mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 21:24:13 -08:00
Merge pull request #12887 from marcusmoore/bug/sc-23158
Fix: Ensure users editing themselves do not deactivate their account
This commit is contained in:
commit
fc721a9388
|
@ -210,7 +210,6 @@ class UsersController extends Controller
|
||||||
*/
|
*/
|
||||||
public function update(SaveUserRequest $request, $id = null)
|
public function update(SaveUserRequest $request, $id = null)
|
||||||
{
|
{
|
||||||
|
|
||||||
// We need to reverse the UI specific logic for our
|
// We need to reverse the UI specific logic for our
|
||||||
// permissions here before we update the user.
|
// permissions here before we update the user.
|
||||||
$permissions = $request->input('permissions', []);
|
$permissions = $request->input('permissions', []);
|
||||||
|
@ -268,7 +267,8 @@ class UsersController extends Controller
|
||||||
$user->city = $request->input('city', null);
|
$user->city = $request->input('city', null);
|
||||||
$user->state = $request->input('state', null);
|
$user->state = $request->input('state', null);
|
||||||
$user->country = $request->input('country', null);
|
$user->country = $request->input('country', null);
|
||||||
$user->activated = $request->input('activated', 0);
|
// if a user is editing themselves we should always keep activated true
|
||||||
|
$user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
|
||||||
$user->zip = $request->input('zip', null);
|
$user->zip = $request->input('zip', null);
|
||||||
$user->remote = $request->input('remote', 0);
|
$user->remote = $request->input('remote', 0);
|
||||||
$user->vip = $request->input('vip', 0);
|
$user->vip = $request->input('vip', 0);
|
||||||
|
@ -670,4 +670,4 @@ class UsersController extends Controller
|
||||||
|
|
||||||
return redirect()->back()->with('error', 'User is not activated, is LDAP synced, or does not have an email address ');
|
return redirect()->back()->with('error', 'User is not activated, is LDAP synced, or does not have an email address ');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
61
tests/Feature/Users/UpdateUserTest.php
Normal file
61
tests/Feature/Users/UpdateUserTest.php
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Tests\Feature\Users;
|
||||||
|
|
||||||
|
use App\Models\User;
|
||||||
|
use Tests\Support\InteractsWithSettings;
|
||||||
|
use Tests\TestCase;
|
||||||
|
|
||||||
|
class UpdateUserTest extends TestCase
|
||||||
|
{
|
||||||
|
use InteractsWithSettings;
|
||||||
|
|
||||||
|
public function testUsersCanBeActivated()
|
||||||
|
{
|
||||||
|
$admin = User::factory()->admin()->create();
|
||||||
|
$user = User::factory()->create(['activated' => false]);
|
||||||
|
|
||||||
|
$this->actingAs($admin)
|
||||||
|
->put(route('users.update', $user), [
|
||||||
|
'first_name' => $user->first_name,
|
||||||
|
'username' => $user->username,
|
||||||
|
'activated' => 1,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->assertTrue($user->refresh()->activated);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testUsersCanBeDeactivated()
|
||||||
|
{
|
||||||
|
$admin = User::factory()->admin()->create();
|
||||||
|
$user = User::factory()->create(['activated' => true]);
|
||||||
|
|
||||||
|
$this->actingAs($admin)
|
||||||
|
->put(route('users.update', $user), [
|
||||||
|
'first_name' => $user->first_name,
|
||||||
|
'username' => $user->username,
|
||||||
|
// checkboxes that are not checked are
|
||||||
|
// not included in the request payload
|
||||||
|
// 'activated' => 0,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->assertFalse($user->refresh()->activated);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testUsersUpdatingThemselvesDoNotDeactivateTheirAccount()
|
||||||
|
{
|
||||||
|
$admin = User::factory()->admin()->create(['activated' => true]);
|
||||||
|
|
||||||
|
$this->actingAs($admin)
|
||||||
|
->put(route('users.update', $admin), [
|
||||||
|
'first_name' => $admin->first_name,
|
||||||
|
'username' => $admin->username,
|
||||||
|
// checkboxes that are disabled are not
|
||||||
|
// included in the request payload
|
||||||
|
// even if they are checked
|
||||||
|
// 'activated' => 0,
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->assertTrue($admin->refresh()->activated);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue