mirror of
https://github.com/snipe/snipe-it.git
synced 2025-02-21 03:15:45 -08:00
Merge pull request #14775 from snipe/bug/sc-25676/groups_api
Fixed #14771: improvements to groups API
This commit is contained in:
snipe
GitHub
commit
7d2af61989
|
|
@ -875,12 +875,15 @@ class Helper
|
|||
$permission_name = $permission[$x]['permission'];
|
||||
|
||||
if ($permission[$x]['display'] === true) {
|
||||
if ($selected_arr) {
|
||||
|
||||
if (is_array($selected_arr)) {
|
||||
|
||||
if (array_key_exists($permission_name, $selected_arr)) {
|
||||
$permissions_arr[$permission_name] = $selected_arr[$permission_name];
|
||||
} else {
|
||||
$permissions_arr[$permission_name] = '0';
|
||||
}
|
||||
|
||||
} else {
|
||||
$permissions_arr[$permission_name] = '0';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,13 +62,16 @@ class GroupsController extends Controller
|
|||
{
|
||||
$this->authorize('superadmin');
|
||||
$group = new Group;
|
||||
// Get all the available permissions
|
||||
$permissions = config('permissions');
|
||||
$groupPermissions = Helper::selectedPermissionsArray($permissions, $permissions);
|
||||
|
||||
$group->name = $request->input('name');
|
||||
$group->created_by = Auth::user()->id;
|
||||
$group->permissions = json_encode($request->input('permissions')); // Todo - some JSON validation stuff here
|
||||
$group->permissions = $request->input('permissions', $groupPermissions);
|
||||
|
||||
if ($group->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.create')));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
|
||||
|
|
@ -86,7 +89,6 @@ class GroupsController extends Controller
|
|||
{
|
||||
$this->authorize('superadmin');
|
||||
$group = Group::findOrFail($id);
|
||||
|
||||
return (new GroupsTransformer)->transformGroup($group);
|
||||
}
|
||||
|
||||
|
|
@ -108,7 +110,7 @@ class GroupsController extends Controller
|
|||
$group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
|
||||
|
||||
if ($group->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success')));
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.update')));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ class Group extends SnipeModel
|
|||
protected $table = 'permission_groups';
|
||||
|
||||
public $rules = [
|
||||
'name' => 'required|min:2|max:255',
|
||||
'name' => 'required|min:2|max:255|unique',
|
||||
];
|
||||
|
||||
protected $fillable = [
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ class GroupStoreTest extends TestCase
|
|||
->assertForbidden();
|
||||
}
|
||||
|
||||
public function testCanStoreGroup()
|
||||
public function testCanStoreGroupWithPermissionsPassed()
|
||||
{
|
||||
$this->actingAsForApi(User::factory()->superuser()->create())
|
||||
->postJson(route('api.groups.store'), [
|
||||
|
|
@ -35,4 +35,42 @@ class GroupStoreTest extends TestCase
|
|||
$this->assertEquals('1', $group->decodePermissions()['import']);
|
||||
$this->assertEquals('0', $group->decodePermissions()['reports.view']);
|
||||
}
|
||||
|
||||
public function testStoringGroupWithoutPermissionPassed()
|
||||
{
|
||||
$superuser = User::factory()->superuser()->create();
|
||||
$this->actingAsForApi($superuser)
|
||||
->postJson(route('api.groups.store'), [
|
||||
'name' => 'My Awesome Group'
|
||||
])
|
||||
->assertOk();
|
||||
|
||||
$group = Group::where('name', 'My Awesome Group')->first();
|
||||
|
||||
$this->assertNotNull($group);
|
||||
|
||||
$this->actingAsForApi($superuser)
|
||||
->getJson(route('api.groups.show', ['group' => $group]))
|
||||
->assertOk();
|
||||
|
||||
}
|
||||
|
||||
public function testStoringGroupWithInvalidPermissionDropsBadPermission()
|
||||
{
|
||||
$this->actingAsForApi(User::factory()->superuser()->create())
|
||||
->postJson(route('api.groups.store'), [
|
||||
'name' => 'My Awesome Group',
|
||||
'permissions' => [
|
||||
'admin' => '1',
|
||||
'snipe_is_awesome' => '1',
|
||||
],
|
||||
])
|
||||
->assertOk();
|
||||
|
||||
$group = Group::where('name', 'My Awesome Group')->first();
|
||||
$this->assertNotNull($group);
|
||||
$this->assertEquals('1', $group->decodePermissions()['admin']);
|
||||
$this->assertNotContains('snipe_is_awesome', $group->decodePermissions());
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue