diff --git a/app/Http/Controllers/PurchaseOrderController.php b/app/Http/Controllers/PurchaseOrderController.php index 15b9bcd674d2..21e92e494ce4 100644 --- a/app/Http/Controllers/PurchaseOrderController.php +++ b/app/Http/Controllers/PurchaseOrderController.php @@ -17,6 +17,7 @@ use App\Events\PurchaseOrder\PurchaseOrderWasUpdated; use App\Factory\PurchaseOrderFactory; use App\Filters\PurchaseOrderFilters; use App\Http\Requests\PurchaseOrder\ActionPurchaseOrderRequest; +use App\Http\Requests\PurchaseOrder\BulkPurchaseOrderRequest; use App\Http\Requests\PurchaseOrder\CreatePurchaseOrderRequest; use App\Http\Requests\PurchaseOrder\DestroyPurchaseOrderRequest; use App\Http\Requests\PurchaseOrder\EditPurchaseOrderRequest; @@ -475,12 +476,12 @@ class PurchaseOrderController extends BaseController * ), * ) */ - public function bulk() + public function bulk(BulkPurchaseOrderRequest $request) { - $action = request()->input('action'); + $action = $request->input('action'); - $ids = request()->input('ids'); + $ids = $request->input('ids'); if(Ninja::isHosted() && (stripos($action, 'email') !== false) && !auth()->user()->company()->account->account_sms_verified) return response(['message' => 'Please verify your account to send emails.'], 400); @@ -497,7 +498,6 @@ class PurchaseOrderController extends BaseController if ($action == 'bulk_download' && $purchase_orders->count() >= 1) { $purchase_orders->each(function ($purchase_order) { if (auth()->user()->cannot('view', $purchase_order)) { - nlog("access denied"); return response()->json(['message' => ctrans('text.access_denied')]); } }); diff --git a/app/Http/Controllers/TaskStatusController.php b/app/Http/Controllers/TaskStatusController.php index c037cfb05973..f487de5ad877 100644 --- a/app/Http/Controllers/TaskStatusController.php +++ b/app/Http/Controllers/TaskStatusController.php @@ -4,6 +4,7 @@ namespace App\Http\Controllers; use App\Factory\TaskStatusFactory; use App\Filters\TaskStatusFilters; +use App\Http\Requests\TaskStatus\ActionTaskStatusRequest; use App\Http\Requests\TaskStatus\CreateTaskStatusRequest; use App\Http\Requests\TaskStatus\DestroyTaskStatusRequest; use App\Http\Requests\TaskStatus\ShowTaskStatusRequest; @@ -449,18 +450,20 @@ class TaskStatusController extends BaseController * ), * ) */ - public function bulk() + public function bulk(ActionTaskStatusRequest $request) { - $action = request()->input('action'); + $action = $request->input('action'); - $ids = request()->input('ids'); + $ids = $request->input('ids'); - $task_status = TaskStatus::withTrashed()->company()->find($this->transformKeys($ids)); + TaskStatus::withTrashed() + ->company() + ->whereIn('id', $this->transformKeys($ids)) + ->cursor() + ->each(function ($task_status, $key) use ($action) { - $task_status->each(function ($task_status, $key) use ($action) { - if (auth()->user()->can('edit', $task_status)) { $this->task_status_repo->{$action}($task_status); - } + }); return $this->listResponse(TaskStatus::withTrashed()->whereIn('id', $this->transformKeys($ids))); diff --git a/app/Http/Requests/PurchaseOrder/ActionPurchaseOrderRequest.php b/app/Http/Requests/PurchaseOrder/ActionPurchaseOrderRequest.php index 36cd952c15ee..63fe16244090 100644 --- a/app/Http/Requests/PurchaseOrder/ActionPurchaseOrderRequest.php +++ b/app/Http/Requests/PurchaseOrder/ActionPurchaseOrderRequest.php @@ -12,21 +12,16 @@ namespace App\Http\Requests\PurchaseOrder; use App\Http\Requests\Request; -use App\Models\PurchaseOrder; -use App\Utils\Traits\MakesHash; class