DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-21 03:15:45 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #14775 from snipe/bug/sc-25676/groups_api

Browse source 
Fixed #14771: improvements to groups API
This commit is contained in:
snipe 2024-05-28 15:33:36 +01:00 committed by GitHub
parent 206238e83f 03b5c2e246
commit 7d2af61989
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 50 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/Helpers/Helper.php
View file

@ -875,12 +875,15 @@ class Helper
$permission_name = $permission[$x]['permission']; $permission_name = $permission[$x]['permission'];
if ($permission[$x]['display'] === true) { if ($permission[$x]['display'] === true) {
if ($selected_arr) {
if (is_array($selected_arr)) {
if (array_key_exists($permission_name, $selected_arr)) { if (array_key_exists($permission_name, $selected_arr)) {
$permissions_arr[$permission_name] = $selected_arr[$permission_name]; $permissions_arr[$permission_name] = $selected_arr[$permission_name];
} else { } else {
$permissions_arr[$permission_name] = '0'; $permissions_arr[$permission_name] = '0';
} }
} else { } else {
$permissions_arr[$permission_name] = '0'; $permissions_arr[$permission_name] = '0';
} }

10
app/Http/Controllers/Api/GroupsController.php
View file

@ -62,13 +62,16 @@ class GroupsController extends Controller
{ {
$this->authorize('superadmin'); $this->authorize('superadmin');
$group = new Group; $group = new Group;
// Get all the available permissions
$permissions = config('permissions');
$groupPermissions = Helper::selectedPermissionsArray($permissions, $permissions);
$group->name = $request->input('name'); $group->name = $request->input('name');
$group->created_by = Auth::user()->id; $group->created_by = Auth::user()->id;
$group->permissions = json_encode($request->input('permissions')); // Todo - some JSON validation stuff here $group->permissions = $request->input('permissions', $groupPermissions);
if ($group->save()) { if ($group->save()) {
return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success'))); return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.create')));
} }
return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors())); return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
@ -86,7 +89,6 @@ class GroupsController extends Controller
{ {
$this->authorize('superadmin'); $this->authorize('superadmin');
$group = Group::findOrFail($id); $group = Group::findOrFail($id);
return (new GroupsTransformer)->transformGroup($group); return (new GroupsTransformer)->transformGroup($group);
} }
@ -108,7 +110,7 @@ class GroupsController extends Controller
$group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
if ($group->save()) { if ($group->save()) {
return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success'))); return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.update')));
} }
return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors())); return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));

2
app/Models/Group.php
View file

@ -13,7 +13,7 @@ class Group extends SnipeModel
protected $table = 'permission_groups'; protected $table = 'permission_groups';
public $rules = [ public $rules = [
'name' => 'required|min:2|max:255', 'name' => 'required|min:2|max:255|unique',
]; ];
protected $fillable = [ protected $fillable = [

40
tests/Feature/Api/Groups/GroupStoreTest.php
View file

@ -15,7 +15,7 @@ class GroupStoreTest extends TestCase
->assertForbidden(); ->assertForbidden();
} }
public function testCanStoreGroup() public function testCanStoreGroupWithPermissionsPassed()
{ {
$this->actingAsForApi(User::factory()->superuser()->create()) $this->actingAsForApi(User::factory()->superuser()->create())
->postJson(route('api.groups.store'), [ ->postJson(route('api.groups.store'), [
@ -35,4 +35,42 @@ class GroupStoreTest extends TestCase
$this->assertEquals('1', $group->decodePermissions()['import']); $this->assertEquals('1', $group->decodePermissions()['import']);
$this->assertEquals('0', $group->decodePermissions()['reports.view']); $this->assertEquals('0', $group->decodePermissions()['reports.view']);
} }
public function testStoringGroupWithoutPermissionPassed()
{
$superuser = User::factory()->superuser()->create();
$this->actingAsForApi($superuser)
->postJson(route('api.groups.store'), [
'name' => 'My Awesome Group'
])
->assertOk();
$group = Group::where('name', 'My Awesome Group')->first();
$this->assertNotNull($group);
$this->actingAsForApi($superuser)
->getJson(route('api.groups.show', ['group' => $group]))
->assertOk();
}
public function testStoringGroupWithInvalidPermissionDropsBadPermission()
{
$this->actingAsForApi(User::factory()->superuser()->create())
->postJson(route('api.groups.store'), [
'name' => 'My Awesome Group',
'permissions' => [
'admin' => '1',
'snipe_is_awesome' => '1',
],
])
->assertOk();
$group = Group::where('name', 'My Awesome Group')->first();
$this->assertNotNull($group);
$this->assertEquals('1', $group->decodePermissions()['admin']);
$this->assertNotContains('snipe_is_awesome', $group->decodePermissions());
}
} }