mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-23 12:44:12 -08:00
Guard against non-integers being passed for company_id
This commit is contained in:
parent
eaf6d56253
commit
423b636db9
|
@ -20,9 +20,16 @@ class StoreAssetRequest extends ImageUploadRequest
|
|||
|
||||
public function prepareForValidation(): void
|
||||
{
|
||||
// Guard against users passing in an array for company_id instead of an integer.
|
||||
// If the company_id is not an integer then we simply use what was
|
||||
// provided to be caught by model level validation later.
|
||||
$idForCurrentUser = is_int($this->company_id)
|
||||
? Company::getIdForCurrentUser($this->company_id)
|
||||
: $this->company_id;
|
||||
|
||||
$this->merge([
|
||||
'asset_tag' => $this->asset_tag ?? Asset::autoincrement_asset(),
|
||||
'company_id' => Company::getIdForCurrentUser($this->company_id),
|
||||
'company_id' => $idForCurrentUser,
|
||||
'assigned_to' => $assigned_to ?? null,
|
||||
]);
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@ use App\Models\Statuslabel;
|
|||
use App\Models\Supplier;
|
||||
use App\Models\User;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Testing\Fluent\AssertableJson;
|
||||
use Tests\Support\InteractsWithSettings;
|
||||
use Tests\TestCase;
|
||||
|
||||
|
@ -425,4 +426,16 @@ class AssetStoreTest extends TestCase
|
|||
// I think this makes sense, but open to a sanity check
|
||||
$this->assertTrue($asset->assignedAssets()->find($response['payload']['id'])->is($apiAsset));
|
||||
}
|
||||
|
||||
public function testCompanyIdNeedsToBeInteger()
|
||||
{
|
||||
$this->actingAsForApi(User::factory()->createAssets()->create())
|
||||
->postJson(route('api.assets.store'), [
|
||||
'company_id' => [1],
|
||||
])
|
||||
->assertStatusMessageIs('error')
|
||||
->assertJson(function (AssertableJson $json) {
|
||||
$json->has('messages.company_id')->etc();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue