From f3c4e556675d7dcd7920807bced18b3416b0b2ec Mon Sep 17 00:00:00 2001
From: Tobias Regnery <tobias.regnery@gmail.com>
Date: Mon, 14 Oct 2024 15:14:41 +0200
Subject: [PATCH] Refactor asset creation with API

Commit fb4fe3004 restored the previous behaviour to check the company_id in case of FullMultipleCompanySupport.
But after rereading the code and the laravel documentation, the check is already there where it belongs in AssetStoreRequest::prepareForValidation()
The bug is the is_int-check of the request input in prepareForValidation(). Is is of type string even if it is a numeric value, so the call to getIdForCurrentUser() never happend.
Fix this by removing the check and the now redundant call to getIdForCurrentUser().
Wrong values will get caught by the model-level validation rules.
---
 app/Http/Controllers/Api/AssetsController.php | 1 -
 app/Http/Requests/StoreAssetRequest.php       | 9 +--------
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php
index 00c5416afb..d4a103be37 100644
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@@ -598,7 +598,6 @@ class AssetsController extends Controller
         $asset->model()->associate(AssetModel::find((int) $request->get('model_id')));
 
         $asset->fill($request->validated());
-        $asset->company_id = Company::getIdForCurrentUser($request->validated()['company_id']);
         $asset->created_by    = auth()->id();
 
         /**
diff --git a/app/Http/Requests/StoreAssetRequest.php b/app/Http/Requests/StoreAssetRequest.php
index e1665e2136..26d01051b4 100644
--- a/app/Http/Requests/StoreAssetRequest.php
+++ b/app/Http/Requests/StoreAssetRequest.php
@@ -26,18 +26,11 @@ class StoreAssetRequest extends ImageUploadRequest
 
     public function prepareForValidation(): void
     {
-        // Guard against users passing in an array for company_id instead of an integer.
-        // If the company_id is not an integer then we simply use what was
-        // provided to be caught by model level validation later.
-        $idForCurrentUser = is_int($this->company_id)
-            ? Company::getIdForCurrentUser($this->company_id)
-            : $this->company_id;
-
         $this->parseLastAuditDate();
 
         $this->merge([
             'asset_tag' => $this->asset_tag ?? Asset::autoincrement_asset(),
-            'company_id' => $idForCurrentUser,
+            'company_id' => Company::getIdForCurrentUser($this->company_id),
             'assigned_to' => $assigned_to ?? null,
         ]);
     }