DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-21 03:15:45 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Only accept a new value for encrypted fields if the user is an admin

Browse source
This commit is contained in:
snipe 2016-08-25 20:59:54 -07:00
parent e1229bfb0f
commit 130c798c90
1 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
app/Http/Controllers/AssetsController.php
View file

@ -436,14 +436,22 @@ class AssetsController extends Controller
$model = AssetModel::find($request->get('model_id'));
if ($model->fieldset) {
foreach ($model->fieldset->fields as $field) {
$asset->{\App\Models\CustomField::name_to_db_name($field->name)} = e($request->input(\App\Models\CustomField::name_to_db_name($field->name)));
// LOG::debug($field->name);
// LOG::debug(\App\Models\CustomField::name_to_db_name($field->name));
// LOG::debug($field->db_column_name());
if ($field->field_encrypted=='1') {
if (Gate::allows('admin')) {
$asset->{\App\Models\CustomField::name_to_db_name($field->name)} = \Crypt::encrypt(e($request->input(\App\Models\CustomField::name_to_db_name($field->name))));
}
} else {
$asset->{\App\Models\CustomField::name_to_db_name($field->name)} = e($request->input(\App\Models\CustomField::name_to_db_name($field->name)));
}
}
}
if ($asset->save()) {
// Redirect to the new asset page
\Session::flash('success', trans('admin/hardware/message.update.success'));