diff --git a/code/Controller/AssetAdmin.php b/code/Controller/AssetAdmin.php index fdf5370da..441170ece 100644 --- a/code/Controller/AssetAdmin.php +++ b/code/Controller/AssetAdmin.php @@ -435,7 +435,10 @@ public function apiMove(HTTPRequest $request): HTTPResponse } $ids = $this->getPostedJsonValue($request, 'ids'); $folderID = $this->getPostedJsonValue($request, 'folderID'); - $folder = $this->getFileByID($folderID, true, 400); + $folder = null; + if ($folderID !== 0) { + $folder = $this->getFileByID($folderID, true, 400); + } $files = $this->getFilesByIDs($ids, true, 400); foreach ($files as $file) { if (!$file->canEdit()) { @@ -443,7 +446,7 @@ public function apiMove(HTTPRequest $request): HTTPResponse } } foreach ($files as $file) { - $file->ParentID = $folder->ID; + $file->ParentID = $folder ? $folder->ID : 0; $file->write(); } return $this->jsonSuccess(204); diff --git a/tests/php/Controller/AssetAdminTest.php b/tests/php/Controller/AssetAdminTest.php index 00458aee5..c4e754ed2 100644 --- a/tests/php/Controller/AssetAdminTest.php +++ b/tests/php/Controller/AssetAdminTest.php @@ -793,58 +793,75 @@ public function testApiDelete( public static function provideApiMove(): array { return [ - 'Valid' => [ + 'Valid non-root' => [ + 'idsType' => 'existing', + 'folderToType' => 'non-root', + 'fail' => '', + 'expectedCode' => 204, + ], + 'Valid root' => [ 'idsType' => 'existing', + 'folderToType' => 'root', 'fail' => '', 'expectedCode' => 204, ], 'Reject fail canEdit()' => [ 'idsType' => 'existing', + 'folderToType' => 'non-root', 'fail' => 'can-edit', 'expectedCode' => 403, ], 'Reject fail csrf-token' => [ 'idsType' => 'existing', + 'folderToType' => 'non-root', 'fail' => 'csrf-token', 'expectedCode' => 400, ], 'Reject ids not passed' => [ 'idsType' => 'existing', + 'folderToType' => 'non-root', 'fail' => 'ids-not-passed', 'expectedCode' => 400, ], 'Reject ids is not array' => [ 'idsType' => 'existing', + 'folderToType' => 'non-root', 'fail' => 'ids-not-array', 'expectedCode' => 400, ], 'Reject ids is empty' => [ 'idsType' => 'existing', + 'folderToType' => 'non-root', 'fail' => 'ids-is-empty', 'expectedCode' => 400, ], 'Reject invalid ID' => [ 'idsType' => 'second-is-invalid', + 'folderToType' => 'non-root', 'fail' => '', 'expectedCode' => 400, ], 'Reject non-numeric ID' => [ 'idsType' => 'second-is-non-numeric', + 'folderToType' => 'non-root', 'fail' => '', 'expectedCode' => 400, ], 'Reject new record ID' => [ 'idsType' => 'second-is-new-record', + 'folderToType' => 'non-root', 'fail' => '', 'expectedCode' => 400, ], 'Reject folderID not passed' => [ 'idsType' => 'existing', + 'folderToType' => 'non-root', 'fail' => 'folder-id-not-passed', 'expectedCode' => 400, ], 'Reject folder does not exist' => [ 'idsType' => 'existing', + 'folderToType' => 'non-root', 'fail' => 'folder-not-exist', 'expectedCode' => 400, ], @@ -854,6 +871,7 @@ public static function provideApiMove(): array #[DataProvider('provideApiMove')] public function testApiMove( string $idsType, + string $folderToType, string $fail, int $expectedCode ): void { @@ -862,6 +880,9 @@ public function testApiMove( $this->idFromFixture(Folder::class, 'ApiFolder01'), $this->idFromFixture(Folder::class, 'ApiFolder02'), ]; + if ($folderToType === 'root') { + $folderIDs[1] = 0; + } $existingIDs = $this->getIDs('existing'); TestFile::$fail = $fail; $url = '/admin/assets/api/move';