DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-02 08:21:09 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Check that the user exists before trying to fill the request

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-06-27 14:05:28 +01:00
parent 422f3ec81e
commit 55c98cc27a
1 changed files with 60 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/Http/Controllers/Api/UsersController.php
View file

@ -437,7 +437,9 @@ class UsersController extends Controller
{
$this->authorize('update', User::class);
$user = User::find($id);
if ($user = User::find($id)) {
$this->authorize('update', $user);
/**
@ -470,7 +472,7 @@ class UsersController extends Controller
$permissions_array = $request->input('permissions');
// Strip out the individual superuser permission if the API user isn't a superadmin
if (! Auth::user()->isSuperUser()) {
if (!Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']);
}
@ -510,6 +512,10 @@ class UsersController extends Controller
return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
}
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
}
/**
* Remove the specified resource from storage.
*