mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 05:04:07 -08:00
Added additional gate for selectlists
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
parent
f5ffda8053
commit
2dad27eed6
|
@ -234,6 +234,7 @@ class AssetModelsController extends Controller
|
|||
public function selectlist(Request $request)
|
||||
{
|
||||
|
||||
$this->authorize('view.selectlists');
|
||||
$assetmodels = AssetModel::select([
|
||||
'models.id',
|
||||
'models.name',
|
||||
|
|
|
@ -148,7 +148,7 @@ class CategoriesController extends Controller
|
|||
*/
|
||||
public function selectlist(Request $request, $category_type = 'asset')
|
||||
{
|
||||
|
||||
$this->authorize('view.selectlists');
|
||||
$categories = Category::select([
|
||||
'id',
|
||||
'name',
|
||||
|
|
|
@ -159,7 +159,7 @@ class CompaniesController extends Controller
|
|||
*/
|
||||
public function selectlist(Request $request)
|
||||
{
|
||||
|
||||
$this->authorize('view.selectlists');
|
||||
$companies = Company::select([
|
||||
'companies.id',
|
||||
'companies.name',
|
||||
|
|
|
@ -168,6 +168,7 @@ class DepartmentsController extends Controller
|
|||
public function selectlist(Request $request)
|
||||
{
|
||||
|
||||
$this->authorize('view.selectlists');
|
||||
$departments = Department::select([
|
||||
'id',
|
||||
'name',
|
||||
|
|
|
@ -223,6 +223,8 @@ class LocationsController extends Controller
|
|||
public function selectlist(Request $request)
|
||||
{
|
||||
|
||||
$this->authorize('view.selectlists');
|
||||
|
||||
$locations = Location::select([
|
||||
'locations.id',
|
||||
'locations.name',
|
||||
|
|
|
@ -155,6 +155,7 @@ class ManufacturersController extends Controller
|
|||
public function selectlist(Request $request)
|
||||
{
|
||||
|
||||
$this->authorize('view.selectlists');
|
||||
$manufacturers = Manufacturer::select([
|
||||
'id',
|
||||
'name',
|
||||
|
|
|
@ -155,6 +155,8 @@ class SuppliersController extends Controller
|
|||
public function selectlist(Request $request)
|
||||
{
|
||||
|
||||
$this->authorize('view.selectlists');
|
||||
|
||||
$suppliers = Supplier::select([
|
||||
'id',
|
||||
'name',
|
||||
|
|
|
@ -156,6 +156,8 @@ class AuthServiceProvider extends ServiceProvider
|
|||
return $user->hasAccess('self.checkout_assets');
|
||||
});
|
||||
|
||||
// This is largely used to determine whether to display the gear icon sidenav
|
||||
// in the left-side navigation
|
||||
Gate::define('backend.interact', function ($user) {
|
||||
return $user->can('view', Statuslabel::class)
|
||||
|| $user->can('view', AssetModel::class)
|
||||
|
@ -170,5 +172,20 @@ class AuthServiceProvider extends ServiceProvider
|
|||
|| $user->can('view', CustomFieldset::class)
|
||||
|| $user->can('view', Depreciation::class);
|
||||
});
|
||||
|
||||
|
||||
// This largely echoes the above backend.interact gate, but also determins
|
||||
// whether or not an API user should be able tp get the selectlists.
|
||||
// This can seema a little confusing, since view properties may not have been granted
|
||||
// to the logged in API user, but creating assets, licenses, etc won't work
|
||||
// if the user can't view and interact with the select lists.
|
||||
Gate::define('view.selectlists', function ($user) {
|
||||
return $user->can('view', Statuslabel::class)
|
||||
|| $user->can('view', Asset::class)
|
||||
|| $user->can('view', License::class)
|
||||
|| $user->can('view', Consumable::class)
|
||||
|| $user->can('view', Accessory::class)
|
||||
|| $user->can('view', User::class);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue