mirror of
https://github.com/snipe/snipe-it.git
synced 2024-09-19 23:37:38 -07:00
not quite done, api side needs some work
This commit is contained in:
parent
a70b94e707
commit
20ec420ba3
|
@ -427,7 +427,7 @@ class UsersController extends Controller
|
||||||
* @param \Illuminate\Http\Request $request
|
* @param \Illuminate\Http\Request $request
|
||||||
* @param int $id
|
* @param int $id
|
||||||
*/
|
*/
|
||||||
public function update(SaveUserRequest $request, $id) : JsonResponse
|
public function update(SaveUserRequest $request, User $user): JsonResponse
|
||||||
{
|
{
|
||||||
$this->authorize('update', User::class);
|
$this->authorize('update', User::class);
|
||||||
|
|
||||||
|
|
|
@ -214,90 +214,84 @@ class UsersController extends Controller
|
||||||
* @return \Illuminate\Http\RedirectResponse
|
* @return \Illuminate\Http\RedirectResponse
|
||||||
* @throws \Illuminate\Auth\Access\AuthorizationException
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
||||||
*/
|
*/
|
||||||
public function update(SaveUserRequest $request, $id = null)
|
public function update(SaveUserRequest $request, User $user)
|
||||||
{
|
{
|
||||||
$this->authorize('update', User::class);
|
$this->authorize('update', User::class);
|
||||||
|
|
||||||
// This is a janky hack to prevent people from changing admin demo user data on the public demo.
|
// This is a janky hack to prevent people from changing admin demo user data on the public demo.
|
||||||
// The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
|
// The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
|
||||||
// Thanks, jerks. You are why we can't have nice things. - snipe
|
// Thanks, jerks. You are why we can't have nice things. - snipe
|
||||||
|
if ((($user->id == 1) || ($user->id == 2)) && (config('app.lock_passwords'))) {
|
||||||
if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
|
|
||||||
return redirect()->route('users.index')->with('error', trans('general.permission_denied_superuser_demo'));
|
return redirect()->route('users.index')->with('error', trans('general.permission_denied_superuser_demo'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// We need to reverse the UI specific logic for our
|
// We need to reverse the UI specific logic for our
|
||||||
// permissions here before we update the user.
|
// permissions here before we update the user.
|
||||||
$permissions = $request->input('permissions', []);
|
$permissions = $request->input('permissions', []);
|
||||||
app('request')->request->set('permissions', $permissions);
|
app('request')->request->set('permissions', $permissions);
|
||||||
|
|
||||||
$user = User::with(['assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc'])->withTrashed()->find($id);
|
$user->load(['assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc'])->withTrashed();
|
||||||
|
|
||||||
// User is valid - continue...
|
$this->authorize('update', $user);
|
||||||
|
|
||||||
|
//see if i can get this working at request level
|
||||||
if ($user) {
|
//if ($request->has('company_id') && $user->allAssignedCount() > 0 && Setting::getSettings()->full_multiple_companies_support) {
|
||||||
$this->authorize('update', $user);
|
// return back()->with('error', trans('admin/users/message.multi_company_items_assigned'));
|
||||||
|
//}
|
||||||
if ($request->has('company_id') && $user->allAssignedCount() > 0 && Setting::getSettings()->full_multiple_companies_support) {
|
|
||||||
return back()->with('error', trans('admin/users/message.multi_company_items_assigned'));
|
|
||||||
}
|
|
||||||
|
|
||||||
// Figure out of this user was an admin before this edit
|
// Figure out of this user was an admin before this edit
|
||||||
$orig_permissions_array = $user->decodePermissions();
|
$orig_permissions_array = $user->decodePermissions();
|
||||||
$orig_superuser = '0';
|
$orig_superuser = '0';
|
||||||
if (is_array($orig_permissions_array)) {
|
if (is_array($orig_permissions_array)) {
|
||||||
if (array_key_exists('superuser', $orig_permissions_array)) {
|
if (array_key_exists('superuser', $orig_permissions_array)) {
|
||||||
$orig_superuser = $orig_permissions_array['superuser'];
|
$orig_superuser = $orig_permissions_array['superuser'];
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Only save groups if the user is a superuser
|
// Only save groups if the user is a superuser
|
||||||
if (auth()->user()->isSuperUser()) {
|
if (auth()->user()->isSuperUser()) {
|
||||||
$user->groups()->sync($request->input('groups'));
|
$user->groups()->sync($request->input('groups'));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update the user fields
|
// Update the user fields
|
||||||
$user->username = trim($request->input('username'));
|
$user->username = trim($request->input('username'));
|
||||||
$user->email = trim($request->input('email'));
|
$user->email = trim($request->input('email'));
|
||||||
$user->first_name = $request->input('first_name');
|
$user->first_name = $request->input('first_name');
|
||||||
$user->last_name = $request->input('last_name');
|
$user->last_name = $request->input('last_name');
|
||||||
$user->two_factor_optin = $request->input('two_factor_optin') ?: 0;
|
$user->two_factor_optin = $request->input('two_factor_optin') ?: 0;
|
||||||
$user->locale = $request->input('locale');
|
$user->locale = $request->input('locale');
|
||||||
$user->employee_num = $request->input('employee_num');
|
$user->employee_num = $request->input('employee_num');
|
||||||
$user->activated = $request->input('activated', 0);
|
$user->activated = $request->input('activated', 0);
|
||||||
$user->jobtitle = $request->input('jobtitle', null);
|
$user->jobtitle = $request->input('jobtitle', null);
|
||||||
$user->phone = $request->input('phone');
|
$user->phone = $request->input('phone');
|
||||||
$user->location_id = $request->input('location_id', null);
|
$user->location_id = $request->input('location_id', null);
|
||||||
|
$user->company_id = Company::getIdForUser($request->input('company_id', null));
|
||||||
|
$user->manager_id = $request->input('manager_id', null);
|
||||||
|
$user->notes = $request->input('notes');
|
||||||
|
$user->department_id = $request->input('department_id', null);
|
||||||
|
$user->address = $request->input('address', null);
|
||||||
|
$user->city = $request->input('city', null);
|
||||||
|
$user->state = $request->input('state', null);
|
||||||
|
$user->country = $request->input('country', null);
|
||||||
|
// if a user is editing themselves we should always keep activated true
|
||||||
|
$user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
|
||||||
|
$user->zip = $request->input('zip', null);
|
||||||
|
$user->remote = $request->input('remote', 0);
|
||||||
|
$user->vip = $request->input('vip', 0);
|
||||||
|
$user->website = $request->input('website', null);
|
||||||
|
$user->start_date = $request->input('start_date', null);
|
||||||
|
$user->end_date = $request->input('end_date', null);
|
||||||
|
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
|
||||||
|
|
||||||
$user->company_id = Company::getIdForUser($request->input('company_id', null));
|
// Update the location of any assets checked out to this user
|
||||||
$user->manager_id = $request->input('manager_id', null);
|
Asset::where('assigned_type', User::class)
|
||||||
$user->notes = $request->input('notes');
|
->where('assigned_to', $user->id)
|
||||||
$user->department_id = $request->input('department_id', null);
|
->update(['location_id' => $request->input('location_id', null)]);
|
||||||
$user->address = $request->input('address', null);
|
|
||||||
$user->city = $request->input('city', null);
|
|
||||||
$user->state = $request->input('state', null);
|
|
||||||
$user->country = $request->input('country', null);
|
|
||||||
// if a user is editing themselves we should always keep activated true
|
|
||||||
$user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
|
|
||||||
$user->zip = $request->input('zip', null);
|
|
||||||
$user->remote = $request->input('remote', 0);
|
|
||||||
$user->vip = $request->input('vip', 0);
|
|
||||||
$user->website = $request->input('website', null);
|
|
||||||
$user->start_date = $request->input('start_date', null);
|
|
||||||
$user->end_date = $request->input('end_date', null);
|
|
||||||
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
|
|
||||||
|
|
||||||
// Update the location of any assets checked out to this user
|
// Do we want to update the user password?
|
||||||
Asset::where('assigned_type', User::class)
|
if ($request->filled('password')) {
|
||||||
->where('assigned_to', $user->id)
|
$user->password = bcrypt($request->input('password'));
|
||||||
->update(['location_id' => $request->input('location_id', null)]);
|
}
|
||||||
|
|
||||||
// Do we want to update the user password?
|
|
||||||
if ($request->filled('password')) {
|
|
||||||
$user->password = bcrypt($request->input('password'));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// Update the location of any assets checked out to this user
|
// Update the location of any assets checked out to this user
|
||||||
|
@ -325,13 +319,7 @@ class UsersController extends Controller
|
||||||
return redirect()->to(Helper::getRedirectOption($request, $user->id, 'Users'))
|
return redirect()->to(Helper::getRedirectOption($request, $user->id, 'Users'))
|
||||||
->with('success', trans('admin/users/message.success.update'));
|
->with('success', trans('admin/users/message.success.update'));
|
||||||
}
|
}
|
||||||
|
|
||||||
return redirect()->back()->withInput()->withErrors($user->getErrors());
|
return redirect()->back()->withInput()->withErrors($user->getErrors());
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', compact('id')));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -31,9 +31,19 @@ class SaveUserRequest extends FormRequest
|
||||||
*/
|
*/
|
||||||
public function rules()
|
public function rules()
|
||||||
{
|
{
|
||||||
|
//dd($this->user);
|
||||||
$rules = [
|
$rules = [
|
||||||
'department_id' => 'nullable|exists:departments,id',
|
'department_id' => 'nullable|exists:departments,id',
|
||||||
'manager_id' => 'nullable|exists:users,id',
|
'manager_id' => 'nullable|exists:users,id',
|
||||||
|
'company_id' => [
|
||||||
|
// determines if the user is being moved between companies and checks to see if they have any items assigned
|
||||||
|
function ($attribute, $value, $fail) {
|
||||||
|
dd($this->user);
|
||||||
|
if (($this->has('company_id')) && ($this->user->allAssignedCount() > 0) && (Setting::getSettings()->full_multiple_companies_support)) {
|
||||||
|
$fail(trans('admin/users/message.error.multi_company_items_assigned'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
];
|
];
|
||||||
|
|
||||||
switch ($this->method()) {
|
switch ($this->method()) {
|
||||||
|
|
|
@ -145,10 +145,13 @@ Route::group(['prefix' => 'users', 'middleware' => ['auth']], function () {
|
||||||
]
|
]
|
||||||
)->name('users/bulkeditsave');
|
)->name('users/bulkeditsave');
|
||||||
|
|
||||||
|
// pulling this out of the resource because I need route model binding in the request
|
||||||
|
Route::patch('/{user}', [Users\UsersController::class, 'update'])->name('users.update');
|
||||||
|
Route::put('/{user}', [Users\UsersController::class, 'update'])->name('users.put-update');
|
||||||
});
|
});
|
||||||
|
|
||||||
Route::resource('users', Users\UsersController::class, [
|
Route::resource('users', Users\UsersController::class, [
|
||||||
'middleware' => ['auth'],
|
'middleware' => ['auth'],
|
||||||
'parameters' => ['user' => 'user_id'],
|
'parameters' => ['user' => 'user_id'],
|
||||||
|
'except' => ['update']
|
||||||
]);
|
]);
|
Loading…
Reference in a new issue