diff --git a/app/Console/Commands/CheckData.php b/app/Console/Commands/CheckData.php index fd934399fe43..7ffba27472b4 100644 --- a/app/Console/Commands/CheckData.php +++ b/app/Console/Commands/CheckData.php @@ -15,6 +15,7 @@ use App; use App\DataMapper\ClientSettings; use App\Factory\ClientContactFactory; use App\Factory\VendorContactFactory; +use App\Jobs\Company\CreateCompanyToken; use App\Models\Account; use App\Models\Client; use App\Models\ClientContact; @@ -124,7 +125,8 @@ class CheckData extends Command $this->checkOauthSanity(); $this->checkVendorSettings(); $this->checkClientSettings(); - + $this->checkCompanyTokens(); + if(Ninja::isHosted()){ $this->checkAccountStatuses(); $this->checkNinjaPortalUrls(); @@ -157,6 +159,25 @@ class CheckData extends Command $this->log .= $str."\n"; } + private function checkCompanyTokens() + { + + CompanyUser::doesnthave('token')->cursor()->each(function ($cu){ + + if($cu->user){ + $this->logMessage("Creating missing company token for user # {$cu->user->id} for company id # {$cu->company->id}"); + (new CreateCompanyToken($cu->company, $cu->user, 'System'))->handle(); + } + else { + $this->logMessage("Dangling User ID # {$cu->id}"); + } + + }); + + + + } + private function checkOauthSanity() { User::where('oauth_provider_id', '1')->cursor()->each(function ($user){ @@ -422,17 +443,26 @@ class CheckData extends Command $contact_class = VendorContact::class; } - $invitation = new $entity_obj(); - $invitation->company_id = $entity->company_id; - $invitation->user_id = $entity->user_id; - $invitation->{$entity_key} = $entity->id; - $invitation->{$contact_id} = $contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->first()->id; - $invitation->key = Str::random(config('ninja.key_length')); + $invitation = false; - $this->logMessage("Add invitation for {$entity_key} - {$entity->id}"); + //check contact exists! + if($contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->exists()) + { + $invitation = new $entity_obj(); + $invitation->company_id = $entity->company_id; + $invitation->user_id = $entity->user_id; + $invitation->{$entity_key} = $entity->id; + $invitation->{$contact_id} = $contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->first()->id; + $invitation->key = Str::random(config('ninja.key_length')); + $this->logMessage("Add invitation for {$entity_key} - {$entity->id}"); + } + else + $this->logMessage("No contact present, so cannot add invitation for {$entity_key} - {$entity->id}"); try{ - $invitation->save(); + + if($invitation) + $invitation->save(); } catch(\Exception $e){ $this->logMessage($e->getMessage()); diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php index 3d687333ce81..7727fef4a4f0 100644 --- a/app/Http/Controllers/BaseController.php +++ b/app/Http/Controllers/BaseController.php @@ -886,7 +886,7 @@ class BaseController extends Controller } */ - + /*21-01-2023*/ /**/ // 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected // 28-03-2022 this is definitely correct here, do not append _ to the view, it resolved correctly when snake cased @@ -908,8 +908,6 @@ class BaseController extends Controller /**/ - - if (request()->has('updated_at') && request()->input('updated_at') > 0) { $query->where('updated_at', '>=', date('Y-m-d H:i:s', intval(request()->input('updated_at')))); } diff --git a/tests/Feature/BaseApiTest.php b/tests/Feature/BaseApiTest.php index 40e3c2e1edbc..7a29402defb4 100644 --- a/tests/Feature/BaseApiTest.php +++ b/tests/Feature/BaseApiTest.php @@ -191,8 +191,6 @@ class BaseApiTest extends TestCase $company_token->is_system = true; $company_token->save(); - - Product::factory()->create([ 'user_id' => $user_id, 'company_id' => $company->id, @@ -203,7 +201,6 @@ class BaseApiTest extends TestCase 'company_id' => $company->id, ]); - $contact = ClientContact::factory()->create([ 'user_id' => $user_id, 'client_id' => $client->id, @@ -307,7 +304,6 @@ class BaseApiTest extends TestCase 'client_id' => $client->id, ]); - $task_status = TaskStatus::factory()->create([ 'user_id' => $user_id, 'company_id' => $company->id, @@ -321,7 +317,6 @@ class BaseApiTest extends TestCase 'company_id' => $company->id, ]); - $tax_rate = TaxRate::factory()->create([ 'user_id' => $user_id, 'company_id' => $company->id, @@ -388,7 +383,6 @@ class BaseApiTest extends TestCase $cgt = ClientGatewayTokenFactory::create($company->id); $cgt->save(); - } // public function testGeneratingClassName() @@ -430,14 +424,20 @@ class BaseApiTest extends TestCase ); }); - $response = $this->withHeaders([ - 'X-API-SECRET' => config('ninja.api_secret'), - 'X-API-TOKEN' => $this->low_token, - ])->get('/api/v1/companies/'.$this->company->hashed_id) - ->assertStatus(401); + } + + public function testOwnerAccessCompany() + { + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->low_token, + ])->get('/api/v1/companies/'.$this->company->hashed_id) + ->assertStatus(401); } + public function testAdminRoutes() { $this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first(); @@ -447,7 +447,6 @@ class BaseApiTest extends TestCase $this->owner_cu->permissions = '[]'; $this->owner_cu->save(); - $response = $this->withHeaders([ 'X-API-SECRET' => config('ninja.api_secret'), 'X-API-TOKEN' => $this->owner_token, @@ -456,7 +455,6 @@ class BaseApiTest extends TestCase $response->assertStatus(200) ->assertJson(fn (AssertableJson $json) => $json->has('data',2)->etc()); - /*does not test the number of records however*/ collect($this->list_routes)->filter(function ($route){ return !in_array($route, ['users','designs','payment_terms']); })->each(function($route){ @@ -472,11 +470,16 @@ class BaseApiTest extends TestCase ); }); + } + + public function testAdminAccessCompany() + { + $response = $this->withHeaders([ - 'X-API-SECRET' => config('ninja.api_secret'), - 'X-API-TOKEN' => $this->owner_token, - ])->get('/api/v1/companies/'.$this->company->hashed_id) - ->assertStatus(200); + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->owner_token, + ])->get('/api/v1/companies/'.$this->company->hashed_id) + ->assertStatus(200); } @@ -492,11 +495,9 @@ class BaseApiTest extends TestCase $response = $this->withHeaders([ 'X-API-SECRET' => config('ninja.api_secret'), 'X-API-TOKEN' => $this->owner_token, - ])->get('/api/v1/users/'); + ])->get('/api/v1/users/') + ->assertStatus(403); - $response->assertStatus(403); - - /*does not test the number of records however*/ collect($this->list_routes)->filter(function ($route){ return !in_array($route, ['users','designs','payment_terms']); })->each(function($route){ @@ -508,14 +509,25 @@ class BaseApiTest extends TestCase ->assertStatus(403); }); - $response = $this->withHeaders([ - 'X-API-SECRET' => config('ninja.api_secret'), - 'X-API-TOKEN' => $this->owner_token, - ])->get('/api/v1/companies/'.$this->company->hashed_id) - ->assertStatus(403); - } + public function testAdminLockedCompany() + { + + $this->owner_cu = CompanyUser::where('user_id', $this->owner_cu->user_id)->where('company_id', $this->owner_cu->company_id)->first(); + $this->owner_cu->is_owner = false; + $this->owner_cu->is_admin = true; + $this->owner_cu->is_locked = true; + $this->owner_cu->permissions = '[]'; + $this->owner_cu->save(); + + $response = $this->withHeaders([ + 'X-API-SECRET' => config('ninja.api_secret'), + 'X-API-TOKEN' => $this->owner_token, + ])->get('/api/v1/companies/'.$this->company->hashed_id) + ->assertStatus(403); + + } /**