From 695c9d070f938d8ee8ccadaa0a46fb0f67b9f09f Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Wed, 5 Mar 2025 11:32:04 -0800
Subject: [PATCH 1/3] Require int for department and company ids when creating
 user via api

---
 app/Http/Requests/SaveUserRequest.php      |  4 +-
 tests/Feature/Users/Api/StoreUsersTest.php | 48 ++++++++++++++++++++++
 2 files changed, 50 insertions(+), 2 deletions(-)
 create mode 100644 tests/Feature/Users/Api/StoreUsersTest.php

diff --git a/app/Http/Requests/SaveUserRequest.php b/app/Http/Requests/SaveUserRequest.php
index 5a47362cf..4051e9804 100644
--- a/app/Http/Requests/SaveUserRequest.php
+++ b/app/Http/Requests/SaveUserRequest.php
@@ -33,9 +33,9 @@ class SaveUserRequest extends FormRequest
     public function rules()
     {
         $rules = [
-            'department_id' => 'nullable|exists:departments,id',
+            'department_id' => 'nullable|integer|exists:departments,id',
             'manager_id' => 'nullable|exists:users,id',
-            'company_id' => ['nullable','exists:companies,id']
+            'company_id' => ['nullable', 'integer', 'exists:companies,id']
         ];
 
         switch ($this->method()) {
diff --git a/tests/Feature/Users/Api/StoreUsersTest.php b/tests/Feature/Users/Api/StoreUsersTest.php
new file mode 100644
index 000000000..f5065c574
--- /dev/null
+++ b/tests/Feature/Users/Api/StoreUsersTest.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Tests\Feature\Users\Api;
+
+use App\Models\Company;
+use App\Models\Department;
+use App\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Tests\TestCase;
+
+class StoreUsersTest extends TestCase
+{
+    public function testCompanyIdNeedsToBeInteger()
+    {
+        $company = Company::factory()->create();
+
+        $this->actingAsForApi(User::factory()->createUsers()->create())
+            ->postJson(route('api.users.store'), [
+                'company_id' => [$company->id],
+                'first_name' => 'Joe',
+                'username' => 'joe',
+                'password' => 'joe_password',
+                'password_confirmation' => 'joe_password',
+            ])
+            ->assertStatusMessageIs('error')
+            ->assertJson(function (AssertableJson $json) {
+                $json->has('messages.company_id')->etc();
+            });
+    }
+
+    public function testDepartmentIdNeedsToBeInteger()
+    {
+        $department = Department::factory()->create();
+
+        $this->actingAsForApi(User::factory()->createUsers()->create())
+            ->postJson(route('api.users.store'), [
+                'department_id' => [$department->id],
+                'first_name' => 'Joe',
+                'username' => 'joe',
+                'password' => 'joe_password',
+                'password_confirmation' => 'joe_password',
+            ])
+            ->assertStatusMessageIs('error')
+            ->assertJson(function (AssertableJson $json) {
+                $json->has('messages.department_id')->etc();
+            });
+    }
+}

From 69009e027fbac5062669ed1b8ca223240be837ac Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Wed, 5 Mar 2025 11:34:45 -0800
Subject: [PATCH 2/3] Add authorization test

---
 tests/Feature/Users/Api/StoreUsersTest.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tests/Feature/Users/Api/StoreUsersTest.php b/tests/Feature/Users/Api/StoreUsersTest.php
index f5065c574..fcc675231 100644
--- a/tests/Feature/Users/Api/StoreUsersTest.php
+++ b/tests/Feature/Users/Api/StoreUsersTest.php
@@ -10,6 +10,18 @@ use Tests\TestCase;
 
 class StoreUsersTest extends TestCase
 {
+    public function testRequiresPermission()
+    {
+        $this->actingAsForApi(User::factory()->create())
+            ->postJson(route('api.users.store'), [
+                'first_name' => 'Joe',
+                'username' => 'joe',
+                'password' => 'joe_password',
+                'password_confirmation' => 'joe_password',
+            ])
+            ->assertForbidden();
+    }
+
     public function testCompanyIdNeedsToBeInteger()
     {
         $company = Company::factory()->create();

From 25395e9af1084ef0a20c45c4788f98b16e627080 Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Wed, 5 Mar 2025 11:37:03 -0800
Subject: [PATCH 3/3] Add test for storing user

---
 tests/Feature/Users/Api/StoreUsersTest.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/tests/Feature/Users/Api/StoreUsersTest.php b/tests/Feature/Users/Api/StoreUsersTest.php
index fcc675231..41cb04e3c 100644
--- a/tests/Feature/Users/Api/StoreUsersTest.php
+++ b/tests/Feature/Users/Api/StoreUsersTest.php
@@ -57,4 +57,22 @@ class StoreUsersTest extends TestCase
                 $json->has('messages.department_id')->etc();
             });
     }
+
+    public function testCanStoreUser()
+    {
+        $this->actingAsForApi(User::factory()->createUsers()->create())
+            ->postJson(route('api.users.store'), [
+                'first_name' => 'Darth',
+                'username' => 'darthvader',
+                'password' => 'darth_password',
+                'password_confirmation' => 'darth_password',
+            ])
+            ->assertStatusMessageIs('success')
+            ->assertOk();
+
+        $this->assertDatabaseHas('users', [
+            'first_name' => 'Darth',
+            'username' => 'darthvader',
+        ]);
+    }
 }