ActionPurchaseOrderRequest extends Request { - use MakesHash; + private $error_msg; /** * Determine if the user is authorized to make this request. * * @return bool */ - private $error_msg; - - // private $invoice; public function authorize() : bool { diff --git a/app/Http/Requests/PurchaseOrder/BulkPurchaseOrderRequest.php b/app/Http/Requests/PurchaseOrder/BulkPurchaseOrderRequest.php new file mode 100644 index 000000000000..0790444a1a49 --- /dev/null +++ b/app/Http/Requests/PurchaseOrder/BulkPurchaseOrderRequest.php @@ -0,0 +1,38 @@ + 'required|bail|array|min:1', + 'action' => 'in:archive,restore,delete,email,bulk_download,bulk_print,mark_sent,download,send_email,add_to_inventory,expense,cancel' + ]; + } + +} diff --git a/app/Http/Requests/TaskStatus/ActionTaskStatusRequest.php b/app/Http/Requests/TaskStatus/ActionTaskStatusRequest.php index a340cd44d281..3df02d2dde86 100644 --- a/app/Http/Requests/TaskStatus/ActionTaskStatusRequest.php +++ b/app/Http/Requests/TaskStatus/ActionTaskStatusRequest.php @@ -24,4 +24,14 @@ class ActionTaskStatusRequest extends Request { return auth()->user()->isAdmin(); } + + public function rules() + { + + return [ + 'ids' => 'required|bail|array', + 'action' => 'in:archive,restore,delete' + ]; + + } } diff --git a/tests/Feature/PurchaseOrderTest.php b/tests/Feature/PurchaseOrderTest.php index ff5037d6ab2a..19ce7455013a 100644 --- a/tests/Feature/PurchaseOrderTest.php +++ b/tests/Feature/PurchaseOrderTest.php @@ -40,6 +40,102 @@ class PurchaseOrderTest extends TestCase $this->makeTestData(); } + public function testPurchaseOrderBulkActions() + { + $i = $this->purchase_order->invitations->first(); + + $data = [ + 'ids' =>[$this->purchase_order->hashed_id], + 'action' => 'archive', + ]; + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->token, + ])->post("/api/v1/purchase_orders/bulk", $data) + ->assertStatus(200); + + $data = [ + 'ids' =>[$this->purchase_order->hashed_id], + 'action' => 'restore', + ]; + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->token, + ])->post("/api/v1/purchase_orders/bulk", $data) + ->assertStatus(200); + + $data = [ + 'ids' =>[$this->purchase_order->hashed_id], + 'action' => 'delete', + ]; + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->token, + ])->post("/api/v1/purchase_orders/bulk", $data) + ->assertStatus(200); + + + $data = [ + 'ids' =>[$this->purchase_order->hashed_id], + 'action' => 'restore', + ]; + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->token, + ])->post("/api/v1/purchase_orders/bulk", $data) + ->assertStatus(200); + + $data = [ + 'ids' =>[$this->purchase_order->hashed_id], + 'action' => 'email', + ]; + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->token, + ])->post("/api/v1/purchase_orders/bulk", $data) + ->assertStatus(200); + + $data = [ + 'ids' =>[], + 'action' => 'archive', + ]; + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->token, + ])->post("/api/v1/purchase_orders/bulk", $data) + ->assertStatus(302); + + $data = [ + 'ids' =>[$this->purchase_order->hashed_id], + 'action' => '', + ]; + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->token, + ])->post("/api/v1/purchase_orders/bulk", $data) + ->assertStatus(302); + + + $data = [ + 'ids' =>[$this->purchase_order->hashed_id], + 'action' => 'molly', + ]; + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->token, + ])->post("/api/v1/purchase_orders/bulk", $data) + ->assertStatus(302); + + } + public function testPurchaseOrderDownloadPDF() { $i = $this->purchase_order->invitations->first();