From 1f247ff541f696ae3a984cfbc8a77622a10f8a5b Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 19 Oct 2017 15:51:55 -0700 Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20let=20the=20user=20checkout=20a?= =?UTF-8?q?n=20asset=20to=20itself?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (We should consolidate that AssetCheckoutRequest for the API) --- app/Exceptions/CheckoutNotAllowed.php | 2 +- app/Http/Controllers/Api/AssetsController.php | 16 ++++++++++++++-- app/Http/Controllers/AssetsController.php | 2 +- app/Http/Requests/AssetCheckoutRequest.php | 7 +++++-- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/app/Exceptions/CheckoutNotAllowed.php b/app/Exceptions/CheckoutNotAllowed.php index 74c65efb1f..dc80a44f4e 100644 --- a/app/Exceptions/CheckoutNotAllowed.php +++ b/app/Exceptions/CheckoutNotAllowed.php @@ -7,6 +7,6 @@ class CheckoutNotAllowed extends Exception { public function __toString() { - "A checkout is not allowed under these circumstances"; + return "A checkout is not allowed under these circumstances"; } } diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php index 8d1fe7b335..6b005c2bc8 100644 --- a/app/Http/Controllers/Api/AssetsController.php +++ b/app/Http/Controllers/Api/AssetsController.php @@ -457,16 +457,28 @@ class AssetsController extends Controller $this->authorize('checkout', $asset); + $error_payload = []; + $error_payload['asset'] = [ + 'id' => $asset->id, + 'asset_tag' => $asset->asset_tag, + ]; if ($request->has('user_id')) { $target = User::find($request->input('user_id')); + $error_payload['target_id'] = $request->input('user_id'); + $error_payload['target_type'] = User::class; + // Don't let the user check an asset out to itself } elseif ($request->has('asset_id')) { - $target = Asset::find($request->input('asset_id')); + $target = Asset::where('id','!=',$asset_id)->find($request->input('asset_id')); + $error_payload['target_id'] = $request->input('asset_id'); + $error_payload['target_type'] = Asset::class; } elseif ($request->has('location_id')) { $target = Location::find($request->input('location_id')); + $error_payload['target_id'] = $request->input('location_id'); + $error_payload['target_type'] = Location::class; } if (!isset($target)) { - return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], 'No valid checkout target specified for asset '.e($asset->asset_tag).'.')); + return response()->json(Helper::formatStandardApiResponse('error', $error_payload, 'No valid checkout target specified for asset '.e($asset->asset_tag).'.')); } $checkout_at = request('checkout_at', date("Y-m-d H:i:s")); diff --git a/app/Http/Controllers/AssetsController.php b/app/Http/Controllers/AssetsController.php index 0e91949fb2..01fc3d55c2 100755 --- a/app/Http/Controllers/AssetsController.php +++ b/app/Http/Controllers/AssetsController.php @@ -458,7 +458,7 @@ class AssetsController extends Controller if (request('assigned_user')) { $target = User::find(request('assigned_user')); } elseif (request('assigned_asset')) { - $target = Asset::find(request('assigned_asset')); + $target = Asset::where('id','!=',$assetId)->find(request('assigned_asset')); } elseif (request('assigned_location')) { $target = Location::find(request('assigned_location')); } diff --git a/app/Http/Requests/AssetCheckoutRequest.php b/app/Http/Requests/AssetCheckoutRequest.php index 7c341b3028..d0991b308d 100644 --- a/app/Http/Requests/AssetCheckoutRequest.php +++ b/app/Http/Requests/AssetCheckoutRequest.php @@ -23,10 +23,13 @@ class AssetCheckoutRequest extends Request */ public function rules() { - return [ + $rules = [ "assigned_user" => 'required_without_all:assigned_asset,assigned_location', - "assigned_asset" => 'required_without_all:assigned_user,assigned_location', + "assigned_asset" => 'required_without_all:assigned_user,assigned_location|different:'.$this->id, "assigned_location" => 'required_without_all:assigned_user,assigned_asset', ]; + + + return $rules; } }