DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Add to Accessories#index an additional gate-check against reports.view

Browse source
This commit is contained in:
Brady Wetherington 2023-01-26 11:56:06 -08:00
parent b00333c9f5
commit 4a54586690
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/Http/Controllers/Api/AccessoriesController.php
View file

@ -26,7 +26,10 @@ class AccessoriesController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorize('view', Accessory::class); if ($request->user()->cannot('reports.view')) {
$this->authorize('view', Accessory::class);
}
// This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
// Relations will be handled in query scopes a little further down. // Relations will be handled in query scopes a little further down.