mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 13:44:06 -08:00
Remove scopeCompanyables call from AssetsController@requestable
This commit is contained in:
Marcus Moore
parent
74b072f1b5
commit
ab5fed09db
|
|
@ -1030,9 +1030,10 @@ class AssetsController extends Controller
|
|||
{
|
||||
$this->authorize('viewRequestable', Asset::class);
|
||||
|
||||
$assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
|
||||
$assets = Asset::select('assets.*')
|
||||
->with('location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
|
||||
'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')->requestableAssets();
|
||||
'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')
|
||||
->requestableAssets();
|
||||
|
||||
$offset = request('offset', 0);
|
||||
$limit = $request->input('limit', 50);
|
||||
|
|
|
|||
|
|
@ -328,4 +328,14 @@ class AssetFactory extends Factory
|
|||
];
|
||||
});
|
||||
}
|
||||
|
||||
public function requestable()
|
||||
{
|
||||
return $this->state(['requestable' => true]);
|
||||
}
|
||||
|
||||
public function nonrequestable()
|
||||
{
|
||||
return $this->state(['requestable' => false]);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
81
tests/Feature/Api/Assets/RequestableAssetsTest.php
Normal file
81
tests/Feature/Api/Assets/RequestableAssetsTest.php
Normal file
|
|
@ -0,0 +1,81 @@
|
|||
<?php
|
||||
|
||||
namespace Tests\Feature\Api\Assets;
|
||||
|
||||
use App\Models\Asset;
|
||||
use App\Models\Company;
|
||||
use App\Models\User;
|
||||
use Laravel\Passport\Passport;
|
||||
use Tests\Support\InteractsWithResponses;
|
||||
use Tests\Support\InteractsWithSettings;
|
||||
use Tests\TestCase;
|
||||
|
||||
class RequestableAssetsTest extends TestCase
|
||||
{
|
||||
use InteractsWithResponses;
|
||||
use InteractsWithSettings;
|
||||
|
||||
public function testViewingRequestableAssetsRequiresCorrectPermission()
|
||||
{
|
||||
Passport::actingAs(User::factory()->create());
|
||||
$this->getJson(route('api.assets.requestable'))->assertForbidden();
|
||||
}
|
||||
|
||||
public function testReturnsRequestableAssets()
|
||||
{
|
||||
$requestableAsset = Asset::factory()->requestable()->create(['asset_tag' => 'requestable']);
|
||||
$nonRequestableAsset = Asset::factory()->nonrequestable()->create(['asset_tag' => 'non-requestable']);
|
||||
|
||||
Passport::actingAs(User::factory()->viewRequestableAssets()->create());
|
||||
$response = $this->getJson(route('api.assets.requestable'))->assertOk();
|
||||
|
||||
$this->assertResponseContainsInRows($response, $requestableAsset, 'asset_tag');
|
||||
$this->assertResponseDoesNotContainInRows($response, $nonRequestableAsset, 'asset_tag');
|
||||
}
|
||||
|
||||
public function testRequestableAssetsAreScopedToCompanyWhenMultipleCompanySupportEnabled()
|
||||
{
|
||||
[$companyA, $companyB] = Company::factory()->count(2)->create();
|
||||
|
||||
$assetA = Asset::factory()->requestable()->for($companyA)->create(['asset_tag' => '0001']);
|
||||
$assetB = Asset::factory()->requestable()->for($companyB)->create(['asset_tag' => '0002']);
|
||||
|
||||
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
|
||||
$userInCompanyA = $companyA->users()->save(User::factory()->viewRequestableAssets()->make());
|
||||
$userInCompanyB = $companyB->users()->save(User::factory()->viewRequestableAssets()->make());
|
||||
|
||||
$this->settings->disableMultipleFullCompanySupport();
|
||||
|
||||
Passport::actingAs($superUser);
|
||||
$response = $this->getJson(route('api.assets.requestable'));
|
||||
$this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
|
||||
$this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
|
||||
|
||||
Passport::actingAs($userInCompanyA);
|
||||
$response = $this->getJson(route('api.assets.requestable'));
|
||||
$this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
|
||||
$this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
|
||||
|
||||
Passport::actingAs($userInCompanyB);
|
||||
$response = $this->getJson(route('api.assets.requestable'));
|
||||
$this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
|
||||
$this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
|
||||
|
||||
$this->settings->enableMultipleFullCompanySupport();
|
||||
|
||||
Passport::actingAs($superUser);
|
||||
$response = $this->getJson(route('api.assets.requestable'));
|
||||
$this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
|
||||
$this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
|
||||
|
||||
Passport::actingAs($userInCompanyA);
|
||||
$response = $this->getJson(route('api.assets.requestable'));
|
||||
$this->assertResponseContainsInRows($response, $assetA, 'asset_tag');
|
||||
$this->assertResponseDoesNotContainInRows($response, $assetB, 'asset_tag');
|
||||
|
||||
Passport::actingAs($userInCompanyB);
|
||||
$response = $this->getJson(route('api.assets.requestable'));
|
||||
$this->assertResponseDoesNotContainInRows($response, $assetA, 'asset_tag');
|
||||
$this->assertResponseContainsInRows($response, $assetB, 'asset_tag');
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue