snipe-it/tests/Feature/Api/Assets/AssetUpdateTest.php

<?php

namespace Tests\Feature\Api\Assets;

use App\Models\Asset;
use App\Models\CustomField;
use App\Models\User;
use Tests\TestCase;

class AssetUpdateTest extends TestCase
{
    public function testEncryptedCustomFieldCanBeUpdated()
    {
        $field = CustomField::factory()->testEncrypted()->create();
        $asset = Asset::factory()->hasEncryptedCustomField($field)->create();
        $superuser = User::factory()->superuser()->create();

        //first, test that an Admin user can save the encrypted custom field
        $response = $this->actingAsForApi($superuser)
            ->patchJson(route('api.assets.update', $asset->id), [
                $field->db_column_name() => 'This is encrypted field'
            ])
            ->assertStatusMessageIs('success')
            ->assertOk()
            ->json();
        $asset->refresh();
        $this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()}));
    }

    public function testPermissionNeededToUpdateEncryptedField()
    {
        $field = CustomField::factory()->testEncrypted()->create();
        $asset = Asset::factory()->hasEncryptedCustomField($field)->create();
        $normal_user = User::factory()->editAssets()->create();

        $asset->{$field->db_column_name()} = \Crypt::encrypt("encrypted value should not change");
        $asset->save(); //is this needed?

        //test that a 'normal' user *cannot* change the encrypted custom field
        $response = $this->actingAsForApi($normal_user)
            ->patchJson(route('api.assets.update', $asset->id), [
                $field->db_column_name() => 'Some Other Value Entirely!'
            ])
            ->assertStatusMessageIs('success')
            ->assertOk()
            ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions')
            ->json();
        $asset->refresh();
        $this->assertEquals("encrypted value should not change", \Crypt::decrypt($asset->{$field->db_column_name()}));
    }
}
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`<?php`

			`namespace Tests\Feature\Api\Assets;`

			`use App\Models\Asset;`
			`use App\Models\CustomField;`
			`use App\Models\User;`
			`use Tests\TestCase;`

			`class AssetUpdateTest extends TestCase`
			`{`
			`public function testEncryptedCustomFieldCanBeUpdated()`
			`{`
			`$field = CustomField::factory()->testEncrypted()->create();`
Improve model factories 2024-04-16 16:58:28 -07:00			`$asset = Asset::factory()->hasEncryptedCustomField($field)->create();`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`$superuser = User::factory()->superuser()->create();`

			`//first, test that an Admin user can save the encrypted custom field`
			`$response = $this->actingAsForApi($superuser)`
			`->patchJson(route('api.assets.update', $asset->id), [`
			`$field->db_column_name() => 'This is encrypted field'`
			`])`
			`->assertStatusMessageIs('success')`
			`->assertOk()`
			`->json();`
			`$asset->refresh();`
Correct order of arguments 2024-04-16 10:51:33 -07:00			`$this->assertEquals('This is encrypted field', \Crypt::decrypt($asset->{$field->db_column_name()}));`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`}`

			`public function testPermissionNeededToUpdateEncryptedField()`
			`{`
			`$field = CustomField::factory()->testEncrypted()->create();`
Improve model factories 2024-04-16 16:58:28 -07:00			`$asset = Asset::factory()->hasEncryptedCustomField($field)->create();`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`$normal_user = User::factory()->editAssets()->create();`

			`$asset->{$field->db_column_name()} = \Crypt::encrypt("encrypted value should not change");`
			`$asset->save(); //is this needed?`

			`//test that a 'normal' user cannot change the encrypted custom field`
			`$response = $this->actingAsForApi($normal_user)`
			`->patchJson(route('api.assets.update', $asset->id), [`
			`$field->db_column_name() => 'Some Other Value Entirely!'`
			`])`
			`->assertStatusMessageIs('success')`
			`->assertOk()`
			`->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions')`
			`->json();`
			`$asset->refresh();`
Correct order of arguments 2024-04-16 10:51:33 -07:00			`$this->assertEquals("encrypted value should not change", \Crypt::decrypt($asset->{$field->db_column_name()}));`
Break 'update' API statements into its own test file. Split tests up 2024-04-16 07:34:28 -07:00			`}`
			`}`