DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Permissions check on the field itself

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2022-11-10 17:19:12 +00:00
parent 7a5fcfb87a
commit 1e34398c99
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Controllers/ViewAssetsController.php
View file

@ -38,13 +38,17 @@ class ViewAssetsController extends Controller
'licenses', 'licenses',
)->find(Auth::user()->id); )->find(Auth::user()->id);
// Loop through all the custom fields that are applied to any model the user has assigned
foreach ($user->assets as $asset) { foreach ($user->assets as $asset) {
foreach ($asset->model->fieldset->fields as $field) { foreach ($asset->model->fieldset->fields as $field) {
// check and make sure they're allowed to see the value of the custom field
if ($field->display_in_user_view == '1') {
$field_array[$field->db_column] = $field->name; $field_array[$field->db_column] = $field->name;
} }
} }
}
// Since some models may re-use the same fieldsets/fields, let's make the array unique so we don't repeat columns
array_unique($field_array); array_unique($field_array);
if (isset($user->id)) { if (isset($user->id)) {