- {{ Form::open([
- 'method' => 'POST',
- 'route' => ['hardware/bulkedit'],
- 'class' => 'form-inline',
- 'id' => 'bulkForm']) }}
@@ -51,7 +46,7 @@
{{ trans('admin/hardware/form.expected_checkin') }} |
{{ trans('admin/hardware/table.requesting_user') }} |
{{ trans('admin/hardware/table.requested_date') }} |
- {{ trans('general.checkin').'/'.trans('general.checkout') }} |
+ {{ trans('button.actions') }} | |
@@ -103,6 +98,14 @@
@endif
{{ App\Helpers\Helper::getFormattedDateObject($request->created_at, 'datetime', false) }} |
+
+ {{ Form::open([
+ 'method' => 'POST',
+ 'route' => ['account/request-item', $request->itemType(), $request->requestable->id, true, $request->requestingUser()->id],
+ ]) }}
+
+ {{ Form::close() }}
+ |
@if ($request->itemType() == "asset")
@if ($request->requestable->assigned_to=='')
diff --git a/resources/views/hardware/view.blade.php b/resources/views/hardware/view.blade.php
index e1cd8dc4ff..d183df09b3 100755
--- a/resources/views/hardware/view.blade.php
+++ b/resources/views/hardware/view.blade.php
@@ -934,6 +934,14 @@
{{ $asset->location->state }} {{ $asset->location->zip }}
@endif
+
+ {{ trans('admin/hardware/form.checkout_date') }}: {{ Helper::getFormattedDateObject($asset->last_checkout, 'date', false) }}
+
+ @if (isset($asset->expected_checkin))
+
+ {{ trans('admin/hardware/form.expected_checkin') }}: {{ Helper::getFormattedDateObject($asset->expected_checkin, 'date', false) }}
+
+ @endif
@endif
diff --git a/routes/web.php b/routes/web.php
index 49998f43fc..5de6ef9025 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -281,7 +281,7 @@ Route::group(['prefix' => 'account', 'middleware' => ['auth']], function () {
)->name('account/request-asset');
Route::post(
- 'request/{itemType}/{itemId}',
+ 'request/{itemType}/{itemId}/{cancel_by_admin?}/{requestingUser?}',
[ViewAssetsController::class, 'getRequestItem']
)->name('account/request-item');
diff --git a/tests/Feature/Api/Assets/AssetIndexTest.php b/tests/Feature/Api/Assets/AssetIndexTest.php
index 3618c6e01e..778483c1c9 100644
--- a/tests/Feature/Api/Assets/AssetIndexTest.php
+++ b/tests/Feature/Api/Assets/AssetIndexTest.php
@@ -3,9 +3,9 @@
namespace Tests\Feature\Api\Assets;
use App\Models\Asset;
+use App\Models\Company;
use App\Models\User;
use Illuminate\Testing\Fluent\AssertableJson;
-use Laravel\Passport\Passport;
use Tests\Support\InteractsWithSettings;
use Tests\TestCase;
@@ -17,14 +17,14 @@ class AssetIndexTest extends TestCase
{
Asset::factory()->count(3)->create();
- Passport::actingAs(User::factory()->superuser()->create());
- $this->getJson(
- route('api.assets.index', [
- 'sort' => 'name',
- 'order' => 'asc',
- 'offset' => '0',
- 'limit' => '20',
- ]))
+ $this->actingAsForApi(User::factory()->superuser()->create())
+ ->getJson(
+ route('api.assets.index', [
+ 'sort' => 'name',
+ 'order' => 'asc',
+ 'offset' => '0',
+ 'limit' => '20',
+ ]))
->assertOk()
->assertJsonStructure([
'total',
@@ -32,4 +32,50 @@ class AssetIndexTest extends TestCase
])
->assertJson(fn(AssertableJson $json) => $json->has('rows', 3)->etc());
}
+
+ public function testAssetIndexAdheresToCompanyScoping()
+ {
+ [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+ $assetA = Asset::factory()->for($companyA)->create();
+ $assetB = Asset::factory()->for($companyB)->create();
+
+ $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+ $userInCompanyA = $companyA->users()->save(User::factory()->viewAssets()->make());
+ $userInCompanyB = $companyB->users()->save(User::factory()->viewAssets()->make());
+
+ $this->settings->disableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.assets.index'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.assets.index'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.assets.index'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+ $this->settings->enableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.assets.index'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.assets.index'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseDoesNotContainInRows($assetB, 'asset_tag');
