From 918e7c8dae4d41935f534901a582ea8488bbf603 Mon Sep 17 00:00:00 2001
From: Haxatron <76475453+Haxatron@users.noreply.github.com>
Date: Thu, 9 Dec 2021 12:57:04 +0800
Subject: [PATCH 1/3] Fix access control -
 https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862/

---
 app/Http/Controllers/AssetModelsController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Http/Controllers/AssetModelsController.php b/app/Http/Controllers/AssetModelsController.php
index 29914b40a2..05fd8257d0 100755
--- a/app/Http/Controllers/AssetModelsController.php
+++ b/app/Http/Controllers/AssetModelsController.php
@@ -269,6 +269,7 @@ class AssetModelsController extends Controller
     */
     public function getClone($modelId = null)
     {
+        $this->authorize('view', AssetModel::class);
         // Check if the model exists
         if (is_null($model_to_clone = AssetModel::find($modelId))) {
             return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));

From 1699c09758e56f740437674a8d6ba36443399f24 Mon Sep 17 00:00:00 2001
From: Haxatron <76475453+Haxatron@users.noreply.github.com>
Date: Thu, 9 Dec 2021 21:42:18 +0800
Subject: [PATCH 2/3] Update AssetModelsController.php

---
 app/Http/Controllers/AssetModelsController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/AssetModelsController.php b/app/Http/Controllers/AssetModelsController.php
index 05fd8257d0..8d57346079 100755
--- a/app/Http/Controllers/AssetModelsController.php
+++ b/app/Http/Controllers/AssetModelsController.php
@@ -269,7 +269,7 @@ class AssetModelsController extends Controller
     */
     public function getClone($modelId = null)
     {
-        $this->authorize('view', AssetModel::class);
+        $this->authorize('create', AssetModel::class);
         // Check if the model exists
         if (is_null($model_to_clone = AssetModel::find($modelId))) {
             return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));

From e1bf3b50f4c8f2d8625b2dfb2bd89d6671189e1d Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Fri, 10 Dec 2021 15:09:29 -0800
Subject: [PATCH 3/3] Added model number to accessory report

Signed-off-by: snipe <snipe@snipe.net>
---
 resources/views/reports/accessories.blade.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/resources/views/reports/accessories.blade.php b/resources/views/reports/accessories.blade.php
index c92cad71cc..49db62c7f6 100644
--- a/resources/views/reports/accessories.blade.php
+++ b/resources/views/reports/accessories.blade.php
@@ -36,6 +36,7 @@
                             <tr>
                                 <th class="col-sm-1">{{ trans('admin/companies/table.title') }}</th>
                                 <th class="col-sm-1">{{ trans('admin/accessories/table.title') }}</th>
+                                <th class="col-sm-1">{{ trans('general.model_no') }}</th>
                                 <th class="col-sm-1">{{ trans('admin/accessories/general.total') }}</th>
                                 <th class="col-sm-1">{{ trans('admin/accessories/general.remaining') }}</th>
                             </tr>
@@ -45,6 +46,7 @@
                                 <tr>
                                     <td>{{ is_null($accessory->company) ? '' : $accessory->company->name }}</td>
                                     <td>{{ $accessory->name }}</td>
+                                    <td>{{ $accessory->model_number }}</td>
                                     <td>{{ $accessory->qty }}</td>
                                     <td>{{ $accessory->numRemaining() }}</td>
                                 </tr>