Merge pull request #15912 from marcusmoore/bug/harden-checkout-validation-v2

Harden asset checkout validation
This commit is contained in:
snipe 2024-12-19 22:42:06 +00:00 committed by GitHub
commit 1434522149
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 14 additions and 7 deletions

View file

@ -24,9 +24,9 @@ class AssetCheckoutRequest extends Request
$settings = \App\Models\Setting::getSettings();
$rules = [
'assigned_user' => 'required_without_all:assigned_asset,assigned_location',
'assigned_asset' => 'required_without_all:assigned_user,assigned_location',
'assigned_location' => 'required_without_all:assigned_user,assigned_asset',
'assigned_user' => 'numeric|nullable|required_without_all:assigned_asset,assigned_location',
'assigned_asset' => 'numeric|nullable|required_without_all:assigned_user,assigned_location',
'assigned_location' => 'numeric|nullable|required_without_all:assigned_user,assigned_asset',
'status_id' => 'exists:status_labels,id,deployable,1',
'checkout_to_type' => 'required|in:asset,location,user',
'checkout_at' => [

View file

@ -183,16 +183,23 @@ class AssetCheckoutTest extends TestCase
$asset = Asset::factory()->create();
$admin = User::factory()->checkoutAssets()->create();
$defaultFieldsAlwaysIncludedInUIFormSubmission = [
'assigned_user' => null,
'assigned_asset' => null,
'assigned_location' => null,
];
$this->actingAs($admin)
->post(route('hardware.checkout.store', $asset), [
->post(route('hardware.checkout.store', $asset), array_merge($defaultFieldsAlwaysIncludedInUIFormSubmission, [
'checkout_to_type' => $type,
'assigned_' . $type => $target->id,
// overwrite the value from the default fields set above
'assigned_' . $type => (string) $target->id,
'name' => 'Changed Name',
'status_id' => $newStatus->id,
'status_id' => (string) $newStatus->id,
'checkout_at' => '2024-03-18',
'expected_checkin' => '2024-03-28',
'note' => 'An awesome note',
]);
]));
$asset->refresh();
$this->assertTrue($asset->assignedTo()->is($target));