From 53eae6fbfdedf47c34f63e0af7e277cb6aef81f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mari=C3=A1n=20Skrip?= Date: Mon, 28 Oct 2019 19:44:48 +0100 Subject: [PATCH] Fix issues with update permission naming (#7493) This solves an issue when admin would be able to create and delete categories but not edit them. --- app/Http/Controllers/Api/AccessoriesController.php | 6 +++--- app/Http/Controllers/CategoriesController.php | 4 ++-- app/Http/Controllers/ManufacturersController.php | 8 ++------ app/Http/Controllers/SuppliersController.php | 4 ++-- app/Http/Controllers/Users/UsersController.php | 4 ++-- 5 files changed, 11 insertions(+), 15 deletions(-) diff --git a/app/Http/Controllers/Api/AccessoriesController.php b/app/Http/Controllers/Api/AccessoriesController.php index bb7e8271e7..9e67b00440 100644 --- a/app/Http/Controllers/Api/AccessoriesController.php +++ b/app/Http/Controllers/Api/AccessoriesController.php @@ -165,7 +165,7 @@ class AccessoriesController extends Controller ->get(); $total = $accessory_users->count(); } - + return (new AccessoriesTransformer)->transformCheckedoutAccessory($accessory, $accessory_users, $total); } @@ -181,7 +181,7 @@ class AccessoriesController extends Controller */ public function update(Request $request, $id) { - $this->authorize('edit', Accessory::class); + $this->authorize('update', Accessory::class); $accessory = Accessory::findOrFail($id); $accessory->fill($request->all()); @@ -303,7 +303,7 @@ class AccessoriesController extends Controller } - + /** * Gets a paginated collection for the select2 menus * diff --git a/app/Http/Controllers/CategoriesController.php b/app/Http/Controllers/CategoriesController.php index c8ac2b7540..6e174f9398 100755 --- a/app/Http/Controllers/CategoriesController.php +++ b/app/Http/Controllers/CategoriesController.php @@ -97,7 +97,7 @@ class CategoriesController extends Controller */ public function edit($categoryId = null) { - $this->authorize('edit', Category::class); + $this->authorize('update', Category::class); if (is_null($item = Category::find($categoryId))) { return redirect()->route('categories.index')->with('error', trans('admin/categories/message.does_not_exist')); } @@ -119,7 +119,7 @@ class CategoriesController extends Controller */ public function update(ImageUploadRequest $request, $categoryId = null) { - $this->authorize('edit', Category::class); + $this->authorize('update', Category::class); if (is_null($category = Category::find($categoryId))) { // Redirect to the categories management page return redirect()->to('admin/categories')->with('error', trans('admin/categories/message.does_not_exist')); diff --git a/app/Http/Controllers/ManufacturersController.php b/app/Http/Controllers/ManufacturersController.php index 52a479fdd1..9494caacfd 100755 --- a/app/Http/Controllers/ManufacturersController.php +++ b/app/Http/Controllers/ManufacturersController.php @@ -94,7 +94,7 @@ class ManufacturersController extends Controller */ public function edit($manufacturerId = null) { - $this->authorize('edit', Manufacturer::class); + $this->authorize('update', Manufacturer::class); // Check if the manufacturer exists if (is_null($item = Manufacturer::find($manufacturerId))) { return redirect()->route('manufacturers.index')->with('error', trans('admin/manufacturers/message.does_not_exist')); @@ -117,7 +117,7 @@ class ManufacturersController extends Controller */ public function update(ImageUploadRequest $request, $manufacturerId = null) { - $this->authorize('edit', Manufacturer::class); + $this->authorize('update', Manufacturer::class); // Check if the manufacturer exists if (is_null($manufacturer = Manufacturer::find($manufacturerId))) { // Redirect to the manufacturer page @@ -226,8 +226,4 @@ class ManufacturersController extends Controller return redirect()->back()->with('error', trans('admin/manufacturers/message.does_not_exist')); } - - - - } diff --git a/app/Http/Controllers/SuppliersController.php b/app/Http/Controllers/SuppliersController.php index 2f88d48d5a..dd47cbcf5c 100755 --- a/app/Http/Controllers/SuppliersController.php +++ b/app/Http/Controllers/SuppliersController.php @@ -87,7 +87,7 @@ class SuppliersController extends Controller */ public function edit($supplierId = null) { - $this->authorize('edit', Supplier::class); + $this->authorize('update', Supplier::class); // Check if the supplier exists if (is_null($item = Supplier::find($supplierId))) { // Redirect to the supplier page @@ -108,7 +108,7 @@ class SuppliersController extends Controller */ public function update($supplierId = null, ImageUploadRequest $request) { - $this->authorize('edit', Supplier::class); + $this->authorize('update', Supplier::class); // Check if the supplier exists if (is_null($supplier = Supplier::find($supplierId))) { // Redirect to the supplier page diff --git a/app/Http/Controllers/Users/UsersController.php b/app/Http/Controllers/Users/UsersController.php index bb0d4bcd7c..32ff2315f3 100755 --- a/app/Http/Controllers/Users/UsersController.php +++ b/app/Http/Controllers/Users/UsersController.php @@ -370,7 +370,7 @@ class UsersController extends Controller */ public function getRestore($id = null) { - $this->authorize('edit', User::class); + $this->authorize('update', User::class); // Get user information if (!$user = User::onlyTrashed()->find($id)) { return redirect()->route('users.index')->with('error', trans('admin/users/messages.user_not_found')); @@ -421,7 +421,7 @@ class UsersController extends Controller try { // Get user information $user = User::findOrFail($id); - $this->authorize('edit', $user); + $this->authorize('update', $user); // Check if we are not trying to unsuspend ourselves if ($user->id === Auth::id()) {