DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Check for overall asset delete permissions before checking to see if the user can delete that specific asset

Browse source
This commit is contained in:
snipe 2017-08-03 19:49:41 -07:00
parent 7adfab9d9f
commit 3e8b7d9c94
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/Http/Controllers/Api/AssetsController.php
View file

@ -373,7 +373,10 @@ class AssetsController extends Controller
*/ */
public function destroy($id) public function destroy($id)
{ {
$this->authorize('delete', Asset::class);
if ($asset = Asset::find($id)) { if ($asset = Asset::find($id)) {
$this->authorize('delete', $asset); $this->authorize('delete', $asset);
DB::table('assets') DB::table('assets')