From 1d130b4a89dab1fdd2b44c52ea23b358fa0f492e Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Wed, 7 Mar 2018 18:22:49 -0800
Subject: [PATCH] Fixed asset model permission not granted for edit

---
 .../Controllers/AssetModelsController.php     |  4 +--
 app/Policies/DepreciationPolicy.php           | 13 ++++++++++
 app/Providers/AuthServiceProvider.php         | 26 ++++++++++---------
 3 files changed, 29 insertions(+), 14 deletions(-)
 create mode 100644 app/Policies/DepreciationPolicy.php

diff --git a/app/Http/Controllers/AssetModelsController.php b/app/Http/Controllers/AssetModelsController.php
index 8cd9a450d2..389f1edd94 100755
--- a/app/Http/Controllers/AssetModelsController.php
+++ b/app/Http/Controllers/AssetModelsController.php
@@ -166,7 +166,7 @@ class AssetModelsController extends Controller
     */
     public function edit($modelId = null)
     {
-        $this->authorize('edit', AssetModel::class);
+        $this->authorize('update', AssetModel::class);
         if ($item = AssetModel::find($modelId)) {
             $category_type = 'asset';
             $view = View::make('models/edit', compact('item','category_type'));
@@ -190,7 +190,7 @@ class AssetModelsController extends Controller
     */
     public function update(ImageUploadRequest $request, $modelId = null)
     {
-        $this->authorize('edit', AssetModel::class);
+        $this->authorize('update', AssetModel::class);
         // Check if the model exists
         if (is_null($model = AssetModel::find($modelId))) {
             // Redirect to the models management page
diff --git a/app/Policies/DepreciationPolicy.php b/app/Policies/DepreciationPolicy.php
new file mode 100644
index 0000000000..cc889b8949
--- /dev/null
+++ b/app/Policies/DepreciationPolicy.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace App\Policies;
+
+use App\Policies\SnipePermissionsPolicy;
+
+class DepreciationPolicy extends SnipePermissionsPolicy
+{
+    protected function columnName()
+    {
+        return 'depreciations';
+    }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index b0f17f2ecc..b72c149b18 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -12,6 +12,7 @@ use App\Models\CustomField;
 use App\Models\Department;
 use App\Models\License;
 use App\Models\Location;
+use App\Models\Depreciation;
 use App\Models\Statuslabel;
 use App\Models\Supplier;
 use App\Models\Manufacturer;
@@ -25,6 +26,7 @@ use App\Policies\ComponentPolicy;
 use App\Policies\ConsumablePolicy;
 use App\Policies\CustomFieldPolicy;
 use App\Policies\DepartmentPolicy;
+use App\Policies\DepreciationPolicy;
 use App\Policies\LicensePolicy;
 use App\Policies\LocationPolicy;
 use App\Policies\StatuslabelPolicy;
@@ -55,6 +57,7 @@ class AuthServiceProvider extends ServiceProvider
         Consumable::class => ConsumablePolicy::class,
         CustomField::class => CustomFieldPolicy::class,
         Department::class => DepartmentPolicy::class,
+        Depreciation::class => DepreciationPolicy::class,
         License::class => LicensePolicy::class,
         Location::class => LocationPolicy::class,
         Statuslabel::class => StatuslabelPolicy::class,
@@ -130,18 +133,17 @@ class AuthServiceProvider extends ServiceProvider
         });
 
         Gate::define('backend.interact', function ($user) {
-            return $user->can('view', \App\Models\Statuslabel::class)
-                || $user->can('view', \App\Models\AssetModel::class)
-                || $user->can('view', \App\Models\Category::class)
-                || $user->can('view', \App\Models\Manufacturer::class)
-                || $user->can('view', \App\Models\Supplier::class)
-                || $user->can('view', \App\Models\Department::class)
-                || $user->can('view', \App\Models\Location::class)
-                || $user->can('view', \App\Models\Company::class)
-                || $user->can('view', \App\Models\Manufacturer::class)
-                || $user->can('view', \App\Models\Company::class)
-                || $user->can('view', \App\Models\CustomField::class)
-                || $user->can('view', \App\Models\Depreciation::class);
+            return $user->can('view', Statuslabel::class)
+                || $user->can('view', AssetModel::class)
+                || $user->can('view', Category::class)
+                || $user->can('view', Manufacturer::class)
+                || $user->can('view', Supplier::class)
+                || $user->can('view', Department::class)
+                || $user->can('view', Location::class)
+                || $user->can('view', Company::class)
+                || $user->can('view', Manufacturer::class)
+                || $user->can('view', CustomField::class)
+                || $user->can('view', Depreciation::class);
         });
     }
 }