DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-11 13:57:41 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Added additional gate for selectlists

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2022-02-11 11:46:14 -08:00
parent f5ffda8053
commit 2dad27eed6
8 changed files with 27 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Http/Controllers/Api/AssetModelsController.php
View file

@ -234,6 +234,7 @@ class AssetModelsController extends Controller
public function selectlist(Request $request) public function selectlist(Request $request)
{ {
$this->authorize('view.selectlists');
$assetmodels = AssetModel::select([ $assetmodels = AssetModel::select([
'models.id', 'models.id',
'models.name', 'models.name',

2
app/Http/Controllers/Api/CategoriesController.php
View file

@ -148,7 +148,7 @@ class CategoriesController extends Controller
*/ */
public function selectlist(Request $request, $category_type = 'asset') public function selectlist(Request $request, $category_type = 'asset')
{ {
$this->authorize('view.selectlists');
$categories = Category::select([ $categories = Category::select([
'id', 'id',
'name', 'name',

2
app/Http/Controllers/Api/CompaniesController.php
View file

@ -159,7 +159,7 @@ class CompaniesController extends Controller
*/ */
public function selectlist(Request $request) public function selectlist(Request $request)
{ {
$this->authorize('view.selectlists');
$companies = Company::select([ $companies = Company::select([
'companies.id', 'companies.id',
'companies.name', 'companies.name',

1
app/Http/Controllers/Api/DepartmentsController.php
View file

@ -168,6 +168,7 @@ class DepartmentsController extends Controller
public function selectlist(Request $request) public function selectlist(Request $request)
{ {
$this->authorize('view.selectlists');
$departments = Department::select([ $departments = Department::select([
'id', 'id',
'name', 'name',

2
app/Http/Controllers/Api/LocationsController.php
View file

@ -223,6 +223,8 @@ class LocationsController extends Controller
public function selectlist(Request $request) public function selectlist(Request $request)
{ {
$this->authorize('view.selectlists');
$locations = Location::select([ $locations = Location::select([
'locations.id', 'locations.id',
'locations.name', 'locations.name',

1
app/Http/Controllers/Api/ManufacturersController.php
View file

@ -155,6 +155,7 @@ class ManufacturersController extends Controller
public function selectlist(Request $request) public function selectlist(Request $request)
{ {
$this->authorize('view.selectlists');
$manufacturers = Manufacturer::select([ $manufacturers = Manufacturer::select([
'id', 'id',
'name', 'name',

2
app/Http/Controllers/Api/SuppliersController.php
View file

@ -155,6 +155,8 @@ class SuppliersController extends Controller
public function selectlist(Request $request) public function selectlist(Request $request)
{ {
$this->authorize('view.selectlists');
$suppliers = Supplier::select([ $suppliers = Supplier::select([
'id', 'id',
'name', 'name',

19
app/Providers/AuthServiceProvider.php
View file

@ -156,6 +156,8 @@ class AuthServiceProvider extends ServiceProvider
return $user->hasAccess('self.checkout_assets'); return $user->hasAccess('self.checkout_assets');
}); });
// This is largely used to determine whether to display the gear icon sidenav
// in the left-side navigation
Gate::define('backend.interact', function ($user) { Gate::define('backend.interact', function ($user) {
return $user->can('view', Statuslabel::class) return $user->can('view', Statuslabel::class)
|| $user->can('view', AssetModel::class) || $user->can('view', AssetModel::class)
@ -168,7 +170,22 @@ class AuthServiceProvider extends ServiceProvider
|| $user->can('view', Manufacturer::class) || $user->can('view', Manufacturer::class)
|| $user->can('view', CustomField::class) || $user->can('view', CustomField::class)
|| $user->can('view', CustomFieldset::class) || $user->can('view', CustomFieldset::class)
|| $user->can('view', Depreciation::class); || $user->can('view', Depreciation::class);
});
// This largely echoes the above backend.interact gate, but also determins
// whether or not an API user should be able tp get the selectlists.
// This can seema a little confusing, since view properties may not have been granted
// to the logged in API user, but creating assets, licenses, etc won't work
// if the user can't view and interact with the select lists.
Gate::define('view.selectlists', function ($user) {
return $user->can('view', Statuslabel::class)
|| $user->can('view', Asset::class)
|| $user->can('view', License::class)
|| $user->can('view', Consumable::class)
|| $user->can('view', Accessory::class)
|| $user->can('view', User::class);
}); });
} }
} }