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.assets.index'))
+ ->assertResponseDoesNotContainInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+ }
}
diff --git a/tests/Feature/Api/Assets/AssetsForSelectListTest.php b/tests/Feature/Api/Assets/AssetsForSelectListTest.php
new file mode 100644
index 0000000000..cccae38d38
--- /dev/null
+++ b/tests/Feature/Api/Assets/AssetsForSelectListTest.php
@@ -0,0 +1,76 @@
+create(['asset_tag' => '0001']);
+ Asset::factory()->create(['asset_tag' => '0002']);
+
+ $response = $this->actingAsForApi(User::factory()->create())
+ ->getJson(route('assets.selectlist', ['search' => '000']))
+ ->assertOk();
+
+ $results = collect($response->json('results'));
+
+ $this->assertEquals(2, $results->count());
+ $this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, '0001')));
+ $this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, '0002')));
+ }
+
+ public function testAssetsAreScopedToCompanyWhenMultipleCompanySupportEnabled()
+ {
+ [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+ $assetA = Asset::factory()->for($companyA)->create(['asset_tag' => '0001']);
+ $assetB = Asset::factory()->for($companyB)->create(['asset_tag' => '0002']);
+
+ $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+ $userInCompanyA = $companyA->users()->save(User::factory()->viewAssets()->make());
+ $userInCompanyB = $companyB->users()->save(User::factory()->viewAssets()->make());
+
+ $this->settings->disableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('assets.selectlist', ['search' => '000']))
+ ->assertResponseContainsInResults($assetA)
+ ->assertResponseContainsInResults($assetB);
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('assets.selectlist', ['search' => '000']))
+ ->assertResponseContainsInResults($assetA)
+ ->assertResponseContainsInResults($assetB);
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('assets.selectlist', ['search' => '000']))
+ ->assertResponseContainsInResults($assetA)
+ ->assertResponseContainsInResults($assetB);
+
+ $this->settings->enableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('assets.selectlist', ['search' => '000']))
+ ->assertResponseContainsInResults($assetA)
+ ->assertResponseContainsInResults($assetB);
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('assets.selectlist', ['search' => '000']))
+ ->assertResponseContainsInResults($assetA)
+ ->assertResponseDoesNotContainInResults($assetB);
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('assets.selectlist', ['search' => '000']))
+ ->assertResponseDoesNotContainInResults($assetA)
+ ->assertResponseContainsInResults($assetB);
+ }
+}
diff --git a/tests/Feature/Api/Assets/RequestableAssetsTest.php b/tests/Feature/Api/Assets/RequestableAssetsTest.php
new file mode 100644
index 0000000000..8649b1b00b
--- /dev/null
+++ b/tests/Feature/Api/Assets/RequestableAssetsTest.php
@@ -0,0 +1,79 @@
+actingAsForApi(User::factory()->create())
+ ->getJson(route('api.assets.requestable'))
+ ->assertForbidden();
+ }
+
+ public function testReturnsRequestableAssets()
+ {
+ $requestableAsset = Asset::factory()->requestable()->create(['asset_tag' => 'requestable']);
+ $nonRequestableAsset = Asset::factory()->nonrequestable()->create(['asset_tag' => 'non-requestable']);
+
+ $this->actingAsForApi(User::factory()->viewRequestableAssets()->create())
+ ->getJson(route('api.assets.requestable'))
+ ->assertOk()
+ ->assertResponseContainsInRows($requestableAsset, 'asset_tag')
+ ->assertResponseDoesNotContainInRows($nonRequestableAsset, 'asset_tag');
+ }
+
+ public function testRequestableAssetsAreScopedToCompanyWhenMultipleCompanySupportEnabled()
+ {
+ [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+ $assetA = Asset::factory()->requestable()->for($companyA)->create(['asset_tag' => '0001']);
+ $assetB = Asset::factory()->requestable()->for($companyB)->create(['asset_tag' => '0002']);
+
+ $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+ $userInCompanyA = $companyA->users()->save(User::factory()->viewRequestableAssets()->make());
