Fix issues with update permission naming (#7493)

This solves an issue when admin would be able to create and delete
categories but not edit them.
This commit is contained in:
Marián Skrip 2019-10-28 19:44:48 +01:00 committed by snipe
parent a90149940a
commit 53eae6fbfd
5 changed files with 11 additions and 15 deletions

View file

@ -181,7 +181,7 @@ class AccessoriesController extends Controller
*/ */
public function update(Request $request, $id) public function update(Request $request, $id)
{ {
$this->authorize('edit', Accessory::class); $this->authorize('update', Accessory::class);
$accessory = Accessory::findOrFail($id); $accessory = Accessory::findOrFail($id);
$accessory->fill($request->all()); $accessory->fill($request->all());

View file

@ -97,7 +97,7 @@ class CategoriesController extends Controller
*/ */
public function edit($categoryId = null) public function edit($categoryId = null)
{ {
$this->authorize('edit', Category::class); $this->authorize('update', Category::class);
if (is_null($item = Category::find($categoryId))) { if (is_null($item = Category::find($categoryId))) {
return redirect()->route('categories.index')->with('error', trans('admin/categories/message.does_not_exist')); return redirect()->route('categories.index')->with('error', trans('admin/categories/message.does_not_exist'));
} }
@ -119,7 +119,7 @@ class CategoriesController extends Controller
*/ */
public function update(ImageUploadRequest $request, $categoryId = null) public function update(ImageUploadRequest $request, $categoryId = null)
{ {
$this->authorize('edit', Category::class); $this->authorize('update', Category::class);
if (is_null($category = Category::find($categoryId))) { if (is_null($category = Category::find($categoryId))) {
// Redirect to the categories management page // Redirect to the categories management page
return redirect()->to('admin/categories')->with('error', trans('admin/categories/message.does_not_exist')); return redirect()->to('admin/categories')->with('error', trans('admin/categories/message.does_not_exist'));

View file

@ -94,7 +94,7 @@ class ManufacturersController extends Controller
*/ */
public function edit($manufacturerId = null) public function edit($manufacturerId = null)
{ {
$this->authorize('edit', Manufacturer::class); $this->authorize('update', Manufacturer::class);
// Check if the manufacturer exists // Check if the manufacturer exists
if (is_null($item = Manufacturer::find($manufacturerId))) { if (is_null($item = Manufacturer::find($manufacturerId))) {
return redirect()->route('manufacturers.index')->with('error', trans('admin/manufacturers/message.does_not_exist')); return redirect()->route('manufacturers.index')->with('error', trans('admin/manufacturers/message.does_not_exist'));
@ -117,7 +117,7 @@ class ManufacturersController extends Controller
*/ */
public function update(ImageUploadRequest $request, $manufacturerId = null) public function update(ImageUploadRequest $request, $manufacturerId = null)
{ {
$this->authorize('edit', Manufacturer::class); $this->authorize('update', Manufacturer::class);
// Check if the manufacturer exists // Check if the manufacturer exists
if (is_null($manufacturer = Manufacturer::find($manufacturerId))) { if (is_null($manufacturer = Manufacturer::find($manufacturerId))) {
// Redirect to the manufacturer page // Redirect to the manufacturer page
@ -226,8 +226,4 @@ class ManufacturersController extends Controller
return redirect()->back()->with('error', trans('admin/manufacturers/message.does_not_exist')); return redirect()->back()->with('error', trans('admin/manufacturers/message.does_not_exist'));
} }
} }

View file

@ -87,7 +87,7 @@ class SuppliersController extends Controller
*/ */
public function edit($supplierId = null) public function edit($supplierId = null)
{ {
$this->authorize('edit', Supplier::class); $this->authorize('update', Supplier::class);
// Check if the supplier exists // Check if the supplier exists
if (is_null($item = Supplier::find($supplierId))) { if (is_null($item = Supplier::find($supplierId))) {
// Redirect to the supplier page // Redirect to the supplier page
@ -108,7 +108,7 @@ class SuppliersController extends Controller
*/ */
public function update($supplierId = null, ImageUploadRequest $request) public function update($supplierId = null, ImageUploadRequest $request)
{ {
$this->authorize('edit', Supplier::class); $this->authorize('update', Supplier::class);
// Check if the supplier exists // Check if the supplier exists
if (is_null($supplier = Supplier::find($supplierId))) { if (is_null($supplier = Supplier::find($supplierId))) {
// Redirect to the supplier page // Redirect to the supplier page

View file

@ -370,7 +370,7 @@ class UsersController extends Controller
*/ */
public function getRestore($id = null) public function getRestore($id = null)
{ {
$this->authorize('edit', User::class); $this->authorize('update', User::class);
// Get user information // Get user information
if (!$user = User::onlyTrashed()->find($id)) { if (!$user = User::onlyTrashed()->find($id)) {
return redirect()->route('users.index')->with('error', trans('admin/users/messages.user_not_found')); return redirect()->route('users.index')->with('error', trans('admin/users/messages.user_not_found'));
@ -421,7 +421,7 @@ class UsersController extends Controller
try { try {
// Get user information // Get user information
$user = User::findOrFail($id); $user = User::findOrFail($id);
$this->authorize('edit', $user); $this->authorize('update', $user);
// Check if we are not trying to unsuspend ourselves // Check if we are not trying to unsuspend ourselves
if ($user->id === Auth::id()) { if ($user->id === Auth::id()) {