ok

2024-04-19 10:27:36 +02:00
parent fcb6bbe566
commit 35c96e715c
7852 changed files with 4815 additions and 8 deletions
--- a/Production/SNIPE-IT/tests/Feature/Api/Assets/AssetCheckinTest.php
+++ b/Production/SNIPE-IT/tests/Feature/Api/Assets/AssetCheckinTest.php
@ -0,0 +1,162 @@
+<?php
+
+namespace Tests\Feature\Api\Assets;
+
+use App\Events\CheckoutableCheckedIn;
+use App\Models\Asset;
+use App\Models\CheckoutAcceptance;
+use App\Models\LicenseSeat;
+use App\Models\Location;
+use App\Models\Statuslabel;
+use App\Models\User;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\Event;
+use Tests\TestCase;
+
+class AssetCheckinTest extends TestCase
+{
+    public function testCheckingInAssetRequiresCorrectPermission()
+    {
+        $this->actingAsForApi(User::factory()->create())
+            ->postJson(route('api.asset.checkin', Asset::factory()->assignedToUser()->create()))
+            ->assertForbidden();
+    }
+
+    public function testCannotCheckInNonExistentAsset()
+    {
+        $this->actingAsForApi(User::factory()->checkinAssets()->create())
+            ->postJson(route('api.asset.checkin', ['id' => 'does-not-exist']))
+            ->assertStatusMessageIs('error');
+    }
+
+    public function testCannotCheckInAssetThatIsNotCheckedOut()
+    {
+        $this->actingAsForApi(User::factory()->checkinAssets()->create())
+            ->postJson(route('api.asset.checkin', Asset::factory()->create()->id))
+            ->assertStatusMessageIs('error');
+    }
+
+    public function testAssetCanBeCheckedIn()
+    {
+        Event::fake([CheckoutableCheckedIn::class]);
+
+        $user = User::factory()->create();
+        $location = Location::factory()->create();
+        $status = Statuslabel::factory()->create();
+        $asset = Asset::factory()->assignedToUser($user)->create([
+            'expected_checkin' => now()->addDay(),
+            'last_checkin' => null,
+            'accepted' => 'accepted',
+        ]);
+
+        $this->assertTrue($asset->assignedTo->is($user));
+
+        $currentTimestamp = now();
+
+        $this->actingAsForApi(User::factory()->checkinAssets()->create())
+            ->postJson(route('api.asset.checkin', $asset), [
+                'name' => 'Changed Name',
+                'status_id' => $status->id,
+                'location_id' => $location->id,
+            ])
+            ->assertOk();
+
+        $this->assertNull($asset->refresh()->assignedTo);
+        $this->assertNull($asset->expected_checkin);
+        $this->assertNull($asset->assignedTo);
+        $this->assertNull($asset->assigned_type);
+        $this->assertNull($asset->accepted);
+        $this->assertEquals('Changed Name', $asset->name);
+        $this->assertEquals($status->id, $asset->status_id);
+        $this->assertTrue($asset->location()->is($location));
+
+        Event::assertDispatched(function (CheckoutableCheckedIn $event) use ($currentTimestamp) {
+            // this could be better mocked but is ok for now.