+ $userInCompanyB = $companyB->users()->save(User::factory()->viewRequestableAssets()->make());
+
+ $this->settings->disableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.assets.requestable'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.assets.requestable'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.assets.requestable'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+ $this->settings->enableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.assets.requestable'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.assets.requestable'))
+ ->assertResponseContainsInRows($assetA, 'asset_tag')
+ ->assertResponseDoesNotContainInRows($assetB, 'asset_tag');
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.assets.requestable'))
+ ->assertResponseDoesNotContainInRows($assetA, 'asset_tag')
+ ->assertResponseContainsInRows($assetB, 'asset_tag');
+ }
+}
diff --git a/tests/Feature/Api/Components/ComponentIndexTest.php b/tests/Feature/Api/Components/ComponentIndexTest.php
new file mode 100644
index 0000000000..ee83b7a46d
--- /dev/null
+++ b/tests/Feature/Api/Components/ComponentIndexTest.php
@@ -0,0 +1,60 @@
+count(2)->create();
+
+ $componentA = Component::factory()->for($companyA)->create();
+ $componentB = Component::factory()->for($companyB)->create();
+
+ $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+ $userInCompanyA = $companyA->users()->save(User::factory()->viewComponents()->make());
+ $userInCompanyB = $companyB->users()->save(User::factory()->viewComponents()->make());
+
+ $this->settings->disableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.components.index'))
+ ->assertResponseContainsInRows($componentA)
+ ->assertResponseContainsInRows($componentB);
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.components.index'))
+ ->assertResponseContainsInRows($componentA)
+ ->assertResponseContainsInRows($componentB);
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.components.index'))
+ ->assertResponseContainsInRows($componentA)
+ ->assertResponseContainsInRows($componentB);
+
+ $this->settings->enableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.components.index'))
+ ->assertResponseContainsInRows($componentA)
+ ->assertResponseContainsInRows($componentB);
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.components.index'))
+ ->assertResponseContainsInRows($componentA)
+ ->assertResponseDoesNotContainInRows($componentB);
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.components.index'))
+ ->assertResponseDoesNotContainInRows($componentA)
+ ->assertResponseContainsInRows($componentB);
+ }
+}
diff --git a/tests/Feature/Api/Consumables/ConsumablesIndexTest.php b/tests/Feature/Api/Consumables/ConsumablesIndexTest.php
new file mode 100644
index 0000000000..33c10ed078
--- /dev/null
+++ b/tests/Feature/Api/Consumables/ConsumablesIndexTest.php
@@ -0,0 +1,60 @@
+count(2)->create();
+
+ $consumableA = Consumable::factory()->for($companyA)->create();
+ $consumableB = Consumable::factory()->for($companyB)->create();
+
+ $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+ $userInCompanyA = $companyA->users()->save(User::factory()->viewConsumables()->make());
+ $userInCompanyB = $companyB->users()->save(User::factory()->viewConsumables()->make());
+
+ $this->settings->disableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.consumables.index'))
+ ->assertResponseContainsInRows($consumableA)
+ ->assertResponseContainsInRows($consumableB);
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.consumables.index'))
+ ->assertResponseContainsInRows($consumableA)
+ ->assertResponseContainsInRows($consumableB);
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.consumables.index'))
+ ->assertResponseContainsInRows($consumableA)
+ ->assertResponseContainsInRows($consumableB);
+
+ $this->settings->enableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.consumables.index'))
+ ->assertResponseContainsInRows($consumableA)
