mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-23 11:43:47 -08:00
Merge remote-tracking branch 'origin/develop'
Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # public/js/build/app.js # public/js/build/vendor.js # public/js/dist/all.js # public/mix-manifest.json
This commit is contained in:
commit
e5b9d9a28b
|
@ -427,13 +427,10 @@ class UsersController extends Controller
|
|||
* @param \Illuminate\Http\Request $request
|
||||
* @param int $id
|
||||
*/
|
||||
public function update(SaveUserRequest $request, $id) : JsonResponse
|
||||
public function update(SaveUserRequest $request, User $user): JsonResponse
|
||||
{
|
||||
$this->authorize('update', User::class);
|
||||
|
||||
if ($user = User::find($id)) {
|
||||
|
||||
|
||||
$this->authorize('update', $user);
|
||||
|
||||
/**
|
||||
|
@ -443,12 +440,10 @@ class UsersController extends Controller
|
|||
*
|
||||
*/
|
||||
|
||||
|
||||
if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
|
||||
if ((($user->id == 1) || ($user->id == 2)) && (config('app.lock_passwords'))) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'Permission denied. You cannot update user information via API on the demo.'));
|
||||
}
|
||||
|
||||
|
||||
$user->fill($request->all());
|
||||
|
||||
if ($user->id == $request->input('manager_id')) {
|
||||
|
@ -473,16 +468,13 @@ class UsersController extends Controller
|
|||
$user->permissions = $permissions_array;
|
||||
}
|
||||
|
||||
|
||||
// Update the location of any assets checked out to this user
|
||||
Asset::where('assigned_type', User::class)
|
||||
->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
|
||||
|
||||
|
||||
app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
|
||||
|
||||
if ($user->save()) {
|
||||
|
||||
// Check if the request has groups passed and has a value, AND that the user us a superuser
|
||||
if (($request->has('groups')) && (auth()->user()->isSuperUser())) {
|
||||
|
||||
|
@ -496,18 +488,10 @@ class UsersController extends Controller
|
|||
|
||||
// Sync the groups since the user is a superuser and the groups pass validation
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
|
||||
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -186,7 +186,7 @@ class UsersController extends Controller
|
|||
{
|
||||
|
||||
$this->authorize('update', User::class);
|
||||
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($id);
|
||||
$user = User::with(['assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc'])->withTrashed()->find($id);
|
||||
|
||||
if ($user) {
|
||||
|
||||
|
@ -214,83 +214,79 @@ class UsersController extends Controller
|
|||
* @return \Illuminate\Http\RedirectResponse
|
||||
* @throws \Illuminate\Auth\Access\AuthorizationException
|
||||
*/
|
||||
public function update(SaveUserRequest $request, $id = null)
|
||||
public function update(SaveUserRequest $request, User $user)
|
||||
{
|
||||
$this->authorize('update', User::class);
|
||||
|
||||
// This is a janky hack to prevent people from changing admin demo user data on the public demo.
|
||||
// The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
|
||||
// Thanks, jerks. You are why we can't have nice things. - snipe
|
||||
|
||||
if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
|
||||
if ((($user->id == 1) || ($user->id == 2)) && (config('app.lock_passwords'))) {
|
||||
return redirect()->route('users.index')->with('error', trans('general.permission_denied_superuser_demo'));
|
||||
}
|
||||
|
||||
|
||||
// We need to reverse the UI specific logic for our
|
||||
// permissions here before we update the user.
|
||||
$permissions = $request->input('permissions', []);
|
||||
app('request')->request->set('permissions', $permissions);
|
||||
|
||||
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($id);
|
||||
$user->load(['assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc'])->withTrashed();
|
||||
|
||||
// User is valid - continue...
|
||||
if ($user) {
|
||||
$this->authorize('update', $user);
|
||||
$this->authorize('update', $user);
|
||||
|
||||
// Figure out of this user was an admin before this edit
|
||||
$orig_permissions_array = $user->decodePermissions();
|
||||
$orig_superuser = '0';
|
||||
if (is_array($orig_permissions_array)) {
|
||||
if (array_key_exists('superuser', $orig_permissions_array)) {
|
||||
$orig_superuser = $orig_permissions_array['superuser'];
|
||||
}
|
||||
// Figure out of this user was an admin before this edit
|
||||
$orig_permissions_array = $user->decodePermissions();
|
||||
$orig_superuser = '0';
|
||||
if (is_array($orig_permissions_array)) {
|
||||
if (array_key_exists('superuser', $orig_permissions_array)) {
|
||||
$orig_superuser = $orig_permissions_array['superuser'];
|
||||
}
|
||||
}
|
||||
|
||||
// Only save groups if the user is a superuser
|
||||
if (auth()->user()->isSuperUser()) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
}
|
||||
// Only save groups if the user is a superuser
|
||||
if (auth()->user()->isSuperUser()) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
}
|
||||
|
||||
// Update the user fields
|
||||
$user->username = trim($request->input('username'));
|
||||
$user->email = trim($request->input('email'));
|
||||
$user->first_name = $request->input('first_name');
|
||||
$user->last_name = $request->input('last_name');
|
||||
$user->two_factor_optin = $request->input('two_factor_optin') ?: 0;
|
||||
$user->locale = $request->input('locale');
|
||||
$user->employee_num = $request->input('employee_num');
|
||||
$user->activated = $request->input('activated', 0);
|
||||
$user->jobtitle = $request->input('jobtitle', null);
|
||||
$user->phone = $request->input('phone');
|
||||
$user->location_id = $request->input('location_id', null);
|
||||
$user->company_id = Company::getIdForUser($request->input('company_id', null));
|
||||
$user->manager_id = $request->input('manager_id', null);
|
||||
$user->notes = $request->input('notes');
|
||||
$user->department_id = $request->input('department_id', null);
|
||||
$user->address = $request->input('address', null);
|
||||
$user->city = $request->input('city', null);
|
||||
$user->state = $request->input('state', null);
|
||||
$user->country = $request->input('country', null);
|
||||
// if a user is editing themselves we should always keep activated true
|
||||
$user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
|
||||
$user->zip = $request->input('zip', null);
|
||||
$user->remote = $request->input('remote', 0);
|
||||
$user->vip = $request->input('vip', 0);
|
||||
$user->website = $request->input('website', null);
|
||||
$user->start_date = $request->input('start_date', null);
|
||||
$user->end_date = $request->input('end_date', null);
|
||||
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
|
||||
// Update the user fields
|
||||
$user->username = trim($request->input('username'));
|
||||
$user->email = trim($request->input('email'));
|
||||
$user->first_name = $request->input('first_name');
|
||||
$user->last_name = $request->input('last_name');
|
||||
$user->two_factor_optin = $request->input('two_factor_optin') ?: 0;
|
||||
$user->locale = $request->input('locale');
|
||||
$user->employee_num = $request->input('employee_num');
|
||||
$user->activated = $request->input('activated', 0);
|
||||
$user->jobtitle = $request->input('jobtitle', null);
|
||||
$user->phone = $request->input('phone');
|
||||
$user->location_id = $request->input('location_id', null);
|
||||
$user->company_id = Company::getIdForUser($request->input('company_id', null));
|
||||
$user->manager_id = $request->input('manager_id', null);
|
||||
$user->notes = $request->input('notes');
|
||||
$user->department_id = $request->input('department_id', null);
|
||||
$user->address = $request->input('address', null);
|
||||
$user->city = $request->input('city', null);
|
||||
$user->state = $request->input('state', null);
|
||||
$user->country = $request->input('country', null);
|
||||
// if a user is editing themselves we should always keep activated true
|
||||
$user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
|
||||
$user->zip = $request->input('zip', null);
|
||||
$user->remote = $request->input('remote', 0);
|
||||
$user->vip = $request->input('vip', 0);
|
||||
$user->website = $request->input('website', null);
|
||||
$user->start_date = $request->input('start_date', null);
|
||||
$user->end_date = $request->input('end_date', null);
|
||||
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
|
||||
|
||||
// Update the location of any assets checked out to this user
|
||||
Asset::where('assigned_type', User::class)
|
||||
->where('assigned_to', $user->id)
|
||||
->update(['location_id' => $request->input('location_id', null)]);
|
||||
// Update the location of any assets checked out to this user
|
||||
Asset::where('assigned_type', User::class)
|
||||
->where('assigned_to', $user->id)
|
||||
->update(['location_id' => $request->input('location_id', null)]);
|
||||
|
||||
// Do we want to update the user password?
