DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Check that the user exists before trying to fill the request

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-06-27 14:05:28 +01:00
parent 422f3ec81e
commit 55c98cc27a
1 changed files with 60 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/Http/Controllers/Api/UsersController.php
View file

@ -437,7 +437,9 @@ class UsersController extends Controller
{ {
$this->authorize('update', User::class); $this->authorize('update', User::class);
$user = User::find($id); if ($user = User::find($id)) {
$this->authorize('update', $user); $this->authorize('update', $user);
/** /**
@ -470,7 +472,7 @@ class UsersController extends Controller
$permissions_array = $request->input('permissions'); $permissions_array = $request->input('permissions');
// Strip out the individual superuser permission if the API user isn't a superadmin // Strip out the individual superuser permission if the API user isn't a superadmin
if (! Auth::user()->isSuperUser()) { if (!Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']); unset($permissions_array['superuser']);
} }
@ -510,6 +512,10 @@ class UsersController extends Controller
return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors())); return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
} }
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
}
/** /**
* Remove the specified resource from storage. * Remove the specified resource from storage.
* *