DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #16432 from marcusmoore/bug/sc-24475
Some checks are pending
Crowdin Action / upload-sources-to-crowdin (push) Waiting to run
Details
Docker images (Alpine) / docker (push) Waiting to run
Details
Docker images / docker (push) Waiting to run
Details
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Waiting to run
Details
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Details
Tests in MySQL / PHP ${{ matrix.php-version }} (8.4) (push) Waiting to run
Details
Tests in SQLite / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Details

Browse source 
Added validation around user store endpoint
This commit is contained in:
snipe 2025-03-05 20:16:30 +00:00 committed by GitHub
parent c9f55bfd94 25395e9af1
commit 64f49afce1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 80 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/Http/Requests/SaveUserRequest.php
View file

@ -33,9 +33,9 @@ class SaveUserRequest extends FormRequest
public function rules() public function rules()
{ {
$rules = [ $rules = [
'department_id' => 'nullable|exists:departments,id', 'department_id' => 'nullable|integer|exists:departments,id',
'manager_id' => 'nullable|exists:users,id', 'manager_id' => 'nullable|exists:users,id',
'company_id' => ['nullable','exists:companies,id'] 'company_id' => ['nullable', 'integer', 'exists:companies,id']
]; ];
switch ($this->method()) { switch ($this->method()) {

78
tests/Feature/Users/Api/StoreUsersTest.php Normal file
View file

@ -0,0 +1,78 @@
<?php
namespace Tests\Feature\Users\Api;
use App\Models\Company;
use App\Models\Department;
use App\Models\User;
use Illuminate\Testing\Fluent\AssertableJson;
use Tests\TestCase;
class StoreUsersTest extends TestCase
{
public function testRequiresPermission()
{
$this->actingAsForApi(User::factory()->create())
->postJson(route('api.users.store'), [
'first_name' => 'Joe',
'username' => 'joe',
'password' => 'joe_password',
'password_confirmation' => 'joe_password',
])
->assertForbidden();
}
public function testCompanyIdNeedsToBeInteger()
{
$company = Company::factory()->create();
$this->actingAsForApi(User::factory()->createUsers()->create())
->postJson(route('api.users.store'), [
'company_id' => [$company->id],
'first_name' => 'Joe',
'username' => 'joe',
'password' => 'joe_password',
'password_confirmation' => 'joe_password',
])
->assertStatusMessageIs('error')
->assertJson(function (AssertableJson $json) {
$json->has('messages.company_id')->etc();
});
}
public function testDepartmentIdNeedsToBeInteger()
{
$department = Department::factory()->create();
$this->actingAsForApi(User::factory()->createUsers()->create())
->postJson(route('api.users.store'), [
'department_id' => [$department->id],
'first_name' => 'Joe',
'username' => 'joe',
'password' => 'joe_password',
'password_confirmation' => 'joe_password',
])
->assertStatusMessageIs('error')
->assertJson(function (AssertableJson $json) {
$json->has('messages.department_id')->etc();
});
}
public function testCanStoreUser()
{
$this->actingAsForApi(User::factory()->createUsers()->create())
->postJson(route('api.users.store'), [
'first_name' => 'Darth',
'username' => 'darthvader',
'password' => 'darth_password',
'password_confirmation' => 'darth_password',
])
->assertStatusMessageIs('success')
->assertOk();
$this->assertDatabaseHas('users', [
'first_name' => 'Darth',
'username' => 'darthvader',
]);
}
}