mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-25 20:51:30 -08:00
Break 'update' API statements into its own test file. Split tests up
This commit is contained in:
parent
266424ff0e
commit
870612be1c
59
tests/Feature/Api/Assets/AssetUpdateTest.php
Normal file
59
tests/Feature/Api/Assets/AssetUpdateTest.php
Normal file
|
@ -0,0 +1,59 @@
|
|||
<?php
|
||||
|
||||
namespace Tests\Feature\Api\Assets;
|
||||
|
||||
use App\Models\Asset;
|
||||
use App\Models\AssetModel;
|
||||
use App\Models\Company;
|
||||
use App\Models\CustomField;
|
||||
use App\Models\CustomFieldset;
|
||||
use App\Models\Location;
|
||||
use App\Models\Statuslabel;
|
||||
use App\Models\Supplier;
|
||||
use App\Models\User;
|
||||
use Illuminate\Testing\Fluent\AssertableJson;
|
||||
use Tests\TestCase;
|
||||
|
||||
class AssetUpdateTest extends TestCase
|
||||
{
|
||||
public function testEncryptedCustomFieldCanBeUpdated()
|
||||
{
|
||||
$field = CustomField::factory()->testEncrypted()->create();
|
||||
$asset = Asset::factory()->hasEncryptedCustomField()->create();
|
||||
$superuser = User::factory()->superuser()->create();
|
||||
|
||||
//first, test that an Admin user can save the encrypted custom field
|
||||
$response = $this->actingAsForApi($superuser)
|
||||
->patchJson(route('api.assets.update', $asset->id), [
|
||||
$field->db_column_name() => 'This is encrypted field'
|
||||
])
|
||||
->assertStatusMessageIs('success')
|
||||
->assertOk()
|
||||
->json();
|
||||
$asset->refresh();
|
||||
$this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), 'This is encrypted field');
|
||||
}
|
||||
|
||||
public function testPermissionNeededToUpdateEncryptedField()
|
||||
{
|
||||
$field = CustomField::factory()->testEncrypted()->create();
|
||||
$asset = Asset::factory()->hasEncryptedCustomField()->create();
|
||||
$normal_user = User::factory()->editAssets()->create();
|
||||
|
||||
$asset->{$field->db_column_name()} = \Crypt::encrypt("encrypted value should not change");
|
||||
$asset->save(); //is this needed?
|
||||
|
||||
//test that a 'normal' user *cannot* change the encrypted custom field
|
||||
$response = $this->actingAsForApi($normal_user)
|
||||
->patchJson(route('api.assets.update', $asset->id), [
|
||||
$field->db_column_name() => 'Some Other Value Entirely!'
|
||||
])
|
||||
->assertStatusMessageIs('success')
|
||||
->assertOk()
|
||||
->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions')
|
||||
->json();
|
||||
$asset->refresh();
|
||||
$this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), "encrypted value should not change");
|
||||
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue