DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-21 03:15:45 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fixes weird manager_id validation

Browse source 
This is a shit fix - need to find out what’s happening here.
This commit is contained in:
snipe 2017-11-03 12:48:00 -07:00
parent 53a1511cac
commit 416455fe01
3 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/Http/Controllers/Api/UsersController.php
View file

@ -225,6 +225,10 @@ class UsersController extends Controller
$user = User::findOrFail($id);
$user->fill($request->all());
if ($user->id == $request->input('manager_id')) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
}
if ($request->has('password')) {
$user->password = bcrypt($request->input('password'));
}

5
app/Http/Controllers/UsersController.php
View file

@ -106,7 +106,6 @@ class UsersController extends Controller
$user->password = bcrypt($request->input('password'));
$data['password'] = $request->input('password');
}
// Update the user
$user->first_name = $request->input('first_name');
$user->last_name = $request->input('last_name');
$user->locale = $request->input('locale');
@ -278,6 +277,10 @@ class UsersController extends Controller
try {
$user = User::find($id);
if ($user->id == $request->input('manager_id')) {
return redirect()->back()->withInput()->with('error', 'You cannot be your own manager.');
}
$this->authorize('update', $user);
// Figure out of this user was an admin before this edit
$orig_permissions_array = $user->decodePermissions();

1
app/Models/User.php
View file

@ -61,7 +61,6 @@ class User extends SnipeModel implements AuthenticatableContract, CanResetPasswo
'email' => 'email|nullable',
'password' => 'required|min:6',
'locale' => 'max:10|nullable',
'manager_id' => 'nullable|different:id',
];