DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-09-21 00:07:42 -07:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Only save user permissions if the user is a superadmin

Browse source
This commit is contained in:
snipe 2016-10-31 19:07:55 -07:00
parent 8323ed27c2
commit 429afc6b3f
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/Http/Controllers/UsersController.php
View file

@ -348,7 +348,15 @@ class UsersController extends Controller
$user->company_id = e(Company::getIdForUser($request->input('company_id'))); $user->company_id = e(Company::getIdForUser($request->input('company_id')));
$user->manager_id = e($request->input('manager_id')); $user->manager_id = e($request->input('manager_id'));
$user->notes = e($request->input('notes')); $user->notes = e($request->input('notes'));
$user->permissions = json_encode($request->input('permission'));
// Strip out the superuser permission if the user isn't a superadmin
$permissions_array = $request->input('permission');
if (!Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']);
}
$user->permissions = json_encode($permissions_array);
if ($user->manager_id == "") { if ($user->manager_id == "") {
$user->manager_id = null; $user->manager_id = null;