From 870612be1c968e52909029c5f9f3ac13525bd982 Mon Sep 17 00:00:00 2001 From: Brady Wetherington Date: Tue, 16 Apr 2024 15:34:28 +0100 Subject: [PATCH] Break 'update' API statements into its own test file. Split tests up --- tests/Feature/Api/Assets/AssetUpdateTest.php | 59 ++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 tests/Feature/Api/Assets/AssetUpdateTest.php diff --git a/tests/Feature/Api/Assets/AssetUpdateTest.php b/tests/Feature/Api/Assets/AssetUpdateTest.php new file mode 100644 index 0000000000..758417fb41 --- /dev/null +++ b/tests/Feature/Api/Assets/AssetUpdateTest.php @@ -0,0 +1,59 @@ +testEncrypted()->create(); + $asset = Asset::factory()->hasEncryptedCustomField()->create(); + $superuser = User::factory()->superuser()->create(); + + //first, test that an Admin user can save the encrypted custom field + $response = $this->actingAsForApi($superuser) + ->patchJson(route('api.assets.update', $asset->id), [ + $field->db_column_name() => 'This is encrypted field' + ]) + ->assertStatusMessageIs('success') + ->assertOk() + ->json(); + $asset->refresh(); + $this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), 'This is encrypted field'); + } + + public function testPermissionNeededToUpdateEncryptedField() + { + $field = CustomField::factory()->testEncrypted()->create(); + $asset = Asset::factory()->hasEncryptedCustomField()->create(); + $normal_user = User::factory()->editAssets()->create(); + + $asset->{$field->db_column_name()} = \Crypt::encrypt("encrypted value should not change"); + $asset->save(); //is this needed? + + //test that a 'normal' user *cannot* change the encrypted custom field + $response = $this->actingAsForApi($normal_user) + ->patchJson(route('api.assets.update', $asset->id), [ + $field->db_column_name() => 'Some Other Value Entirely!' + ]) + ->assertStatusMessageIs('success') + ->assertOk() + ->assertMessagesAre('Asset updated successfully, but encrypted custom fields were not due to permissions') + ->json(); + $asset->refresh(); + $this->assertEquals(\Crypt::decrypt($asset->{$field->db_column_name()}), "encrypted value should not change"); + + } +}