Require int for department and company ids when creating user via api

2025-03-05 20:52:15 -08:00 · 2025-03-05 11:32:04 -08:00 · 2025-03-05 11:32:04 -08:00 · 695c9d070f
parent c9f55bfd94
commit 695c9d070f
2 changed files with 50 additions and 2 deletions
--- a/app/Http/Requests/SaveUserRequest.php
+++ b/app/Http/Requests/SaveUserRequest.php
@ -33,9 +33,9 @@ class SaveUserRequest extends FormRequest
    public function rules()
    {
        $rules = [
-            'department_id' => 'nullable|exists:departments,id',
+            'department_id' => 'nullable|integer|exists:departments,id',
            'manager_id' => 'nullable|exists:users,id',
-            'company_id' => ['nullable','exists:companies,id']
+            'company_id' => ['nullable', 'integer', 'exists:companies,id']
        ];

        switch ($this->method()) {
--- a/tests/Feature/Users/Api/StoreUsersTest.php
+++ b/tests/Feature/Users/Api/StoreUsersTest.php
@ -0,0 +1,48 @@
+<?php
+
+namespace Tests\Feature\Users\Api;
+
+use App\Models\Company;
+use App\Models\Department;
+use App\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Tests\TestCase;
+
+class StoreUsersTest extends TestCase
+{
+    public function testCompanyIdNeedsToBeInteger()
+    {
+        $company = Company::factory()->create();
+
+        $this->actingAsForApi(User::factory()->createUsers()->create())
+            ->postJson(route('api.users.store'), [
+                'company_id' => [$company->id],
+                'first_name' => 'Joe',
+                'username' => 'joe',
+                'password' => 'joe_password',
+                'password_confirmation' => 'joe_password',
+            ])
+            ->assertStatusMessageIs('error')
+            ->assertJson(function (AssertableJson $json) {
+                $json->has('messages.company_id')->etc();
+            });
+    }
+
+    public function testDepartmentIdNeedsToBeInteger()
+    {
+        $department = Department::factory()->create();
+
+        $this->actingAsForApi(User::factory()->createUsers()->create())
+            ->postJson(route('api.users.store'), [
+                'department_id' => [$department->id],
+                'first_name' => 'Joe',
+                'username' => 'joe',
+                'password' => 'joe_password',
+                'password_confirmation' => 'joe_password',
+            ])
+            ->assertStatusMessageIs('error')
+            ->assertJson(function (AssertableJson $json) {
+                $json->has('messages.department_id')->etc();
+            });
+    }
+}