From 92eb6eb1b68d50d805d353092e6222c2239c4cb5 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 28 May 2024 15:09:31 +0100 Subject: [PATCH 1/5] Add unique constraint to name Signed-off-by: snipe --- app/Models/Group.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Models/Group.php b/app/Models/Group.php index 5e0db1c91e..c6e6e56039 100755 --- a/app/Models/Group.php +++ b/app/Models/Group.php @@ -13,7 +13,7 @@ class Group extends SnipeModel protected $table = 'permission_groups'; public $rules = [ - 'name' => 'required|min:2|max:255', + 'name' => 'required|min:2|max:255|unique', ]; protected $fillable = [ From 6b41970e976d8a71de6885db7daf3b708e69b4fd Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 28 May 2024 15:15:31 +0100 Subject: [PATCH 2/5] Check that selected is an array Signed-off-by: snipe --- app/Helpers/Helper.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/app/Helpers/Helper.php b/app/Helpers/Helper.php index e3f2b036e0..a753f0fd6c 100644 --- a/app/Helpers/Helper.php +++ b/app/Helpers/Helper.php @@ -875,13 +875,19 @@ class Helper $permission_name = $permission[$x]['permission']; if ($permission[$x]['display'] === true) { - if ($selected_arr) { + + if (is_array($selected_arr)) { + \Log::debug('$selected_arr is an array'); + if (array_key_exists($permission_name, $selected_arr)) { + \Log::debug($permission_name. ' exists in $selected_arr'); $permissions_arr[$permission_name] = $selected_arr[$permission_name]; } else { $permissions_arr[$permission_name] = '0'; } + } else { + \Log::debug('$selected_arr is NOT array'); $permissions_arr[$permission_name] = '0'; } } From 3df2a4a70bbc21d4ba4341723d26e662823cd120 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 28 May 2024 15:16:44 +0100 Subject: [PATCH 3/5] Removed debugging Signed-off-by: snipe --- app/Helpers/Helper.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/Helpers/Helper.php b/app/Helpers/Helper.php index a753f0fd6c..397c6b55e4 100644 --- a/app/Helpers/Helper.php +++ b/app/Helpers/Helper.php @@ -877,17 +877,14 @@ class Helper if ($permission[$x]['display'] === true) { if (is_array($selected_arr)) { - \Log::debug('$selected_arr is an array'); if (array_key_exists($permission_name, $selected_arr)) { - \Log::debug($permission_name. ' exists in $selected_arr'); $permissions_arr[$permission_name] = $selected_arr[$permission_name]; } else { $permissions_arr[$permission_name] = '0'; } } else { - \Log::debug('$selected_arr is NOT array'); $permissions_arr[$permission_name] = '0'; } } From 33d5d5e24f9cd31f77477d65bdbc0ebaacf6109b Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 28 May 2024 15:21:13 +0100 Subject: [PATCH 4/5] Added tests Signed-off-by: snipe --- tests/Feature/Api/Groups/GroupStoreTest.php | 40 ++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/tests/Feature/Api/Groups/GroupStoreTest.php b/tests/Feature/Api/Groups/GroupStoreTest.php index 31a69fb469..65d673e7b0 100644 --- a/tests/Feature/Api/Groups/GroupStoreTest.php +++ b/tests/Feature/Api/Groups/GroupStoreTest.php @@ -15,7 +15,7 @@ class GroupStoreTest extends TestCase ->assertForbidden(); } - public function testCanStoreGroup() + public function testCanStoreGroupWithPermissionsPassed() { $this->actingAsForApi(User::factory()->superuser()->create()) ->postJson(route('api.groups.store'), [ @@ -35,4 +35,42 @@ class GroupStoreTest extends TestCase $this->assertEquals('1', $group->decodePermissions()['import']); $this->assertEquals('0', $group->decodePermissions()['reports.view']); } + + public function testStoringGroupWithoutPermissionPassed() + { + $superuser = User::factory()->superuser()->create(); + $this->actingAsForApi($superuser) + ->postJson(route('api.groups.store'), [ + 'name' => 'My Awesome Group' + ]) + ->assertOk(); + + $group = Group::where('name', 'My Awesome Group')->first(); + + $this->assertNotNull($group); + + $this->actingAsForApi($superuser) + ->getJson(route('api.groups.show', ['group' => $group])) + ->assertOk(); + + } + + public function testStoringGroupWithInvalidPermissionDropsBadPermission() + { + $this->actingAsForApi(User::factory()->superuser()->create()) + ->postJson(route('api.groups.store'), [ + 'name' => 'My Awesome Group', + 'permissions' => [ + 'admin' => '1', + 'snipe_is_awesome' => '1', + ], + ]) + ->assertOk(); + + $group = Group::where('name', 'My Awesome Group')->first(); + $this->assertNotNull($group); + $this->assertEquals('1', $group->decodePermissions()['admin']); + $this->assertNotContains('snipe_is_awesome', $group->decodePermissions()); + + } } From 03b5c2e246099a57fe170926b2c281bfe2252a00 Mon Sep 17 00:00:00 2001 From: snipe Date: Tue, 28 May 2024 15:21:28 +0100 Subject: [PATCH 5/5] Fixed bad translation string Signed-off-by: snipe --- app/Http/Controllers/Api/GroupsController.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/Api/GroupsController.php b/app/Http/Controllers/Api/GroupsController.php index 5a441e41ce..f76d23b3ae 100644 --- a/app/Http/Controllers/Api/GroupsController.php +++ b/app/Http/Controllers/Api/GroupsController.php @@ -62,13 +62,16 @@ class GroupsController extends Controller { $this->authorize('superadmin'); $group = new Group; + // Get all the available permissions + $permissions = config('permissions'); + $groupPermissions = Helper::selectedPermissionsArray($permissions, $permissions); $group->name = $request->input('name'); $group->created_by = Auth::user()->id; - $group->permissions = json_encode($request->input('permissions')); // Todo - some JSON validation stuff here + $group->permissions = $request->input('permissions', $groupPermissions); if ($group->save()) { - return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success'))); + return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.create'))); } return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors())); @@ -86,7 +89,6 @@ class GroupsController extends Controller { $this->authorize('superadmin'); $group = Group::findOrFail($id); - return (new GroupsTransformer)->transformGroup($group); } @@ -108,7 +110,7 @@ class GroupsController extends Controller $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here if ($group->save()) { - return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success'))); + return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.update'))); } return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));