mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-12 16:44:08 -08:00
Merge pull request #13415 from marcusmoore/feature/department-scoping
Added `CompanyableTrait` to `Department` model
This commit is contained in:
snipe
GitHub
commit
d916e20c10
|
|
@ -27,7 +27,7 @@ class DepartmentsController extends Controller
|
||||||
$this->authorize('view', Department::class);
|
$this->authorize('view', Department::class);
|
||||||
$allowed_columns = ['id', 'name', 'image', 'users_count'];
|
$allowed_columns = ['id', 'name', 'image', 'users_count'];
|
||||||
|
|
||||||
$departments = Company::scopeCompanyables(Department::select(
|
$departments = Department::select(
|
||||||
'departments.id',
|
'departments.id',
|
||||||
'departments.name',
|
'departments.name',
|
||||||
'departments.phone',
|
'departments.phone',
|
||||||
|
|
@ -37,8 +37,8 @@ class DepartmentsController extends Controller
|
||||||
'departments.manager_id',
|
'departments.manager_id',
|
||||||
'departments.created_at',
|
'departments.created_at',
|
||||||
'departments.updated_at',
|
'departments.updated_at',
|
||||||
'departments.image'),
|
'departments.image'
|
||||||
"company_id", "departments")->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
|
)->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
|
||||||
|
|
||||||
if ($request->filled('search')) {
|
if ($request->filled('search')) {
|
||||||
$departments = $departments->TextSearch($request->input('search'));
|
$departments = $departments->TextSearch($request->input('search'));
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ use Watson\Validating\ValidatingTrait;
|
||||||
|
|
||||||
class Department extends SnipeModel
|
class Department extends SnipeModel
|
||||||
{
|
{
|
||||||
|
use CompanyableTrait;
|
||||||
use HasFactory;
|
use HasFactory;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
94
tests/Feature/Api/Departments/DepartmentIndexTest.php
Normal file
94
tests/Feature/Api/Departments/DepartmentIndexTest.php
Normal file
|
|
@ -0,0 +1,94 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Tests\Feature\Api\Departments;
|
||||||
|
|
||||||
|
use App\Models\Company;
|
||||||
|
use App\Models\Department;
|
||||||
|
use App\Models\User;
|
||||||
|
use Illuminate\Routing\Route;
|
||||||
|
use Illuminate\Testing\Fluent\AssertableJson;
|
||||||
|
use Tests\Support\InteractsWithSettings;
|
||||||
|
use Tests\TestCase;
|
||||||
|
|
||||||
|
class DepartmentIndexTest extends TestCase
|
||||||
|
{
|
||||||
|
use InteractsWithSettings;
|
||||||
|
|
||||||
|
public function testViewingDepartmentIndexRequiresAuthentication()
|
||||||
|
{
|
||||||
|
$this->getJson(route('api.departments.index'))->assertRedirect();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testViewingDepartmentIndexRequiresPermission()
|
||||||
|
{
|
||||||
|
$this->actingAsForApi(User::factory()->create())
|
||||||
|
->getJson(route('api.departments.index'))
|
||||||
|
->assertForbidden();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testDepartmentIndexReturnsExpectedDepartments()
|
||||||
|
{
|
||||||
|
Department::factory()->count(3)->create();
|
||||||
|
|
||||||
|
$this->actingAsForApi(User::factory()->superuser()->create())
|
||||||
|
->getJson(
|
||||||
|
route('api.departments.index', [
|
||||||
|
'sort' => 'name',
|
||||||
|
'order' => 'asc',
|
||||||
|
'offset' => '0',
|
||||||
|
'limit' => '20',
|
||||||
|
]))
|
||||||
|
->assertOk()
|
||||||
|
->assertJsonStructure([
|
||||||
|
'total',
|
||||||
|
'rows',
|
||||||
|
])
|
||||||
|
->assertJson(fn(AssertableJson $json) => $json->has('rows', 3)->etc());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testDepartmentIndexAdheresToCompanyScoping()
|
||||||
|
{
|
||||||
|
[$companyA, $companyB] = Company::factory()->count(2)->create();
|
||||||
|
|
||||||
|
$departmentA = Department::factory()->for($companyA)->create();
|
||||||
|
$departmentB = Department::factory()->for($companyB)->create();
|
||||||
|
|
||||||
|
$superUser = $companyA->users()->save(User::factory()->superuser()->make());
|
||||||
|
$userInCompanyA = $companyA->users()->save(User::factory()->viewDepartments()->make());
|
||||||
|
$userInCompanyB = $companyB->users()->save(User::factory()->viewDepartments()->make());
|
||||||
|
|
||||||
|
$this->settings->disableMultipleFullCompanySupport();
|
||||||
|
|
||||||
|
$this->actingAsForApi($superUser)
|
||||||
|
->getJson(route('api.departments.index'))
|
||||||
|
->assertResponseContainsInRows($departmentA)
|
||||||
|
->assertResponseContainsInRows($departmentB);
|
||||||
|
|
||||||
|
$this->actingAsForApi($userInCompanyA)
|
||||||
|
->getJson(route('api.departments.index'))
|
||||||
|
->assertResponseContainsInRows($departmentA)
|
||||||
|
->assertResponseContainsInRows($departmentB);
|
||||||
|
|
||||||
|
$this->actingAsForApi($userInCompanyB)
|
||||||
|
->getJson(route('api.departments.index'))
|
||||||
|
->assertResponseContainsInRows($departmentA)
|
||||||
|
->assertResponseContainsInRows($departmentB);
|
||||||
|
|
||||||
|
$this->settings->enableMultipleFullCompanySupport();
|
||||||
|
|
||||||
|
$this->actingAsForApi($superUser)
|
||||||
|
->getJson(route('api.departments.index'))
|
||||||
|
->assertResponseContainsInRows($departmentA)
|
||||||
|
->assertResponseContainsInRows($departmentB);
|
||||||
|
|
||||||
|
$this->actingAsForApi($userInCompanyA)
|
||||||
|
->getJson(route('api.departments.index'))
|
||||||
|
->assertResponseContainsInRows($departmentA)
|
||||||
|
->assertResponseDoesNotContainInRows($departmentB);
|
||||||
|
|
||||||
|
$this->actingAsForApi($userInCompanyB)
|
||||||
|
->getJson(route('api.departments.index'))
|
||||||
|
->assertResponseDoesNotContainInRows($departmentA)
|
||||||
|
->assertResponseContainsInRows($departmentB);
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue