Remove scopeCompanyables call from AssetsController@requestable

2025-03-05 20:52:15 -08:00 · 2023-06-22 12:36:43 -07:00 · 2023-06-22 12:36:43 -07:00 · ab5fed09db
parent 74b072f1b5
commit ab5fed09db
3 changed files with 94 additions and 2 deletions
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@ -1030,9 +1030,10 @@ class AssetsController extends Controller
    {
        $this->authorize('viewRequestable', Asset::class);
-        $assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
+        $assets = Asset::select('assets.*')
            ->with('location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
-                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')->requestableAssets();
+                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')
            ->requestableAssets();
        $offset = request('offset', 0);
        $limit = $request->input('limit', 50);
--- a/database/factories/AssetFactory.php
+++ b/database/factories/AssetFactory.php
@ -328,4 +328,14 @@ class AssetFactory extends Factory
            ];
        });
    }
    public function requestable()
    {
        return $this->state(['requestable' => true]);
    }
    public function nonrequestable()
    {
        return $this->state(['requestable' => false]);
    }
 }
--- a/tests/Feature/Api/Assets/RequestableAssetsTest.php
+++ b/tests/Feature/Api/Assets/RequestableAssetsTest.php
@ -0,0 +1,81 @@
 <?php
 namespace Tests\Feature\Api\Assets;
 use App\Models\Asset;
 use App\Models\Company;
 use App\Models\User;
 use Laravel\Passport\Passport;
 use Tests\Support\InteractsWithResponses;
 use Tests\Support\InteractsWithSettings;
 use Tests\TestCase;
 class RequestableAssetsTest extends TestCase
 {
    use InteractsWithResponses;
    use InteractsWithSettings;
    public function testViewingRequestableAssetsRequiresCorrectPermission()
    {
        Passport::actingAs(User::factory()->create());
        $this->getJson(route('api.assets.requestable'))->assertForbidden();
    }
    public function testReturnsRequestableAssets()
    {
        $requestableAsset = Asset::factory()->requestable()->create(['asset_tag' => 'requestable']);
        $nonRequestableAsset = Asset::factory()->nonrequestable()->create(['asset_tag' => 'non-requestable']);
        Passport::actingAs(User::factory()->viewRequestableAssets()->create());
        $response = $this->getJson(route('api.assets.requestable'))->assertOk();
        $this->assertResponseContainsInRows($response, $requestableAsset, 'asset_tag');
        $this->assertResponseDoesNotContainInRows($response, $nonRequestableAsset, 'asset_tag');
    }
    public function testRequestableAssetsAreScopedToCompanyWhenMultipleCompanySupportEnabled()
    {
        [$companyA, $companyB] = Company::factory()->count(2)->create();
        $assetA = Asset::factory()->requestable()->for($companyA)->create(['asset_tag' => '0001']);
        $assetB = Asset::factory()->requestable()->for($companyB)->create(['asset_tag' => '0002']);
        $superUser = $companyA->users()->save(User::factory()->superuser()->make());
        $userInCompanyA = $companyA->users()->save(User::factory()->viewRequestableAssets()->make());
        $userInCompanyB = $companyB->users()->save(User::factory()->viewRequestableAssets()->make());
        $this->settings->disableMultipleFullCompanySupport();
        Passport::actingAs($superUser);
        $response = $this->getJson(route('api.assets.requestable'));
        $this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
        $this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
        Passport::actingAs($userInCompanyA);
        $response = $this->getJson(route('api.assets.requestable'));
        $this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
        $this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
        Passport::actingAs($userInCompanyB);
        $response = $this->getJson(route('api.assets.requestable'));
        $this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
        $this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
        $this->settings->enableMultipleFullCompanySupport();
        Passport::actingAs($superUser);
        $response = $this->getJson(route('api.assets.requestable'));
        $this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
        $this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
        Passport::actingAs($userInCompanyA);
        $response = $this->getJson(route('api.assets.requestable'));
        $this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
        $this->assertResponseDoesNotContainInRows($response, $assetB, 'asset_tag');
        Passport::actingAs($userInCompanyB);
        $response = $this->getJson(route('api.assets.requestable'));
        $this->assertResponseDoesNotContainInRows($response, $assetA, 'asset_tag');
        $this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
    }
 }