From cdfe8e459dc710394c3891371b66d94932aa46f9 Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Mon, 7 Aug 2023 16:36:01 -0700
Subject: [PATCH 1/4] Add simple test cases for api department index

---
 .../Api/Departments/DepartmentIndexTest.php   | 81 +++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 tests/Feature/Api/Departments/DepartmentIndexTest.php

diff --git a/tests/Feature/Api/Departments/DepartmentIndexTest.php b/tests/Feature/Api/Departments/DepartmentIndexTest.php
new file mode 100644
index 000000000..505e92bd2
--- /dev/null
+++ b/tests/Feature/Api/Departments/DepartmentIndexTest.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace Tests\Feature\Api\Departments;
+
+use App\Models\Company;
+use App\Models\Department;
+use App\Models\User;
+use Illuminate\Testing\Fluent\AssertableJson;
+use Tests\Support\InteractsWithSettings;
+use Tests\TestCase;
+
+class DepartmentIndexTest extends TestCase
+{
+    use InteractsWithSettings;
+
+    public function testDepartmentIndexReturnsExpectedDepartments()
+    {
+        Department::factory()->count(3)->create();
+
+        $this->actingAsForApi(User::factory()->superuser()->create())
+            ->getJson(
+                route('api.departments.index', [
+                    'sort' => 'name',
+                    'order' => 'asc',
+                    'offset' => '0',
+                    'limit' => '20',
+                ]))
+            ->assertOk()
+            ->assertJsonStructure([
+                'total',
+                'rows',
+            ])
+            ->assertJson(fn(AssertableJson $json) => $json->has('rows', 3)->etc());
+    }
+
+    public function testDepartmentIndexAdheresToCompanyScoping()
+    {
+        [$companyA, $companyB] = Company::factory()->count(2)->create();
+
+        $departmentA = Department::factory()->for($companyA)->create();
+        $departmentB = Department::factory()->for($companyB)->create();
+
+        $superUser = $companyA->users()->save(User::factory()->superuser()->make());
+        $userInCompanyA = $companyA->users()->save(User::factory()->viewDepartments()->make());
+        $userInCompanyB = $companyB->users()->save(User::factory()->viewDepartments()->make());
+
+        $this->settings->disableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+
+        $this->settings->enableMultipleFullCompanySupport();
+
+        $this->actingAsForApi($superUser)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+
+        $this->actingAsForApi($userInCompanyA)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseContainsInRows($departmentA)
+            ->assertResponseDoesNotContainInRows($departmentB);
+
+        $this->actingAsForApi($userInCompanyB)
+            ->getJson(route('api.departments.index'))
+            ->assertResponseDoesNotContainInRows($departmentA)
+            ->assertResponseContainsInRows($departmentB);
+    }
+}

From f7b2075e9e12c506824b99a6cd7f5c07120ead04 Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Mon, 7 Aug 2023 16:54:02 -0700
Subject: [PATCH 2/4] Add CompanyableTrait to Department

---
 app/Models/Department.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Models/Department.php b/app/Models/Department.php
index 90fde79df..62755d2aa 100644
--- a/app/Models/Department.php
+++ b/app/Models/Department.php
@@ -9,6 +9,7 @@ use Watson\Validating\ValidatingTrait;
 
 class Department extends SnipeModel
 {
+    use CompanyableTrait;
     use HasFactory;
 
     /**

From 7c5a1b376e77acb8d10cb6a32e90125f3a552b49 Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Mon, 7 Aug 2023 16:54:23 -0700
Subject: [PATCH 3/4] Remove redundant Company::scopeCompanyables wrapper

---
 app/Http/Controllers/Api/DepartmentsController.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/Api/DepartmentsController.php b/app/Http/Controllers/Api/DepartmentsController.php
index ef988af59..d152d0a50 100644
--- a/app/Http/Controllers/Api/DepartmentsController.php
+++ b/app/Http/Controllers/Api/DepartmentsController.php
@@ -27,7 +27,7 @@ class DepartmentsController extends Controller
         $this->authorize('view', Department::class);
         $allowed_columns = ['id', 'name', 'image', 'users_count'];
 
-        $departments = Company::scopeCompanyables(Department::select(
+        $departments = Department::select(
             'departments.id',
             'departments.name',
             'departments.phone',
@@ -37,8 +37,8 @@ class DepartmentsController extends Controller
             'departments.manager_id',
             'departments.created_at',
             'departments.updated_at',
-            'departments.image'),
-             "company_id", "departments")->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
+            'departments.image'
+        )->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
 
         if ($request->filled('search')) {
             $departments = $departments->TextSearch($request->input('search'));

From 42055bb69d16cfc83091cb18a9b4c3a63f0516b1 Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Mon, 7 Aug 2023 17:42:28 -0700
Subject: [PATCH 4/4] Add authentication and authorization tests for department
 index method

---
 .../Feature/Api/Departments/DepartmentIndexTest.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/Feature/Api/Departments/DepartmentIndexTest.php b/tests/Feature/Api/Departments/DepartmentIndexTest.php
index 505e92bd2..1a3884308 100644
--- a/tests/Feature/Api/Departments/DepartmentIndexTest.php
+++ b/tests/Feature/Api/Departments/DepartmentIndexTest.php
@@ -5,6 +5,7 @@ namespace Tests\Feature\Api\Departments;
 use App\Models\Company;
 use App\Models\Department;
 use App\Models\User;
+use Illuminate\Routing\Route;
 use Illuminate\Testing\Fluent\AssertableJson;
 use Tests\Support\InteractsWithSettings;
 use Tests\TestCase;
@@ -13,6 +14,18 @@ class DepartmentIndexTest extends TestCase
 {
     use InteractsWithSettings;
 
+    public function testViewingDepartmentIndexRequiresAuthentication()
+    {
+        $this->getJson(route('api.departments.index'))->assertRedirect();
+    }
+
+    public function testViewingDepartmentIndexRequiresPermission()
+    {
+        $this->actingAsForApi(User::factory()->create())
+            ->getJson(route('api.departments.index'))
+            ->assertForbidden();
+    }
+
     public function testDepartmentIndexReturnsExpectedDepartments()
     {
         Department::factory()->count(3)->create();