mirror of
https://github.com/snipe/snipe-it.git
synced 2024-09-19 23:37:38 -07:00
Set up permissions gates
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe
parent
2427cb787b
commit
32672e80dd
|
|
@ -20,6 +20,7 @@ use App\Notifications\CurrentInventory;
|
|||
use Auth;
|
||||
use Illuminate\Http\Request;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
|
||||
|
|
@ -355,14 +356,18 @@ class UsersController extends Controller
|
|||
$user->fill($request->all());
|
||||
$user->created_by = Auth::user()->id;
|
||||
|
||||
if ($request->has('permissions')) {
|
||||
$permissions_array = $request->input('permissions');
|
||||
if (Gate::allows('users.permissions', $user)) {
|
||||
|
||||
// Strip out the superuser permission if the API user isn't a superadmin
|
||||
if (! Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
\Log::debug('This user can edit permissions');
|
||||
if ($request->has('permissions')) {
|
||||
$permissions_array = $request->input('permissions');
|
||||
|
||||
// Strip out the superuser permission if the API user isn't a superadmin
|
||||
if (!Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
}
|
||||
$user->permissions = $permissions_array;
|
||||
}
|
||||
$user->permissions = $permissions_array;
|
||||
}
|
||||
|
||||
//
|
||||
|
|
@ -446,18 +451,19 @@ class UsersController extends Controller
|
|||
// We need to use has() instead of filled()
|
||||
// here because we need to overwrite permissions
|
||||
// if someone needs to null them out
|
||||
if ($request->has('permissions')) {
|
||||
$permissions_array = $request->input('permissions');
|
||||
if (Gate::allows('users.permissions', Asset::class)) {
|
||||
if ($request->has('permissions')) {
|
||||
$permissions_array = $request->input('permissions');
|
||||
|
||||
// Strip out the superuser permission if the API user isn't a superadmin
|
||||
if (! Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
// Strip out the superuser permission if the API user isn't a superadmin
|
||||
if (!Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
}
|
||||
$user->permissions = $permissions_array;
|
||||
}
|
||||
$user->permissions = $permissions_array;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Update the location of any assets checked out to this user
|
||||
Asset::where('assigned_type', User::class)
|
||||
->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ use App\Notifications\WelcomeNotification;
|
|||
use Auth;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Support\Facades\Password;
|
||||
use Input;
|
||||
use Redirect;
|
||||
|
|
@ -122,13 +123,20 @@ class UsersController extends Controller
|
|||
$user->end_date = $request->input('end_date', null);
|
||||
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
|
||||
|
||||
// Strip out the superuser permission if the user isn't a superadmin
|
||||
$permissions_array = $request->input('permission');
|
||||
|
||||
if (! Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
if (Gate::allows('users.permissions', $user)) {
|
||||
\Log::debug('This user can edit permissions');
|
||||
|
||||
$permissions_array = $request->input('permission');
|
||||
// Strip out the superuser permission if the user isn't a superadmin
|
||||
if (!Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
}
|
||||
$user->permissions = json_encode($permissions_array);
|
||||
} else {
|
||||
\Log::debug('This user can not edit permissions');
|
||||
}
|
||||
$user->permissions = json_encode($permissions_array);
|
||||
|
||||
|
||||
// we have to invoke the
|
||||
app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
|
||||
|
|
@ -240,6 +248,7 @@ class UsersController extends Controller
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
// Only save groups if the user is a super user
|
||||
if (Auth::user()->isSuperUser()) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
|
|
@ -287,16 +296,19 @@ class UsersController extends Controller
|
|||
$user->password = bcrypt($request->input('password'));
|
||||
}
|
||||
|
||||
$permissions_array = $request->input('permission');
|
||||
|
||||
// Strip out the superuser permission if the user isn't a superadmin
|
||||
if (! Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
$permissions_array['superuser'] = $orig_superuser;
|
||||
if (Gate::allows('users.permissions', $user)) {
|
||||
if ($request->has('permissions')) {
|
||||
$permissions_array = $request->input('permissions');
|
||||
|
||||
// Strip out the superuser permission if the API user isn't a superadmin
|
||||
if (!Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
}
|
||||
$user->permissions = $permissions_array;
|
||||
}
|
||||
}
|
||||
|
||||
$user->permissions = json_encode($permissions_array);
|
||||
|
||||
// Handle uploaded avatar
|
||||
app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
|
||||
|
||||
|
|
|
|||
|
|
@ -61,6 +61,11 @@ abstract class SnipePermissionsPolicy
|
|||
return $user->hasAccess($this->columnName().'.view');
|
||||
}
|
||||
|
||||
public function permissions(User $user, $item = null)
|
||||
{
|
||||
return $user->hasAccess($this->columnName().'.permissions');
|
||||
}
|
||||
|
||||
public function files(User $user, $item = null)
|
||||
{
|
||||
return $user->hasAccess($this->columnName().'.files');
|
||||
|
|
|
|||
|
|
@ -152,6 +152,12 @@ class AuthServiceProvider extends ServiceProvider
|
|||
}
|
||||
});
|
||||
|
||||
Gate::define('users.permissions', function ($user) {
|
||||
if ($user->hasAccess('users.permissions')) {
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
// -----------------------------------------
|
||||
// Reports
|
||||
// -----------------------------------------
|
||||
|
|
|
|||
|
|
@ -339,6 +339,12 @@ return [
|
|||
'note' => '',
|
||||
'display' => true,
|
||||
],
|
||||
[
|
||||
'permission' => 'users.permissions',
|
||||
'label' => 'User Permissions',
|
||||
'note' => 'Manage individual User permissions. (Only superusers can edit group memberships)',
|
||||
'display' => true,
|
||||
],
|
||||
[
|
||||
'permission' => 'users.delete',
|
||||
'label' => 'Delete Users',
|
||||
|
|
|
|||
|
|
@ -76,7 +76,9 @@
|
|||
<div class="nav-tabs-custom">
|
||||
<ul class="nav nav-tabs">
|
||||
<li class="active"><a href="#info" data-toggle="tab">{{ trans('general.information') }} </a></li>
|
||||
<li><a href="#permissions" data-toggle="tab">{{ trans('general.permissions') }} </a></li>
|
||||
@can('users.permissions')
|
||||
<li><a href="#permissions" data-toggle="tab">{{ trans('general.permissions') }} </a></li>
|
||||
@endcan
|
||||
</ul>
|
||||
|
||||
<div class="tab-content">
|
||||
|
|
@ -568,7 +570,7 @@
|
|||
</div> <!--/col-md-12-->
|
||||
</div>
|
||||
</div><!-- /.tab-pane -->
|
||||
|
||||
@can('users.permissions')
|
||||
<div class="tab-pane" id="permissions">
|
||||
<div class="col-md-12">
|
||||
@if (!Auth::user()->isSuperUser())
|
||||
|
|
@ -592,6 +594,7 @@
|
|||
@include('partials.forms.edit.permissions-base')
|
||||
</table>
|
||||
</div><!-- /.tab-pane -->
|
||||
@endcan
|
||||
</div><!-- /.tab-content -->
|
||||
<div class="box-footer text-right">
|
||||
<button type="submit" accesskey="s" class="btn btn-primary"><i class="fas fa-check icon-white" aria-hidden="true"></i> {{ trans('general.save') }}</button>
|
||||
|
|
|
|||
Loading…
Reference in a new issue