DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #15912 from marcusmoore/bug/harden-checkout-validation-v2

Browse source 
Harden asset checkout validation
This commit is contained in:
snipe 2024-12-19 22:42:06 +00:00 committed by GitHub
parent 23af5fb06e 1d0d14876c
commit 1434522149
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Requests/AssetCheckoutRequest.php
View file

@ -24,9 +24,9 @@ class AssetCheckoutRequest extends Request
$settings = \App\Models\Setting::getSettings();
$rules = [
'assigned_user' => 'required_without_all:assigned_asset,assigned_location',
'assigned_asset' => 'required_without_all:assigned_user,assigned_location',
'assigned_location' => 'required_without_all:assigned_user,assigned_asset',
'assigned_user' => 'numeric|nullable|required_without_all:assigned_asset,assigned_location',
'assigned_asset' => 'numeric|nullable|required_without_all:assigned_user,assigned_location',
'assigned_location' => 'numeric|nullable|required_without_all:assigned_user,assigned_asset',
'status_id' => 'exists:status_labels,id,deployable,1',
'checkout_to_type' => 'required|in:asset,location,user',
'checkout_at' => [

15
tests/Feature/Checkouts/Ui/AssetCheckoutTest.php
View file

@ -183,16 +183,23 @@ class AssetCheckoutTest extends TestCase
$asset = Asset::factory()->create();
$admin = User::factory()->checkoutAssets()->create();
$defaultFieldsAlwaysIncludedInUIFormSubmission = [
'assigned_user' => null,
'assigned_asset' => null,
'assigned_location' => null,
];
$this->actingAs($admin)
->post(route('hardware.checkout.store', $asset), [
->post(route('hardware.checkout.store', $asset), array_merge($defaultFieldsAlwaysIncludedInUIFormSubmission, [
'checkout_to_type' => $type,
'assigned_' . $type => $target->id,
// overwrite the value from the default fields set above
'assigned_' . $type => (string) $target->id,
'name' => 'Changed Name',
'status_id' => $newStatus->id,
'status_id' => (string) $newStatus->id,
'checkout_at' => '2024-03-18',
'expected_checkin' => '2024-03-28',
'note' => 'An awesome note',
]);
]));
$asset->refresh();
$this->assertTrue($asset->assignedTo()->is($target));