mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-12 14:27:33 -08:00
99cc8293ef
* Refactored AssetsTransformer Casted all ids to int, escaped all text values, * Added warranty_expires attribute to Asset model $asset->warranty_expires contains a Carbon object with the warranty expiration date. Returns null when either purchase_date or warranty_months are not set. * Ignoring php-cs cache files * Restored asset tests expectations Work in progress - tests still fail * API controller refactoring, fixed HTTP status codes in responses * Restored $request->get - debugging * Added further checks in ApiAssetsCest::updateAssetWithPatch * Fixed undefined method * Fixed initial underscore trimmed by str_slug * CustomFieldTest now works where intl PHP extension is not installed If a server doesn't have the intl php extension installed, the custom fields tests failed. Now the tests perform the same check done in the CustomField class.
428 lines
15 KiB
PHP
428 lines
15 KiB
PHP
<?php
|
|
|
|
use App\Models\Accessory;
|
|
use App\Models\Asset;
|
|
use App\Models\Component;
|
|
use App\Models\Consumable;
|
|
use App\Models\License;
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\DatabaseMigrations;
|
|
use Illuminate\Foundation\Testing\DatabaseTransactions;
|
|
use Illuminate\Foundation\Testing\WithoutMiddleware;
|
|
|
|
class PermissionsTest extends TestCase
|
|
{
|
|
// use DatabaseMigrations;
|
|
use DatabaseTransactions;
|
|
public function setUp()
|
|
{
|
|
parent::setUp();
|
|
$this->hardwareId = Asset::first()->id;
|
|
$this->noHardware = [
|
|
route('hardware.index') => 403,
|
|
route('hardware.create') => 403,
|
|
route('hardware.edit', $this->hardwareId) => 403,
|
|
route('hardware.show', $this->hardwareId) => 403,
|
|
];
|
|
|
|
$this->licenseId = License::first()->id;
|
|
$this->noLicenses = [
|
|
route('licenses.index') => 403,
|
|
route('licenses.create') => 403,
|
|
route('licenses.edit', $this->licenseId) => 403,
|
|
route('licenses.show', $this->licenseId) => 403,
|
|
];
|
|
|
|
$this->accessoryId = Accessory::first()->id;
|
|
$this->noAccessories = [
|
|
route('accessories.index') => 403,
|
|
route('accessories.create') => 403,
|
|
route('accessories.edit', $this->accessoryId) => 403,
|
|
route('accessories.show', $this->accessoryId) => 403,
|
|
];
|
|
|
|
$this->consumableId = Consumable::first()->id;
|
|
$this->noConsumables = [
|
|
route('consumables.index') => 403,
|
|
route('consumables.create') => 403,
|
|
route('consumables.edit', $this->consumableId) => 403,
|
|
route('consumables.show', $this->consumableId) => 403,
|
|
];
|
|
|
|
$this->componentId = Component::first()->id;
|
|
$this->noComponents = [
|
|
route('components.index') => 403,
|
|
route('components.create') => 403,
|
|
route('components.edit', $this->componentId) => 403,
|
|
route('components.show', $this->componentId) => 403,
|
|
];
|
|
|
|
$this->userId = User::first()->id;
|
|
$this->noUsers = [
|
|
route('users.index') => 403,
|
|
route('users.create') => 403,
|
|
route('users.edit', $this->userId) => 403,
|
|
route('users.show', $this->userId) => 403,
|
|
];
|
|
|
|
}
|
|
|
|
public function tearDown()
|
|
{
|
|
}
|
|
private $noHardware;
|
|
private $noLicenses;
|
|
private $noAccessories;
|
|
private $noConsumables;
|
|
private $noComponents;
|
|
private $noUsers;
|
|
|
|
// An existing id for each type;
|
|
private $hardwareId;
|
|
private $licenseId;
|
|
private $accessoryId;
|
|
private $consumableId;
|
|
private $componentId;
|
|
private $userId;
|
|
// tests
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_no_permissions_sees_nothing()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->create();
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
// $permissions = $this->noHardware;
|
|
$this->hitRoutes($permissions, $u);
|
|
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_asset_permissions_can_view_assets()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-assets')->create();
|
|
$permissions = $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('hardware.index') => 200,
|
|
route('hardware.create') => 403,
|
|
route('hardware.edit', $this->hardwareId) => 403,
|
|
route('hardware.show', $this->hardwareId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_asset_permissions_can_create_assets()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-assets')->create();
|
|
$permissions = $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('hardware.index') => 403,
|
|
route('hardware.create') => 200,
|
|
route('hardware.edit', $this->hardwareId) => 403,
|
|
route('hardware.show', $this->hardwareId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_assets_permissions_can_edit_assets()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-assets')->create();
|
|
|
|
$permissions = $this->noLicenses + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('hardware.index') => 403,
|
|
route('hardware.create') => 403,
|
|
route('hardware.edit', $this->hardwareId) => 200,
|
|
route('hardware.show', $this->hardwareId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_licenses_permissions_can_view_licenses()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-licenses')->create();
|
|
$permissions = $this->noHardware + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('licenses.index') => 200,
|
|
route('licenses.create') => 403,
|
|
route('licenses.edit', $this->licenseId) => 403,
|
|
route('licenses.show', $this->licenseId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_licenses_permissions_can_create_licenses()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-licenses')->create();
|
|
$permissions = $this->noHardware + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('licenses.index') => 403,
|
|
route('licenses.create') => 200,
|
|
route('licenses.edit', $this->licenseId) => 403,
|
|
route('licenses.show', $this->licenseId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_licenses_permissions_can_edit_licenses()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-licenses')->create();
|
|
$permissions = $this->noHardware + $this->noAccessories + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('licenses.index') => 403,
|
|
route('licenses.create') => 403,
|
|
route('licenses.edit', $this->licenseId) => 200,
|
|
route('licenses.show', $this->licenseId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_accessories_permissions_can_view_accessories()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-accessories')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('accessories.index') => 200,
|
|
route('accessories.create') => 403,
|
|
route('accessories.edit', $this->accessoryId) => 403,
|
|
route('accessories.show', $this->accessoryId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_accessories_permissions_can_create_accessories()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-accessories')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('accessories.index') => 403,
|
|
route('accessories.create') => 200,
|
|
route('accessories.edit', $this->accessoryId) => 403,
|
|
route('accessories.show', $this->accessoryId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_accessories_permissions_can_edit_accessories()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-accessories')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('accessories.index') => 403,
|
|
route('accessories.create') => 403,
|
|
route('accessories.edit', $this->accessoryId) => 200,
|
|
route('accessories.show', $this->accessoryId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_consumables_permissions_can_view_consumables()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-consumables')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('consumables.index') => 200,
|
|
route('consumables.create') => 403,
|
|
route('consumables.edit', $this->consumableId) => 403,
|
|
route('consumables.show', $this->consumableId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_consumables_permissions_can_create_consumables()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-consumables')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noConsumables + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('consumables.index') => 403,
|
|
route('consumables.create') => 200,
|
|
route('consumables.edit', $this->consumableId) => 403,
|
|
route('consumables.show', $this->consumableId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_consumables_permissions_can_edit_consumables()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-consumables')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories + $this->noComponents + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('consumables.index') => 403,
|
|
route('consumables.create') => 403,
|
|
route('consumables.edit', $this->consumableId) => 200,
|
|
route('consumables.show', $this->consumableId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_users_permissions_can_view_users()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-users')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noComponents;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('users.index') => 200,
|
|
route('users.create') => 403,
|
|
route('users.edit', $this->userId) => 403,
|
|
route('users.show', $this->userId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_users_permissions_can_create_users()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-users')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noComponents;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('users.index') => 403,
|
|
route('users.create') => 200,
|
|
route('users.edit', $this->userId) => 403,
|
|
route('users.show', $this->userId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_users_permissions_can_edit_users()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-users')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noComponents;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('users.index') => 403,
|
|
route('users.create') => 403,
|
|
route('users.edit', $this->userId) => 200,
|
|
route('users.show', $this->userId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_view_components_permissions_can_view_components()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('view-components')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('components.index') => 200,
|
|
route('components.create') => 403,
|
|
route('components.edit', $this->componentId) => 403,
|
|
route('components.show', $this->componentId) => 200,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_create_components_permissions_can_create_components()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('create-components')->create();
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('components.index') => 403,
|
|
route('components.create') => 200,
|
|
route('components.edit', $this->componentId) => 403,
|
|
route('components.show', $this->componentId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
/**
|
|
* @test
|
|
*/
|
|
public function a_user_with_edit_components_permissions_can_edit_components()
|
|
{
|
|
$u = factory(App\Models\User::class, 'valid-user')->states('edit-components')->create();
|
|
|
|
$permissions = $this->noHardware + $this->noLicenses + $this->noAccessories +$this->noConsumables + $this->noUsers;
|
|
|
|
$permissions = array_merge($permissions, [
|
|
route('components.index') => 403,
|
|
route('components.create') => 403,
|
|
route('components.edit', $this->componentId) => 200,
|
|
route('components.show', $this->componentId) => 403,
|
|
]);
|
|
$this->hitRoutes($permissions, $u);
|
|
}
|
|
|
|
private function hitRoutes(array $routes, User $user)
|
|
{
|
|
$this->actingAs($user);
|
|
|
|
foreach ($routes as $route => $response) {
|
|
$this->get($route)
|
|
->assertStatus($response);
|
|
}
|
|
}
|
|
}
|