|
||||
if ($request->filled('password')) {
|
||||
$user->password = bcrypt($request->input('password'));
|
||||
}
|
||||
// Do we want to update the user password?
|
||||
if ($request->filled('password')) {
|
||||
$user->password = bcrypt($request->input('password'));
|
||||
}
|
||||
|
||||
|
||||
// Update the location of any assets checked out to this user
|
||||
|
@ -318,13 +314,7 @@ class UsersController extends Controller
|
|||
return redirect()->to(Helper::getRedirectOption($request, $user->id, 'Users'))
|
||||
->with('success', trans('admin/users/message.success.update'));
|
||||
}
|
||||
|
||||
return redirect()->back()->withInput()->withErrors($user->getErrors());
|
||||
|
||||
|
||||
}
|
||||
|
||||
return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', compact('id')));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -34,6 +34,14 @@ class SaveUserRequest extends FormRequest
|
|||
$rules = [
|
||||
'department_id' => 'nullable|exists:departments,id',
|
||||
'manager_id' => 'nullable|exists:users,id',
|
||||
'company_id' => [
|
||||
// determines if the user is being moved between companies and checks to see if they have any items assigned
|
||||
function ($attribute, $value, $fail) {
|
||||
if (($this->has('company_id')) && ($this->user?->allAssignedCount() > 0) && (Setting::getSettings()->full_multiple_companies_support)) {
|
||||
$fail(trans('admin/users/message.error.multi_company_items_assigned'));
|
||||
}
|
||||
}
|
||||
]
|
||||
];
|
||||
|
||||
switch ($this->method()) {
|
||||
|
|
|
@ -4,6 +4,7 @@ namespace App\Http\Requests;
|
|||
|
||||
use App\Http\Requests\Traits\MayContainCustomFields;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Setting;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
|
@ -41,6 +42,12 @@ class UpdateAssetRequest extends ImageUploadRequest
|
|||
],
|
||||
);
|
||||
|
||||
// if the purchase cost is passed in as a string **and** the digit_separator is ',' (as is common in the EU)
|
||||
// then we tweak the purchase_cost rule to make it a string
|
||||
if (Setting::getSettings()->digit_separator === '1.234,56' && is_string($this->input('purchase_cost'))) {
|
||||
$rules['purchase_cost'] = ['nullable', 'string'];
|
||||
}
|
||||
|
||||
return $rules;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -21,6 +21,11 @@ class SnipeModel extends Model
|
|||
*/
|
||||
public function setPurchaseCostAttribute($value)
|
||||
{
|
||||
if (is_float($value)) {
|
||||
//value is *already* a floating-point number. Just assign it directly
|
||||
$this->attributes['purchase_cost'] = $value;
|
||||
return;
|
||||
}
|
||||
$value = Helper::ParseCurrency($value);
|
||||
|
||||
if ($value == 0) {
|
||||
|
|
45
package-lock.json
generated
45
package-lock.json
generated
|
@ -23,7 +23,7 @@
|
|||
"ekko-lightbox": "^5.1.1",
|
||||
"imagemin": "^8.0.1",
|
||||
"jquery-slimscroll": "^1.3.8",
|
||||
"jquery-ui": "^1.13.3",
|
||||
"jquery-ui": "^1.14.0",
|
||||
"jquery-validation": "^1.21.0",
|
||||
"jquery.iframe-transport": "^1.0.0",
|
||||
"jspdf-autotable": "^3.8.2",
|
||||
|
@ -37,7 +37,7 @@
|
|||
"signature_pad": "^4.2.0",
|
||||
"tableexport.jquery.plugin": "1.30.0",
|
||||
"tether": "^1.4.0",
|
||||
"webpack": "^5.92.0"
|
||||
"webpack": "^5.94.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"all-contributors-cli": "^6.26.1",
|
||||
|
@ -2105,25 +2105,10 @@
|
|||
"@types/node": "*"
|
||||
}
|
||||
},
|
||||
"node_modules/@types/eslint": {
|
||||
"version": "8.56.10",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@types/estree": "*",
|
||||
"@types/json-schema": "*"
|
||||
}
|
||||
},
|
||||
"node_modules/@types/eslint-scope": {
|
||||
"version": "3.7.7",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@types/eslint": "*",
|
||||
"@types/estree": "*"
|
||||
}
|
||||
},
|
||||
"node_modules/@types/estree": {
|
||||
"version": "1.0.5",
|
||||
"license": "MIT"
|
||||
"resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz",
|
||||
"integrity": "sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw=="
|
||||
},
|
||||
"node_modules/@types/express": {
|
||||
"version": "4.17.21",
|
||||
|
@ -5310,9 +5295,9 @@
|
|||
}
|
||||
},
|
||||
"node_modules/enhanced-resolve": {
|
||||
"version": "5.17.0",
|
||||
"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.17.0.tgz",
|
||||
"integrity": "sha512-dwDPwZL0dmye8Txp2gzFmA6sxALaSvdRDjPH0viLcKrtlOL3tw62nWWweVD1SdILDTJrbrL6tdWVN58Wo6U3eA==",
|
||||
"version": "5.17.1",
|
||||
"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz",
|
||||
"integrity": "sha512-LMHl3dXhTcfv8gM4kEzIUeTQ+7fpdA0l2tUf34BddXPkz2A5xJ5L/Pchd5BL6rdccM9QGvu0sWZzK1Z1t4wwyg==",
|
||||
"dependencies": {
|
||||
"graceful-fs": "^4.2.4",
|
||||
"tapable": "^2.2.0"
|
||||
|
@ -7067,10 +7052,11 @@
|
|||
"license": "BSD-2-Clause"
|
||||
},
|
||||
"node_modules/jquery-ui": {
|
||||
"version": "1.13.3",
|
||||
"license": "MIT",
|
||||
"version": "1.14.0",
|
||||
"resolved": "https://registry.npmjs.org/jquery-ui/-/jquery-ui-1.14.0.tgz",
|
||||
"integrity": "sha512-mPfYKBoRCf0MzaT2cyW5i3IuZ7PfTITaasO5OFLAQxrHuI+ZxruPa+4/K1OMNT8oElLWGtIxc9aRbyw20BKr8g==",
|
||||
"dependencies": {
|
||||
"jquery": ">=1.8.0 <4.0.0"
|
||||
"jquery": ">=1.12.0 <5.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/jquery-validation": {
|
||||
|
@ -10879,11 +10865,10 @@
|
|||
"license": "BSD-2-Clause"
|
||||
},
|
||||
"node_modules/webpack": {
|
||||
"version": "5.92.1",
|
||||
"resolved": "https://registry.npmjs.org/webpack/-/webpack-5.92.1.tgz",
|
||||
"integrity": "sha512-JECQ7IwJb+7fgUFBlrJzbyu3GEuNBcdqr1LD7IbSzwkSmIevTm8PF+wej3Oxuz/JFBUZ6O1o43zsPkwm1C4TmA==",
|
||||
"version": "5.94.0",
|
||||
"resolved": "https://registry.npmjs.org/webpack/-/webpack-5.94.0.tgz",
|
||||
"integrity": "sha512-KcsGn50VT+06JH/iunZJedYGUJS5FGjow8wb9c0v5n1Om8O1g4L6LjtfxwlXIATopoQu+vOXXa7gYisWxCoPyg==",
|
||||
"dependencies": {
|
||||
"@types/eslint-scope": "^3.7.3",
|
||||
"@types/estree": "^1.0.5",
|
||||
"@webassemblyjs/ast": "^1.12.1",
|
||||
"@webassemblyjs/wasm-edit": "^1.12.1",
|
||||
|
@ -10892,7 +10877,7 @@
|
|||
"acorn-import-attributes": "^1.9.5",
|
||||
"browserslist": "^4.21.10",
|
||||
"chrome-trace-event": "^1.0.2",
|
||||
"enhanced-resolve": "^5.17.0",
|
||||
"enhanced-resolve": "^5.17.1",
|
||||
"es-module-lexer": "^1.2.1",
|
||||
"eslint-scope": "5.1.1",
|
||||
"events": "^3.2.0",
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
"ekko-lightbox": "^5.1.1",
|
||||
"imagemin": "^8.0.1",
|
||||
"jquery-slimscroll": "^1.3.8",
|
||||
"jquery-ui": "^1.13.3",
|
||||
"jquery-ui": "^1.14.0",
|
||||
"jquery-validation": "^1.21.0",
|
||||
"jquery.iframe-transport": "^1.0.0",
|
||||
"jspdf-autotable": "^3.8.2",
|
||||
|
@ -57,6 +57,6 @@
|
|||
"signature_pad": "^4.2.0",
|
||||
"tableexport.jquery.plugin": "1.30.0",
|
||||
"tether": "^1.4.0",
|
||||
"webpack": "^5.92.0"
|
||||
"webpack": "^5.94.0"
|
||||
}
|
||||
}
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
public/js/dist/all.js
vendored
BIN
public/js/dist/all.js
vendored
Binary file not shown.
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"/js/build/app.js": "/js/build/app.js?id=35438e10820b4461fafe3db72c901c69",
|
||||
"/js/build/app.js": "/js/build/app.js?id=6d4d575774a1be993efe0598cc6b1c20",
|
||||
"/css/dist/skins/skin-black-dark.css": "/css/dist/skins/skin-black-dark.css?id=5f3abb12a286d6cb8aa523322d7f053b",
|
||||
"/css/dist/skins/_all-skins.css": "/css/dist/skins/_all-skins.css?id=89b7dcd91db033fb19ebbd7f7dcc0c35",
|
||||
"/css/build/overrides.css": "/css/build/overrides.css?id=863d3083406a65c0fd94cf9ecda6a6ae",
|
||||
|
@ -109,7 +109,7 @@
|
|||
"/css/dist/skins/skin-yellow-dark.min.css": "/css/dist/skins/skin-yellow-dark.min.css?id=dd5eb6c76770bacaa2e960849d275516",
|
||||
"/css/dist/skins/skin-yellow.min.css": "/css/dist/skins/skin-yellow.min.css?id=fc7adb943668ac69fe4b646625a7571f",
|
||||
"/css/dist/bootstrap-table.css": "/css/dist/bootstrap-table.css?id=393d720a0f9aba560094fbc8d3b0c0f0",
|
||||
"/js/build/vendor.js": "/js/build/vendor.js?id=c1c24b883f48dc3d16b817aed0b457cc",
|
||||
"/js/build/vendor.js": "/js/build/vendor.js?id=5269eb5a6beb74f03387c78938cf17b2",
|
||||
"/js/dist/bootstrap-table.js": "/js/dist/bootstrap-table.js?id=6660df122e24940d42d03c06775fec7b",
|
||||
"/js/dist/all.js": "/js/dist/all.js?id=63efb984ecc1cf51bcf19086b3e09ffd"
|
||||
"/js/dist/all.js": "/js/dist/all.js?id=262c933ac5d4c02c006d9bd531896c7b"
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ return array(
|
|||
'declined' => 'You have successfully declined this asset.',
|
||||
'bulk_manager_warn' => 'Your users have been successfully updated, however your manager entry was not saved because the manager you selected was also in the user list to be edited, and users may not be their own manager. Please select your users again, excluding the manager.',
|
||||
'user_exists' => 'User already exists!',
|
||||
'user_not_found' => 'User does not exist.',
|
||||
'user_not_found' => 'User does not exist or you do not have permission view them.',
|
||||
'user_login_required' => 'The login field is required',
|
||||
'user_has_no_assets_assigned' => 'No assets currently assigned to user.',
|
||||
'user_password_required' => 'The password is required.',
|
||||
|
@ -53,6 +53,7 @@ return array(
|
|||
'ldap_could_not_search' => 'Could not search the LDAP server. Please check your LDAP server configuration in the LDAP config file. <br>Error from LDAP Server:',
|
||||
'ldap_could_not_get_entries' => 'Could not get entries from the LDAP server. Please check your LDAP server configuration in the LDAP config file. <br>Error from LDAP Server:',
|
||||
'password_ldap' => 'The password for this account is managed by LDAP/Active Directory. Please contact your IT department to change your password. ',
|
||||
'multi_company_items_assigned' => 'This user has items assigned, please check them in before moving companies.'
