mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 05:04:07 -08:00
Merge pull request #12887 from marcusmoore/bug/sc-23158
Fix: Ensure users editing themselves do not deactivate their account
This commit is contained in:
commit
fc721a9388
|
@ -210,7 +210,6 @@ class UsersController extends Controller
|
|||
*/
|
||||
public function update(SaveUserRequest $request, $id = null)
|
||||
{
|
||||
|
||||
// We need to reverse the UI specific logic for our
|
||||
// permissions here before we update the user.
|
||||
$permissions = $request->input('permissions', []);
|
||||
|
@ -268,7 +267,8 @@ class UsersController extends Controller
|
|||
$user->city = $request->input('city', null);
|
||||
$user->state = $request->input('state', null);
|
||||
$user->country = $request->input('country', null);
|
||||
$user->activated = $request->input('activated', 0);
|
||||
// if a user is editing themselves we should always keep activated true
|
||||
$user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
|
||||
$user->zip = $request->input('zip', null);
|
||||
$user->remote = $request->input('remote', 0);
|
||||
$user->vip = $request->input('vip', 0);
|
||||
|
@ -670,4 +670,4 @@ class UsersController extends Controller
|
|||
|
||||
return redirect()->back()->with('error', 'User is not activated, is LDAP synced, or does not have an email address ');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
61
tests/Feature/Users/UpdateUserTest.php
Normal file
61
tests/Feature/Users/UpdateUserTest.php
Normal file
|
@ -0,0 +1,61 @@
|
|||
<?php
|
||||
|
||||
namespace Tests\Feature\Users;
|
||||
|
||||
use App\Models\User;
|
||||
use Tests\Support\InteractsWithSettings;
|
||||
use Tests\TestCase;
|
||||
|
||||
class UpdateUserTest extends TestCase
|
||||
{
|
||||
use InteractsWithSettings;
|
||||
|
||||
public function testUsersCanBeActivated()
|
||||
{
|
||||
$admin = User::factory()->admin()->create();
|
||||
$user = User::factory()->create(['activated' => false]);
|
||||
|
||||
$this->actingAs($admin)
|
||||
->put(route('users.update', $user), [
|
||||
'first_name' => $user->first_name,
|
||||
'username' => $user->username,
|
||||
'activated' => 1,
|
||||
]);
|
||||
|
||||
$this->assertTrue($user->refresh()->activated);
|
||||
}
|
||||
|
||||
public function testUsersCanBeDeactivated()
|
||||
{
|
||||
$admin = User::factory()->admin()->create();
|
||||
$user = User::factory()->create(['activated' => true]);
|
||||
|
||||
$this->actingAs($admin)
|
||||
->put(route('users.update', $user), [
|
||||
'first_name' => $user->first_name,
|
||||
'username' => $user->username,
|
||||
// checkboxes that are not checked are
|
||||
// not included in the request payload
|
||||
// 'activated' => 0,
|
||||
]);
|
||||
|
||||
$this->assertFalse($user->refresh()->activated);
|
||||
}
|
||||
|
||||
public function testUsersUpdatingThemselvesDoNotDeactivateTheirAccount()
|
||||
{
|
||||
$admin = User::factory()->admin()->create(['activated' => true]);
|
||||
|
||||
$this->actingAs($admin)
|
||||
->put(route('users.update', $admin), [
|
||||
'first_name' => $admin->first_name,
|
||||
'username' => $admin->username,
|
||||
// checkboxes that are disabled are not
|
||||
// included in the request payload
|
||||
// even if they are checked
|
||||
// 'activated' => 0,
|
||||
]);
|
||||
|
||||
$this->assertTrue($admin->refresh()->activated);
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue