Merge pull request #15512 from marcusmoore/testing/fmcs

Added tests for delete methods in api
snipe · Sep 18, 2024 · fcefcc8 · fcefcc8
2 parents 04bb3ee + 3519a82
commit fcefcc8
Show file tree

Hide file tree

Showing 28 changed files with 1,239 additions and 55 deletions.
diff --git a/app/Http/Controllers/Api/AssetMaintenancesController.php b/app/Http/Controllers/Api/AssetMaintenancesController.php
@@ -188,10 +188,6 @@ public function destroy($assetMaintenanceId) : JsonResponse
         // Check if the asset maintenance exists
         $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
 
-        if (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot delete a maintenance for that asset'));
-        }
-
         $assetMaintenance->delete();
 
         return response()->json(Helper::formatStandardApiResponse('success', $assetMaintenance, trans('admin/asset_maintenances/message.delete.success')));

diff --git a/app/Http/Controllers/Api/LicensesController.php b/app/Http/Controllers/Api/LicensesController.php
@@ -220,7 +220,6 @@ public function update(Request $request, $id) : JsonResponse | array
      */
     public function destroy($id) : JsonResponse
     {
-        //
         $license = License::findOrFail($id);
         $this->authorize('delete', $license);
 

diff --git a/app/Models/PredefinedKit.php b/app/Models/PredefinedKit.php
@@ -4,6 +4,7 @@
 
 use App\Models\Traits\Searchable;
 use App\Presenters\Presentable;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Validation\Rule;
 use Watson\Validating\ValidatingTrait;
 
@@ -16,6 +17,7 @@
 class PredefinedKit extends SnipeModel
 {
     protected $presenter = \App\Presenters\PredefinedKitPresenter::class;
+    use HasFactory;
     use Presentable;
     protected $table = 'kits';
 

diff --git a/database/factories/PredefinedKitFactory.php b/database/factories/PredefinedKitFactory.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace Database\Factories;
+
+use Illuminate\Database\Eloquent\Factories\Factory;
+
+/**
+ * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\PredefinedKit>
+ */
+class PredefinedKitFactory extends Factory
+{
+    /**
+     * Define the model's default state.
+     *
+     * @return array<string, mixed>
+     */
+    public function definition(): array
+    {
+        return [
+            'name' => $this->faker->words(3, true),
+        ];
+    }
+}
diff --git a/database/factories/UserFactory.php b/database/factories/UserFactory.php
@@ -141,6 +141,11 @@ public function viewRequestableAssets()
         return $this->appendPermission(['assets.view.requestable' => '1']);
     }
 
+    public function deleteAssetModels()
+    {
+        return $this->appendPermission(['models.delete' => '1']);
+    }
+
     public function viewAccessories()
     {
         return $this->appendPermission(['accessories.view' => '1']);
@@ -201,6 +206,11 @@ public function checkoutConsumables()
         return $this->appendPermission(['consumables.checkout' => '1']);
     }
 
+    public function deleteDepartments()
+    {
+        return $this->appendPermission(['departments.delete' => '1']);
+    }
+
     public function viewDepartments()
     {
         return $this->appendPermission(['departments.view' => '1']);
@@ -241,11 +251,6 @@ public function viewComponents()
         return $this->appendPermission(['components.view' => '1']);
     }
 
-    public function createCompanies()
-    {
-        return $this->appendPermission(['companies.create' => '1']);
-    }
-
     public function createComponents()
     {
         return $this->appendPermission(['components.create' => '1']);
@@ -271,6 +276,16 @@ public function checkoutComponents()
         return $this->appendPermission(['components.checkout' => '1']);
     }
 
+    public function createCompanies()
+    {
+        return $this->appendPermission(['companies.create' => '1']);
+    }
+
+    public function deleteCompanies()
+    {
+        return $this->appendPermission(['companies.delete' => '1']);
+    }
+
     public function viewUsers()
     {
         return $this->appendPermission(['users.view' => '1']);
@@ -291,6 +306,16 @@ public function deleteUsers()
         return $this->appendPermission(['users.delete' => '1']);
     }
 
