Added additional gate for selectlists

Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2022-02-11 11:46:14 -08:00
parent f5ffda8053
commit 2dad27eed6
8 changed files with 27 additions and 3 deletions

View file

@ -234,6 +234,7 @@ class AssetModelsController extends Controller
public function selectlist(Request $request)
{
$this->authorize('view.selectlists');
$assetmodels = AssetModel::select([
'models.id',
'models.name',

View file

@ -148,7 +148,7 @@ class CategoriesController extends Controller
*/
public function selectlist(Request $request, $category_type = 'asset')
{
$this->authorize('view.selectlists');
$categories = Category::select([
'id',
'name',

View file

@ -159,7 +159,7 @@ class CompaniesController extends Controller
*/
public function selectlist(Request $request)
{
$this->authorize('view.selectlists');
$companies = Company::select([
'companies.id',
'companies.name',

View file

@ -168,6 +168,7 @@ class DepartmentsController extends Controller
public function selectlist(Request $request)
{
$this->authorize('view.selectlists');
$departments = Department::select([
'id',
'name',

View file

@ -223,6 +223,8 @@ class LocationsController extends Controller
public function selectlist(Request $request)
{
$this->authorize('view.selectlists');
$locations = Location::select([
'locations.id',
'locations.name',

View file

@ -155,6 +155,7 @@ class ManufacturersController extends Controller
public function selectlist(Request $request)
{
$this->authorize('view.selectlists');
$manufacturers = Manufacturer::select([
'id',
'name',

View file

@ -155,6 +155,8 @@ class SuppliersController extends Controller
public function selectlist(Request $request)
{
$this->authorize('view.selectlists');
$suppliers = Supplier::select([
'id',
'name',

View file

@ -156,6 +156,8 @@ class AuthServiceProvider extends ServiceProvider
return $user->hasAccess('self.checkout_assets');
});
// This is largely used to determine whether to display the gear icon sidenav
// in the left-side navigation
Gate::define('backend.interact', function ($user) {
return $user->can('view', Statuslabel::class)
|| $user->can('view', AssetModel::class)
@ -168,7 +170,22 @@ class AuthServiceProvider extends ServiceProvider
|| $user->can('view', Manufacturer::class)
|| $user->can('view', CustomField::class)
|| $user->can('view', CustomFieldset::class)
|| $user->can('view', Depreciation::class);
|| $user->can('view', Depreciation::class);
});
// This largely echoes the above backend.interact gate, but also determins
// whether or not an API user should be able tp get the selectlists.
// This can seema a little confusing, since view properties may not have been granted
// to the logged in API user, but creating assets, licenses, etc won't work
// if the user can't view and interact with the select lists.
Gate::define('view.selectlists', function ($user) {
return $user->can('view', Statuslabel::class)
|| $user->can('view', Asset::class)
|| $user->can('view', License::class)
|| $user->can('view', Consumable::class)
|| $user->can('view', Accessory::class)
|| $user->can('view', User::class);
});
}
}