Merge pull request #12887 from marcusmoore/bug/sc-23158

Fix: Ensure users editing themselves do not deactivate their account
This commit is contained in:
snipe 2023-04-21 04:42:04 -07:00 committed by GitHub
commit fc721a9388
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 64 additions and 3 deletions

View file

@ -210,7 +210,6 @@ class UsersController extends Controller
*/
public function update(SaveUserRequest $request, $id = null)
{
// We need to reverse the UI specific logic for our
// permissions here before we update the user.
$permissions = $request->input('permissions', []);
@ -268,7 +267,8 @@ class UsersController extends Controller
$user->city = $request->input('city', null);
$user->state = $request->input('state', null);
$user->country = $request->input('country', null);
$user->activated = $request->input('activated', 0);
// if a user is editing themselves we should always keep activated true
$user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
$user->zip = $request->input('zip', null);
$user->remote = $request->input('remote', 0);
$user->vip = $request->input('vip', 0);
@ -670,4 +670,4 @@ class UsersController extends Controller
return redirect()->back()->with('error', 'User is not activated, is LDAP synced, or does not have an email address ');
}
}
}

View file

@ -0,0 +1,61 @@
<?php
namespace Tests\Feature\Users;
use App\Models\User;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
class UpdateUserTest extends TestCase
{
use InteractsWithSettings;
public function testUsersCanBeActivated()
{
$admin = User::factory()->admin()->create();
$user = User::factory()->create(['activated' => false]);
$this->actingAs($admin)
->put(route('users.update', $user), [
'first_name' => $user->first_name,
'username' => $user->username,
'activated' => 1,
]);
$this->assertTrue($user->refresh()->activated);
}
public function testUsersCanBeDeactivated()
{
$admin = User::factory()->admin()->create();
$user = User::factory()->create(['activated' => true]);
$this->actingAs($admin)
->put(route('users.update', $user), [
'first_name' => $user->first_name,
'username' => $user->username,
// checkboxes that are not checked are
// not included in the request payload
// 'activated' => 0,
]);
$this->assertFalse($user->refresh()->activated);
}
public function testUsersUpdatingThemselvesDoNotDeactivateTheirAccount()
{
$admin = User::factory()->admin()->create(['activated' => true]);
$this->actingAs($admin)
->put(route('users.update', $admin), [
'first_name' => $admin->first_name,
'username' => $admin->username,
// checkboxes that are disabled are not
// included in the request payload
// even if they are checked
// 'activated' => 0,
]);
$this->assertTrue($admin->refresh()->activated);
}
}