Merge pull request #13415 from marcusmoore/feature/department-scoping

Added `CompanyableTrait` to `Department` model
snipe · Sep 14, 2023 · d916e20 · d916e20
2 parents b92327e + 42055bb
commit d916e20
Show file tree

Hide file tree

Showing 3 changed files with 98 additions and 3 deletions.
diff --git a/app/Http/Controllers/Api/DepartmentsController.php b/app/Http/Controllers/Api/DepartmentsController.php
@@ -27,7 +27,7 @@ public function index(Request $request)
         $this->authorize('view', Department::class);
         $allowed_columns = ['id', 'name', 'image', 'users_count'];
 
-        $departments = Company::scopeCompanyables(Department::select(
+        $departments = Department::select(
             'departments.id',
             'departments.name',
             'departments.phone',
@@ -37,8 +37,8 @@ public function index(Request $request)
             'departments.manager_id',
             'departments.created_at',
             'departments.updated_at',
-            'departments.image'),
-             "company_id", "departments")->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
+            'departments.image'
+        )->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
 
         if ($request->filled('search')) {
             $departments = $departments->TextSearch($request->input('search'));

diff --git a/app/Models/Department.php b/app/Models/Department.php
@@ -9,6 +9,7 @@
 
 class Department extends SnipeModel
 {
+    use CompanyableTrait;
     use HasFactory;
 
     /**

diff --git a/tests/Feature/Api/Departments/DepartmentIndexTest.php b/tests/Feature/Api/Departments/DepartmentIndexTest.php
@@ -0,0 +1,94 @@
+<?php
+
+namespace Tests\Feature\Api\Departments;
+
+use App\Models\Company;
+use App\Models\Department;
+use App\Models\User;
+use Illuminate\Routing\Route;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Tests\Support\InteractsWithSettings;
+use Tests\TestCase;
+
+class DepartmentIndexTest extends TestCase
+{
+    use InteractsWithSettings;
+
+    public function testViewingDepartmentIndexRequiresAuthentication()
+    {
+        $this->getJson(route('api.departments.index'))->assertRedirect();
+    }
+
+    public function testViewingDepartmentIndexRequiresPermission()
+    {
+        $this->actingAsForApi(User::factory()->create())
+            ->getJson(route('api.departments.index'))
+            ->assertForbidden();
+    }
+
+    public function testDepartmentIndexReturnsExpectedDepartments()
+    {
+        Department::factory()->count(3)->create();
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->getJson(
+                route('api.departments.index', [
+                    'sort' => 'name',
+                    'order' => 'asc',
+                    'offset' => '0',
+                    'limit' => '20',
+                ]))
+            ->assertOk()
+            ->assertJsonStructure([
+                'total',
+                'rows',
+            ])
+            ->assertJson(fn(AssertableJson $json) => $json->has('rows', 3)->etc());
+    }
+
+    public function testDepartmentIndexAdheresToCompanyScoping()
+    {
+        [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+        $departmentA = Department::factory()->for($companyA)->create();
+        $departmentB = Department::factory()->for($companyB)->create();
+
+        $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+        $userInCompanyA = $companyA->users()->save(User::factory()->viewDepartments()->make());
+        $userInCompanyB = $companyB->users()->save(User::factory()->viewDepartments()->make());
+
+        $this->settings->disableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseDoesNotContainInRows($departmentB);
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseDoesNotContainInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+    }
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,6 +9,7 @@ @@
     class Department extends SnipeModel
     {
+        use CompanyableTrait;
         use HasFactory;
         /**
@@ Expand Down @@