From 4d03f1e110b02e5a75bf931a6674b67c269c12de Mon Sep 17 00:00:00 2001 From: snipe Date: Wed, 21 Aug 2024 09:46:18 +0100 Subject: [PATCH 1/3] Fixed #15341 - validate parent ID Signed-off-by: snipe --- app/Models/Location.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Models/Location.php b/app/Models/Location.php index f08a51a985..e6c310979b 100755 --- a/app/Models/Location.php +++ b/app/Models/Location.php @@ -33,7 +33,7 @@ class Location extends SnipeModel 'country' => 'min:2|max:191|nullable', 'zip' => 'max:10|nullable', 'manager_id' => 'exists:users,id|nullable', - 'parent_id' => 'non_circular:locations,id', + 'parent_id' => 'nullable|exists:locations,id|non_circular:locations,id', ]; protected $casts = [ From a23dee52f27aa4c54578308eef78f3d875b34c65 Mon Sep 17 00:00:00 2001 From: snipe Date: Wed, 21 Aug 2024 09:58:47 +0100 Subject: [PATCH 2/3] Added tests Signed-off-by: snipe --- .../Feature/Locations/Ui/CreateLocationsTest.php | 15 ++++++++++++++- .../Feature/Locations/Ui/UpdateLocationsTest.php | 15 +++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/tests/Feature/Locations/Ui/CreateLocationsTest.php b/tests/Feature/Locations/Ui/CreateLocationsTest.php index 5e229f1043..c6813c26b8 100644 --- a/tests/Feature/Locations/Ui/CreateLocationsTest.php +++ b/tests/Feature/Locations/Ui/CreateLocationsTest.php @@ -32,6 +32,19 @@ class CreateLocationsTest extends TestCase $this->assertTrue(Location::where('name', 'Test Location')->exists()); } - + + public function testUserCannotCreateLocationsWithInvalidParent() + { + $this->assertFalse(Location::where('name', 'Test Location')->exists()); + + $this->actingAs(User::factory()->superuser()->create()) + ->post(route('locations.store'), [ + 'name' => 'Test Location', + 'parent_id' => '100000000' + ]) + ->assertRedirect(route('locations.index')); + + $this->assertFalse(Location::where('name', 'Test Location')->exists()); + } } diff --git a/tests/Feature/Locations/Ui/UpdateLocationsTest.php b/tests/Feature/Locations/Ui/UpdateLocationsTest.php index 5359cd1b71..f8fa934b36 100644 --- a/tests/Feature/Locations/Ui/UpdateLocationsTest.php +++ b/tests/Feature/Locations/Ui/UpdateLocationsTest.php @@ -52,6 +52,21 @@ class UpdateLocationsTest extends TestCase $this->assertFalse(Location::where('name', 'Test Location')->exists()); } + public function testUserCannotEditLocationsWithInvalidParent() + { + $location = Location::factory()->create(); + $response = $this->actingAs(User::factory()->superuser()->create()) + ->from(route('locations.edit', ['location' => $location->id])) + ->put(route('locations.update', ['location' => $location]), [ + 'name' => 'Test Location', + 'parent_id' => '100000000' + ]) + ->assertRedirect(route('locations.index')); + + $this->followRedirects($response)->assertSee(trans('general.error')); + $this->assertFalse(Location::where('name', 'Test Location')->exists()); + } + } From 74fbc238230cabc1c44ab1933c65fe48effda13f Mon Sep 17 00:00:00 2001 From: snipe Date: Wed, 21 Aug 2024 10:09:35 +0100 Subject: [PATCH 3/3] Updated tests Signed-off-by: snipe --- tests/Feature/Locations/Ui/CreateLocationsTest.php | 3 ++- tests/Feature/Locations/Ui/UpdateLocationsTest.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/Feature/Locations/Ui/CreateLocationsTest.php b/tests/Feature/Locations/Ui/CreateLocationsTest.php index c6813c26b8..cfcb849025 100644 --- a/tests/Feature/Locations/Ui/CreateLocationsTest.php +++ b/tests/Feature/Locations/Ui/CreateLocationsTest.php @@ -38,11 +38,12 @@ class CreateLocationsTest extends TestCase $this->assertFalse(Location::where('name', 'Test Location')->exists()); $this->actingAs(User::factory()->superuser()->create()) + ->from(route('locations.create')) ->post(route('locations.store'), [ 'name' => 'Test Location', 'parent_id' => '100000000' ]) - ->assertRedirect(route('locations.index')); + ->assertRedirect(route('locations.create')); $this->assertFalse(Location::where('name', 'Test Location')->exists()); } diff --git a/tests/Feature/Locations/Ui/UpdateLocationsTest.php b/tests/Feature/Locations/Ui/UpdateLocationsTest.php index f8fa934b36..c692374cc7 100644 --- a/tests/Feature/Locations/Ui/UpdateLocationsTest.php +++ b/tests/Feature/Locations/Ui/UpdateLocationsTest.php @@ -61,7 +61,7 @@ class UpdateLocationsTest extends TestCase 'name' => 'Test Location', 'parent_id' => '100000000' ]) - ->assertRedirect(route('locations.index')); + ->assertRedirect(route('locations.edit', ['location' => $location->id])); $this->followRedirects($response)->assertSee(trans('general.error')); $this->assertFalse(Location::where('name', 'Test Location')->exists());