DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #13295 from inietov/fixes/admins_cannot_view_encrypted_fields

Browse source 
Fixed #11794 Admins Cannot View Encrypted Field
This commit is contained in:
snipe 2023-07-31 13:08:28 +01:00 committed by GitHub
parent 3e4b371bf4 ecf522243b
commit 2e1c3fb51b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/Http/Transformers/AssetsTransformer.php
View file

@ -102,10 +102,10 @@ class AssetsTransformer
foreach ($asset->model->fieldset->fields as $field) { foreach ($asset->model->fieldset->fields as $field) {
if ($field->isFieldDecryptable($asset->{$field->db_column})) { if ($field->isFieldDecryptable($asset->{$field->db_column})) {
$decrypted = Helper::gracefulDecrypt($field, $asset->{$field->db_column}); $decrypted = Helper::gracefulDecrypt($field, $asset->{$field->db_column});
$value = (Gate::allows('superadmin')) ? $decrypted : strtoupper(trans('admin/custom_fields/general.encrypted')); $value = (Gate::allows('assets.view.encrypted_custom_fields')) ? $decrypted : strtoupper(trans('admin/custom_fields/general.encrypted'));
if ($field->format == 'DATE'){ if ($field->format == 'DATE'){
if (Gate::allows('superadmin')){ if (Gate::allows('assets.view.encrypted_custom_fields')){
$value = Helper::getFormattedDateObject($value, 'date', false); $value = Helper::getFormattedDateObject($value, 'date', false);
} else { } else {
$value = strtoupper(trans('admin/custom_fields/general.encrypted')); $value = strtoupper(trans('admin/custom_fields/general.encrypted'));

5
app/Providers/AuthServiceProvider.php
View file

@ -146,6 +146,11 @@ class AuthServiceProvider extends ServiceProvider
} }
}); });
Gate::define('assets.view.encrypted_custom_fields', function ($user) {
if($user->hasAccess('assets.view.encrypted_custom_fields')){
return true;
}
});
// ----------------------------------------- // -----------------------------------------
// Reports // Reports

7
config/permissions.php
View file

@ -106,6 +106,13 @@ return [
'display' => true, 'display' => true,
], ],
[
'permission' => 'assets.view.encrypted_custom_fields',
'label' => 'View and Modify Encrypted Custom Fields',
'note' => '',
'display' => true,
],
], ],
'Accessories' => [ 'Accessories' => [

2
resources/views/hardware/view.blade.php
View file

@ -410,7 +410,7 @@
@endif @endif
@if ($field->isFieldDecryptable($asset->{$field->db_column_name()} )) @if ($field->isFieldDecryptable($asset->{$field->db_column_name()} ))
@can('superuser') @can('assets.view.encrypted_custom_fields')
@if (($field->format=='URL') && ($asset->{$field->db_column_name()}!='')) @if (($field->format=='URL') && ($asset->{$field->db_column_name()}!=''))
<a href="{{ Helper::gracefulDecrypt($field, $asset->{$field->db_column_name()}) }}" target="_new">{{ Helper::gracefulDecrypt($field, $asset->{$field->db_column_name()}) }}</a> <a href="{{ Helper::gracefulDecrypt($field, $asset->{$field->db_column_name()}) }}" target="_new">{{ Helper::gracefulDecrypt($field, $asset->{$field->db_column_name()}) }}</a>
@elseif (($field->format=='DATE') && ($asset->{$field->db_column_name()}!='')) @elseif (($field->format=='DATE') && ($asset->{$field->db_column_name()}!=''))

2
resources/views/models/custom_fields_form.blade.php
View file

@ -53,7 +53,7 @@
@else @else
@if (($field->field_encrypted=='0') || (Gate::allows('admin'))) @if (($field->field_encrypted=='0') || (Gate::allows('assets.view.encrypted_custom_fields')))
<input type="text" value="{{ Request::old($field->db_column_name(),(isset($item) ? Helper::gracefulDecrypt($field, $item->{$field->db_column_name()}) : $field->defaultValue($model->id))) }}" id="{{ $field->db_column_name() }}" class="form-control" name="{{ $field->db_column_name() }}" placeholder="Enter {{ strtolower($field->format) }} text"> <input type="text" value="{{ Request::old($field->db_column_name(),(isset($item) ? Helper::gracefulDecrypt($field, $item->{$field->db_column_name()}) : $field->defaultValue($model->id))) }}" id="{{ $field->db_column_name() }}" class="form-control" name="{{ $field->db_column_name() }}" placeholder="Enter {{ strtolower($field->format) }} text">
@else @else
<input type="text" value="{{ strtoupper(trans('admin/custom_fields/general.encrypted')) }}" class="form-control disabled" disabled> <input type="text" value="{{ strtoupper(trans('admin/custom_fields/general.encrypted')) }}" class="form-control disabled" disabled>