From 250a7973391f20c436ba23d03b7723b4370f252a Mon Sep 17 00:00:00 2001 From: snipe Date: Wed, 24 Jul 2019 11:00:42 -0700 Subject: [PATCH] Fixed #7250 - permission issue for API fieldsets and fields endpoints This applies the change from #7294 to master --- app/Http/Controllers/Api/CustomFieldsController.php | 4 ++-- app/Http/Controllers/Api/CustomFieldsetsController.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/Api/CustomFieldsController.php b/app/Http/Controllers/Api/CustomFieldsController.php index cd93a46383..4a7f24f53c 100644 --- a/app/Http/Controllers/Api/CustomFieldsController.php +++ b/app/Http/Controllers/Api/CustomFieldsController.php @@ -24,7 +24,7 @@ class CustomFieldsController extends Controller public function index() { - $this->authorize('index', CustomFields::class); + $this->authorize('index', CustomField::class); $fields = CustomField::get(); return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count()); } @@ -38,7 +38,7 @@ class CustomFieldsController extends Controller */ public function show($id) { - $this->authorize('show', CustomField::class); + $this->authorize('view', CustomField::class); if ($field = CustomField::find($id)) { return (new CustomFieldsTransformer)->transformCustomField($field); } diff --git a/app/Http/Controllers/Api/CustomFieldsetsController.php b/app/Http/Controllers/Api/CustomFieldsetsController.php index f5cfafdf93..ab07081039 100644 --- a/app/Http/Controllers/Api/CustomFieldsetsController.php +++ b/app/Http/Controllers/Api/CustomFieldsetsController.php @@ -58,7 +58,7 @@ class CustomFieldsetsController extends Controller */ public function show($id) { - $this->authorize('show', CustomFieldset::class); + $this->authorize('view', CustomFieldset::class); if ($fieldset = CustomFieldset::find($id)) { return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset); }