mirror of
https://github.com/snipe/snipe-it.git
synced 2024-09-19 23:37:38 -07:00
Re-order gating and refactor group syncing
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
parent
e3561ad38e
commit
34f1ea1c0e
|
@ -475,7 +475,7 @@ class UsersController extends Controller
|
|||
if ($request->has('permissions')) {
|
||||
$permissions_array = $request->input('permissions');
|
||||
|
||||
// Strip out the superuser permission if the API user isn't a superadmin
|
||||
// Strip out the individual superuser permission if the API user isn't a superadmin
|
||||
if (! Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
}
|
||||
|
@ -493,32 +493,20 @@ class UsersController extends Controller
|
|||
|
||||
if ($user->save()) {
|
||||
|
||||
// Check if the request has groups passed and has a value
|
||||
if ($request->filled('groups')) {
|
||||
// Check if the request has groups passed and has a value, AND that the user us a superuser
|
||||
if (($request->has('groups')) && (Auth::user()->isSuperUser())) {
|
||||
|
||||
$validator = Validator::make($request->all(), [
|
||||
'groups.*' => 'integer|exists:permission_groups,id',
|
||||
]);
|
||||
|
||||
if ($validator->fails()){
|
||||
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
|
||||
if ($validator->fails()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
|
||||
}
|
||||
|
||||
// Only save groups if the user is a superuser
|
||||
if (Auth::user()->isSuperUser()) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
}
|
||||
|
||||
// The groups field has been passed but it is null, so we should blank it out
|
||||
} elseif ($request->has('groups')) {
|
||||
|
||||
// Only save groups if the user is a superuser
|
||||
if (Auth::user()->isSuperUser()) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue