Fixed update for member with role employee

solidtime-io · May 21, 2024 · 5a8dc60 · 5a8dc60
1 parent 5c44f25
commit 5a8dc60
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/app/Http/Controllers/Api/V1/TimeEntryController.php b/app/Http/Controllers/Api/V1/TimeEntryController.php
@@ -236,7 +236,7 @@ public function update(Organization $organization, TimeEntry $timeEntry, TimeEnt
     {
         /** @var Member|null $member */
         $member = $request->has('member_id') ? Member::query()->findOrFail($request->get('member_id')) : null;
-        if ($timeEntry->member->user_id === Auth::id() && $member?->user_id === Auth::id()) {
+        if ($timeEntry->member->user_id === Auth::id() && ($member === null || $member->user_id === Auth::id())) {
             $this->checkPermission($organization, 'time-entries:update:own');
         } else {
             $this->checkPermission($organization, 'time-entries:update:all');

diff --git a/tests/Unit/Endpoint/Api/V1/TimeEntryEndpointTest.php b/tests/Unit/Endpoint/Api/V1/TimeEntryEndpointTest.php
@@ -1144,6 +1144,33 @@ public function test_update_endpoint_updates_time_entry_for_current_user(): void
         ]);
     }
 
+    public function test_update_endpoint_updates_time_entry_for_current_user_but_does_not_send_member_id(): void
+    {
+        // Arrange
+        $data = $this->createUserWithPermission([
+            'time-entries:update:own',
+        ]);
+        $timeEntry = TimeEntry::factory()->forOrganization($data->organization)->forMember($data->member)->create();
+        $timeEntryFake = TimeEntry::factory()->withTags($data->organization)->forOrganization($data->organization)->make();
+        Passport::actingAs($data->user);
+
+        // Act
+        $response = $this->putJson(route('api.v1.time-entries.update', [$data->organization->getKey(), $timeEntry->getKey()]), [
+            'description' => $timeEntryFake->description,
+            'start' => $timeEntryFake->start->toIso8601ZuluString(),
+            'end' => $timeEntryFake->end->toIso8601ZuluString(),
+            'tags' => $timeEntryFake->tags,
+        ]);
+
+        // Assert
+        $response->assertStatus(200);
+        $this->assertDatabaseHas(TimeEntry::class, [
+            'id' => $timeEntry->getKey(),
+            'member_id' => $data->member->getKey(),
+            'task_id' => $timeEntryFake->task_id,
+        ]);
+    }
+
     public function test_update_endpoint_fails_if_user_tries_to_reactivate_a_time_entry(): void
     {
         // Arrange