+            return Carbon::parse($event->action_date)->diffInSeconds($currentTimestamp) < 2;
+        }, 1);
+    }
+
+    public function testLocationIsSetToRTDLocationByDefaultUponCheckin()
+    {
+        $rtdLocation = Location::factory()->create();
+        $asset = Asset::factory()->assignedToUser()->create([
+            'location_id' => Location::factory()->create()->id,
+            'rtd_location_id' => $rtdLocation->id,
+        ]);
+
+        $this->actingAsForApi(User::factory()->checkinAssets()->create())
+            ->postJson(route('api.asset.checkin', $asset->id));
+
+        $this->assertTrue($asset->refresh()->location()->is($rtdLocation));
+    }
+
+    public function testDefaultLocationCanBeUpdatedUponCheckin()
+    {
+        $location = Location::factory()->create();
+        $asset = Asset::factory()->assignedToUser()->create();
+
+        $this->actingAsForApi(User::factory()->checkinAssets()->create())
+            ->postJson(route('api.asset.checkin', $asset), [
+                'location_id' => $location->id,
+                'update_default_location' => true,
+            ]);
+
+        $this->assertTrue($asset->refresh()->defaultLoc()->is($location));
+    }
+
+    public function testAssetsLicenseSeatsAreClearedUponCheckin()
+    {
+        $asset = Asset::factory()->assignedToUser()->create();
+        LicenseSeat::factory()->assignedToUser()->for($asset)->create();
+
+        $this->assertNotNull($asset->licenseseats->first()->assigned_to);
+
+        $this->actingAsForApi(User::factory()->checkinAssets()->create())
+            ->postJson(route('api.asset.checkin', $asset));
+
+        $this->assertNull($asset->refresh()->licenseseats->first()->assigned_to);
+    }
+
+    public function testLegacyLocationValuesSetToZeroAreUpdated()
+    {
+        $asset = Asset::factory()->canBeInvalidUponCreation()->assignedToUser()->create([
+            'rtd_location_id' => 0,
+            'location_id' => 0,
+        ]);
+
+        $this->actingAsForApi(User::factory()->checkinAssets()->create())
+            ->postJson(route('api.asset.checkin', $asset));
+
+        $this->assertNull($asset->refresh()->rtd_location_id);
+        $this->assertEquals($asset->location_id, $asset->rtd_location_id);
+    }
+
+    public function testPendingCheckoutAcceptancesAreClearedUponCheckin()
+    {
+        $asset = Asset::factory()->assignedToUser()->create();
+
+        $acceptance = CheckoutAcceptance::factory()->for($asset, 'checkoutable')->pending()->create();
+
+        $this->actingAsForApi(User::factory()->checkinAssets()->create())
+            ->postJson(route('api.asset.checkin', $asset));
+
+        $this->assertFalse($acceptance->exists(), 'Acceptance was not deleted');
+    }
+
+    public function testCheckinTimeAndActionLogNoteCanBeSet()
+    {
+        Event::fake();
+
+        $this->actingAsForApi(User::factory()->checkinAssets()->create())
+            ->postJson(route('api.asset.checkin', Asset::factory()->assignedToUser()->create()), [
+                // time is appended to the provided date in controller
+                'checkin_at' => '2023-01-02',
+                'note' => 'hi there',
+            ]);
+
+        Event::assertDispatched(function (CheckoutableCheckedIn $event) {
+            return Carbon::parse('2023-01-02')->isSameDay(Carbon::parse($event->action_date))
+                && $event->note === 'hi there';
+        }, 1);
+    }
+}
--- a/Production/SNIPE-IT/tests/Feature/Api/Assets/AssetIndexTest.php
+++ b/Production/SNIPE-IT/tests/Feature/Api/Assets/AssetIndexTest.php
@ -0,0 +1,78 @@
+<?php
+
+namespace Tests\Feature\Api\Assets;
+
+use App\Models\Asset;
+use App\Models\Company;
+use App\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Tests\TestCase;
+
+class AssetIndexTest extends TestCase
+{
+    public function testAssetIndexReturnsExpectedAssets()
+    {
+        Asset::factory()->count(3)->create();
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->getJson(
+                route('api.assets.index', [
+                    'sort' => 'name',
+                    'order' => 'asc',
+                    'offset' => '0',
+                    'limit' => '20',
+                ]))
+            ->assertOk()
+            ->assertJsonStructure([
+                'total',
+                'rows',
+            ])
+            ->assertJson(fn(AssertableJson $json) => $json->has('rows', 3)->etc());
+    }
+
+    public function testAssetIndexAdheresToCompanyScoping()
+    {
+        [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+        $assetA = Asset::factory()->for($companyA)->create();
+        $assetB = Asset::factory()->for($companyB)->create();
+
+        $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+        $userInCompanyA = $companyA->users()->save(User::factory()->viewAssets()->make());
+        $userInCompanyB = $companyB->users()->save(User::factory()->viewAssets()->make());
+
+        $this->settings->disableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('api.assets.index'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('api.assets.index'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('api.assets.index'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('api.assets.index'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('api.assets.index'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseDoesNotContainInRows($assetB, 'asset_tag');
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('api.assets.index'))
+            ->assertResponseDoesNotContainInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+    }
+}
--- a/Production/SNIPE-IT/tests/Feature/Api/Assets/AssetStoreTest.php
+++ b/Production/SNIPE-IT/tests/Feature/Api/Assets/AssetStoreTest.php
@ -0,0 +1,482 @@
+<?php
+
+namespace Tests\Feature\Api\Assets;
+
+use App\Models\Asset;
+use App\Models\AssetModel;
+use App\Models\Company;
+use App\Models\Location;
+use App\Models\Statuslabel;
+use App\Models\Supplier;
+use App\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Tests\TestCase;
+
+class AssetStoreTest extends TestCase
+{
+    public function testRequiresPermissionToCreateAsset()
+    {
+        $this->actingAsForApi(User::factory()->create())
+            ->postJson(route('api.assets.store'))
+            ->assertForbidden();
+    }
+
+    public function testAllAssetAttributesAreStored()
+    {
+        $company = Company::factory()->create();
+        $location = Location::factory()->create();
+        $model = AssetModel::factory()->create();
+        $rtdLocation = Location::factory()->create();
+        $status = Statuslabel::factory()->create();
+        $supplier = Supplier::factory()->create();
+        $user = User::factory()->createAssets()->create();
+        $userAssigned = User::factory()->create();
+
+        $response = $this->actingAsForApi($user)
+            ->postJson(route('api.assets.store'), [
+                'asset_eol_date' => '2024-06-02',
+                'asset_tag' => 'random_string',
+                'assigned_user' => $userAssigned->id,
+                'company_id' => $company->id,
+                'last_audit_date' => '2023-09-03',
+                'location_id' => $location->id,
+                'model_id' => $model->id,
+                'name' => 'A New Asset',
+                'notes' => 'Some notes',
+                'order_number' => '5678',
+                'purchase_cost' => '123.45',
+                'purchase_date' => '2023-09-02',
+                'requestable' => true,
+                'rtd_location_id' => $rtdLocation->id,
+                'serial' => '1234567890',
+                'status_id' => $status->id,
+                'supplier_id' => $supplier->id,
+                'warranty_months' => 10,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $asset = Asset::find($response['payload']['id']);
+
+        $this->assertTrue($asset->adminuser->is($user));
+
+        $this->assertEquals('2024-06-02', $asset->asset_eol_date);
+        $this->assertEquals('random_string', $asset->asset_tag);
+        $this->assertEquals($userAssigned->id, $asset->assigned_to);
+        $this->assertTrue($asset->company->is($company));
+        $this->assertEquals('2023-09-03 00:00:00', $asset->last_audit_date->format('Y-m-d H:i:s'));
+        $this->assertTrue($asset->location->is($location));
+        $this->assertTrue($asset->model->is($model));
+        $this->assertEquals('A New Asset', $asset->name);
+        $this->assertEquals('Some notes', $asset->notes);
+        $this->assertEquals('5678', $asset->order_number);
+        $this->assertEquals('123.45', $asset->purchase_cost);
+        $this->assertTrue($asset->purchase_date->is('2023-09-02'));
+        $this->assertEquals('1', $asset->requestable);
+        $this->assertTrue($asset->defaultLoc->is($rtdLocation));
+        $this->assertEquals('1234567890', $asset->serial);
+        $this->assertTrue($asset->assetstatus->is($status));
+        $this->assertTrue($asset->supplier->is($supplier));
+        $this->assertEquals(10, $asset->warranty_months);
+    }
+
+    public function testSetsLastAuditDateToMidnightOfProvidedDate()
+    {
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'last_audit_date' => '2023-09-03 12:23:45',
+                'asset_tag' => '1234',
+                'model_id' => AssetModel::factory()->create()->id,
+                'status_id' => Statuslabel::factory()->create()->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success');
+
+        $asset = Asset::find($response['payload']['id']);
+        $this->assertEquals('00:00:00', $asset->last_audit_date->format('H:i:s'));
+    }
+
+    public function testLastAuditDateCanBeNull()
+    {
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                // 'last_audit_date' => '2023-09-03 12:23:45',
+                'asset_tag' => '1234',
+                'model_id' => AssetModel::factory()->create()->id,
+                'status_id' => Statuslabel::factory()->create()->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success');
+
+        $asset = Asset::find($response['payload']['id']);
+        $this->assertNull($asset->last_audit_date);
+    }
+
+    public function testNonDateUsedForLastAuditDateReturnsValidationError()
+    {
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'last_audit_date' => 'this-is-not-valid',
+                'asset_tag' => '1234',
+                'model_id' => AssetModel::factory()->create()->id,
+                'status_id' => Statuslabel::factory()->create()->id,
+            ])
+            ->assertStatusMessageIs('error');
+
+        $this->assertNotNull($response->json('messages.last_audit_date'));
+    }
+
+    public function testArchivedDepreciateAndPhysicalCanBeNull()
+    {
+        $model = AssetModel::factory()->ipadModel()->create();
+        $status = Statuslabel::factory()->create();
+
+        $this->settings->enableAutoIncrement();
+
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+                'archive' => null,
+                'depreciate' => null,
+                'physical' => null
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $asset = Asset::find($response['payload']['id']);
+        $this->assertEquals(0, $asset->archived);
+        $this->assertEquals(1, $asset->physical);
+        $this->assertEquals(0, $asset->depreciate);
+    }
+
+    public function testArchivedDepreciateAndPhysicalCanBeEmpty()
+    {
+        $model = AssetModel::factory()->ipadModel()->create();
+        $status = Statuslabel::factory()->create();
+
+        $this->settings->enableAutoIncrement();
+
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+                'archive' => '',
+                'depreciate' => '',
+                'physical' => ''
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $asset = Asset::find($response['payload']['id']);
+        $this->assertEquals(0, $asset->archived);
+        $this->assertEquals(1, $asset->physical);
+        $this->assertEquals(0, $asset->depreciate);
+    }
+
+    public function testAssetEolDateIsCalculatedIfPurchaseDateSet()
+    {
+        $model = AssetModel::factory()->mbp13Model()->create();
+        $status = Statuslabel::factory()->create();
+
+        $this->settings->enableAutoIncrement();
+
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'purchase_date' => '2021-01-01',
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $asset = Asset::find($response['payload']['id']);
+        $this->assertEquals('2024-01-01', $asset->asset_eol_date);
+    }
+
+    public function testAssetEolDateIsNotCalculatedIfPurchaseDateNotSet()
+    {
+        $model = AssetModel::factory()->mbp13Model()->create();
+        $status = Statuslabel::factory()->create();
+
+        $this->settings->enableAutoIncrement();
+
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $asset = Asset::find($response['payload']['id']);
+        $this->assertNull($asset->asset_eol_date);
+    }
+
+    public function testAssetEolExplicitIsSetIfAssetEolDateIsExplicitlySet()
+    {
+        $model = AssetModel::factory()->mbp13Model()->create();
+        $status = Statuslabel::factory()->create();
+
+        $this->settings->enableAutoIncrement();
+
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'asset_eol_date' => '2025-01-01',
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $asset = Asset::find($response['payload']['id']);
+        $this->assertEquals('2025-01-01', $asset->asset_eol_date);
+        $this->assertTrue($asset->eol_explicit);
+    }
+
+    public function testAssetGetsAssetTagWithAutoIncrement()
+    {
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->create();
+
+        $this->settings->enableAutoIncrement();
+
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $asset = Asset::find($response['payload']['id']);
+        $this->assertNotNull($asset->asset_tag);
+    }
+
+    public function testAssetCreationFailsWithNoAssetTagOrAutoIncrement()
+    {
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->create();
+
+        $this->settings->disableAutoIncrement();
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('error');
+    }
+
+    public function testUniqueSerialNumbersIsEnforcedWhenEnabled()
+    {
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->create();
+        $serial = '1234567890';
+
+        $this->settings->enableAutoIncrement();
+        $this->settings->enableUniqueSerialNumbers();
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+                'serial' => $serial,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success');
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+                'serial' => $serial,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('error');
+    }
+
+    public function testUniqueSerialNumbersIsNotEnforcedWhenDisabled()
+    {
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->create();
+        $serial = '1234567890';
+
+        $this->settings->enableAutoIncrement();
+        $this->settings->disableUniqueSerialNumbers();
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+                'serial' => $serial,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success');
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+                'serial' => $serial,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success');
+    }
+
+    public function testAssetTagsMustBeUniqueWhenUndeleted()
+    {
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->create();
+        $asset_tag = '1234567890';
+
+        $this->settings->disableAutoIncrement();
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'asset_tag' => $asset_tag,
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success');
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'asset_tag' => $asset_tag,
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('error');
+    }
+
+    public function testAssetTagsCanBeDuplicatedIfDeleted()
+    {
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->create();
+        $asset_tag = '1234567890';
+
+        $this->settings->disableAutoIncrement();
+
+        $response = $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'asset_tag' => $asset_tag,
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+       Asset::find($response['payload']['id'])->delete();
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->postJson(route('api.assets.store'), [
+                'asset_tag' => $asset_tag,
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success');
+    }
+
+    public function testAnAssetCanBeCheckedOutToUserOnStore()
+    {
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->create();
+        $user = User::factory()->createAssets()->create();
+        $userAssigned = User::factory()->create();
+
+        $this->settings->enableAutoIncrement();
+
+        $response = $this->actingAsForApi($user)
+            ->postJson(route('api.assets.store'), [
+                'assigned_user' => $userAssigned->id,
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $asset = Asset::find($response['payload']['id']);
+
+        $this->assertTrue($asset->adminuser->is($user));
+        $this->assertTrue($asset->checkedOutToUser());
+        $this->assertTrue($asset->assignedTo->is($userAssigned));
+    }
+
+    public function testAnAssetCanBeCheckedOutToLocationOnStore()
+    {
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->create();
+        $location = Location::factory()->create();
+        $user = User::factory()->createAssets()->create();
+
+        $this->settings->enableAutoIncrement();
+
+        $response = $this->actingAsForApi($user)
+            ->postJson(route('api.assets.store'), [
+                'assigned_location' => $location->id,
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $asset = Asset::find($response['payload']['id']);
+
+        $this->assertTrue($asset->adminuser->is($user));
+        $this->assertTrue($asset->checkedOutToLocation());
+        $this->assertTrue($asset->location->is($location));
+    }
+
+    public function testAnAssetCanBeCheckedOutToAssetOnStore()
+    {
+        $model = AssetModel::factory()->create();
+        $status = Statuslabel::factory()->create();
+        $asset = Asset::factory()->create();
+        $user = User::factory()->createAssets()->create();
+
+        $this->settings->enableAutoIncrement();
+
+        $response = $this->actingAsForApi($user)
+            ->postJson(route('api.assets.store'), [
+                'assigned_asset' => $asset->id,
+                'model_id' => $model->id,
+                'status_id' => $status->id,
+            ])
+            ->assertOk()
+            ->assertStatusMessageIs('success')
+            ->json();
+
+        $apiAsset = Asset::find($response['payload']['id']);
+
+        $this->assertTrue($apiAsset->adminuser->is($user));
+        $this->assertTrue($apiAsset->checkedOutToAsset());
+        // I think this makes sense, but open to a sanity check
+        $this->assertTrue($asset->assignedAssets()->find($response['payload']['id'])->is($apiAsset));
+    }
+
+    public function testCompanyIdNeedsToBeInteger()
+    {
+        $this->actingAsForApi(User::factory()->createAssets()->create())
+            ->postJson(route('api.assets.store'), [
+                'company_id' => [1],
+            ])
+            ->assertStatusMessageIs('error')
+            ->assertJson(function (AssertableJson $json) {
+                $json->has('messages.company_id')->etc();
+            });
+    }
+}
--- a/Production/SNIPE-IT/tests/Feature/Api/Assets/AssetsForSelectListTest.php
+++ b/Production/SNIPE-IT/tests/Feature/Api/Assets/AssetsForSelectListTest.php
@ -0,0 +1,73 @@
+<?php
+
+namespace Tests\Feature\Api\Assets;
+
+use App\Models\Asset;
+use App\Models\Company;
+use App\Models\User;
+use Tests\TestCase;
+
+class AssetsForSelectListTest extends TestCase
+{
+    public function testAssetsCanBeSearchedForByAssetTag()
+    {
+        Asset::factory()->create(['asset_tag' => '0001']);
+        Asset::factory()->create(['asset_tag' => '0002']);
+
+        $response = $this->actingAsForApi(User::factory()->create())
+            ->getJson(route('assets.selectlist', ['search' => '000']))
+            ->assertOk();
+
+        $results = collect($response->json('results'));
+
+        $this->assertEquals(2, $results->count());
+        $this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, '0001')));
+        $this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, '0002')));
+    }
+
+    public function testAssetsAreScopedToCompanyWhenMultipleCompanySupportEnabled()
+    {
+        [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+        $assetA = Asset::factory()->for($companyA)->create(['asset_tag' => '0001']);
+        $assetB = Asset::factory()->for($companyB)->create(['asset_tag' => '0002']);
+
+        $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+        $userInCompanyA = $companyA->users()->save(User::factory()->viewAssets()->make());
+        $userInCompanyB = $companyB->users()->save(User::factory()->viewAssets()->make());
+
+        $this->settings->disableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('assets.selectlist', ['search' => '000']))
+            ->assertResponseContainsInResults($assetA)
+            ->assertResponseContainsInResults($assetB);
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('assets.selectlist', ['search' => '000']))
+            ->assertResponseContainsInResults($assetA)
+            ->assertResponseContainsInResults($assetB);
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('assets.selectlist', ['search' => '000']))
+            ->assertResponseContainsInResults($assetA)
+            ->assertResponseContainsInResults($assetB);
+
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('assets.selectlist', ['search' => '000']))
+            ->assertResponseContainsInResults($assetA)
+            ->assertResponseContainsInResults($assetB);
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('assets.selectlist', ['search' => '000']))
+            ->assertResponseContainsInResults($assetA)
+            ->assertResponseDoesNotContainInResults($assetB);
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('assets.selectlist', ['search' => '000']))
+            ->assertResponseDoesNotContainInResults($assetA)
+            ->assertResponseContainsInResults($assetB);
+    }
+}
--- a/Production/SNIPE-IT/tests/Feature/Api/Assets/RequestableAssetsTest.php
+++ b/Production/SNIPE-IT/tests/Feature/Api/Assets/RequestableAssetsTest.php
@ -0,0 +1,76 @@
+<?php
+
+namespace Tests\Feature\Api\Assets;
+
+use App\Models\Asset;
+use App\Models\Company;
+use App\Models\User;
+use Tests\TestCase;
+
+class RequestableAssetsTest extends TestCase
+{
+    public function testViewingRequestableAssetsRequiresCorrectPermission()
+    {
+        $this->actingAsForApi(User::factory()->create())
+            ->getJson(route('api.assets.requestable'))
+            ->assertForbidden();
+    }
+
+    public function testReturnsRequestableAssets()
+    {
+        $requestableAsset = Asset::factory()->requestable()->create(['asset_tag' => 'requestable']);
+        $nonRequestableAsset = Asset::factory()->nonrequestable()->create(['asset_tag' => 'non-requestable']);
+
+        $this->actingAsForApi(User::factory()->viewRequestableAssets()->create())
+            ->getJson(route('api.assets.requestable'))
+            ->assertOk()
+            ->assertResponseContainsInRows($requestableAsset, 'asset_tag')
+            ->assertResponseDoesNotContainInRows($nonRequestableAsset, 'asset_tag');
+    }
+
+    public function testRequestableAssetsAreScopedToCompanyWhenMultipleCompanySupportEnabled()
+    {
+        [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+        $assetA = Asset::factory()->requestable()->for($companyA)->create(['asset_tag' => '0001']);
+        $assetB = Asset::factory()->requestable()->for($companyB)->create(['asset_tag' => '0002']);
+
+        $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+        $userInCompanyA = $companyA->users()->save(User::factory()->viewRequestableAssets()->make());
+        $userInCompanyB = $companyB->users()->save(User::factory()->viewRequestableAssets()->make());
+
+        $this->settings->disableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('api.assets.requestable'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('api.assets.requestable'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('api.assets.requestable'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('api.assets.requestable'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('api.assets.requestable'))
+            ->assertResponseContainsInRows($assetA, 'asset_tag')
+            ->assertResponseDoesNotContainInRows($assetB, 'asset_tag');
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('api.assets.requestable'))
+            ->assertResponseDoesNotContainInRows($assetA, 'asset_tag')
+            ->assertResponseContainsInRows($assetB, 'asset_tag');
+    }
+}