diff --git a/app/Http/Controllers/Api/DepartmentsController.php b/app/Http/Controllers/Api/DepartmentsController.php index 167d5cbc2af2..adbe4bc35c3c 100644 --- a/app/Http/Controllers/Api/DepartmentsController.php +++ b/app/Http/Controllers/Api/DepartmentsController.php @@ -4,6 +4,7 @@ use App\Helpers\Helper; use App\Http\Controllers\Controller; +use App\Http\Requests\StoreDepartmentRequest; use App\Http\Transformers\DepartmentsTransformer; use App\Http\Transformers\SelectlistTransformer; use App\Models\Department; @@ -94,11 +95,10 @@ public function index(Request $request) : JsonResponse | array * @since [v4.0] * @param \App\Http\Requests\ImageUploadRequest $request */ - public function store(ImageUploadRequest $request) : JsonResponse + public function store(StoreDepartmentRequest $request): JsonResponse { - $this->authorize('create', Department::class); $department = new Department; - $department->fill($request->all()); + $department->fill($request->validated()); $department = $request->handleImages($department); $department->created_by = auth()->id(); diff --git a/app/Http/Requests/StoreDepartmentRequest.php b/app/Http/Requests/StoreDepartmentRequest.php new file mode 100644 index 000000000000..3b94e19326ce --- /dev/null +++ b/app/Http/Requests/StoreDepartmentRequest.php @@ -0,0 +1,32 @@ +|string> + */ + public function rules(): array + { + $modelRules = (new Department)->getRules(); + + return array_merge( + $modelRules, + ); + } +} diff --git a/app/Models/Department.php b/app/Models/Department.php index 592fd840b1b6..4b9eb849f78c 100644 --- a/app/Models/Department.php +++ b/app/Models/Department.php @@ -30,10 +30,13 @@ class Department extends SnipeModel ]; protected $rules = [ - 'name' => 'required|max:255|is_unique_department', - 'location_id' => 'numeric|nullable', - 'company_id' => 'numeric|nullable', - 'manager_id' => 'numeric|nullable', + 'name' => 'required|max:255|is_unique_department', + 'location_id' => 'numeric|nullable|exists:locations,id', + 'company_id' => 'numeric|nullable|exists:companies,id', + 'manager_id' => 'numeric|nullable|exists:users,id', + 'phone' => 'string|max:255|nullable', + 'fax' => 'string|max:255|nullable', + 'notes' => 'string|max:255|nullable', ]; /** diff --git a/tests/Feature/Departments/Api/CreateDepartmentsTest.php b/tests/Feature/Departments/Api/CreateDepartmentsTest.php index e0f975dd7f41..4d8e968572e9 100644 --- a/tests/Feature/Departments/Api/CreateDepartmentsTest.php +++ b/tests/Feature/Departments/Api/CreateDepartmentsTest.php @@ -3,8 +3,10 @@ namespace Tests\Feature\Departments\Api; use App\Models\AssetModel; +use App\Models\Company; use App\Models\Department; use App\Models\Category; +use App\Models\Location; use App\Models\User; use Illuminate\Testing\Fluent\AssertableJson; use Tests\TestCase; @@ -13,23 +15,31 @@ class CreateDepartmentsTest extends TestCase { - public function testRequiresPermissionToCreateDepartment() + public function test_requires_permission_to_create_department() { $this->actingAsForApi(User::factory()->create()) ->postJson(route('api.departments.store')) ->assertForbidden(); } - public function testCanCreateDepartment() + public function test_can_create_department_with_all_fields() { - $response = $this->actingAsForApi(User::factory()->superuser()->create()) + $company = Company::factory()->create(); + $location = Location::factory()->create(); + $manager = User::factory()->create(); + $user = User::factory()->superuser()->create(); + $response = $this->actingAsForApi($user) ->postJson(route('api.departments.store'), [ - 'name' => 'Test Department', - 'notes' => 'Test Note', + 'name' => 'Test Department', + 'company_id' => $company->id, + 'location_id' => $location->id, + 'manager_id' => $manager->id, + 'notes' => 'Test Note', + 'phone' => '1234567890', + 'fax' => '1234567890', ]) ->assertOk() ->assertStatusMessageIs('success') - ->assertStatus(200) ->json(); $this->assertTrue(Department::where('name', 'Test Department')->exists()); @@ -37,6 +47,61 @@ public function testCanCreateDepartment() $department = Department::find($response['payload']['id']); $this->assertEquals('Test Department', $department->name); $this->assertEquals('Test Note', $department->notes); + + $this->assertDatabaseHas('departments', [ + 'name' => 'Test Department', + 'company_id' => $company->id, + 'location_id' => $location->id, + 'manager_id' => $manager->id, + 'notes' => 'Test Note', + 'phone' => '1234567890', + 'fax' => '1234567890', + 'created_by' => $user->id, + ]); + } + + public function test_name_required_for_department() + { + $response = $this->actingAsForApi(User::factory()->superuser()->create()) + ->postJson(route('api.departments.store'), [ + 'company_id' => Company::factory()->create()->id, + ]) + ->assertOk() + ->assertStatusMessageIs('error'); + } + + public function test_only_name_required_for_department() + { + $response = $this->actingAsForApi(User::factory()->superuser()->create()) + ->postJson(route('api.departments.store'), [ + 'name' => 'Test Department', + ]) + ->assertOk() + ->assertStatusMessageIs('success'); } + public function test_arrays_not_allowed_for_numeric_fields() + { + $response = $this->actingAsForApi(User::factory()->superuser()->create()) + ->postJson(route('api.departments.store'), [ + 'name' => 'Test Department', + 'company_id' => [1, 2], + ]) + ->assertOk() + ->assertStatusMessageIs('error'); + } + + public function test_arrays_of_strings_are_not_allowed_for_numeric_fields() + { + $response = $this->actingAsForApi(User::factory()->superuser()->create()) + ->postJson(route('api.departments.store'), [ + 'name' => 'Test Department', + 'company_id' => ['1', '2'], + ]) + ->assertOk() + ->assertStatusMessageIs('error'); + } + + + }