From e8864ffb019fa75d14ab1561535cecf85196a9ee Mon Sep 17 00:00:00 2001 From: spencerrlongg Date: Tue, 23 Jul 2024 14:29:17 -0500 Subject: [PATCH] test added, permission fixed --- app/Http/Requests/UpdateAssetRequest.php | 2 +- tests/Feature/Assets/Api/UpdateAssetTest.php | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/app/Http/Requests/UpdateAssetRequest.php b/app/Http/Requests/UpdateAssetRequest.php index eea7d8ec36..cc23a65c40 100644 --- a/app/Http/Requests/UpdateAssetRequest.php +++ b/app/Http/Requests/UpdateAssetRequest.php @@ -15,7 +15,7 @@ class UpdateAssetRequest extends ImageUploadRequest */ public function authorize() { - return Gate::allows('update', new Asset); + return Gate::allows('update', $this->asset); } /** diff --git a/tests/Feature/Assets/Api/UpdateAssetTest.php b/tests/Feature/Assets/Api/UpdateAssetTest.php index f8718c6bd4..db5893b4dc 100644 --- a/tests/Feature/Assets/Api/UpdateAssetTest.php +++ b/tests/Feature/Assets/Api/UpdateAssetTest.php @@ -427,16 +427,14 @@ class UpdateAssetTest extends TestCase public function testAssetCannotBeUpdatedByUserInSeparateCompany() { - $this->markTestIncomplete('not done with this yet'); - $this->settings->enableMultipleFullCompanySupport(); $companyA = Company::factory()->create(); $companyB = Company::factory()->create(); - $userA = User::factory()->create([ + $userA = User::factory()->editAssets()->create([ 'company_id' => $companyA->id, ]); - $userB = User::factory()->create([ + $userB = User::factory()->editAssets()->create([ 'company_id' => $companyB->id, ]); $asset = Asset::factory()->create([ @@ -448,7 +446,12 @@ class UpdateAssetTest extends TestCase ->patchJson(route('api.assets.update', $asset->id), [ 'name' => 'test name' ]) - ->assertStatus(403); + ->assertStatusMessageIs('error'); + $this->actingAsForApi($userA) + ->patchJson(route('api.assets.update', $asset->id), [ + 'name' => 'test name' + ]) + ->assertStatusMessageIs('success'); } }