diff --git a/app/Http/Controllers/Api/V1/Admin/BlogController.php b/app/Http/Controllers/Api/V1/Admin/BlogController.php index 6456a054..123db532 100755 --- a/app/Http/Controllers/Api/V1/Admin/BlogController.php +++ b/app/Http/Controllers/Api/V1/Admin/BlogController.php @@ -117,7 +117,7 @@ public function store(Request $request) DB::beginTransaction(); $savedPath = Storage::disk('public')->put('images', $request->file('image_url')); - $imageUrl = url('storage/' . $savedPath); + $imageUrl = 'storage/' . $savedPath; $blog = Blog::create([ 'title' => $request->get('title'), diff --git a/app/Http/Controllers/Api/V1/RoleController.php b/app/Http/Controllers/Api/V1/RoleController.php index fbea1329..af7a514e 100755 --- a/app/Http/Controllers/Api/V1/RoleController.php +++ b/app/Http/Controllers/Api/V1/RoleController.php @@ -25,17 +25,14 @@ class RoleController extends Controller /** * Store a newly created resource in storage. */ - public function store(StoreRoleRequest $request) + public function store(StoreRoleRequest $request, $orgId) { - Log::info('Incoming role creation request', $request->all()); try { DB::beginTransaction(); - $org_id = $request->organisation_id; - // Validate the organisation ID as a UUID - if (!preg_match('/^[a-f0-9-]{36}$/', $org_id)) { + if (!preg_match('/^[a-f0-9-]{36}$/', $orgId)) { return response()->json([ 'status_code' => Response::HTTP_BAD_REQUEST, 'error' => 'Invalid input', @@ -44,17 +41,17 @@ public function store(StoreRoleRequest $request) } // Check whether the organisation exists - $organisation = Organisation::find($org_id); + $organisation = Organisation::find($orgId); if (!$organisation) { return response()->json([ 'status_code' => Response::HTTP_NOT_FOUND, 'error' => 'Organisation not found', - 'message' => 'The organisation with ID ' . $org_id . ' does not exist', + 'message' => 'The organisation with ID ' . $orgId . ' does not exist', ], Response::HTTP_NOT_FOUND); } // Check for duplicate role name within the organisation - $existingRole = Role::where('org_id', $org_id)->where('name', $request->role_name)->first(); + $existingRole = Role::where('org_id', $orgId)->where('name', $request->name)->first(); if ($existingRole) { return response()->json([ 'status_code' => Response::HTTP_CONFLICT, @@ -65,22 +62,34 @@ public function store(StoreRoleRequest $request) // Creating the role $role = Role::create([ - 'name' => $request->role_name, + 'name' => $request->name, 'description' => $request->description, - 'org_id' => $org_id, + 'org_id' => $orgId, ]); // Attach the permission to the role - $role->permissions()->attach($request->permissions_id); + $role->permissions()->attach($request->permissions); + + // Retrieve all attached permissions with additional details + $permissions = $role->permissions->map(function ($permission) { + return [ + 'id' => $permission->permission_id, + 'name' => $permission->name, + ]; + }); DB::commit(); return response()->json([ - 'id' => $role->id, - 'name' => $role->name, - 'description' => $role->description, - 'message' => "Role created successfully", - 'status_code' => Response::HTTP_CREATED, + 'status_code' => 201, + 'data' => [ + 'id' => $role->id, + 'name' => $role->name, + 'description' => $role->description, + 'permissions' => $permissions, + ], + 'error' => null, + 'message' => 'Role created successfully', ], Response::HTTP_CREATED); } catch (\Exception $e) { DB::rollBack(); @@ -158,12 +167,16 @@ public function assignRole(Request $request, $org_id, $user_id) 'role' => 'required|string|exists:roles,name', ]); + if ($validator->fails()) { + return $this->apiResponse($validator->errors(), 422); + } if ($validator->fails()) { return $this->apiResponse($validator->errors(), 422); } $user = User::find($user_id); - if (!$user) return ResponseHelper::response("User not found", 404, null); + if (!$user) + return ResponseHelper::response("User not found", 404, null); if ($organisation = Organisation::find($org_id)) { if (!$organisation->users->contains($user->id)) return ResponseHelper::response("You are not authorised to perform this action", 409, null); @@ -173,22 +186,27 @@ public function assignRole(Request $request, $org_id, $user_id) return ResponseHelper::response("Roles updated successfully", 200, null); else return response()->json(['message' => 'Role update failed', 'error' => $result], 400); - } else return ResponseHelper::response("Organisation not found", 404, null); + } else + return ResponseHelper::response("Organisation not found", 404, null); } public function update(UpdateRoleRequest $request, $org_id, $role_id) { $user = auth('api')->user(); - if (!$user) return ResponseHelper::response("Authentication failed", 401, null); + if (!$user) + return ResponseHelper::response("Authentication failed", 401, null); if ($organisation = Organisation::find($org_id)) { - if (!$organisation->users->contains($user->id)) return ResponseHelper::response("You are not authorised to perform this action", 401, null); + if (!$organisation->users->contains($user->id)) + return ResponseHelper::response("You are not authorised to perform this action", 401, null); if ($role = Role::find($role_id)) { $role->update($request->only('name', 'description')); return ResponseHelper::response("Role updated successfully", 200, $role); - } else return ResponseHelper::response("Role not found", 404, null); - } else return ResponseHelper::response("Organisation not found", 404, null); + } else + return ResponseHelper::response("Role not found", 404, null); + } else + return ResponseHelper::response("Organisation not found", 404, null); } - + // To get all roles public function index($org_id) { @@ -233,7 +251,7 @@ public function show($org_id, $role_id) { try { // Validate UUID format - if (!Str::isUuid($org_id) || !is_numeric($role_id)) { + if (!Str::isUuid($org_id) || !Str::isUuid($role_id)) { Log::error('Invalid UUID or ID format', [ 'org_id' => $org_id, 'role_id' => $role_id, @@ -338,7 +356,8 @@ public function assignPermissions(Request $request, $org_id, $role_id) $payload = Validator::make($request->all(), [ 'permission_list' => 'required|array' ]); - if ($payload->fails()) return ResponseHelper::response($payload->errors(), 422, null); + if ($payload->fails()) + return ResponseHelper::response($payload->errors(), 422, null); if ($role && !$payload->fails()) { foreach ($request->permission_list as $permission => $value) { $permissionId = Permission::where('name', $permission)->value('id'); @@ -349,7 +368,8 @@ public function assignPermissions(Request $request, $org_id, $role_id) } } return ResponseHelper::response("Permissions updated successfully", 202, null); - } else return ResponseHelper::response("Role not found", 404, null); + } else + return ResponseHelper::response("Role not found", 404, null); } public function destroy(Request $request, $org_id, $role_id) diff --git a/app/Http/Requests/StoreRoleRequest.php b/app/Http/Requests/StoreRoleRequest.php index e656d60f..565fc216 100755 --- a/app/Http/Requests/StoreRoleRequest.php +++ b/app/Http/Requests/StoreRoleRequest.php @@ -23,26 +23,33 @@ public function authorize(): bool public function rules(): array { return [ - 'role_name' => [ + 'name' => [ 'required', 'string', 'max:255' ], - 'organisation_id' => [ - 'required', + 'description' => [ + 'nullable', 'string', 'max:255', - 'exists:organisations,org_id', - Rule::unique('roles', 'org_id')->where('name', $this->input('role_name')) ], - 'permissions_id' => 'required', + 'permissions' => [ + 'required', + 'array', + ], + 'permissions.*' => [ + 'uuid', + 'exists:permissions,id', + ], ]; } public function messages() { return [ - 'organisation_id.unique'=> "'".