From 695c9d070f938d8ee8ccadaa0a46fb0f67b9f09f Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Wed, 5 Mar 2025 11:32:04 -0800 Subject: [PATCH 1/5] Require int for department and company ids when creating user via api --- app/Http/Requests/SaveUserRequest.php | 4 +- tests/Feature/Users/Api/StoreUsersTest.php | 48 ++++++++++++++++++++++ 2 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 tests/Feature/Users/Api/StoreUsersTest.php diff --git a/app/Http/Requests/SaveUserRequest.php b/app/Http/Requests/SaveUserRequest.php index 5a47362cfc..4051e98043 100644 --- a/app/Http/Requests/SaveUserRequest.php +++ b/app/Http/Requests/SaveUserRequest.php @@ -33,9 +33,9 @@ class SaveUserRequest extends FormRequest public function rules() { $rules = [ - 'department_id' => 'nullable|exists:departments,id', + 'department_id' => 'nullable|integer|exists:departments,id', 'manager_id' => 'nullable|exists:users,id', - 'company_id' => ['nullable','exists:companies,id'] + 'company_id' => ['nullable', 'integer', 'exists:companies,id'] ]; switch ($this->method()) { diff --git a/tests/Feature/Users/Api/StoreUsersTest.php b/tests/Feature/Users/Api/StoreUsersTest.php new file mode 100644 index 0000000000..f5065c574a --- /dev/null +++ b/tests/Feature/Users/Api/StoreUsersTest.php @@ -0,0 +1,48 @@ +create(); + + $this->actingAsForApi(User::factory()->createUsers()->create()) + ->postJson(route('api.users.store'), [ + 'company_id' => [$company->id], + 'first_name' => 'Joe', + 'username' => 'joe', + 'password' => 'joe_password', + 'password_confirmation' => 'joe_password', + ]) + ->assertStatusMessageIs('error') + ->assertJson(function (AssertableJson $json) { + $json->has('messages.company_id')->etc(); + }); + } + + public function testDepartmentIdNeedsToBeInteger() + { + $department = Department::factory()->create(); + + $this->actingAsForApi(User::factory()->createUsers()->create()) + ->postJson(route('api.users.store'), [ + 'department_id' => [$department->id], + 'first_name' => 'Joe', + 'username' => 'joe', + 'password' => 'joe_password', + 'password_confirmation' => 'joe_password', + ]) + ->assertStatusMessageIs('error') + ->assertJson(function (AssertableJson $json) { + $json->has('messages.department_id')->etc(); + }); + } +} From 69009e027fbac5062669ed1b8ca223240be837ac Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Wed, 5 Mar 2025 11:34:45 -0800 Subject: [PATCH 2/5] Add authorization test --- tests/Feature/Users/Api/StoreUsersTest.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/Feature/Users/Api/StoreUsersTest.php b/tests/Feature/Users/Api/StoreUsersTest.php index f5065c574a..fcc6752310 100644 --- a/tests/Feature/Users/Api/StoreUsersTest.php +++ b/tests/Feature/Users/Api/StoreUsersTest.php @@ -10,6 +10,18 @@ use Tests\TestCase; class StoreUsersTest extends TestCase { + public function testRequiresPermission() + { + $this->actingAsForApi(User::factory()->create()) + ->postJson(route('api.users.store'), [ + 'first_name' => 'Joe', + 'username' => 'joe', + 'password' => 'joe_password', + 'password_confirmation' => 'joe_password', + ]) + ->assertForbidden(); + } + public function testCompanyIdNeedsToBeInteger() { $company = Company::factory()->create(); From 25395e9af1084ef0a20c45c4788f98b16e627080 Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Wed, 5 Mar 2025 11:37:03 -0800 Subject: [PATCH 3/5] Add test for storing user --- tests/Feature/Users/Api/StoreUsersTest.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/Feature/Users/Api/StoreUsersTest.php b/tests/Feature/Users/Api/StoreUsersTest.php index fcc6752310..41cb04e3c4 100644 --- a/tests/Feature/Users/Api/StoreUsersTest.php +++ b/tests/Feature/Users/Api/StoreUsersTest.php @@ -57,4 +57,22 @@ class StoreUsersTest extends TestCase $json->has('messages.department_id')->etc(); }); } + + public function testCanStoreUser() + { + $this->actingAsForApi(User::factory()->createUsers()->create()) + ->postJson(route('api.users.store'), [ + 'first_name' => 'Darth', + 'username' => 'darthvader', + 'password' => 'darth_password', + 'password_confirmation' => 'darth_password', + ]) + ->assertStatusMessageIs('success') + ->assertOk(); + + $this->assertDatabaseHas('users', [ + 'first_name' => 'Darth', + 'username' => 'darthvader', + ]); + } } From 70de08a21183cfb5ca7618fec7f6b9b3baabfa3b Mon Sep 17 00:00:00 2001 From: Marcus Moore Date: Wed, 5 Mar 2025 16:26:26 -0800 Subject: [PATCH 4/5] Replace hard-coded link to report template --- resources/views/reports/custom.blade.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/resources/views/reports/custom.blade.php b/resources/views/reports/custom.blade.php index f89866ed21..2ef3acfd7d 100644 --- a/resources/views/reports/custom.blade.php +++ b/resources/views/reports/custom.blade.php @@ -627,7 +627,11 @@ > @foreach($report_templates as $savedTemplate) - @endforeach @@ -774,7 +778,7 @@ $('#saved_report_select') .on('select2:select', function (event) { - window.location.href = '/reports/templates/' + event.params.data.id; + window.location.href = event.params.data.element.dataset.route; }); $('#dataConfirmModal').on('show.bs.modal', function (event) { From f42fcd25b1fad27468ddf4f6a19849ab6bb2e6ee Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 6 Mar 2025 12:05:36 +0000 Subject: [PATCH 5/5] Make the assets tab active by default on locations page Signed-off-by: snipe --- resources/views/locations/view.blade.php | 68 +++++++++++++----------- 1 file changed, 36 insertions(+), 32 deletions(-) diff --git a/resources/views/locations/view.blade.php b/resources/views/locations/view.blade.php index b10cb315e0..770e004d00 100644 --- a/resources/views/locations/view.blade.php +++ b/resources/views/locations/view.blade.php @@ -157,7 +157,42 @@
-
+ +
+

{{ trans('admin/locations/message.current_location') }}

+ +
+ @include('partials.asset-bulk-actions') + +
+ +
+
+ + + +

{{ trans('general.users') }}

@include('partials.users-bulk-actions') @@ -188,37 +223,6 @@
-
-

{{ trans('admin/locations/message.current_location') }}

- -
- @include('partials.asset-bulk-actions') - -
- -
-