From 3cf583ab0305bc286dbf7f09910758030d34b1c7 Mon Sep 17 00:00:00 2001 From: spencerrlongg Date: Tue, 19 Nov 2024 17:45:35 -0600 Subject: [PATCH] Add CustomFieldPermissionException handling --- app/Actions/Assets/UpdateAssetAction.php | 54 ++++++++++++++----- .../CustomFieldPermissionException.php | 10 ++++ app/Http/Controllers/Api/AssetsController.php | 4 +- .../Assets/BulkAssetsController.php | 8 +++ tests/Feature/Assets/Api/UpdateAssetTest.php | 3 +- 5 files changed, 62 insertions(+), 17 deletions(-) create mode 100644 app/Exceptions/CustomFieldPermissionException.php diff --git a/app/Actions/Assets/UpdateAssetAction.php b/app/Actions/Assets/UpdateAssetAction.php index b083b78422..1d02d19ae3 100644 --- a/app/Actions/Assets/UpdateAssetAction.php +++ b/app/Actions/Assets/UpdateAssetAction.php @@ -3,6 +3,7 @@ namespace App\Actions\Assets; use App\Events\CheckoutableCheckedIn; +use App\Exceptions\CustomFieldPermissionException; use App\Http\Requests\ImageUploadRequest; use App\Models\Asset; use App\Models\AssetModel; @@ -20,6 +21,7 @@ class UpdateAssetAction { /** * @throws ValidationException + * @throws CustomFieldPermissionException */ public static function run( Asset $asset, @@ -135,26 +137,50 @@ class UpdateAssetAction // FIXME: No idea why this is returning a Builder error on db_column_name. // Need to investigate and fix. Using static method for now. + //if (($model) && ($model->fieldset)) { + // dump($model->fieldset->fields); + // foreach ($model->fieldset->fields as $field) { + // + // + // if ($field->field_encrypted == '1') { + // if (Gate::allows('assets.view.encrypted_custom_fields')) { + // if (is_array($request->input($field->db_column))) { + // $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column))); + // } else { + // $asset->{$field->db_column} = Crypt::encrypt($request->input($field->db_column)); + // } + // throw new CustomFieldPermissionException(); + // continue; + // } + // } else { + // if (is_array($request->input($field->db_column))) { + // $asset->{$field->db_column} = implode(', ', $request->input($field->db_column)); + // } else { + // $asset->{$field->db_column} = $request->input($field->db_column); + // } + // } + // } + //} $model = $asset->model; - if (($model) && ($model->fieldset)) { - dump($model->fieldset->fields); + if (($model) && (isset($model->fieldset))) { foreach ($model->fieldset->fields as $field) { + $field_val = $request->input($field->db_column, null); - - if ($field->field_encrypted == '1') { - if (Gate::allows('assets.view.encrypted_custom_fields')) { - if (is_array($request->input($field->db_column))) { - $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column))); - } else { - $asset->{$field->db_column} = Crypt::encrypt($request->input($field->db_column)); + if ($request->has($field->db_column)) { + if ($field->element == 'checkbox') { + if (is_array($field_val)) { + $field_val = implode(',', $field_val); } } - } else { - if (is_array($request->input($field->db_column))) { - $asset->{$field->db_column} = implode(', ', $request->input($field->db_column)); - } else { - $asset->{$field->db_column} = $request->input($field->db_column); + if ($field->field_encrypted == '1') { + if (Gate::allows('assets.view.encrypted_custom_fields')) { + $field_val = Crypt::encrypt($field_val); + } else { + throw new CustomFieldPermissionException(); + continue; + } } + $asset->{$field->db_column} = $field_val; } } } diff --git a/app/Exceptions/CustomFieldPermissionException.php b/app/Exceptions/CustomFieldPermissionException.php new file mode 100644 index 0000000000..4425d00cb8 --- /dev/null +++ b/app/Exceptions/CustomFieldPermissionException.php @@ -0,0 +1,10 @@ +validated('assigned_user'), assigned_asset: $request->validated('assigned_asset'), assigned_location: $request->validated('assigned_location'), - custom_fields: $custom_fields, request: $request, //this is just for the handleImages method... last_audit_date: $request->validated('last_audit_date'), ); @@ -657,6 +657,8 @@ class AssetsController extends Controller return response()->json(Helper::formatStandardApiResponse('error', null, $e->getMessage()), 200); } catch (ValidationException $e) { return response()->json(Helper::formatStandardApiResponse('error', null, $e->getErrors()), 200); + } catch (CustomFieldPermissionException $e) { + return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.update.encrypted_warning'))); } catch (\Exception $e) { return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.something_went_wrong'))); } diff --git a/app/Http/Controllers/Assets/BulkAssetsController.php b/app/Http/Controllers/Assets/BulkAssetsController.php index d9849cbf7a..b082905a92 100644 --- a/app/Http/Controllers/Assets/BulkAssetsController.php +++ b/app/Http/Controllers/Assets/BulkAssetsController.php @@ -4,6 +4,7 @@ namespace App\Http\Controllers\Assets; use App\Actions\Assets\StoreAssetAction; use App\Actions\Assets\UpdateAssetAction; +use App\Exceptions\CustomFieldPermissionException; use App\Helpers\Helper; use App\Http\Controllers\CheckInOutRequest; use App\Http\Controllers\Controller; @@ -209,6 +210,7 @@ class BulkAssetsController extends Controller $this->authorize('update', Asset::class); // Get the back url from the session and then destroy the session $bulk_back_url = route('hardware.index'); + $custom_field_problem = false; // is this necessary? if (!$request->filled('ids') || count($request->input('ids')) == 0) { return redirect($bulk_back_url)->with('error', trans('admin/hardware/message.update.no_assets_selected')); @@ -242,6 +244,9 @@ class BulkAssetsController extends Controller // catch exceptions } catch (ValidationException $e) { $errors[$key] = $e->getMessage(); + + } catch (CustomFieldPermissionException $e) { + $custom_field_problem = true; } catch (\Exception $e) { report($e); $errors[$key] = trans('general.something_went_wrong'); @@ -250,6 +255,9 @@ class BulkAssetsController extends Controller if (!empty($errors)) { return redirect($bulk_back_url)->with('bulk_asset_errors', $errors); } + if ($custom_field_problem) { + return redirect($bulk_back_url)->with('error', trans('admin/hardware/message.update.encrypted_warning')); + } return redirect($bulk_back_url)->with('success', trans('bulk.update.success')); } diff --git a/tests/Feature/Assets/Api/UpdateAssetTest.php b/tests/Feature/Assets/Api/UpdateAssetTest.php index 55983d6c15..1cb6879d1e 100644 --- a/tests/Feature/Assets/Api/UpdateAssetTest.php +++ b/tests/Feature/Assets/Api/UpdateAssetTest.php @@ -80,14 +80,13 @@ class UpdateAssetTest extends TestCase ->assertStatusMessageIs('success') ->json(); - dd($response); $updatedAsset = Asset::find($response['payload']['id']); $this->assertEquals('2024-06-02', $updatedAsset->asset_eol_date); $this->assertEquals('random_string', $updatedAsset->asset_tag); $this->assertEquals($userAssigned->id, $updatedAsset->assigned_to); $this->assertTrue($updatedAsset->company->is($company)); - $this->assertTrue($updatedAsset->location->is($location)); + $this->assertTrue($updatedAsset->location->is($location)); //fix all location setting $this->assertTrue($updatedAsset->model->is($model)); $this->assertEquals('A New Asset', $updatedAsset->name); $this->assertEquals('Some notes', $updatedAsset->notes);