|
||||
),
|
||||
|
||||
'deletefile' => array(
|
||||
|
|
|
@ -66,7 +66,9 @@
|
|||
|
||||
<div class="row">
|
||||
<div class="col-md-8 col-md-offset-2">
|
||||
<form class="form-horizontal" method="post" autocomplete="off" action="{{ (isset($user->id)) ? route('users.update', ['user' => $user->id]) : route('users.store') }}" enctype="multipart/form-data" id="userForm">
|
||||
<form class="form-horizontal" method="post" autocomplete="off"
|
||||
action="{{ (isset($user->id)) ? route('users.update', ['user' => $user->id]) : route('users.store') }}"
|
||||
enctype="multipart/form-data" id="userForm">
|
||||
{{csrf_field()}}
|
||||
|
||||
@if($user->id)
|
||||
|
|
|
@ -1097,18 +1097,20 @@ Route::group(['prefix' => 'v1', 'middleware' => ['api', 'throttle:api']], functi
|
|||
]
|
||||
)->name('api.users.restore');
|
||||
|
||||
});
|
||||
});
|
||||
|
||||
Route::match(['put', 'patch'], '{user}/update', [Api\UsersController::class, 'update'])
|
||||
->name('api.users.update');
|
||||
|
||||
Route::resource('users',
|
||||
Api\UsersController::class,
|
||||
['names' => [
|
||||
'index' => 'api.users.index',
|
||||
'show' => 'api.users.show',
|
||||
'update' => 'api.users.update',
|
||||
'store' => 'api.users.store',
|
||||
'destroy' => 'api.users.destroy',
|
||||
],
|
||||
'except' => ['create', 'edit'],
|
||||
'except' => ['create', 'edit', 'update'],
|
||||
'parameters' => ['user' => 'user_id'],
|
||||
]
|
||||
); // end users API routes
|
||||
|
|
|
@ -145,10 +145,12 @@ Route::group(['prefix' => 'users', 'middleware' => ['auth']], function () {
|
|||
]
|
||||
)->name('users/bulkeditsave');
|
||||
|
||||
|
||||
// pulling this out of the resource because I need route model binding in the request
|
||||
Route::match(['put', 'patch'], '/{user}', [Users\UsersController::class, 'update'])->name('users.update');
|
||||
});
|
||||
|
||||
Route::resource('users', Users\UsersController::class, [
|
||||
'middleware' => ['auth'],
|
||||
'parameters' => ['user' => 'user_id'],
|
||||
'except' => ['update']
|
||||
]);
|
|
@ -103,6 +103,102 @@ class UpdateAssetTest extends TestCase
|
|||
$this->assertEquals('2023-09-03 00:00:00', $updatedAsset->last_audit_date);
|
||||
}
|
||||
|
||||
public function testUpdatesPeriodAsCommaSeparatorForPurchaseCost()
|
||||
{
|
||||
$this->settings->set([
|
||||
'default_currency' => 'EUR',
|
||||
'digit_separator' => '1.234,56',
|
||||
]);
|
||||
|
||||
$original_asset = Asset::factory()->create();
|
||||
|
||||
$response = $this->actingAsForApi(User::factory()->superuser()->create())
|
||||
->patchJson(route('api.assets.update', $original_asset->id), [
|
||||
'asset_tag' => 'random-string',
|
||||
'model_id' => AssetModel::factory()->create()->id,
|
||||
'status_id' => Statuslabel::factory()->create()->id,
|
||||
// API also accepts string for comma separated values
|
||||
'purchase_cost' => '1.112,34',
|
||||
])
|
||||
->assertStatusMessageIs('success');
|
||||
|
||||
$asset = Asset::find($response['payload']['id']);
|
||||
|
||||
$this->assertEquals(1112.34, $asset->purchase_cost);
|
||||
}
|
||||
|
||||
public function testUpdatesFloatForPurchaseCost()
|
||||
{
|
||||
$this->settings->set([
|
||||
'default_currency' => 'EUR',
|
||||
'digit_separator' => '1.234,56',
|
||||
]);
|
||||
