From 695c9d070f938d8ee8ccadaa0a46fb0f67b9f09f Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Wed, 5 Mar 2025 11:32:04 -0800
Subject: [PATCH] Require int for department and company ids when creating user
 via api

---
 app/Http/Requests/SaveUserRequest.php      |  4 +-
 tests/Feature/Users/Api/StoreUsersTest.php | 48 ++++++++++++++++++++++
 2 files changed, 50 insertions(+), 2 deletions(-)
 create mode 100644 tests/Feature/Users/Api/StoreUsersTest.php

diff --git a/app/Http/Requests/SaveUserRequest.php b/app/Http/Requests/SaveUserRequest.php
index 5a47362cfc..4051e98043 100644
--- a/app/Http/Requests/SaveUserRequest.php
+++ b/app/Http/Requests/SaveUserRequest.php
@@ -33,9 +33,9 @@ class SaveUserRequest extends FormRequest
     public function rules()
     {
         $rules = [
-            'department_id' => 'nullable|exists:departments,id',
+            'department_id' => 'nullable|integer|exists:departments,id',
             'manager_id' => 'nullable|exists:users,id',
-            'company_id' => ['nullable','exists:companies,id']
+            'company_id' => ['nullable', 'integer', 'exists:companies,id']
         ];
 
         switch ($this->method()) {
diff --git a/tests/Feature/Users/Api/StoreUsersTest.php b/tests/Feature/Users/Api/StoreUsersTest.php
new file mode 100644
index 0000000000..f5065c574a
--- /dev/null
+++ b/tests/Feature/Users/Api/StoreUsersTest.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Tests\Feature\Users\Api;
+
+use App\Models\Company;
+use App\Models\Department;
+use App\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Tests\TestCase;
+
+class StoreUsersTest extends TestCase
+{
+    public function testCompanyIdNeedsToBeInteger()
+    {
+        $company = Company::factory()->create();
+
+        $this->actingAsForApi(User::factory()->createUsers()->create())
+            ->postJson(route('api.users.store'), [
+                'company_id' => [$company->id],
+                'first_name' => 'Joe',
+                'username' => 'joe',
+                'password' => 'joe_password',
+                'password_confirmation' => 'joe_password',
+            ])
+            ->assertStatusMessageIs('error')
+            ->assertJson(function (AssertableJson $json) {
+                $json->has('messages.company_id')->etc();
+            });
+    }
+
+    public function testDepartmentIdNeedsToBeInteger()
+    {
+        $department = Department::factory()->create();
+
+        $this->actingAsForApi(User::factory()->createUsers()->create())
+            ->postJson(route('api.users.store'), [
+                'department_id' => [$department->id],
+                'first_name' => 'Joe',
+                'username' => 'joe',
+                'password' => 'joe_password',
+                'password_confirmation' => 'joe_password',
+            ])
+            ->assertStatusMessageIs('error')
+            ->assertJson(function (AssertableJson $json) {
+                $json->has('messages.department_id')->etc();
+            });
+    }
+}