ok

Production/SNIPE-IT/tests/Feature/Api/Users/UpdateUserApiTest.php

@@ -0,0 +1,61 @@
+<?php
+
+namespace Tests\Feature\Api\Users;
+
+use App\Models\User;
+use Tests\TestCase;
+
+class UpdateUserApiTest extends TestCase
+{
+    public function testApiUsersCanBeActivatedWithNumber()
+    {
+        $admin = User::factory()->superuser()->create();
+        $user = User::factory()->create(['activated' => 0]);
+
+        $this->actingAsForApi($admin)
+            ->patch(route('api.users.update', $user), [
+                'activated' => 1,
+            ]);
+
+        $this->assertEquals(1, $user->refresh()->activated);
+    }
+
+    public function testApiUsersCanBeActivatedWithBooleanTrue()
+    {
+        $admin = User::factory()->superuser()->create();
+        $user = User::factory()->create(['activated' => false]);
+
+        $this->actingAsForApi($admin)
+            ->patch(route('api.users.update', $user), [
+                'activated' => true,
+            ]);
+
+        $this->assertEquals(1, $user->refresh()->activated);
+    }
+
+    public function testApiUsersCanBeDeactivatedWithNumber()
+    {
+        $admin = User::factory()->superuser()->create();
+        $user = User::factory()->create(['activated' => true]);
+
+        $this->actingAsForApi($admin)
+            ->patch(route('api.users.update', $user), [
+                'activated' => 0,
+            ]);
+
+        $this->assertEquals(0, $user->refresh()->activated);
+    }
+
+    public function testApiUsersCanBeDeactivatedWithBooleanFalse()
+    {
+        $admin = User::factory()->superuser()->create();
+        $user = User::factory()->create(['activated' => true]);
+
+        $this->actingAsForApi($admin)
+            ->patch(route('api.users.update', $user), [
+                'activated' => false,
+            ]);
+
+        $this->assertEquals(0, $user->refresh()->activated);
+    }
+}

Production/SNIPE-IT/tests/Feature/Api/Users/UsersForSelectListTest.php

@@ -0,0 +1,97 @@
+<?php
+
+namespace Tests\Feature\Api\Users;
+
+use App\Models\Company;
+use App\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Laravel\Passport\Passport;
+use Tests\TestCase;
+
+class UsersForSelectListTest extends TestCase
+{
+    public function testUsersAreReturned()
+    {
+        $users = User::factory()->superuser()->count(3)->create();
+
+        Passport::actingAs($users->first());
+        $this->getJson(route('api.users.selectlist'))
+            ->assertOk()
+            ->assertJsonStructure([
+                'results',
+                'pagination',
+                'total_count',
+                'page',
+                'page_count',
+            ])
+            ->assertJson(fn(AssertableJson $json) => $json->has('results', 3)->etc());
+    }
+
+    public function testUsersCanBeSearchedByFirstAndLastName()
+    {
+        User::factory()->create(['first_name' => 'Luke', 'last_name' => 'Skywalker']);
+
+        Passport::actingAs(User::factory()->create());
+        $response = $this->getJson(route('api.users.selectlist', ['search' => 'luke sky']))->assertOk();
+
+        $results = collect($response->json('results'));
+
+        $this->assertEquals(1, $results->count());
+        $this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, 'Luke')));
+    }
+
+    public function testUsersScopedToCompanyWhenMultipleFullCompanySupportEnabled()
+    {
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $jedi = Company::factory()->has(User::factory()->count(3)->sequence(
+            ['first_name' => 'Luke', 'last_name' => 'Skywalker', 'username' => 'lskywalker'],
+            ['first_name' => 'Obi-Wan', 'last_name' => 'Kenobi', 'username' => 'okenobi'],
+            ['first_name' => 'Anakin', 'last_name' => 'Skywalker', 'username' => 'askywalker'],
+        ))->create();
+
+        $sith = Company::factory()
+            ->has(User::factory()->state(['first_name' => 'Darth', 'last_name' => 'Vader', 'username' => 'dvader']))
+            ->create();
+
+        Passport::actingAs($jedi->users->first());
+        $response = $this->getJson(route('api.users.selectlist'))->assertOk();
+
+        $results = collect($response->json('results'));
+
+        $this->assertEquals(3, $results->count());
+        $this->assertTrue(
+            $results->pluck('text')->contains(fn($text) => str_contains($text, 'Luke'))
+        );
+        $this->assertFalse(
+            $results->pluck('text')->contains(fn($text) => str_contains($text, 'Darth'))
+        );
+    }
+
+    public function testUsersScopedToCompanyDuringSearchWhenMultipleFullCompanySupportEnabled()
+    {
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $jedi = Company::factory()->has(User::factory()->count(3)->sequence(
+            ['first_name' => 'Luke', 'last_name' => 'Skywalker', 'username' => 'lskywalker'],
+            ['first_name' => 'Obi-Wan', 'last_name' => 'Kenobi', 'username' => 'okenobi'],
+            ['first_name' => 'Anakin', 'last_name' => 'Skywalker', 'username' => 'askywalker'],
+        ))->create();
+
+        Company::factory()
+            ->has(User::factory()->state(['first_name' => 'Darth', 'last_name' => 'Vader', 'username' => 'dvader']))
+            ->create();
+
+        Passport::actingAs($jedi->users->first());
+        $response = $this->getJson(route('api.users.selectlist', ['search' => 'a']))->assertOk();
+
+        $results = collect($response->json('results'));
+
+        $this->assertEquals(3, $results->count());
+        $this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, 'Luke')));
+        $this->assertTrue($results->pluck('text')->contains(fn($text) => str_contains($text, 'Anakin')));
+
+        $response = $this->getJson(route('api.users.selectlist', ['search' => 'v']))->assertOk();
+        $this->assertEquals(0, collect($response->json('results'))->count());
+    }
+}

