From ad2ba252eef9a7088004ae5db1e1f375764c11e7 Mon Sep 17 00:00:00 2001 From: spencerrlongg Date: Tue, 7 May 2024 15:11:33 -0500 Subject: [PATCH] two new test --- .../Assets/BulkAssetsController.php | 39 +++++----- tests/Feature/Assets/AssetsBulkEditTest.php | 76 ++++++++++++++++++- 2 files changed, 93 insertions(+), 22 deletions(-) diff --git a/app/Http/Controllers/Assets/BulkAssetsController.php b/app/Http/Controllers/Assets/BulkAssetsController.php index a21fd0a8d3..ffbf81944b 100644 --- a/app/Http/Controllers/Assets/BulkAssetsController.php +++ b/app/Http/Controllers/Assets/BulkAssetsController.php @@ -15,6 +15,7 @@ use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Crypt; use Illuminate\Support\Facades\DB; +use Illuminate\Support\Facades\Gate; use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Session; use App\Http\Requests\AssetCheckoutRequest; @@ -379,28 +380,30 @@ class BulkAssetsController extends Controller foreach ($asset->model->fieldset->fields as $field) { if ((array_key_exists($field->db_column, $this->update_array)) && ($field->field_encrypted == '1')) { - $decrypted_old = Helper::gracefulDecrypt($field, $asset->{$field->db_column}); + if (Gate::allows('admin')) { + $decrypted_old = Helper::gracefulDecrypt($field, $asset->{$field->db_column}); - /* - * Check if the decrypted existing value is different from one we just submitted - * and if not, pull it out of the object since it shouldn't really be updating at all. - * If we don't do this, it will try to re-encrypt it, and the same value encrypted two - * different times will have different values, so it will *look* like it was updated - * but it wasn't. - */ - if ($decrypted_old != $this->update_array[$field->db_column]) { - $asset->{$field->db_column} = Crypt::encrypt($this->update_array[$field->db_column]); - } else { /* - * Remove the encrypted custom field from the update_array, since nothing changed + * Check if the decrypted existing value is different from one we just submitted + * and if not, pull it out of the object since it shouldn't really be updating at all. + * If we don't do this, it will try to re-encrypt it, and the same value encrypted two + * different times will have different values, so it will *look* like it was updated + * but it wasn't. */ - unset($this->update_array[$field->db_column]); - unset($asset->{$field->db_column}); - } + if ($decrypted_old != $this->update_array[$field->db_column]) { + $asset->{$field->db_column} = Crypt::encrypt($this->update_array[$field->db_column]); + } else { + /* + * Remove the encrypted custom field from the update_array, since nothing changed + */ + unset($this->update_array[$field->db_column]); + unset($asset->{$field->db_column}); + } - /* - * These custom fields aren't encrypted, just carry on as usual - */ + /* + * These custom fields aren't encrypted, just carry on as usual + */ + } } else { if ((array_key_exists($field->db_column, $this->update_array)) && ($asset->{$field->db_column} != $this->update_array[$field->db_column])) { diff --git a/tests/Feature/Assets/AssetsBulkEditTest.php b/tests/Feature/Assets/AssetsBulkEditTest.php index de86d33533..4da43da753 100644 --- a/tests/Feature/Assets/AssetsBulkEditTest.php +++ b/tests/Feature/Assets/AssetsBulkEditTest.php @@ -9,6 +9,7 @@ use App\Models\CustomField; use App\Models\Statuslabel; use App\Models\Supplier; use App\Models\User; +use Illuminate\Support\Facades\Crypt; use Tests\TestCase; class AssetsBulkEditTest extends TestCase @@ -82,15 +83,16 @@ class AssetsBulkEditTest extends TestCase { $this->markIncompleteIfMySQL('Custom Fields tests do not work on