DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Validate group data

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-12-10 14:23:23 +00:00
parent 5014a95d9a
commit 8afba32169
2 changed files with 92 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Requests/SaveUserRequest.php
View file

@ -7,6 +7,7 @@ use Illuminate\Contracts\Validation\Validator;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Http\Exceptions\HttpResponseException;
use App\Rules\UserCannotSwitchCompaniesIfItemsAssigned;
use Illuminate\Support\Facades\Gate;
class SaveUserRequest extends FormRequest
{
@ -17,7 +18,7 @@ class SaveUserRequest extends FormRequest
*/
public function authorize()
{
return true;
return Gate::allows('users.create');
}
public function response(array $errors)
@ -35,7 +36,8 @@ class SaveUserRequest extends FormRequest
$rules = [
'department_id' => 'nullable|exists:departments,id',
'manager_id' => 'nullable|exists:users,id',
'company_id' => ['nullable','exists:companies,id']
'company_id' => ['nullable','exists:companies,id'],
'groups' => ['nullable','exists:permission_groups,id']
];
switch ($this->method()) {

88
tests/Feature/Users/Api/StoreUserTest.php Normal file
View file

@ -0,0 +1,88 @@
<?php
namespace Tests\Feature\Users\Api;
use App\Models\Company;
use App\Models\Department;
use App\Models\Group;
use App\Models\Location;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Tests\TestCase;
class StoreUserTest extends TestCase {
public function testRequiresPermission()
{
$request = $this->actingAsForApi(User::factory()->create())
->postJson(route('api.users.store'))
->assertForbidden()
->json();
}
public function testCanSaveUserViaPost()
{
$admin = User::factory()->superuser()->create();
$manager = User::factory()->create();
$company = Company::factory()->create();
$department = Department::factory()->create();
$location = Location::factory()->create();
$group = Group::factory()->create();
$response = $this->actingAsForApi($admin)
->postJson(route('api.users.store'), [
'first_name' => 'Mabel',
'last_name' => 'Mora',
'username' => 'mabel',
'password' => 'super-secret',
'password_confirmation' => 'super-secret',
'email' => 'mabel@example.com',
'permissions' => '{"a.new.permission":"1"}',
'activated' => true,
'phone' => '619-555-5555',
'jobtitle' => 'Host',
'manager_id' => $manager->id,
'employee_num' => '1111',
'notes' => 'Pretty good artist',
'company_id' => $company->id,
'department_id' => $department->id,
'location_id' => $location->id,
'remote' => true,
'groups' => $group->id,
'vip' => true,
'start_date' => '2021-08-01',
'end_date' => '2025-12-31',
])
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('success');
$user = User::find($response['payload']['id']);
$this->assertEquals($admin->id, $user->created_by, 'Created by was not saved');
}
public function testDoesNotAcceptBogusGroupData()
{
$admin = User::factory()->superuser()->create();
$manager = User::factory()->create();
$company = Company::factory()->create();
$department = Department::factory()->create();
$location = Location::factory()->create();
$response = $this->actingAsForApi($admin)
->postJson(route('api.users.store'), [
'first_name' => 'Mabel',
'username' => 'mabel',
'password' => 'super-secret',
'password_confirmation' => 'super-secret',
'groups' => ['blah'],
])
->assertOk()
->assertStatus(200)
->assertStatusMessageIs('error');
}
}