Merge pull request #16973 from spencerrlongg/bug/sc-29245

Adds Form Request for Creating Departments

Author: snipe

app/Http/Controllers/Api/DepartmentsController.php

@@ -4,6 +4,7 @@
 
 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
+use App\Http\Requests\StoreDepartmentRequest;
 use App\Http\Transformers\DepartmentsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Department;
@@ -94,11 +95,10 @@ public function index(Request $request) : JsonResponse | array
      * @since [v4.0]
      * @param  \App\Http\Requests\ImageUploadRequest  $request
      */
-    public function store(ImageUploadRequest $request) : JsonResponse
+    public function store(StoreDepartmentRequest $request): JsonResponse
     {
-        $this->authorize('create', Department::class);
         $department = new Department;
-        $department->fill($request->all());
+        $department->fill($request->validated());
         $department = $request->handleImages($department);
 
         $department->created_by = auth()->id();

app/Http/Requests/StoreDepartmentRequest.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Requests;
+
+use App\Models\Department;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Gate;
+
+class StoreDepartmentRequest extends ImageUploadRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return Gate::allows('create', new Department);
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        $modelRules = (new Department)->getRules();
+
+        return array_merge(
+            $modelRules,
+        );
+    }
+}

app/Models/Department.php

@@ -31,10 +31,13 @@ class Department extends SnipeModel
     ];
 
     protected $rules = [
-        'name'                  => 'required|max:255|is_unique_department',
-        'location_id'           => 'numeric|nullable',
-        'company_id'            => 'numeric|nullable',
-        'manager_id'            => 'numeric|nullable',
+        'name'        => 'required|max:255|is_unique_department',
+        'location_id' => 'numeric|nullable|exists:locations,id',
+        'company_id'  => 'numeric|nullable|exists:companies,id',
+        'manager_id'  => 'numeric|nullable|exists:users,id',
+        'phone'       => 'string|max:255|nullable',
+        'fax'         => 'string|max:255|nullable',
+        'notes'       => 'string|max:255|nullable',
     ];
 
     /**

tests/Feature/Departments/Api/CreateDepartmentsTest.php

@@ -3,8 +3,10 @@
 namespace Tests\Feature\Departments\Api;
 
 use App\Models\AssetModel;
+use App\Models\Company;
 use App\Models\Department;
 use App\Models\Category;
+use App\Models\Location;
 use App\Models\User;
 use Illuminate\Testing\Fluent\AssertableJson;
 use Tests\TestCase;
@@ -13,30 +15,93 @@ class CreateDepartmentsTest extends TestCase
 {
 
 
-    public function testRequiresPermissionToCreateDepartment()
+    public function test_requires_permission_to_create_department()
     {
         $this->actingAsForApi(User::factory()->create())
             ->postJson(route('api.departments.store'))
             ->assertForbidden();
     }
 
-    public function testCanCreateDepartment()
+    public function test_can_create_department_with_all_fields()
     {
-        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+        $company = Company::factory()->create();
+        $location = Location::factory()->create();
+        $manager = User::factory()->create();
+        $user = User::factory()->superuser()->create();
+        $response = $this->actingAsForApi($user)
             ->postJson(route('api.departments.store'), [
-                'name' => 'Test Department',
-                'notes' => 'Test Note',
+                'name'       => 'Test Department',
+                'company_id' => $company->id,
+                'location_id' => $location->id,
+                'manager_id' => $manager->id,
+                'notes'      => 'Test Note',
+                'phone'      => '1234567890',
+                'fax'        => '1234567890',
             ])
             ->assertOk()
             ->assertStatusMessageIs('success')
-            ->assertStatus(200)
             ->json();
 
         $this->assertTrue(Department::where('name', 'Test Department')->exists());
 
         $department = Department::find($response['payload']['id']);
         $this->assertEquals('Test Department', $department->name);
         $this->assertEquals('Test Note', $department->notes);
+
+        $this->assertDatabaseHas('departments', [
+            'name'        => 'Test Department',
+            'company_id'  => $company->id,
+            'location_id' => $location->id,
+            'manager_id'  => $manager->id,
+            'notes'       => 'Test Note',
+            'phone'       => '1234567890',
+            'fax'         => '1234567890',
+            'created_by'  => $user->id,
+        ]);
+    }
+
+    public function test_name_required_for_department()
+    {
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.departments.store'), [
+                'company_id' => Company::factory()->create()->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('error');
+    }
+
+    public function test_only_name_required_for_department()
+    {
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.departments.store'), [
+                'name' => 'Test Department',
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success');
     }
 
+    public function test_arrays_not_allowed_for_numeric_fields()
+    {
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.departments.store'), [
+                'name'       => 'Test Department',
+                'company_id' => [1, 2],
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('error');
+    }
+
+    public function test_arrays_of_strings_are_not_allowed_for_numeric_fields()
+    {
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.departments.store'), [
+                'name'       => 'Test Department',
+                'company_id' => ['1', '2'],
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('error');
+    }
+
+
+
 }