|
||||
$original_asset = Asset::factory()->create();
|
||||
|
||||
$response = $this->actingAsForApi(User::factory()->superuser()->create())
|
||||
->patchJson(route('api.assets.update', $original_asset->id), [
|
||||
'asset_tag' => 'random-string',
|
||||
'model_id' => AssetModel::factory()->create()->id,
|
||||
'status_id' => Statuslabel::factory()->create()->id,
|
||||
// API also accepts string for comma separated values
|
||||
'purchase_cost' => 12.34,
|
||||
])
|
||||
->assertStatusMessageIs('success');
|
||||
|
||||
$asset = Asset::find($response['payload']['id']);
|
||||
|
||||
$this->assertEquals(12.34, $asset->purchase_cost);
|
||||
}
|
||||
|
||||
public function testUpdatesUSDecimalForPurchaseCost()
|
||||
{
|
||||
$this->settings->set([
|
||||
'default_currency' => 'EUR',
|
||||
'digit_separator' => '1,234.56',
|
||||
]);
|
||||
|
||||
$original_asset = Asset::factory()->create();
|
||||
|
||||
$response = $this->actingAsForApi(User::factory()->superuser()->create())
|
||||
->patchJson(route('api.assets.update', $original_asset->id), [
|
||||
'asset_tag' => 'random-string',
|
||||
'model_id' => AssetModel::factory()->create()->id,
|
||||
'status_id' => Statuslabel::factory()->create()->id,
|
||||
// API also accepts string for comma separated values
|
||||
'purchase_cost' => '5412.34', //NOTE - you cannot use thousands-separator here!!!!
|
||||
])
|
||||
->assertStatusMessageIs('success');
|
||||
|
||||
$asset = Asset::find($response['payload']['id']);
|
||||
|
||||
$this->assertEquals(5412.34, $asset->purchase_cost);
|
||||
}
|
||||
|
||||
public function testUpdatesFloatUSDecimalForPurchaseCost()
|
||||
{
|
||||
$this->settings->set([
|
||||
'default_currency' => 'EUR',
|
||||
'digit_separator' => '1,234.56',
|
||||
]);
|
||||
|
||||
$original_asset = Asset::factory()->create();
|
||||
|
||||
$response = $this->actingAsForApi(User::factory()->superuser()->create())
|
||||
->patchJson(route('api.assets.update', $original_asset->id), [
|
||||
'asset_tag' => 'random-string',
|
||||
'model_id' => AssetModel::factory()->create()->id,
|
||||
'status_id' => Statuslabel::factory()->create()->id,
|
||||
// API also accepts string for comma separated values
|
||||
'purchase_cost' => 12.34,
|
||||
])
|
||||
->assertStatusMessageIs('success');
|
||||
|
||||
$asset = Asset::find($response['payload']['id']);
|
||||
|
||||
$this->assertEquals(12.34, $asset->purchase_cost);
|
||||
}
|
||||
|
||||
public function testAssetEolDateIsCalculatedIfPurchaseDateUpdated()
|
||||
{
|
||||
$asset = Asset::factory()->laptopMbp()->noPurchaseOrEolDate()->create();
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
namespace Tests\Feature\Users\Api;
|
||||
|
||||
use App\Models\Asset;
|
||||
use App\Models\Company;
|
||||
use App\Models\Department;
|
||||
use App\Models\Group;
|
||||
|
@ -344,4 +345,47 @@ class UpdateUserTest extends TestCase
|
|||
$this->assertTrue($user->refresh()->groups->contains($groupB));
|
||||
}
|
||||
|
||||
public function testMultiCompanyUserCannotBeMovedIfHasAsset()
|
||||
{
|
||||
$this->settings->enableMultipleFullCompanySupport();
|
||||
|
||||
$companyA = Company::factory()->create();
|
||||
$companyB = Company::factory()->create();
|
||||
|
||||
$user = User::factory()->create([
|
