DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-11 13:57:41 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

check if user is allowed to view assets (#4845)

Browse source
This commit is contained in:
vcordes79 2018-01-24 03:10:05 +01:00 committed by snipe
parent f4e9d245d0
commit 0fb8dc3418
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Http/Controllers/Api/UsersController.php
View file

@ -286,6 +286,7 @@ class UsersController extends Controller
{ {
$this->authorize('view', User::class); $this->authorize('view', User::class);
$assets = Asset::where('assigned_to', '=', $id)->with('model')->get(); $assets = Asset::where('assigned_to', '=', $id)->with('model')->get();
if ($assets) $this->authorize('view', $assets[0]);
return (new AssetsTransformer)->transformAssets($assets, $assets->count()); return (new AssetsTransformer)->transformAssets($assets, $assets->count());
} }
} }