DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-09-19 23:37:38 -07:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #13575 from marcusmoore/fixes/improve-api-messaging

Browse source 
Added validation around department_id in API patch request
This commit is contained in:
snipe 2023-09-07 21:36:20 +01:00 committed by GitHub
parent 02c187b0a0 c6c1c64c1e
commit 06836663c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 88 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Http/Requests/SaveUserRequest.php
View file

@ -32,6 +32,7 @@ class SaveUserRequest extends FormRequest
public function rules()
{
$rules = [
'department_id' => 'nullable|exists:departments,id',
'manager_id' => 'nullable|exists:users,id',
];

87
tests/Feature/Api/Users/UsersUpdateTest.php Normal file
View file

@ -0,0 +1,87 @@
<?php
namespace Tests\Feature\Api\Users;
use App\Models\Company;
use App\Models\Department;
use App\Models\Group;
use App\Models\Location;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
class UsersUpdateTest extends TestCase
{
use InteractsWithSettings;
public function testCanUpdateUserViaPatch()
{
$admin = User::factory()->superuser()->create();
$manager = User::factory()->create();
$company = Company::factory()->create();
$department = Department::factory()->create();
$location = Location::factory()->create();
[$groupA, $groupB] = Group::factory()->count(2)->create();
$user = User::factory()->create([
'activated' => false,
'remote' => false,
'vip' => false,
]);
$this->actingAsForApi($admin)
->patchJson(route('api.users.update', $user), [
'first_name' => 'Mabel',
'last_name' => 'Mora',
'username' => 'mabel',
'password' => 'super-secret',
'email' => 'mabel@onlymurderspod.com',
'permissions' => '{"a.new.permission":"1"}',
'activated' => true,
'phone' => '619-555-5555',
'jobtitle' => 'Host',
'manager_id' => $manager->id,
'employee_num' => '1111',
'notes' => 'Pretty good artist',
'company_id' => $company->id,
'department_id' => $department->id,
'location_id' => $location->id,
'remote' => true,
'groups' => $groupA->id,
'vip' => true,
'start_date' => '2021-08-01',
'end_date' => '2025-12-31',
])
->assertOk();
$user->refresh();
$this->assertEquals('Mabel', $user->first_name);
$this->assertEquals('Mora', $user->last_name);
$this->assertEquals('mabel', $user->username);
$this->assertTrue(Hash::check('super-secret', $user->password));
$this->assertEquals('mabel@onlymurderspod.com', $user->email);
$this->assertArrayHasKey('a.new.permission', $user->decodePermissions());
$this->assertTrue($user->activated);
$this->assertEquals('619-555-5555', $user->phone);
$this->assertEquals('Host', $user->jobtitle);
$this->assertTrue($user->manager->is($manager));
$this->assertEquals('1111', $user->employee_num);
$this->assertEquals('Pretty good artist', $user->notes);
$this->assertTrue($user->company->is($company));
$this->assertTrue($user->department->is($department));
$this->assertTrue($user->location->is($location));
$this->assertEquals(1, $user->remote);
$this->assertTrue($user->groups->contains($groupA));
$this->assertTrue($user->vip);
$this->assertEquals('2021-08-01', $user->start_date);
$this->assertEquals('2025-12-31', $user->end_date);
// `groups` can be an id or array or ids
$this->patch(route('api.users.update', $user), ['groups' => [$groupA->id, $groupB->id]]);
$user->refresh();
$this->assertTrue($user->groups->contains($groupA));
$this->assertTrue($user->groups->contains($groupB));
}
}