From 416455fe01f2926931c51d7edfd64df35df85217 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Fri, 3 Nov 2017 12:48:00 -0700
Subject: [PATCH] Fixes weird manager_id validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is a shit fix - need to find out what’s happening here.
---
 app/Http/Controllers/Api/UsersController.php | 4 ++++
 app/Http/Controllers/UsersController.php     | 5 ++++-
 app/Models/User.php                          | 1 -
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index d0478a1599..5417075775 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -225,6 +225,10 @@ class UsersController extends Controller
         $user = User::findOrFail($id);
         $user->fill($request->all());
 
+        if ($user->id == $request->input('manager_id')) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
+        }
+
         if ($request->has('password')) {
             $user->password = bcrypt($request->input('password'));
         }
diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
index e592d3b02d..d3ebe34316 100755
--- a/app/Http/Controllers/UsersController.php
+++ b/app/Http/Controllers/UsersController.php
@@ -106,7 +106,6 @@ class UsersController extends Controller
             $user->password = bcrypt($request->input('password'));
             $data['password'] =  $request->input('password');
         }
-        // Update the user
         $user->first_name = $request->input('first_name');
         $user->last_name = $request->input('last_name');
         $user->locale = $request->input('locale');
@@ -278,6 +277,10 @@ class UsersController extends Controller
         try {
 
             $user = User::find($id);
+
+            if ($user->id == $request->input('manager_id')) {
+                return redirect()->back()->withInput()->with('error', 'You cannot be your own manager.');
+            }
             $this->authorize('update', $user);
             // Figure out of this user was an admin before this edit
             $orig_permissions_array = $user->decodePermissions();
diff --git a/app/Models/User.php b/app/Models/User.php
index 537e07f5ad..1a4ad51065 100755
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -61,7 +61,6 @@ class User extends SnipeModel implements AuthenticatableContract, CanResetPasswo
         'email'                   => 'email|nullable',
         'password'                => 'required|min:6',
         'locale'                  => 'max:10|nullable',
-        'manager_id'              => 'nullable|different:id',
     ];