MySQL'); - CustomField::factory()->macAddress()->create(); CustomField::factory()->ram()->create(); CustomField::factory()->cpu()->create(); - $mac_address = CustomField::where('name', 'MAC Address')->first(); + // when getting the custom field directly from the factory the field has not been fully created yet + // so we have to do a query afterwards to get the actual model :shrug: + $ram = CustomField::where('name', 'RAM')->first(); $cpu = CustomField::where('name', 'CPU')->first(); - $assets = Asset::factory()->count(10)->hasMultipleCustomFields([$mac_address, $ram, $cpu])->create([ + $assets = Asset::factory()->count(10)->hasMultipleCustomFields([$ram, $cpu])->create([ $ram->db_column => 8, $cpu->db_column => '2.1', ]); @@ -103,9 +105,75 @@ class AssetsBulkEditTest extends TestCase $cpu->db_column => '4.1', ]); - Asset::findMany($id_array)->each(function (Asset $asset) use ($ram, $cpu, $mac_address) { + Asset::findMany($id_array)->each(function (Asset $asset) use ($ram, $cpu) { $this->assertEquals(16, $asset->{$ram->db_column}); $this->assertEquals('4.1', $asset->{$cpu->db_column}); }); } + + public function testBulkEditAssetsAcceptsAndUpdatesEncryptedCustomFields() + { + $this->markIncompleteIfMySQL('Custom Fields tests do not work on MySQL'); + + CustomField::factory()->testEncrypted()->create(); + + $encrypted = CustomField::where('name', 'Test Encrypted')->first(); + + $assets = Asset::factory()->count(10)->hasEncryptedCustomField($encrypted)->create([ + $encrypted->db_column => Crypt::encrypt('Original Encrypted Text'), + ]); + + $id_array = $assets->pluck('id')->toArray(); + + $this->actingAs(User::factory()->admin()->create())->post(route('hardware/bulksave'), [ + 'ids' => $id_array, + $encrypted->db_column => 'New Encrypted Text', + ]); + + Asset::findMany($id_array)->each(function (Asset $asset) use ($encrypted) { + $this->assertEquals('New Encrypted Text', Crypt::decrypt($asset->{$encrypted->db_column})); + }); + } + + public function testBulkEditAssetsRequiresAdminUserToUpdateEncryptedCustomFields() + { + $this->markIncompleteIfMySQL('Custom Fields tests do not work on mysql'); + $edit_user = User::factory()->editAssets()->create(); + $admin_user = User::factory()->admin()->create(); + + CustomField::factory()->testEncrypted()->create(); + + $encrypted = CustomField::where('name', 'Test Encrypted')->first(); + + $admin_assets = Asset::factory()->count(5)->hasEncryptedCustomField($encrypted)->create([ + $encrypted->db_column => Crypt::encrypt('Original Encrypted Text'), + ]); + + $standard_assets = Asset::factory()->count(5)->hasEncryptedCustomField($encrypted)->create([ + $encrypted->db_column => Crypt::encrypt('Original Encrypted Text'), + ]); + + $admin_id_array = $admin_assets->pluck('id')->toArray(); + $standard_id_array = $standard_assets->pluck('id')->toArray(); + + $this->actingAs($admin_user)->post(route('hardware/bulksave'), [ + 'ids' => $admin_id_array, + $encrypted->db_column => 'New Encrypted Text', + ])->assertStatus(302); + + // do we want to return an error when this happens??? + $this->actingAs($edit_user)->post(route('hardware/bulksave'), [ + 'ids' => $standard_id_array, + $encrypted->db_column => 'New Encrypted Text', + ])->assertStatus(302); + + Asset::findMany($admin_id_array)->each(function (Asset $asset) use ($encrypted) { + $this->assertEquals('New Encrypted Text', Crypt::decrypt($asset->{$encrypted->db_column})); + }); + + Asset::findMany($standard_id_array)->each(function (Asset $asset) use ($encrypted) { + $this->assertEquals('Original Encrypted Text', Crypt::decrypt($asset->{$encrypted->db_column})); + }); + + } }