+    public function deleteCategories()
+    {
+        return $this->appendPermission(['categories.delete' => '1']);
+    }
+
+    public function deleteLocations()
+    {
+        return $this->appendPermission(['locations.delete' => '1']);
+    }
+
     public function canEditOwnLocation()
     {
         return $this->appendPermission(['self.edit_location' => '1']);
@@ -306,6 +331,41 @@ public function canImport()
         return $this->appendPermission(['import' => '1']);
     }
 
+    public function deleteCustomFields()
+    {
+        return $this->appendPermission(['customfields.delete' => '1']);
+    }
+
+    public function deleteCustomFieldsets()
+    {
+        return $this->appendPermission(['customfields.delete' => '1']);
+    }
+
+    public function deleteDepreciations()
+    {
+        return $this->appendPermission(['depreciations.delete' => '1']);
+    }
+
+    public function deleteManufacturers()
+    {
+        return $this->appendPermission(['manufacturers.delete' => '1']);
+    }
+
+    public function deletePredefinedKits()
+    {
+        return $this->appendPermission(['kits.delete' => '1']);
+    }
+
+    public function deleteStatusLabels()
+    {
+        return $this->appendPermission(['statuslabels.delete' => '1']);
+    }
+
+    public function deleteSuppliers()
+    {
+        return $this->appendPermission(['suppliers.delete' => '1']);
+    }
+
     private function appendPermission(array $permission)
     {
         return $this->state(function ($currentState) use ($permission) {

