Merge pull request #13734 from marcusmoore/bug/sc-23661

Fixed the storing of group permissions when creating via API

app/Http/Controllers/Api/GroupsController.php

@@ -63,7 +63,7 @@ class GroupsController extends Controller
         $group = new Group;
 
         $group->name = $request->input('name');
-        $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
+        $group->permissions = json_encode($request->input('permissions')); // Todo - some JSON validation stuff here
 
         if ($group->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));

tests/Feature/Api/Groups/GroupStoreTest.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace Tests\Feature\Api\Groups;
+
+use App\Models\Group;
+use App\Models\User;
+use Tests\Support\InteractsWithSettings;
+use Tests\TestCase;
+
+class GroupStoreTest extends TestCase
+{
+    use InteractsWithSettings;
+
+    public function testStoringGroupRequiresSuperAdminPermission()
+    {
+        $this->actingAsForApi(User::factory()->create())
+            ->postJson(route('api.groups.store'))
+            ->assertForbidden();
+    }
+
+    public function testCanStoreGroup()
+    {
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.groups.store'), [
+                'name' => 'My Awesome Group',
+                'permissions' => [
+                    'admin' => '1',
+                    'import' => '1',
+                    'reports.view' => '0',
+                ],
+            ])
+            ->assertOk();
+
+        $group = Group::where('name', 'My Awesome Group')->first();
+
+        $this->assertNotNull($group);
+        $this->assertEquals('1', $group->decodePermissions()['admin']);
+        $this->assertEquals('1', $group->decodePermissions()['import']);
+        $this->assertEquals('0', $group->decodePermissions()['reports.view']);
+    }
+}