+ ->assertResponseContainsInRows($consumableB);
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.consumables.index'))
+ ->assertResponseContainsInRows($consumableA)
+ ->assertResponseDoesNotContainInRows($consumableB);
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.consumables.index'))
+ ->assertResponseDoesNotContainInRows($consumableA)
+ ->assertResponseContainsInRows($consumableB);
+ }
+}
diff --git a/tests/Feature/Api/Licenses/LicensesIndexTest.php b/tests/Feature/Api/Licenses/LicensesIndexTest.php
new file mode 100644
index 0000000000..a21a27da73
--- /dev/null
+++ b/tests/Feature/Api/Licenses/LicensesIndexTest.php
@@ -0,0 +1,60 @@
+count(2)->create();
+
+ $licenseA = License::factory()->for($companyA)->create();
+ $licenseB = License::factory()->for($companyB)->create();
+
+ $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+ $userInCompanyA = $companyA->users()->save(User::factory()->viewLicenses()->make());
+ $userInCompanyB = $companyB->users()->save(User::factory()->viewLicenses()->make());
+
+ $this->settings->disableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.licenses.index'))
+ ->assertResponseContainsInRows($licenseA)
+ ->assertResponseContainsInRows($licenseB);
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.licenses.index'))
+ ->assertResponseContainsInRows($licenseA)
+ ->assertResponseContainsInRows($licenseB);
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.licenses.index'))
+ ->assertResponseContainsInRows($licenseA)
+ ->assertResponseContainsInRows($licenseB);
+
+ $this->settings->enableMultipleFullCompanySupport();
+
+ $this->actingAsForApi($superUser)
+ ->getJson(route('api.licenses.index'))
+ ->assertResponseContainsInRows($licenseA)
+ ->assertResponseContainsInRows($licenseB);
+
+ $this->actingAsForApi($userInCompanyA)
+ ->getJson(route('api.licenses.index'))
+ ->assertResponseContainsInRows($licenseA)
+ ->assertResponseDoesNotContainInRows($licenseB);
+
+ $this->actingAsForApi($userInCompanyB)
+ ->getJson(route('api.licenses.index'))
+ ->assertResponseDoesNotContainInRows($licenseA)
+ ->assertResponseContainsInRows($licenseB);
+ }
+}
diff --git a/tests/Feature/DashboardTest.php b/tests/Feature/DashboardTest.php
new file mode 100644
index 0000000000..4e9459fb06
--- /dev/null
+++ b/tests/Feature/DashboardTest.php
@@ -0,0 +1,19 @@
+actingAs(User::factory()->create())
+ ->get(route('home'))
+ ->assertRedirect(route('view-assets'));
+ }
+}
diff --git a/tests/Support/CustomTestMacros.php b/tests/Support/CustomTestMacros.php
new file mode 100644
index 0000000000..0a30d7c243
--- /dev/null
+++ b/tests/Support/CustomTestMacros.php
@@ -0,0 +1,66 @@
+{$property})) {
+ throw new RuntimeException(
+ "The property ({$property}) either does not exist or is null on the model which isn't helpful for comparison."
+ );
+ }
+ };
+
+ TestResponse::macro(
+ 'assertResponseContainsInRows',
+ function (Model $model, string $property = 'name') use ($guardAgainstNullProperty) {
+ $guardAgainstNullProperty($model, $property);
+
+ Assert::assertTrue(collect($this['rows'])->pluck($property)->contains($model->{$property}));
+
+ return $this;
+ }
+ );
+
+ TestResponse::macro(
+ 'assertResponseDoesNotContainInRows',
+ function (Model $model, string $property = 'name') use ($guardAgainstNullProperty) {
+ $guardAgainstNullProperty($model, $property);
+
+ Assert::assertFalse(collect($this['rows'])->pluck($property)->contains($model->{$property}));
+
+ return $this;
+ }
+ );
+
+ TestResponse::macro(
+ 'assertResponseContainsInResults',
+ function (Model $model, string $property = 'id') use ($guardAgainstNullProperty) {
+ $guardAgainstNullProperty($model, $property);
+
+ Assert::assertTrue(collect($this->json('results'))->pluck('id')->contains($model->{$property}));
+
+ return $this;
+ }
+ );
+
+ TestResponse::macro(
+ 'assertResponseDoesNotContainInResults',
+ function (Model $model, string $property = 'id') use ($guardAgainstNullProperty) {
+ $guardAgainstNullProperty($model, $property);
+