$this->input('role_name')."' role has already been created for the organisation", + 'permissions.array' => 'Permissions must be provided as an array.', + 'permissions.*.uuid' => 'Each permission ID must be a valid UUID.', + 'permissions.*.exists' => 'Each permission ID must be valid.', ]; } } diff --git a/app/Models/Permission.php b/app/Models/Permission.php index a7bbd24a..caa50ca3 100755 --- a/app/Models/Permission.php +++ b/app/Models/Permission.php @@ -2,18 +2,20 @@ namespace App\Models; +use Illuminate\Database\Eloquent\Concerns\HasUuids; use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Model; class Permission extends Model { - use HasFactory; + use HasFactory, HasUuids; protected $fillable = ['name']; public function roles() { - return $this->belongsToMany(Role::class, 'roles_permissions'); + return $this->belongsToMany(Role::class, 'roles_permissions', 'permission_id', 'role_id') + ->using(RolePermission::class); } public function users() diff --git a/app/Models/Role.php b/app/Models/Role.php index b83e61b6..2be1808e 100755 --- a/app/Models/Role.php +++ b/app/Models/Role.php @@ -2,18 +2,20 @@ namespace App\Models; +use Illuminate\Database\Eloquent\Concerns\HasUuids; use Illuminate\Database\Eloquent\Factories\HasFactory; use Illuminate\Database\Eloquent\Model; class Role extends Model { - use HasFactory; + use HasFactory, HasUuids; protected $fillable = ['name', 'description', 'org_id', 'is_active', 'is_default']; public function permissions() { - return $this->belongsToMany(Permission::class, 'roles_permissions', 'role_id', 'permission_id'); + return $this->belongsToMany(Permission::class, 'roles_permissions', 'role_id', 'permission_id') + ->using(RolePermission::class); } public function users() diff --git a/app/Models/RolePermission.php b/app/Models/RolePermission.php new file mode 100644 index 00000000..2defd7f9 --- /dev/null +++ b/app/Models/RolePermission.php @@ -0,0 +1,12 @@ +id(); + $table->uuid('id')->primary(); $table->string('name'); $table->timestamp('deleted_at')->nullable(); $table->timestamps(); diff --git a/database/migrations/2024_07_21_121543_create_roles_table.php b/database/migrations/2024_07_21_121543_create_roles_table.php index 1fbea6b5..4265db25 100755 --- a/database/migrations/2024_07_21_121543_create_roles_table.php +++ b/database/migrations/2024_07_21_121543_create_roles_table.php @@ -12,7 +12,7 @@ public function up(): void { Schema::create('roles', function (Blueprint $table) { - $table->id(); + $table->uuid('id')->primary(); $table->string('name'); $table->text('description')->nullable(); $table->foreignUuid('org_id')->references('org_id')->on('organisations')->constrained()->onDelete('cascade')->onUpdate('cascade'); diff --git a/database/migrations/2024_07_21_121928_create_roles_permissions_table.php b/database/migrations/2024_07_21_121928_create_roles_permissions_table.php index cead8d4e..58878a64 100755 --- a/database/migrations/2024_07_21_121928_create_roles_permissions_table.php +++ b/database/migrations/2024_07_21_121928_create_roles_permissions_table.php @@ -12,9 +12,9 @@ public function up(): void { Schema::create('roles_permissions', function (Blueprint $table) { - $table->id(); - $table->foreignId('role_id')->constrained('roles', 'id')->cascadeOnDelete()->cascadeOnUpdate(); - $table->foreignId('permission_id')->constrained('permissions', 'id')->cascadeOnDelete() + $table->uuid('id')->primary(); + $table->foreignUuid('role_id')->constrained('roles', 'id')->cascadeOnDelete()->cascadeOnUpdate(); + $table->foreignUuid('permission_id')->constrained('permissions', 'id')->cascadeOnDelete() ->cascadeOnUpdate(); $table->timestamps(); }); diff --git a/database/migrations/2024_07_21_123053_create_users_permissions_table.php b/database/migrations/2024_07_21_123053_create_users_permissions_table.php index ee4b7f5b..2976e70b 100755 --- a/database/migrations/2024_07_21_123053_create_users_permissions_table.php +++ b/database/migrations/2024_07_21_123053_create_users_permissions_table.php @@ -14,7 +14,7 @@ public function up(): void Schema::create('users_permissions', function (Blueprint $table) { $table->id(); $table->foreignUuid('user_id')->constrained('users', 'id')->cascadeOnDelete()->cascadeOnUpdate(); - $table->foreignId('permission_id')->constrained('permissions', 'id')->cascadeOnDelete()->cascadeOnUpdate(); + $table->foreignUuid('permission_id')->constrained('permissions', 'id')->cascadeOnDelete()->cascadeOnUpdate(); $table->timestamps(); }); } diff --git a/database/migrations/2024_07_21_123058_create_users_roles_table.php b/database/migrations/2024_07_21_123058_create_users_roles_table.php index 72e1bc32..5bb5b2b8 100755 --- a/database/migrations/2024_07_21_123058_create_users_roles_table.php +++ b/database/migrations/2024_07_21_123058_create_users_roles_table.php @@ -14,7 +14,7 @@ public function up(): void Schema::create('users_roles', function (Blueprint $table) { $table->id(); $table->foreignUuid('user_id')->constrained('users', 'id')->cascadeOnDelete()->cascadeOnUpdate(); - $table->foreignId('role_id')->constrained('roles', 'id')->cascadeOnDelete()->cascadeOnUpdate(); + $table->foreignUuid('role_id')->constrained('roles', 'id')->cascadeOnDelete()->cascadeOnUpdate(); $table->timestamps(); }); } diff --git a/routes/api.php b/routes/api.php index a3bd8d70..51db32fc 100755 --- a/routes/api.php +++ b/routes/api.php @@ -242,7 +242,7 @@ Route::patch('/accounts/deactivate', [AccountController::class, 'deactivate']); // Roles - Route::post('/organisations/{org_id}/roles', [RoleController::class, 'store']); + Route::post('/organisations/{orgId}/roles', [RoleController::class, 'store']); Route::put('/organisations/{org_id}/roles/{role_id}', [RoleController::class, 'update']); Route::put('/organisations/{org_id}/roles/{role_id}/disable', [RoleController::class, 'disableRole']); Route::get('/organisations/{org_id}/roles', [RoleController::class, 'index']); diff --git a/tests/Feature/BlogControllerTest.php b/tests/Feature/BlogControllerTest.php index 4b1867c3..d75ac33c 100644 --- a/tests/Feature/BlogControllerTest.php +++ b/tests/Feature/BlogControllerTest.php @@ -189,7 +189,7 @@ public function test_admin_can_create_blog_post() $image = UploadedFile::fake()->image('image1.jpg'); $path = Storage::putFile('public/images', $image); - $imageUrl = str_replace('public/', 'storage/', $path); + $imageUrl = str_replace('public/', 'storage/', $path); $response = $this->withHeaders(['Authorization' => "Bearer $token"])->postJson('/api/v1/blogs', [ 'title' => 'Test Blog Post', diff --git a/tests/Feature/OrganisationRoleTest.php b/tests/Feature/OrganisationRoleTest.php index cecae281..3228173d 100644 --- a/tests/Feature/OrganisationRoleTest.php +++ b/tests/Feature/OrganisationRoleTest.php @@ -94,7 +94,7 @@ public function test_get_role_by_org_and_role_id_not_found() // Send request for a non-existent role $response = $this->withHeaders([ 'Authorization' => "Bearer $token" - ])->getJson("/api/v1/organisation/{$organisation->org_id}/roles/999"); + ])->getJson("/api/v1/organisation/{$organisation->org_id}/roles/00000000-0000-0000-0000-000000000000"); // Assert not found response $response->assertStatus(404) diff --git a/tests/Feature/RoleCreationTest.php b/tests/Feature/RoleCreationTest.php index cb7e8679..816f5c1b 100755 --- a/tests/Feature/RoleCreationTest.php +++ b/tests/Feature/RoleCreationTest.php @@ -1,9 +1,9 @@ test_permission = Permission::create([ 'name' => 'test permission 1', + 'description' => 'Test permission description', ]); + // Authenticate the test user + $this->actingAs($this->test_user, 'api'); + + // Ensure test data exists in the database $this->assertDatabaseHas('users', ['name' => $this->test_user->name]); $this->assertDatabaseHas('organisations', ['name' => $this->test_org->name]); - $this->assertDatabaseHas('permissions', ['name' => 'test permission 1']); + $this->assertDatabaseHas('permissions', ['name' => $this->test_permission->name]); } public function test_role_creation_is_successful() { - // Authenticate the test user - $this->actingAs($this->test_user, 'api'); + // Send the role creation request $response = $this->postJson('/api/v1/organisations/' . $this->test_org->org_id . '/roles', [ - 'role_name' => 'Test role', - 'organisation_id' => $this->test_org->org_id, - 'permissions_id' => $this->test_permission->id, + 'name' => 'Test role', + 'description' => 'Test role description', + 'permissions' => [$this->test_permission->id], ]); + // Decode the response to get the role ID + $responseData = $response->json(); + $createdRoleId = $responseData['data']['id']; + + // Assert that the response status is 201 (Created) and check the JSON structure $response->assertStatus(201) - ->assertJsonStructure([ - 'status_code', - 'message' + ->assertJson([ + 'status_code' => 201, + 'data' => [ + 'id' => $createdRoleId, // Check that an ID is returned + 'name' => 'Test role', + 'description' => 'Test role description', + 'permissions' => [ + [ + 'id' => $this->test_permission->permission_id, + 'name' => $this->test_permission->name, + ], + ], + ], + 'error' => null, + 'message' => 'Role created successfully', ]); + // Assert that the role is in the database with the correct name and description $this->assertDatabaseHas('roles', [ 'name' => 'Test role', - ])->assertDatabaseCount('roles_permissions', 1); + 'description' => 'Test role description', + ]); + + // Assert that the role has been correctly associated with the permission + $this->assertDatabaseCount('roles_permissions', 1); } + } diff --git a/tests/Feature/RoleDeletionTest.php b/tests/Feature/RoleDeletionTest.php index bac9d78b..71cf8adb 100644 --- a/tests/Feature/RoleDeletionTest.php +++ b/tests/Feature/RoleDeletionTest.php @@ -72,7 +72,7 @@ public function test_cannot_delete_non_existent_role() $this->actingAs($this->admin_user, 'api'); // Attempt to delete a non-existent role - $response = $this->deleteJson('/api/v1/organisations/' . $this->test_org->org_id . '/roles/9999'); + $response = $this->deleteJson('/api/v1/organisations/' . $this->test_org->org_id . '/roles/00000000-0000-0000-0000-000000000000'); // Assert a 404 Not Found response $response->assertStatus(404); diff --git a/tests/Feature/ShowRoleTest.php b/tests/Feature/ShowRoleTest.php index 85d2d496..06aa2c6d 100644 --- a/tests/Feature/ShowRoleTest.php +++ b/tests/Feature/ShowRoleTest.php @@ -108,7 +108,7 @@ public function testFetchRoleWithInvalidRoleIdFormat() public function testFetchRoleForNonExistentOrganisation() { // Use a UUID that does not exist in the database - $response = $this->getJson('/api/v1/organisations/00000000-0000-0000-0000-000000000000/roles/1'); + $response = $this->getJson('/api/v1/organisations/00000000-0000-0000-0000-000000000000/roles/'. Str::uuid()); $response->assertStatus(404) ->assertJson([ @@ -128,13 +128,13 @@ public function testFetchNonExistentRole() $organisation = Organisation::factory()->create(['user_id' => $this->user->id]); // Use a valid UUID for organisation but one that does not exist as a role - $response = $this->getJson("/api/v1/organisations/{$organisation->org_id}/roles/00000000000000000000000000000000"); + $response = $this->getJson("/api/v1/organisations/{$organisation->org_id}/roles/00000000-0000-0000-0000-000000000000"); $response->assertStatus(404) ->assertJson([ 'status_code' => 404, 'error' => 'Not Found', - 'message' => 'The role with ID 00000000000000000000000000000000 does not exist', + 'message' => 'The role with ID 00000000-0000-0000-0000-000000000000 does not exist', ]); } }