mirror/snipe-it
3
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2026-02-05 06:55:34 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #17887 from marcusmoore/fixes/17404-prevent-bulk-checkout-across-companies

Browse Source 
Fixed #17404 - Disallow bulk checkout of assets across companies
This commit is contained in:
snipe
2025-09-22 18:57:43 +01:00
committed by GitHub
parent d9399534ce fb9fb9c097
commit 8a46579588
3 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app/Http/Controllers/Assets/BulkAssetsController.php
View File

@ -656,6 +656,21 @@ class BulkAssetsController extends Controller
->with('error', trans('general.error_assets_already_checked_out'));
}
// Prevent checking out assets across companies if FMCS enabled
if (Setting::getSettings()->full_multiple_companies_support && $target->company_id) {
$company_ids = $assets->pluck('company_id')->unique();
// if there is more than one unique company id or the singular company id does not match
// then the checkout is invalid
if ($company_ids->count() > 1 || $company_ids->first() != $target->company_id) {
// re-add the asset ids so the assets select is re-populated
$request->session()->flashInput(['selected_assets' => $asset_ids]);
return redirect(route('hardware.bulkcheckout.show'))
->with('error', trans('general.error_user_company_multiple'));
}
}
if (request('checkout_to_type') == 'asset') {
foreach ($asset_ids as $asset_id) {
if ($target->id == $asset_id) {

1
resources/lang/en-US/general.php
View File

@ -519,6 +519,7 @@ return [
'item_notes' => ':item Notes',
'item_name_var' => ':item Name',
'error_user_company' => 'Checkout target company and asset company do not match',
'error_user_company_multiple' => 'One or more of the checkout target company and asset company do not match',
'error_user_company_accept_view' => 'An Asset assigned to you belongs to a different company so you can\'t accept nor deny it, please check with your manager',
'error_assets_already_checked_out' => 'One or more of the assets are already checked out',
'importer' => [

37
tests/Feature/Checkouts/Ui/BulkAssetCheckoutTest.php
View File

@ -4,6 +4,7 @@ namespace Tests\Feature\Checkouts\Ui;
use App\Mail\CheckoutAssetMail;
use App\Models\Asset;
use App\Models\Company;
use App\Models\Location;
use App\Models\User;
use Illuminate\Support\Facades\Mail;
@ -122,6 +123,42 @@ class BulkAssetCheckoutTest extends TestCase
];
}
#[DataProvider('checkoutTargets')]
public function test_adheres_to_full_multiple_company_support($data)
{
['type' => $type, 'target' => $target] = $data();
$this->settings->enableMultipleFullCompanySupport();
// create two companies
[$companyA, $companyB] = Company::factory()->count(2)->create();
// create an asset for each company
$assetForCompanyA = Asset::factory()->for($companyA)->create();
$assetForCompanyB = Asset::factory()->for($companyB)->create();
$this->assertNull($assetForCompanyA->assigned_to, 'Asset should not be assigned before attempting this test case.');
$this->assertNull($assetForCompanyB->assigned_to, 'Asset should not be assigned before attempting this test case.');
// attempt to bulk checkout both items to the target
$response = $this->actingAs(User::factory()->superuser()->create())
->post(route('hardware.bulkcheckout.store'), [
'selected_assets' => [
$assetForCompanyA->id,
$assetForCompanyB->id,
],
'checkout_to_type' => $type,
"assigned_$type" => $target->id,
]);
// ensure bulk checkout is blocked
$this->assertNull($assetForCompanyA->fresh()->assigned_to, 'Asset was checked out across companies.');
$this->assertNull($assetForCompanyB->fresh()->assigned_to, 'Asset was checked out across companies.');
// ensure redirected back
$response->assertRedirectToRoute('hardware.bulkcheckout.show');
}
#[DataProvider('checkoutTargets')]
public function test_prevents_checkouts_of_checked_out_items($data)
{