+ Assert::assertFalse(collect($this->json('results'))->pluck('id')->contains($model->{$property}));
+
+ return $this;
+ }
+ );
+ }
+}
diff --git a/tests/Support/InteractsWithAuthentication.php b/tests/Support/InteractsWithAuthentication.php
new file mode 100644
index 0000000000..27b20e382b
--- /dev/null
+++ b/tests/Support/InteractsWithAuthentication.php
@@ -0,0 +1,16 @@
+update(['full_multiple_companies_support' => 1]);
}
+ public function disableMultipleFullCompanySupport(): Settings
+ {
+ return $this->update(['full_multiple_companies_support' => 0]);
+ }
+
public function enableWebhook(): Settings
{
return $this->update([
diff --git a/tests/TestCase.php b/tests/TestCase.php
index 28051c7c7f..30237f3171 100644
--- a/tests/TestCase.php
+++ b/tests/TestCase.php
@@ -5,11 +5,15 @@ namespace Tests;
use App\Http\Middleware\SecurityHeaders;
use Illuminate\Foundation\Testing\LazilyRefreshDatabase;
use Illuminate\Foundation\Testing\TestCase as BaseTestCase;
+use Tests\Support\CustomTestMacros;
+use Tests\Support\InteractsWithAuthentication;
use Tests\Support\InteractsWithSettings;
abstract class TestCase extends BaseTestCase
{
use CreatesApplication;
+ use CustomTestMacros;
+ use InteractsWithAuthentication;
use LazilyRefreshDatabase;
private array $globallyDisabledMiddleware = [
@@ -25,5 +29,7 @@ abstract class TestCase extends BaseTestCase
if (collect(class_uses_recursive($this))->contains(InteractsWithSettings::class)) {
$this->initializeSettings();
}
+
+ $this->registerCustomMacros();
}
}
diff --git a/tests/Unit/CompanyScopingTest.php b/tests/Unit/CompanyScopingTest.php
new file mode 100644
index 0000000000..669dd5ed41
--- /dev/null
+++ b/tests/Unit/CompanyScopingTest.php
@@ -0,0 +1,169 @@
+ [Accessory::class],
+ 'Assets' => [Asset::class],
+ 'Components' => [Component::class],
+ 'Consumables' => [Consumable::class],
+ 'Licenses' => [License::class],
+ ];
+ }
+
+ /** @dataProvider models */
+ public function testCompanyScoping($model)
+ {
+ [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+ $modelA = $model::factory()->for($companyA)->create();
+ $modelB = $model::factory()->for($companyB)->create();
+
+ $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+ $userInCompanyA = $companyA->users()->save(User::factory()->make());
+ $userInCompanyB = $companyB->users()->save(User::factory()->make());
+
+ $this->settings->disableMultipleFullCompanySupport();
+
+ $this->actingAs($superUser);
+ $this->assertCanSee($modelA);
+ $this->assertCanSee($modelB);
+
+ $this->actingAs($userInCompanyA);
+ $this->assertCanSee($modelA);
+ $this->assertCanSee($modelB);
+
+ $this->actingAs($userInCompanyB);
+ $this->assertCanSee($modelA);
+ $this->assertCanSee($modelB);
+
+ $this->settings->enableMultipleFullCompanySupport();
+
+ $this->actingAs($superUser);
+ $this->assertCanSee($modelA);
+ $this->assertCanSee($modelB);
+
+ $this->actingAs($userInCompanyA);
+ $this->assertCanSee($modelA);
+ $this->assertCannotSee($modelB);
+
+ $this->actingAs($userInCompanyB);
+ $this->assertCannotSee($modelA);
+ $this->assertCanSee($modelB);
+ }
+
+ public function testAssetMaintenanceCompanyScoping()
+ {
+ [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+ $assetMaintenanceForCompanyA = AssetMaintenance::factory()->for(Asset::factory()->for($companyA))->create();
+ $assetMaintenanceForCompanyB = AssetMaintenance::factory()->for(Asset::factory()->for($companyB))->create();
+
+ $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+ $userInCompanyA = $companyA->users()->save(User::factory()->make());
+ $userInCompanyB = $companyB->users()->save(User::factory()->make());
+
+ $this->settings->disableMultipleFullCompanySupport();
+
+ $this->actingAs($superUser);
+ $this->assertCanSee($assetMaintenanceForCompanyA);
+ $this->assertCanSee($assetMaintenanceForCompanyB);
+
+ $this->actingAs($userInCompanyA);
+ $this->assertCanSee($assetMaintenanceForCompanyA);
+ $this->assertCanSee($assetMaintenanceForCompanyB);
+
+ $this->actingAs($userInCompanyB);
+ $this->assertCanSee($assetMaintenanceForCompanyA);