||||
'company_id' => $companyA->id,
|
||||
]);
|
||||
$superUser = User::factory()->superuser()->create();
|
||||
|
||||
$asset = Asset::factory()->create();
|
||||
|
||||
// no assets assigned, therefore success
|
||||
$this->actingAsForApi($superUser)->patchJson(route('api.users.update', $user), [
|
||||
'username' => 'test',
|
||||
'company_id' => $companyB->id,
|
||||
])->assertStatusMessageIs('success');
|
||||
|
||||
// same test but PUT
|
||||
$this->actingAsForApi($superUser)->putJson(route('api.users.update', $user), [
|
||||
'username' => 'test',
|
||||
'first_name' => 'Test',
|
||||
'company_id' => $companyB->id,
|
||||
])->assertStatusMessageIs('success');
|
||||
|
||||
$asset->checkOut($user, $superUser);
|
||||
|
||||
// asset assigned, therefore error
|
||||
$this->actingAsForApi($superUser)->patchJson(route('api.users.update', $user), [
|
||||
'username' => 'test',
|
||||
'company_id' => $companyB->id,
|
||||
])->assertStatusMessageIs('error');
|
||||
|
||||
// same test but PUT
|
||||
$this->actingAsForApi($superUser)->putJson(route('api.users.update', $user), [
|
||||
'username' => 'test',
|
||||
'first_name' => 'Test',
|
||||
'company_id' => $companyB->id,
|
||||
])->assertStatusMessageIs('error');
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
namespace Tests\Feature\Users\Ui;
|
||||
|
||||
use App\Models\Asset;
|
||||
use App\Models\Company;
|
||||
use App\Models\User;
|
||||
use Tests\TestCase;
|
||||
|
||||
|
@ -79,4 +81,39 @@ class UpdateUserTest extends TestCase
|
|||
|
||||
$this->assertEquals(1, $admin->refresh()->activated);
|
||||
}
|
||||
|
||||
public function testMultiCompanyUserCannotBeMovedIfHasAsset()
|
||||
{
|
||||
$this->settings->enableMultipleFullCompanySupport();
|
||||
|
||||
$companyA = Company::factory()->create();
|
||||
$companyB = Company::factory()->create();
|
||||
|
||||
$user = User::factory()->create([
|
||||
'company_id' => $companyA->id,
|
||||
]);
|
||||
$superUser = User::factory()->superuser()->create();
|
||||
|
||||
$asset = Asset::factory()->create();
|
||||
|
||||
// no assets assigned, therefore success
|
||||
$this->actingAs($superUser)->put(route('users.update', $user), [
|
||||
'first_name' => 'test',
|
||||
'username' => 'test',
|
||||
'company_id' => $companyB->id,
|
||||
'redirect_option' => 'index'
|
||||
])->assertRedirect(route('users.index'));
|
||||
|
||||
$asset->checkOut($user, $superUser);
|
||||
|
||||
// asset assigned, therefore error
|
||||
$response = $this->actingAs($superUser)->patchJson(route('users.update', $user), [
|
||||
'first_name' => 'test',
|
||||
'username' => 'test',
|
||||
'company_id' => $companyB->id,
|
||||
'redirect_option' => 'index'
|
||||
]);
|
||||
|
||||
$this->followRedirects($response)->assertSee('error');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -40,7 +40,7 @@ class ViewUserTest extends TestCase
|
|||
|
||||
$this->actingAs(User::factory()->viewUsers()->for($companyA)->create())
|
||||
->get(route('users.print', ['userId' => $user->id]))
|
||||
->assertStatus(403);
|
||||
->assertStatus(302);
|
||||
|
||||
$this->actingAs(User::factory()->viewUsers()->for($companyB)->create())
|
||||
->get(route('users.print', ['userId' => $user->id]))
|
||||
|
|
Loading…
Reference in a new issue