From 8dd3ae8a3732bb720bdc9a0bea9af008933c38af Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Sat, 18 Mar 2023 11:53:20 -0700
Subject: [PATCH 1/2] Corrected gates, added fillable

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/Api/GroupsController.php | 20 ++++++++++++-------
 app/Models/Group.php                          |  5 +++++
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/app/Http/Controllers/Api/GroupsController.php b/app/Http/Controllers/Api/GroupsController.php
index 2c37760629..0e5d391e57 100644
--- a/app/Http/Controllers/Api/GroupsController.php
+++ b/app/Http/Controllers/Api/GroupsController.php
@@ -8,6 +8,7 @@ use App\Http\Transformers\GroupsTransformer;
 use App\Models\Group;
 use Illuminate\Http\Request;
 
+
 class GroupsController extends Controller
 {
     /**
@@ -19,6 +20,8 @@ class GroupsController extends Controller
      */
     public function index(Request $request)
     {
+        $this->authorize('superadmin');
+
         $this->authorize('view', Group::class);
         $allowed_columns = ['id', 'name', 'created_at', 'users_count'];
 
@@ -59,9 +62,11 @@ class GroupsController extends Controller
      */
     public function store(Request $request)
     {
-        $this->authorize('create', Group::class);
+        $this->authorize('superadmin');
         $group = new Group;
-        $group->fill($request->all());
+
+        $group->name = $request->input('name');
+        $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
 
         if ($group->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));
@@ -80,7 +85,7 @@ class GroupsController extends Controller
      */
     public function show($id)
     {
-        $this->authorize('view', Group::class);
+        $this->authorize('superadmin');
         $group = Group::findOrFail($id);
 
         return (new GroupsTransformer)->transformGroup($group);
@@ -97,9 +102,11 @@ class GroupsController extends Controller
      */
     public function update(Request $request, $id)
     {
-        $this->authorize('update', Group::class);
+        $this->authorize('superadmin');
         $group = Group::findOrFail($id);
-        $group->fill($request->all());
+
+        $group->name = $request->input('name');
+        $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
 
         if ($group->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success')));
@@ -118,9 +125,8 @@ class GroupsController extends Controller
      */
     public function destroy($id)
     {
-        $this->authorize('delete', Group::class);
+        $this->authorize('superadmin');
         $group = Group::findOrFail($id);
-        $this->authorize('delete', $group);
         $group->delete();
 
         return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/groups/message.delete.success')));
diff --git a/app/Models/Group.php b/app/Models/Group.php
index a68579adac..c0de8c263d 100755
--- a/app/Models/Group.php
+++ b/app/Models/Group.php
@@ -16,6 +16,11 @@ class Group extends SnipeModel
       'name' => 'required|min:2|max:255',
     ];
 
+    protected $fillable = [
+        'name',
+        'permissions'
+    ];
+
     /**
      * Whether the model should inject it's identifier to the unique
      * validation rules before attempting validation. If this property

From f9e190eb323debbf26b3ea74b5f62e877062e4ea Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Sat, 18 Mar 2023 11:58:09 -0700
Subject: [PATCH 2/2] =?UTF-8?q?Updates=20the=20Gate=20=E2=80=9Cuse?=
 =?UTF-8?q?=E2=80=9D=20statement=20to=20be=20more=20specific?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/Api/ProfileController.php         | 2 +-
 app/Http/Controllers/Assets/AssetsController.php       | 2 +-
 app/Http/Controllers/ProfileController.php             | 2 +-
 app/Http/Middleware/CheckPermissions.php               | 2 +-
 app/Http/Transformers/AccessoriesTransformer.php       | 2 +-
 app/Http/Transformers/AssetMaintenancesTransformer.php | 2 +-
 app/Http/Transformers/AssetsTransformer.php            | 2 +-
 app/Http/Transformers/CategoriesTransformer.php        | 2 +-
 app/Http/Transformers/CompaniesTransformer.php         | 2 +-
 app/Http/Transformers/ComponentsAssetsTransformer.php  | 2 +-
 app/Http/Transformers/ComponentsTransformer.php        | 2 +-
 app/Http/Transformers/ConsumablesTransformer.php       | 2 +-
 app/Http/Transformers/DepartmentsTransformer.php       | 2 +-
 app/Http/Transformers/DepreciationsTransformer.php     | 2 +-
 app/Http/Transformers/GroupsTransformer.php            | 2 +-
 app/Http/Transformers/LicenseSeatsTransformer.php      | 2 +-
 app/Http/Transformers/LicensesTransformer.php          | 2 +-
 app/Http/Transformers/ManufacturersTransformer.php     | 2 +-
 app/Http/Transformers/PredefinedKitsTransformer.php    | 2 +-
 app/Http/Transformers/StatuslabelsTransformer.php      | 2 +-
 app/Http/Transformers/SuppliersTransformer.php         | 2 +-
 app/Http/Transformers/UsersTransformer.php             | 2 +-
 22 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/app/Http/Controllers/Api/ProfileController.php b/app/Http/Controllers/Api/ProfileController.php
index 691efda981..4f5e3b1bdf 100644
--- a/app/Http/Controllers/Api/ProfileController.php
+++ b/app/Http/Controllers/Api/ProfileController.php
@@ -10,7 +10,7 @@ use Illuminate\Support\Facades\Auth;
 use Illuminate\Http\Request;
 use Laravel\Passport\TokenRepository;
 use Illuminate\Contracts\Validation\Factory as ValidationFactory;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use DB;
 
 class ProfileController extends Controller
diff --git a/app/Http/Controllers/Assets/AssetsController.php b/app/Http/Controllers/Assets/AssetsController.php
index 323d238ec1..2e45646b9c 100755
--- a/app/Http/Controllers/Assets/AssetsController.php
+++ b/app/Http/Controllers/Assets/AssetsController.php
@@ -16,7 +16,7 @@ use App\Models\User;
 use Auth;
 use Carbon\Carbon;
 use DB;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Cache;
 use Illuminate\Support\Facades\Storage;
diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index cf5f49feb0..d67d673a21 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -8,7 +8,7 @@ use App\Models\Setting;
 use App\Models\User;
 use App\Notifications\CurrentInventory;
 use Illuminate\Support\Facades\Auth;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Storage;
diff --git a/app/Http/Middleware/CheckPermissions.php b/app/Http/Middleware/CheckPermissions.php
index 48df11ba51..a51484f283 100644
--- a/app/Http/Middleware/CheckPermissions.php
+++ b/app/Http/Middleware/CheckPermissions.php
@@ -3,7 +3,7 @@
 namespace App\Http\Middleware;
 
 use Closure;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 
 class CheckPermissions
 {
diff --git a/app/Http/Transformers/AccessoriesTransformer.php b/app/Http/Transformers/AccessoriesTransformer.php
index 00c30f9ea2..e812beb23e 100644
--- a/app/Http/Transformers/AccessoriesTransformer.php
+++ b/app/Http/Transformers/AccessoriesTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Accessory;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Storage;
 
diff --git a/app/Http/Transformers/AssetMaintenancesTransformer.php b/app/Http/Transformers/AssetMaintenancesTransformer.php
index 72ec786f68..6e7c2d5b2c 100644
--- a/app/Http/Transformers/AssetMaintenancesTransformer.php
+++ b/app/Http/Transformers/AssetMaintenancesTransformer.php
@@ -5,7 +5,7 @@ namespace App\Http\Transformers;
 use App\Helpers\Helper;
 use App\Models\Asset;
 use App\Models\AssetMaintenance;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 class AssetMaintenancesTransformer
diff --git a/app/Http/Transformers/AssetsTransformer.php b/app/Http/Transformers/AssetsTransformer.php
index 4b1616026b..740e905d8d 100644
--- a/app/Http/Transformers/AssetsTransformer.php
+++ b/app/Http/Transformers/AssetsTransformer.php
@@ -5,7 +5,7 @@ namespace App\Http\Transformers;
 use App\Helpers\Helper;
 use App\Models\Asset;
 use App\Models\Setting;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 
diff --git a/app/Http/Transformers/CategoriesTransformer.php b/app/Http/Transformers/CategoriesTransformer.php
index 5ea8ee3e01..64550b6370 100644
--- a/app/Http/Transformers/CategoriesTransformer.php
+++ b/app/Http/Transformers/CategoriesTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Category;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Storage;
 
diff --git a/app/Http/Transformers/CompaniesTransformer.php b/app/Http/Transformers/CompaniesTransformer.php
index bafe1f9f68..4f1de75dec 100644
--- a/app/Http/Transformers/CompaniesTransformer.php
+++ b/app/Http/Transformers/CompaniesTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Company;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Storage;
 
diff --git a/app/Http/Transformers/ComponentsAssetsTransformer.php b/app/Http/Transformers/ComponentsAssetsTransformer.php
index c2c7784fe4..437d00ca22 100644
--- a/app/Http/Transformers/ComponentsAssetsTransformer.php
+++ b/app/Http/Transformers/ComponentsAssetsTransformer.php
@@ -3,7 +3,7 @@
 namespace App\Http\Transformers;
 
