grokability · snipe · May 9, 2025 · Jun 25, 2025
@@ -35,6 +35,7 @@
 use App\View\Label;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Facades\Validator;
+use App\Http\Requests\AuditRequest;
 
 
 /**
@@ -1071,25 +1072,33 @@ public function checkinByTag(Request $request, $tag = null): JsonResponse
      * @param int $id
      * @since [v4.0]
      */
-    public function audit(Request $request, Asset $asset): JsonResponse
-
+    public function audit(AuditRequest $request): JsonResponse
     {
-        $this->authorize('audit', Asset::class);
 
         $settings = Setting::getSettings();
         $dt = Carbon::now()->addMonths($settings->audit_interval)->toDateString();
 
-        // Allow the asset tag to be passed in the payload (legacy method)
-        if ($request->filled('asset_tag')) {
-            $asset = Asset::where('asset_tag', '=', $request->input('asset_tag'))->first();
+        // Check if it's an array or a string
+        if (is_array($request->input('asset_tag'))) {
+            $asset_tag = $request->input('asset_tag');
+            $multi_audit = true;
+        } else {
+            // If it's a string, make it into an array so we can use it in the whereIn query
+            $asset_tag = [$request->input('asset_tag')];
+            $multi_audit = false;
         }
 
-        if ($asset) {
+        $assets = Asset::whereIn('asset_tag', $asset_tag)->get();
+
+
+        foreach ($assets as $asset) {
 
             $originalValues = $asset->getRawOriginal();
 
             $asset->next_audit_date = $dt;
+            $asset->last_audit_date = date('Y-m-d H:i:s');
 
+            // Overwrite next_audit_date if it was specified in the request
             if ($request->filled('next_audit_date')) {
                 $asset->next_audit_date = $request->input('next_audit_date');
             }
@@ -1100,15 +1109,24 @@ public function audit(Request $request, Asset $asset): JsonResponse
                 $asset->location_id = $request->input('location_id');
             }
 
-            $asset->last_audit_date = date('Y-m-d H:i:s');
 
             // Set up the payload for re-display in the API response
-            $payload = [
-                'id' => $asset->id,
-                'asset_tag' => $asset->asset_tag,
-                'note' => $request->input('note'),
-                'next_audit_date' => Helper::getFormattedDateObject($asset->next_audit_date),
-            ];
+            if ($multi_audit === true) {
+                $payload[] = [
+                    'id' => $asset->id,
+                    'asset_tag' => $asset->asset_tag,
+                    'note' => $request->input('note'),
+                    'next_audit_date' => Helper::getFormattedDateObject($asset->next_audit_date),
+                ];
+            } else {
+                $payload[] = [
+                    'id' => $asset->id,
+                    'asset_tag' => $asset->asset_tag,
+                    'note' => $request->input('note'),
+                    'next_audit_date' => Helper::getFormattedDateObject($asset->next_audit_date),
+                ];
+            }
+
 
 
             /**
@@ -1176,11 +1194,14 @@ public function audit(Request $request, Asset $asset): JsonResponse
              */
             if ($asset->isValid() && $asset->save()) {
                 $asset->logAudit(request('note'), request('location_id'), null, $originalValues);
-                return response()->json(Helper::formatStandardApiResponse('success', $payload, trans('admin/hardware/message.audit.success')));
             }
 
         }
 
+        if (count($payload) > 0) {
+            return response()->json(Helper::formatStandardApiResponse('success', $payload, trans('admin/hardware/message.audit.success')));
+        }
+
 
         // No matching asset for the asset tag that was passed.
         return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/hardware/message.does_not_exist')), 200);

@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Http\Requests;
+
+use App\Models\Asset;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Gate;
+
+class AuditRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return Gate::allows('audit', new Asset);
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
+     */
+    public function rules(): array
+    {
+        return [
+            'asset_tag' => 'required|exists:assets,asset_tag',
+        ];
+    }
+}
@@ -511,7 +511,7 @@
         ->where(['action' => 'audit|audits|checkins', 'upcoming_status' => 'due|overdue|due-or-overdue']);
 
 
-        // Legacy URL for audit
+        // Bulk audit for RFID, also works as a legacy endpoint
           Route::post('audit',
               [
                   Api\AssetsController::class,

@@ -53,6 +53,36 @@ public function testLegacyAssetAuditIsSaved()
     }
 
 
+    public function testAssetAuditWithTagsArrayIsSaved()
+    {
+        $asset1 = Asset::factory()->create();
+        $asset2 = Asset::factory()->create();
+        $asset3 = Asset::factory()->create();
+
+        $this->actingAsForApi(User::factory()->auditAssets()->create())
+            ->postJson(route('api.asset.audit.legacy'), [
+                'asset_tag' => [
+                    $asset1->asset_tag,
+                    $asset2->asset_tag,
+                    $asset3->asset_tag
+                ],
+                'note' => 'test',
+            ])
+            ->assertStatusMessageIs('success')
+            ->assertJson(
+                [
+                    'messages' =>trans('admin/hardware/message.audit.success'),
+                    'payload' => [
+                        'id' => $asset1->id,
+                        'asset_tag' => $asset1->asset_tag,
+                        'note' => 'test'
+                    ],
+                ])
+            ->assertStatus(200);
+
+    }
+
+
     public function testAssetAuditIsSaved()
     {
         $asset = Asset::factory()->create();