diff --git a/tests/Concerns/TestsFullMultipleCompaniesSupport.php b/tests/Concerns/TestsFullMultipleCompaniesSupport.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Tests\Concerns;
+
+interface TestsFullMultipleCompaniesSupport
+{
+    public function testAdheresToFullMultipleCompaniesSupportScoping();
+}
diff --git a/tests/Concerns/TestsPermissionsRequirement.php b/tests/Concerns/TestsPermissionsRequirement.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Tests\Concerns;
+
+interface TestsPermissionsRequirement
+{
+    public function testRequiresPermission();
+}
diff --git a/tests/Feature/Accessories/Api/DeleteAccessoriesTest.php b/tests/Feature/Accessories/Api/DeleteAccessoriesTest.php
@@ -0,0 +1,77 @@
+<?php
+
+namespace Tests\Feature\Accessories\Api;
+
+use App\Models\Accessory;
+use App\Models\Company;
+use App\Models\User;
+use Tests\Concerns\TestsFullMultipleCompaniesSupport;
+use Tests\Concerns\TestsPermissionsRequirement;
+use Tests\TestCase;
+
+class DeleteAccessoriesTest extends TestCase implements TestsFullMultipleCompaniesSupport, TestsPermissionsRequirement
+{
+    public function testRequiresPermission()
+    {
+        $accessory = Accessory::factory()->create();
+
+        $this->actingAsForApi(User::factory()->create())
+            ->deleteJson(route('api.accessories.destroy', $accessory))
+            ->assertForbidden();
+
+        $this->assertNotSoftDeleted($accessory);
+    }
+
+    public function testAdheresToFullMultipleCompaniesSupportScoping()
+    {
+        [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+        $accessoryA = Accessory::factory()->for($companyA)->create();
+        $accessoryB = Accessory::factory()->for($companyB)->create();
+        $accessoryC = Accessory::factory()->for($companyB)->create();
+
+        $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+        $userInCompanyA = $companyA->users()->save(User::factory()->deleteAccessories()->make());
+        $userInCompanyB = $companyB->users()->save(User::factory()->deleteAccessories()->make());
+
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($userInCompanyA)
+            ->deleteJson(route('api.accessories.destroy', $accessoryB))
+            ->assertStatusMessageIs('error');
+
+        $this->actingAsForApi($userInCompanyB)
+            ->deleteJson(route('api.accessories.destroy', $accessoryA))
+            ->assertStatusMessageIs('error');
+
+        $this->actingAsForApi($superUser)
+            ->deleteJson(route('api.accessories.destroy', $accessoryC))
+            ->assertStatusMessageIs('success');
+
+        $this->assertNotSoftDeleted($accessoryA);
+        $this->assertNotSoftDeleted($accessoryB);
+        $this->assertSoftDeleted($accessoryC);
+    }
+
+    public function testCannotDeleteAccessoryThatHasCheckouts()
+    {
+        $accessory = Accessory::factory()->checkedOutToUser()->create();
+
+        $this->actingAsForApi(User::factory()->deleteAccessories()->create())
+            ->deleteJson(route('api.accessories.destroy', $accessory))
+            ->assertStatusMessageIs('error');
+
+        $this->assertNotSoftDeleted($accessory);
+    }
+
+    public function testCanDeleteAccessory()
+    {
+        $accessory = Accessory::factory()->create();
+
+        $this->actingAsForApi(User::factory()->deleteAccessories()->create())
+            ->deleteJson(route('api.accessories.destroy', $accessory))
+            ->assertStatusMessageIs('success');
+
+        $this->assertSoftDeleted($accessory);
+    }
+}
diff --git a/tests/Feature/Accessories/Api/DeleteAccessoryTest.php b/tests/Feature/Accessories/Api/DeleteAccessoryTest.php
diff --git a/tests/Feature/AssetMaintenances/Api/DeleteAssetMaintenancesTest.php b/tests/Feature/AssetMaintenances/Api/DeleteAssetMaintenancesTest.php
@@ -0,0 +1,70 @@
+<?php
+
+namespace Tests\Feature\AssetMaintenances\Api;
+
+use App\Models\AssetMaintenance;
+use App\Models\Company;
+use App\Models\User;
+use Tests\Concerns\TestsFullMultipleCompaniesSupport;
+use Tests\Concerns\TestsPermissionsRequirement;
+use Tests\TestCase;
+
+class DeleteAssetMaintenancesTest extends TestCase implements TestsFullMultipleCompaniesSupport, TestsPermissionsRequirement
+{
+    public function testRequiresPermission()
+    {
+        $assetMaintenance = AssetMaintenance::factory()->create();
+
+        $this->actingAsForApi(User::factory()->create())
+            ->deleteJson(route('api.maintenances.destroy', $assetMaintenance))
+            ->assertForbidden();
+
+        $this->assertNotSoftDeleted($assetMaintenance);
+    }
+
+    public function testAdheresToFullMultipleCompaniesSupportScoping()
+    {
+        [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+        $assetMaintenanceA = AssetMaintenance::factory()->create();
+        $assetMaintenanceB = AssetMaintenance::factory()->create();
+        $assetMaintenanceC = AssetMaintenance::factory()->create();
+
+        $assetMaintenanceA->asset->update(['company_id' => $companyA->id]);
+        $assetMaintenanceB->asset->update(['company_id' => $companyB->id]);
+        $assetMaintenanceC->asset->update(['company_id' => $companyB->id]);
+
+        $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+        $userInCompanyA = $companyA->users()->save(User::factory()->editAssets()->make());
+        $userInCompanyB = $companyB->users()->save(User::factory()->editAssets()->make());
+
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($userInCompanyA)
+            ->deleteJson(route('api.maintenances.destroy', $assetMaintenanceB))
+            ->assertStatusMessageIs('error');
+
+        $this->actingAsForApi($userInCompanyB)
+            ->deleteJson(route('api.maintenances.destroy', $assetMaintenanceA))
+            ->assertStatusMessageIs('error');
+
+        $this->actingAsForApi($superUser)
+            ->deleteJson(route('api.maintenances.destroy', $assetMaintenanceC))
+            ->assertStatusMessageIs('success');
+
+        $this->assertNotSoftDeleted($assetMaintenanceA);
+        $this->assertNotSoftDeleted($assetMaintenanceB);
+        $this->assertSoftDeleted($assetMaintenanceC);
+    }
+
+    public function testCanDeleteAssetMaintenance()
+    {
+        $assetMaintenance = AssetMaintenance::factory()->create();
+
+        $this->actingAsForApi(User::factory()->editAssets()->create())
+            ->deleteJson(route('api.maintenances.destroy', $assetMaintenance))
+            ->assertStatusMessageIs('success');
+
+        $this->assertSoftDeleted($assetMaintenance);
+    }
+}
-Original file line number
+Diff line change
@@ Expand Up @@
          */
         public function destroy($id) : JsonResponse
         {
-            //
             $license = License::findOrFail($id);
             $this->authorize('delete', $license);
@@ Expand Down @@