+ $this->assertCanSee($assetMaintenanceForCompanyB);
+
+ $this->settings->enableMultipleFullCompanySupport();
+
+ $this->actingAs($superUser);
+ $this->assertCanSee($assetMaintenanceForCompanyA);
+ $this->assertCanSee($assetMaintenanceForCompanyB);
+
+ $this->actingAs($userInCompanyA);
+ $this->assertCanSee($assetMaintenanceForCompanyA);
+ $this->assertCannotSee($assetMaintenanceForCompanyB);
+
+ $this->actingAs($userInCompanyB);
+ $this->assertCannotSee($assetMaintenanceForCompanyA);
+ $this->assertCanSee($assetMaintenanceForCompanyB);
+ }
+
+ public function testLicenseSeatCompanyScoping()
+ {
+ [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+ $licenseSeatA = LicenseSeat::factory()->for(Asset::factory()->for($companyA))->create();
+ $licenseSeatB = LicenseSeat::factory()->for(Asset::factory()->for($companyB))->create();
+
+ $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+ $userInCompanyA = $companyA->users()->save(User::factory()->make());
+ $userInCompanyB = $companyB->users()->save(User::factory()->make());
+
+ $this->settings->disableMultipleFullCompanySupport();
+
+ $this->actingAs($superUser);
+ $this->assertCanSee($licenseSeatA);
+ $this->assertCanSee($licenseSeatB);
+
+ $this->actingAs($userInCompanyA);
+ $this->assertCanSee($licenseSeatA);
+ $this->assertCanSee($licenseSeatB);
+
+ $this->actingAs($userInCompanyB);
+ $this->assertCanSee($licenseSeatA);
+ $this->assertCanSee($licenseSeatB);
+
+ $this->settings->enableMultipleFullCompanySupport();
+
+ $this->actingAs($superUser);
+ $this->assertCanSee($licenseSeatA);
+ $this->assertCanSee($licenseSeatB);
+
+ $this->actingAs($userInCompanyA);
+ $this->assertCanSee($licenseSeatA);
+ $this->assertCannotSee($licenseSeatB);
+
+ $this->actingAs($userInCompanyB);
+ $this->assertCannotSee($licenseSeatA);
+ $this->assertCanSee($licenseSeatB);
+ }
+
+ private function assertCanSee(Model $model)
+ {
+ $this->assertTrue(
+ get_class($model)::all()->contains($model),
+ 'User was not able to see expected model'
+ );
+ }
+
+ private function assertCannotSee(Model $model)
+ {
+ $this->assertFalse(
+ get_class($model)::all()->contains($model),
+ 'User was able to see model from a different company'
+ );
+ }
+}
diff --git a/upgrade.php b/upgrade.php
index 69ab2ffdab..a287e3d1de 100644
--- a/upgrade.php
+++ b/upgrade.php
@@ -1,7 +1,9 @@
=". $php_min_works. " - <".$php_max_wontwork.") \n";
echo "--------------------------------------------------------\n\n";
-if (version_compare(PHP_VERSION, $required_php_min, '<')) {
- echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ERROR !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n";
- echo "This version of PHP (".PHP_VERSION.") is not compatible with Snipe-IT.\n";
- echo "Snipe-IT requires PHP version ".$required_php_min." or greater. Please upgrade \n";
- echo "your version of PHP (web/php-fcgi and cli) and try running this script again.\n\n\n";
- exit;
+if ((version_compare(phpversion(), $php_min_works, '>=')) && (version_compare(phpversion(), $php_max_wontwork, '<'))) {
+
+ echo "√ Current PHP version: (" . phpversion() . ") is at least " . $php_min_works . " and less than ".$php_max_wontwork."! Continuing... \n";
+ echo sprintf("FYI: The php.ini used by this PHP is: %s\n\n", get_cfg_var('cfg_file_path'));
} else {
- echo "Current PHP version: (" . PHP_VERSION . ") is at least ".$required_php_min." - continuing... \n";
- echo sprintf("FYI: The php.ini used by this PHP is: %s\n\n", get_cfg_var('cfg_file_path'));
+ echo "!!!!!!!!!!!!!!!!!!!!!!!!! PHP VERSION ERROR !!!!!!!!!!!!!!!!!!!!!!!!!\n";
+ echo "This version of PHP (".phpversion().") is NOT compatible with Snipe-IT.\n";
+ echo "Snipe-IT requires PHP versions between ".$php_min_works." and ".$php_max_wontwork.".\n";
+ echo "Please install a compatible version of PHP and re-run this script again. \n";
+ echo "!!!!!!!!!!!!!!!!!!!!!!!!! ABORTING THE UPGRADER !!!!!!!!!!!!!!!!!!!!!!\n";
+ exit;
}
-
echo "Checking Required PHP extensions... \n\n";
// Get the list of installed extensions
|