Validate group data

Signed-off-by: snipe <snipe@snipe.net>

app/Http/Requests/SaveUserRequest.php

@@ -7,6 +7,7 @@ use Illuminate\Contracts\Validation\Validator;
 use Illuminate\Foundation\Http\FormRequest;
 use Illuminate\Http\Exceptions\HttpResponseException;
 use App\Rules\UserCannotSwitchCompaniesIfItemsAssigned;
+use Illuminate\Support\Facades\Gate;
 
 class SaveUserRequest extends FormRequest
 {
@@ -17,7 +18,7 @@ class SaveUserRequest extends FormRequest
      */
     public function authorize()
     {
-        return true;
+        return Gate::allows('users.create');
     }
 
     public function response(array $errors)
@@ -35,7 +36,8 @@ class SaveUserRequest extends FormRequest
         $rules = [
             'department_id' => 'nullable|exists:departments,id',
             'manager_id' => 'nullable|exists:users,id',
-            'company_id' => ['nullable','exists:companies,id']
+            'company_id' => ['nullable','exists:companies,id'],
+            'groups' => ['nullable','exists:permission_groups,id']
         ];
 
         switch ($this->method()) {

tests/Feature/Users/Api/StoreUserTest.php

@@ -0,0 +1,88 @@
+<?php
+
+namespace Tests\Feature\Users\Api;
+
+use App\Models\Company;
+use App\Models\Department;
+use App\Models\Group;
+use App\Models\Location;
+use App\Models\User;
+use Illuminate\Support\Facades\Hash;
+use Tests\TestCase;
+
+class StoreUserTest extends TestCase {
+    public function testRequiresPermission()
+    {
+
+        $request = $this->actingAsForApi(User::factory()->create())
+            ->postJson(route('api.users.store'))
+            ->assertForbidden()
+            ->json();
+    }
+
+    public function testCanSaveUserViaPost()
+    {
+        $admin = User::factory()->superuser()->create();
+        $manager = User::factory()->create();
+        $company = Company::factory()->create();
+        $department = Department::factory()->create();
+        $location = Location::factory()->create();
+        $group = Group::factory()->create();
+
+
+        $response = $this->actingAsForApi($admin)
+            ->postJson(route('api.users.store'), [
+                'first_name' => 'Mabel',
+                'last_name' => 'Mora',
+                'username' => 'mabel',
+                'password' => 'super-secret',
+                'password_confirmation' => 'super-secret',
+                'email' => 'mabel@example.com',
+                'permissions' => '{"a.new.permission":"1"}',
+                'activated' => true,
+                'phone' => '619-555-5555',
+                'jobtitle' => 'Host',
+                'manager_id' => $manager->id,
+                'employee_num' => '1111',
+                'notes' => 'Pretty good artist',
+                'company_id' => $company->id,
+                'department_id' => $department->id,
+                'location_id' => $location->id,
+                'remote' => true,
+                'groups' => $group->id,
+                'vip' => true,
+                'start_date' => '2021-08-01',
+                'end_date' => '2025-12-31',
+            ])
+            ->assertOk()
+            ->assertStatus(200)
+            ->assertStatusMessageIs('success');
+
+        $user = User::find($response['payload']['id']);
+        $this->assertEquals($admin->id, $user->created_by, 'Created by was not saved');
+    }
+
+    public function testDoesNotAcceptBogusGroupData()
+    {
+        $admin = User::factory()->superuser()->create();
+        $manager = User::factory()->create();
+        $company = Company::factory()->create();
+        $department = Department::factory()->create();
+        $location = Location::factory()->create();
+
+        $response = $this->actingAsForApi($admin)
+            ->postJson(route('api.users.store'), [
+                'first_name' => 'Mabel',
+                'username' => 'mabel',
+                'password' => 'super-secret',
+                'password_confirmation' => 'super-secret',
+                'groups' => ['blah'],
+            ])
+            ->assertOk()
+            ->assertStatus(200)
+            ->assertStatusMessageIs('error');
+
+    }
+
+
+}