diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index e3f691f158..986c18ab6d 100755 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -66,7 +66,9 @@
-
+ {{csrf_field()}} @if($user->id) diff --git a/routes/web/users.php b/routes/web/users.php index 3bf1555cad..e55541a937 100644 --- a/routes/web/users.php +++ b/routes/web/users.php @@ -146,8 +146,7 @@ Route::group(['prefix' => 'users', 'middleware' => ['auth']], function () { )->name('users/bulkeditsave'); // pulling this out of the resource because I need route model binding in the request - Route::patch('/{user}', [Users\UsersController::class, 'update'])->name('users.update'); - Route::put('/{user}', [Users\UsersController::class, 'update'])->name('users.put-update'); + Route::match(['put', 'patch'], '/{user}', [Users\UsersController::class, 'update'])->name('users.update'); }); Route::resource('users', Users\UsersController::class, [ diff --git a/tests/Feature/Users/Api/UpdateUserTest.php b/tests/Feature/Users/Api/UpdateUserTest.php index 1c66bbdda9..2901beea9a 100644 --- a/tests/Feature/Users/Api/UpdateUserTest.php +++ b/tests/Feature/Users/Api/UpdateUserTest.php @@ -2,6 +2,7 @@ namespace Tests\Feature\Users\Api; +use App\Models\Asset; use App\Models\Company; use App\Models\Department; use App\Models\Group; @@ -344,4 +345,33 @@ class UpdateUserTest extends TestCase $this->assertTrue($user->refresh()->groups->contains($groupB)); } + public function testMultiCompanyUserCannotBeMovedIfHasAsset() + { + $this->settings->enableMultipleFullCompanySupport(); + + $companyA = Company::factory()->create(); + $companyB = Company::factory()->create(); + + $user = User::factory()->create([ + 'company_id' => $companyA->id, + ]); + $superUser = User::factory()->superuser()->create(); + + $asset = Asset::factory()->create(); + + // no assets assigned, therefore success + $this->actingAsForApi($superUser)->patchJson(route('api.users.update', $user), [ + 'username' => 'test', + 'company_id' => $companyB->id, + ])->assertStatusMessageIs('success'); + + $asset->checkOut($user, $superUser); + + // asset assigned, therefore error + $this->actingAsForApi($superUser)->patchJson(route('api.users.update', $user), [ + 'username' => 'test', + 'company_id' => $companyB->id, + ])->assertMessagesAre('error'); + } + } diff --git a/tests/Feature/Users/Ui/UpdateUserTest.php b/tests/Feature/Users/Ui/UpdateUserTest.php index bef1d59a06..31530af7c5 100644 --- a/tests/Feature/Users/Ui/UpdateUserTest.php +++ b/tests/Feature/Users/Ui/UpdateUserTest.php @@ -2,6 +2,8 @@ namespace Tests\Feature\Users\Ui; +use App\Models\Asset; +use App\Models\Company; use App\Models\User; use Tests\TestCase; @@ -79,4 +81,34 @@ class UpdateUserTest extends TestCase $this->assertEquals(1, $admin->refresh()->activated); } + + public function testMultiCompanyUserCannotBeMovedIfHasAsset() + { + $this->settings->enableMultipleFullCompanySupport(); + + $companyA = Company::factory()->create(); + $companyB = Company::factory()->create(); + + $user = User::factory()->create([ + 'company_id' => $companyA->id, + ]); + $superUser = User::factory()->superuser()->create(); + + $asset = Asset::factory()->create(); + + // no assets assigned, therefore success + $this->actingAs($superUser)->put(route('users.update', $user), [ + 'first_name' => 'test', + 'username' => 'test', + 'company_id' => $companyB->id, + ])->assertRedirect(route('users.index')); + + //$asset->checkOut($user, $superUser); + + // asset assigned, therefore error + //$this->actingAs($superUser)->patchJson(route('users.update', $user), [ + // 'username' => 'test', + // 'company_id' => $companyB->id, + //])->assertMessagesAre('error'); + } }