 use App\Models\Asset;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 class ComponentsAssetsTransformer
diff --git a/app/Http/Transformers/ComponentsTransformer.php b/app/Http/Transformers/ComponentsTransformer.php
index 20e2fc4abb..1610c3da5b 100644
--- a/app/Http/Transformers/ComponentsTransformer.php
+++ b/app/Http/Transformers/ComponentsTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Component;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Storage;
 
diff --git a/app/Http/Transformers/ConsumablesTransformer.php b/app/Http/Transformers/ConsumablesTransformer.php
index b6c3d18748..5079b28961 100644
--- a/app/Http/Transformers/ConsumablesTransformer.php
+++ b/app/Http/Transformers/ConsumablesTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Consumable;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Storage;
 
diff --git a/app/Http/Transformers/DepartmentsTransformer.php b/app/Http/Transformers/DepartmentsTransformer.php
index 4f80249adf..7a0d7647d1 100644
--- a/app/Http/Transformers/DepartmentsTransformer.php
+++ b/app/Http/Transformers/DepartmentsTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Department;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Storage;
 
diff --git a/app/Http/Transformers/DepreciationsTransformer.php b/app/Http/Transformers/DepreciationsTransformer.php
index 71aa6c97f7..78a01b4c1e 100644
--- a/app/Http/Transformers/DepreciationsTransformer.php
+++ b/app/Http/Transformers/DepreciationsTransformer.php
@@ -5,7 +5,7 @@ namespace App\Http\Transformers;
 use App\Helpers\Helper;
 use App\Models\Depreciable;
 use App\Models\Depreciation;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 class DepreciationsTransformer
diff --git a/app/Http/Transformers/GroupsTransformer.php b/app/Http/Transformers/GroupsTransformer.php
index 313ad113ec..81755afa43 100644
--- a/app/Http/Transformers/GroupsTransformer.php
+++ b/app/Http/Transformers/GroupsTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Group;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 class GroupsTransformer
diff --git a/app/Http/Transformers/LicenseSeatsTransformer.php b/app/Http/Transformers/LicenseSeatsTransformer.php
index 126361b17a..f82fd3a49f 100644
--- a/app/Http/Transformers/LicenseSeatsTransformer.php
+++ b/app/Http/Transformers/LicenseSeatsTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Models\License;
 use App\Models\LicenseSeat;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 class LicenseSeatsTransformer
diff --git a/app/Http/Transformers/LicensesTransformer.php b/app/Http/Transformers/LicensesTransformer.php
index 3fb2a8943b..3c389a1b18 100644
--- a/app/Http/Transformers/LicensesTransformer.php
+++ b/app/Http/Transformers/LicensesTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\License;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 class LicensesTransformer
diff --git a/app/Http/Transformers/ManufacturersTransformer.php b/app/Http/Transformers/ManufacturersTransformer.php
index a7ac0e6a42..bbcbda12b4 100644
--- a/app/Http/Transformers/ManufacturersTransformer.php
+++ b/app/Http/Transformers/ManufacturersTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Manufacturer;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Storage;
 
diff --git a/app/Http/Transformers/PredefinedKitsTransformer.php b/app/Http/Transformers/PredefinedKitsTransformer.php
index ebd91aef0c..a5d37e5c72 100644
--- a/app/Http/Transformers/PredefinedKitsTransformer.php
+++ b/app/Http/Transformers/PredefinedKitsTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Models\PredefinedKit;
 use App\Models\SnipeModel;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 /**
diff --git a/app/Http/Transformers/StatuslabelsTransformer.php b/app/Http/Transformers/StatuslabelsTransformer.php
index cc229a590f..41dd336068 100644
--- a/app/Http/Transformers/StatuslabelsTransformer.php
+++ b/app/Http/Transformers/StatuslabelsTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Statuslabel;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 class StatuslabelsTransformer
diff --git a/app/Http/Transformers/SuppliersTransformer.php b/app/Http/Transformers/SuppliersTransformer.php
index 76b2a01514..71307a750d 100644
--- a/app/Http/Transformers/SuppliersTransformer.php
+++ b/app/Http/Transformers/SuppliersTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\Supplier;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Storage;
 
diff --git a/app/Http/Transformers/UsersTransformer.php b/app/Http/Transformers/UsersTransformer.php
index 60ec094e8b..9447d65455 100644
--- a/app/Http/Transformers/UsersTransformer.php
+++ b/app/Http/Transformers/UsersTransformer.php
@@ -4,7 +4,7 @@ namespace App\Http\Transformers;
 
 use App\Helpers\Helper;
 use App\Models\User;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Database\Eloquent\Collection;
 
 class UsersTransformer