snipe-it/tests/Feature/Api/Assets/AssetUpdateTest.php

63 lines
2.3 KiB
PHP
Raw Normal View History

<?php
namespace Tests\Feature\Api\Assets;
use App\Models\Asset;
use App\Models\CustomField;
use App\Models\User;
2024-04-16 17:14:17 -07:00
use Illuminate\Support\Facades\Crypt;
use Tests\TestCase;
class AssetUpdateTest extends TestCase
{
// TODO - this 'helper' is duplicated in AssetStoreTest - we should extract it out if we can figure out how
public function markIncompleteIfMySQL()
{
if (config('database.default') === 'mysql') {
$this->markTestIncomplete('Custom Fields tests do not work on MySQL');
}
}
public function testEncryptedCustomFieldCanBeUpdated()
{
$this->markIncompleteIfMySQL();
$field = CustomField::factory()->testEncrypted()->create();
2024-04-16 16:58:28 -07:00
$asset = Asset::factory()->hasEncryptedCustomField($field)->create();
$superuser = User::factory()->superuser()->create();
2024-04-16 17:13:18 -07:00
$this->actingAsForApi($superuser)
->patchJson(route('api.assets.update', $asset->id), [
$field->db_column_name() => 'This is encrypted field'
])
->assertStatusMessageIs('success')
2024-04-16 17:13:18 -07:00
->assertOk();
$asset->refresh();
2024-04-16 17:14:17 -07:00
$this->assertEquals('This is encrypted field', Crypt::decrypt($asset->{$field->db_column_name()}));
}
public function testPermissionNeededToUpdateEncryptedField()
{
$this->markIncompleteIfMySQL();
$field = CustomField::factory()->testEncrypted()->create();
2024-04-16 16:58:28 -07:00
$asset = Asset::factory()->hasEncryptedCustomField($field)->create();
$normal_user = User::factory()->editAssets()->create();
2024-04-16 17:14:17 -07:00
$asset->{$field->db_column_name()} = Crypt::encrypt("encrypted value should not change");
2024-04-16 17:13:18 -07:00
$asset->save();
2024-04-16 17:13:18 -07:00
// test that a 'normal' user *cannot* change the encrypted custom field
$this->actingAsForApi($normal_user)
->patchJson(route('api.assets.update', $asset->id), [
$field->db_column_name() => 'Some Other Value Entirely!'
])
->assertStatusMessageIs('success')
->assertOk()
2024-04-16 17:13:18 -07:00
->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions');
$asset->refresh();
2024-04-16 17:14:17 -07:00
$this->assertEquals("encrypted value should not change", Crypt::decrypt($asset->{$field->db_column_name()}));
}
}