From 016886f3074df18c89dd4dc39fbc19ebe9ecf2e2 Mon Sep 17 00:00:00 2001 From: Saeed Vaziry <61919774+saeedvaziry@users.noreply.github.com> Date: Thu, 9 May 2024 00:55:52 +0200 Subject: [PATCH] fix new user bug (#197) --- .../Settings/ProjectController.php | 9 +- .../Controllers/Settings/UserController.php | 13 ++ app/Http/Kernel.php | 1 + .../Middleware/MustHaveCurrentProject.php | 31 ++++ app/Http/Middleware/SelectCurrentProject.php | 2 +- resources/views/components/toast.blade.php | 2 +- .../partials/source-controls-list.blade.php | 3 + routes/web.php | 2 +- tests/Feature/UserTest.php | 161 ++++++++++++++++++ 9 files changed, 219 insertions(+), 5 deletions(-) create mode 100644 app/Http/Middleware/MustHaveCurrentProject.php create mode 100644 tests/Feature/UserTest.php diff --git a/app/Http/Controllers/Settings/ProjectController.php b/app/Http/Controllers/Settings/ProjectController.php index eb8cc904..712beaab 100644 --- a/app/Http/Controllers/Settings/ProjectController.php +++ b/app/Http/Controllers/Settings/ProjectController.php @@ -19,6 +19,8 @@ class ProjectController extends Controller { public function index(): View { + $this->authorize('viewAny', Project::class); + return view('settings.projects.index', [ 'projects' => Project::all(), ]); @@ -26,6 +28,8 @@ public function index(): View public function create(Request $request): HtmxResponse { + $this->authorize('create', Project::class); + app(CreateProject::class)->create($request->user(), $request->input()); Toast::success('Project created.'); @@ -35,8 +39,7 @@ public function create(Request $request): HtmxResponse public function update(Request $request, Project $project): HtmxResponse { - /** @var Project $project */ - $project = $request->user()->projects()->findOrFail($project->id); + $this->authorize('update', $project); app(UpdateProject::class)->update($project, $request->input()); @@ -47,6 +50,8 @@ public function update(Request $request, Project $project): HtmxResponse public function delete(Project $project): RedirectResponse { + $this->authorize('delete', $project); + /** @var User $user */ $user = auth()->user(); diff --git a/app/Http/Controllers/Settings/UserController.php b/app/Http/Controllers/Settings/UserController.php index 9d407733..42ecc500 100644 --- a/app/Http/Controllers/Settings/UserController.php +++ b/app/Http/Controllers/Settings/UserController.php @@ -7,6 +7,7 @@ use App\Facades\Toast; use App\Helpers\HtmxResponse; use App\Http\Controllers\Controller; +use App\Models\Project; use App\Models\User; use Illuminate\Contracts\View\View; use Illuminate\Http\RedirectResponse; @@ -56,6 +57,18 @@ public function updateProjects(User $user, Request $request): HtmxResponse $user->projects()->sync($request->projects); + if ($user->currentProject && ! $user->projects->contains($user->currentProject)) { + $user->current_project_id = null; + $user->save(); + } + + /** @var Project $firstProject */ + $firstProject = $user->projects->first(); + if (! $user->currentProject && $firstProject) { + $user->current_project_id = $firstProject->id; + $user->save(); + } + Toast::success('Projects updated successfully'); return htmx()->redirect(route('settings.users.show', $user)); diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index a1731197..00e87166 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -69,5 +69,6 @@ class Kernel extends HttpKernel 'handle-ssh-errors' => HandleSSHErrors::class, 'select-current-project' => SelectCurrentProject::class, 'is-admin' => \App\Http\Middleware\IsAdmin::class, + 'must-have-current-project' => \App\Http\Middleware\MustHaveCurrentProject::class, ]; } diff --git a/app/Http/Middleware/MustHaveCurrentProject.php b/app/Http/Middleware/MustHaveCurrentProject.php new file mode 100644 index 00000000..39e9e2b5 --- /dev/null +++ b/app/Http/Middleware/MustHaveCurrentProject.php @@ -0,0 +1,31 @@ +user(); + + if (! $user->currentProject) { + Toast::warning('Please select a project to continue'); + + return redirect()->route('profile'); + } + + return $next($request); + } +} diff --git a/app/Http/Middleware/SelectCurrentProject.php b/app/Http/Middleware/SelectCurrentProject.php index 9ec41ea6..186151df 100644 --- a/app/Http/Middleware/SelectCurrentProject.php +++ b/app/Http/Middleware/SelectCurrentProject.php @@ -22,7 +22,7 @@ public function handle(Request $request, Closure $next): Response /** @var User $user */ $user = $request->user(); - if ($server->project_id != $user->current_project_id) { + if ($server->project_id != $user->current_project_id && $user->can('view', $server)) { $user->current_project_id = $server->project_id; $user->save(); } diff --git a/resources/views/components/toast.blade.php b/resources/views/components/toast.blade.php index 0a34f3c8..f0eba2ef 100644 --- a/resources/views/components/toast.blade.php +++ b/resources/views/components/toast.blade.php @@ -432,7 +432,7 @@ class="-ml-1 mr-1.5 h-[18px] w-[18px]" >

diff --git a/resources/views/settings/source-controls/partials/source-controls-list.blade.php b/resources/views/settings/source-controls/partials/source-controls-list.blade.php index a879d34c..c54837b8 100644 --- a/resources/views/settings/source-controls/partials/source-controls-list.blade.php +++ b/resources/views/settings/source-controls/partials/source-controls-list.blade.php @@ -27,10 +27,13 @@
diff --git a/routes/web.php b/routes/web.php index 7326a48f..719ce346 100644 --- a/routes/web.php +++ b/routes/web.php @@ -24,7 +24,7 @@ require __DIR__.'/settings.php'; }); - Route::prefix('/servers')->group(function () { + Route::prefix('/servers')->middleware('must-have-current-project')->group(function () { require __DIR__.'/server.php'; }); diff --git a/tests/Feature/UserTest.php b/tests/Feature/UserTest.php new file mode 100644 index 00000000..64b9aace --- /dev/null +++ b/tests/Feature/UserTest.php @@ -0,0 +1,161 @@ +actingAs($this->user); + + $this->post(route('settings.users.store'), [ + 'name' => 'new user', + 'email' => 'newuser@example.com', + 'password' => 'password', + 'role' => UserRole::USER, + ])->assertSessionDoesntHaveErrors(); + + $this->assertDatabaseHas('users', [ + 'name' => 'new user', + 'email' => 'newuser@example.com', + 'role' => UserRole::USER, + ]); + } + + public function test_see_users_list(): void + { + $this->actingAs($this->user); + + $user = User::factory()->create(); + + $this->get(route('settings.users.index')) + ->assertSuccessful() + ->assertSee($user->name); + } + + public function test_must_be_admin_to_see_users_list(): void + { + $this->user->role = UserRole::USER; + $this->user->save(); + + $this->actingAs($this->user); + + $user = User::factory()->create(); + + $this->get(route('settings.users.index')) + ->assertForbidden(); + } + + public function test_delete_user(): void + { + $this->actingAs($this->user); + + $user = User::factory()->create(); + + $this->delete(route('settings.users.delete', $user)) + ->assertSessionDoesntHaveErrors(); + + $this->assertDatabaseMissing('users', [ + 'id' => $user->id, + ]); + } + + public function test_cannot_delete_yourself(): void + { + $this->actingAs($this->user); + + $this->delete(route('settings.users.delete', $this->user)) + ->assertSessionDoesntHaveErrors() + ->assertSessionHas('toast.type', 'error'); + + $this->assertDatabaseHas('users', [ + 'id' => $this->user->id, + ]); + } + + public function test_see_user(): void + { + $this->actingAs($this->user); + + $user = User::factory()->create(); + + $this->get(route('settings.users.show', $user)) + ->assertSuccessful() + ->assertSee($user->name); + } + + public function test_edit_user_info(): void + { + $this->actingAs($this->user); + + $user = User::factory()->create(); + + $this->post(route('settings.users.update', $user), [ + 'name' => 'new-name', + 'email' => 'newemail@example.com', + 'timezone' => 'Europe/London', + 'role' => UserRole::ADMIN, + ]) + ->assertSessionDoesntHaveErrors(); + + $this->assertDatabaseHas('users', [ + 'id' => $user->id, + 'name' => 'new-name', + 'email' => 'newemail@example.com', + 'timezone' => 'Europe/London', + 'role' => UserRole::ADMIN, + ]); + } + + public function test_edit_user_projects(): void + { + $this->actingAs($this->user); + + $user = User::factory()->create(); + $project = Project::factory()->create(); + + $this->post(route('settings.users.update-projects', $user), [ + 'projects' => [$project->id], + ]) + ->assertSessionDoesntHaveErrors(); + + $this->assertDatabaseHas('user_project', [ + 'user_id' => $user->id, + 'project_id' => $project->id, + ]); + } + + public function test_edit_user_projects_with_current_project(): void + { + $this->actingAs($this->user); + + $user = User::factory()->create(); + $user->current_project_id = null; + $user->save(); + + $project = Project::factory()->create(); + + $this->post(route('settings.users.update-projects', $user), [ + 'projects' => [$project->id], + ]) + ->assertSessionDoesntHaveErrors(); + + $this->assertDatabaseHas('user_project', [ + 'user_id' => $user->id, + 'project_id' => $project->id, + ]); + + $this->assertDatabaseHas('users', [ + 'id' => $user->id, + 'current_project_id' => $project->id, + ]); + } +}