Production/SNIPE-IT/tests/Feature/Api/Users/UsersSearchTest.php

@@ -0,0 +1,147 @@
+<?php
+
+namespace Tests\Feature\Api\Users;
+
+use App\Models\Company;
+use App\Models\User;
+use Laravel\Passport\Passport;
+use Tests\TestCase;
+
+class UsersSearchTest extends TestCase
+{
+    public function testCanSearchByUserFirstAndLastName()
+    {
+        User::factory()->create(['first_name' => 'Luke', 'last_name' => 'Skywalker']);
+        User::factory()->create(['first_name' => 'Darth', 'last_name' => 'Vader']);
+
+        Passport::actingAs(User::factory()->viewUsers()->create());
+        $response = $this->getJson(route('api.users.index', ['search' => 'luke sky']))->assertOk();
+
+        $results = collect($response->json('rows'));
+
+        $this->assertEquals(1, $results->count());
+        $this->assertTrue($results->pluck('name')->contains(fn($text) => str_contains($text, 'Luke')));
+        $this->assertFalse($results->pluck('name')->contains(fn($text) => str_contains($text, 'Darth')));
+    }
+
+    public function testResultsWhenSearchingForActiveUsers()
+    {
+        User::factory()->create(['first_name' => 'Active', 'last_name' => 'User']);
+        User::factory()->create(['first_name' => 'Deleted', 'last_name' => 'User'])->delete();
+
+        $response = $this->actingAsForApi(User::factory()->viewUsers()->create())
+            ->getJson(route('api.users.index', [
+                'deleted' => 'false',
+                'company_id' => '',
+                'search' => 'user',
+                'order' => 'asc',
+                'offset' => '0',
+                'limit' => '20',
+            ]))
+            ->assertOk();
+
+        $firstNames = collect($response->json('rows'))->pluck('first_name');
+
+        $this->assertTrue(
+            $firstNames->contains('Active'),
+            'Expected user does not appear in results'
+        );
+
+        $this->assertFalse(
+            $firstNames->contains('Deleted'),
+            'Unexpected deleted user appears in results'
+        );
+    }
+
+    public function testResultsWhenSearchingForDeletedUsers()
+    {
+        User::factory()->create(['first_name' => 'Active', 'last_name' => 'User']);
+        User::factory()->create(['first_name' => 'Deleted', 'last_name' => 'User'])->delete();
+
+        $response = $this->actingAsForApi(User::factory()->viewUsers()->create())
+            ->getJson(route('api.users.index', [
+                'deleted' => 'true',
+                'company_id' => '',
+                'search' => 'user',
+                'order' => 'asc',
+                'offset' => '0',
+                'limit' => '20',
+            ]))
+            ->assertOk();
+
+        $firstNames = collect($response->json('rows'))->pluck('first_name');
+
+        $this->assertFalse(
+            $firstNames->contains('Active'),
+            'Unexpected active user appears in results'
+        );
+
+        $this->assertTrue(
+            $firstNames->contains('Deleted'),
+            'Expected deleted user does not appear in results'
+        );
+    }
+
+    public function testUsersScopedToCompanyWhenMultipleFullCompanySupportEnabled()
+    {
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $companyA = Company::factory()
+            ->has(User::factory(['first_name' => 'Company A', 'last_name' => 'User']))
+            ->create();
+
+        Company::factory()
+            ->has(User::factory(['first_name' => 'Company B', 'last_name' => 'User']))
+            ->create();
+
+        $response = $this->actingAsForApi(User::factory()->for($companyA)->viewUsers()->create())
+            ->getJson(route('api.users.index'))
+            ->assertOk();
+
+        $results = collect($response->json('rows'));
+
+        $this->assertTrue(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company A')),
+            'User index does not contain expected user'
+        );
+        $this->assertFalse(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company B')),
+            'User index contains unexpected user from another company'
+        );
+    }
+
+    public function testUsersScopedToCompanyDuringSearchWhenMultipleFullCompanySupportEnabled()
+    {
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $companyA = Company::factory()
+            ->has(User::factory(['first_name' => 'Company A', 'last_name' => 'User']))
+            ->create();
+
+        Company::factory()
+            ->has(User::factory(['first_name' => 'Company B', 'last_name' => 'User']))
+            ->create();
+
+        $response = $this->actingAsForApi(User::factory()->for($companyA)->viewUsers()->create())
+            ->getJson(route('api.users.index', [
+                'deleted' => 'false',
+                'company_id' => null,
+                'search' => 'user',
+                'order' => 'asc',
+                'offset' => '0',
+                'limit' => '20',
+            ]))
+            ->assertOk();
+
+        $results = collect($response->json('rows'));
+
+        $this->assertTrue(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company A')),
+            'User index does not contain expected user'
+        );
+        $this->assertFalse(
+            $results->pluck('name')->contains(fn($text) => str_contains($text, 'Company B')),
+            'User index contains unexpected user from another company'
+        );
+    }
+}

Production/SNIPE-IT/tests/Feature/Api/Users/UsersUpdateTest.php

@@ -0,0 +1,84 @@
+<?php
+
+namespace Tests\Feature\Api\Users;
+
+use App\Models\Company;
+use App\Models\Department;
+use App\Models\Group;
+use App\Models\Location;
+use App\Models\User;
+use Illuminate\Support\Facades\Hash;
+use Tests\TestCase;
+
+class UsersUpdateTest extends TestCase
+{
+    public function testCanUpdateUserViaPatch()
+    {
+        $admin = User::factory()->superuser()->create();
+        $manager = User::factory()->create();
+        $company = Company::factory()->create();
+        $department = Department::factory()->create();
+        $location = Location::factory()->create();
+        [$groupA, $groupB] = Group::factory()->count(2)->create();
+
+        $user = User::factory()->create([
+            'activated' => false,
+            'remote' => false,
+            'vip' => false,
+        ]);
+
+        $this->actingAsForApi($admin)
+            ->patchJson(route('api.users.update', $user), [
+                'first_name' => 'Mabel',
+                'last_name' => 'Mora',
+                'username' => 'mabel',
+                'password' => 'super-secret',
+                'email' => 'mabel@onlymurderspod.com',
+                'permissions' => '{"a.new.permission":"1"}',
+                'activated' => true,
+                'phone' => '619-555-5555',
+                'jobtitle' => 'Host',
+                'manager_id' => $manager->id,
+                'employee_num' => '1111',
+                'notes' => 'Pretty good artist',
+                'company_id' => $company->id,
+                'department_id' => $department->id,
+                'location_id' => $location->id,
+                'remote' => true,
+                'groups' => $groupA->id,
+                'vip' => true,
+                'start_date' => '2021-08-01',
+                'end_date' => '2025-12-31',
+            ])
+            ->assertOk();
+
+        $user->refresh();
+        $this->assertEquals('Mabel', $user->first_name, 'First name was not updated');
+        $this->assertEquals('Mora', $user->last_name, 'Last name was not updated');
+        $this->assertEquals('mabel', $user->username, 'Username was not updated');
+        $this->assertTrue(Hash::check('super-secret', $user->password), 'Password was not updated');
+        $this->assertEquals('mabel@onlymurderspod.com', $user->email, 'Email was not updated');
+        $this->assertArrayHasKey('a.new.permission', $user->decodePermissions(), 'Permissions were not updated');
+        $this->assertTrue((bool)$user->activated, 'User not marked as activated');
+        $this->assertEquals('619-555-5555', $user->phone, 'Phone was not updated');
+        $this->assertEquals('Host', $user->jobtitle, 'Job title was not updated');
+        $this->assertTrue($user->manager->is($manager), 'Manager was not updated');
+        $this->assertEquals('1111', $user->employee_num, 'Employee number was not updated');
+        $this->assertEquals('Pretty good artist', $user->notes, 'Notes was not updated');
+        $this->assertTrue($user->company->is($company), 'Company was not updated');
+        $this->assertTrue($user->department->is($department), 'Department was not updated');
+        $this->assertTrue($user->location->is($location), 'Location was not updated');
+        $this->assertEquals(1, $user->remote, 'Remote was not updated');
+        $this->assertTrue($user->groups->contains($groupA), 'Groups were not updated');
+        $this->assertEquals(1, $user->vip, 'VIP was not updated');
+        $this->assertEquals('2021-08-01', $user->start_date, 'Start date was not updated');
+        $this->assertEquals('2025-12-31', $user->end_date, 'End date was not updated');
+
+        // `groups` can be an id or array or ids
+        $this->patch(route('api.users.update', $user), ['groups' => [$groupA->id, $groupB->id]]);
+
+        $user->refresh();
+        $this->assertTrue($user->groups->contains($groupA), 'Not part of expected group');
+        $this->assertTrue($user->groups->contains($groupB), 'Not part of expected group');
+    }
+}