From 130c798c9028098565cb132b8260ce1e3c77b5cc Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 25 Aug 2016 20:59:54 -0700
Subject: [PATCH] Only accept a new value for encrypted fields if the user is
 an admin

---
 app/Http/Controllers/AssetsController.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/AssetsController.php b/app/Http/Controllers/AssetsController.php
index 16a98a156b..81f43a4681 100755
--- a/app/Http/Controllers/AssetsController.php
+++ b/app/Http/Controllers/AssetsController.php
@@ -436,14 +436,22 @@ class AssetsController extends Controller
         $model = AssetModel::find($request->get('model_id'));
         if ($model->fieldset) {
             foreach ($model->fieldset->fields as $field) {
-                $asset->{\App\Models\CustomField::name_to_db_name($field->name)} = e($request->input(\App\Models\CustomField::name_to_db_name($field->name)));
-    //                LOG::debug($field->name);
-    //                LOG::debug(\App\Models\CustomField::name_to_db_name($field->name));
-    //                LOG::debug($field->db_column_name());
+
+
+                if ($field->field_encrypted=='1') {
+                    if (Gate::allows('admin')) {
+                        $asset->{\App\Models\CustomField::name_to_db_name($field->name)} = \Crypt::encrypt(e($request->input(\App\Models\CustomField::name_to_db_name($field->name))));
+                    }
+
+                } else {
+                    $asset->{\App\Models\CustomField::name_to_db_name($field->name)} = e($request->input(\App\Models\CustomField::name_to_db_name($field->name)));
+                }
+
 
             }
         }
 
+
         if ($asset->save()) {
             // Redirect to the new asset page
             \Session::flash('success', trans('admin/hardware/message.update.success'));