mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 05:04:07 -08:00
Guard against non-integers being passed for company_id
This commit is contained in:
parent
eaf6d56253
commit
423b636db9
|
@ -20,9 +20,16 @@ class StoreAssetRequest extends ImageUploadRequest
|
||||||
|
|
||||||
public function prepareForValidation(): void
|
public function prepareForValidation(): void
|
||||||
{
|
{
|
||||||
|
// Guard against users passing in an array for company_id instead of an integer.
|
||||||
|
// If the company_id is not an integer then we simply use what was
|
||||||
|
// provided to be caught by model level validation later.
|
||||||
|
$idForCurrentUser = is_int($this->company_id)
|
||||||
|
? Company::getIdForCurrentUser($this->company_id)
|
||||||
|
: $this->company_id;
|
||||||
|
|
||||||
$this->merge([
|
$this->merge([
|
||||||
'asset_tag' => $this->asset_tag ?? Asset::autoincrement_asset(),
|
'asset_tag' => $this->asset_tag ?? Asset::autoincrement_asset(),
|
||||||
'company_id' => Company::getIdForCurrentUser($this->company_id),
|
'company_id' => $idForCurrentUser,
|
||||||
'assigned_to' => $assigned_to ?? null,
|
'assigned_to' => $assigned_to ?? null,
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,7 @@ use App\Models\Statuslabel;
|
||||||
use App\Models\Supplier;
|
use App\Models\Supplier;
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
use Carbon\Carbon;
|
use Carbon\Carbon;
|
||||||
|
use Illuminate\Testing\Fluent\AssertableJson;
|
||||||
use Tests\Support\InteractsWithSettings;
|
use Tests\Support\InteractsWithSettings;
|
||||||
use Tests\TestCase;
|
use Tests\TestCase;
|
||||||
|
|
||||||
|
@ -425,4 +426,16 @@ class AssetStoreTest extends TestCase
|
||||||
// I think this makes sense, but open to a sanity check
|
// I think this makes sense, but open to a sanity check
|
||||||
$this->assertTrue($asset->assignedAssets()->find($response['payload']['id'])->is($apiAsset));
|
$this->assertTrue($asset->assignedAssets()->find($response['payload']['id'])->is($apiAsset));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testCompanyIdNeedsToBeInteger()
|
||||||
|
{
|
||||||
|
$this->actingAsForApi(User::factory()->createAssets()->create())
|
||||||
|
->postJson(route('api.assets.store'), [
|
||||||
|
'company_id' => [1],
|
||||||
|
])
|
||||||
|
->assertStatusMessageIs('error')
|
||||||
|
->assertJson(function (AssertableJson $json) {
|
||||||
|
$json->has('messages.company_id')->etc();
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue