->create();`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`$superuser = User::factory()->superuser()->create();`

Update tests to send post request 2024-04-16 17:13:18 -07:00			`$this->actingAsForApi($superuser)`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`->patchJson(route('api.assets.update', $asset->id), [`
			`$field->db_column_name() => 'This is encrypted field'`
			`])`
			`->assertStatusMessageIs('success')`
Update tests to send post request 2024-04-16 17:13:18 -07:00			`->assertOk();`

Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`$asset->refresh();`
Import facade 2024-04-16 17:14:17 -07:00			`$this->assertEquals('This is encrypted field', Crypt::decrypt($asset->{$field->db_column_name()}));`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`}`

			`public function testPermissionNeededToUpdateEncryptedField()`
			`{`
			`$field = CustomField::factory()->testEncrypted()->create();`
Improve model factories 2024-04-16 16:58:28 -07:00			`$asset = Asset::factory()->hasEncryptedCustomField($field)->create();`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`$normal_user = User::factory()->editAssets()->create();`

Import facade 2024-04-16 17:14:17 -07:00			`$asset->{$field->db_column_name()} = Crypt::encrypt("encrypted value should not change");`
Update tests to send post request 2024-04-16 17:13:18 -07:00			`$asset->save();`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00
Update tests to send post request 2024-04-16 17:13:18 -07:00			`// test that a 'normal' user cannot change the encrypted custom field`
			`$this->actingAsForApi($normal_user)`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`->patchJson(route('api.assets.update', $asset->id), [`
			`$field->db_column_name() => 'Some Other Value Entirely!'`
			`])`
			`->assertStatusMessageIs('success')`
			`->assertOk()`
Update tests to send post request 2024-04-16 17:13:18 -07:00			`->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions');`

Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`$asset->refresh();`
Import facade 2024-04-16 17:14:17 -07:00			`$this->assertEquals("encrypted value should not change", Crypt::decrypt($asset->{$field->db_column_name()}));`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`}`
			`}`