From 56e31d23036db2c26900fb46b77fc9786041017a Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 22 Aug 2024 14:58:09 +0100
Subject: [PATCH] Fixed #15366 - use permission for encrypted custom fields

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/Api/AssetsController.php    | 4 ++--
 app/Http/Controllers/Assets/AssetsController.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php
index 855bc51268..1243f1212a 100644
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@@ -602,7 +602,7 @@ class AssetsController extends Controller
                 if ($field->field_encrypted == '1') {
                     Log::debug('This model field is encrypted in this fieldset.');
 
-                    if (Gate::allows('admin')) {
+                    if (Gate::allows('assets.view.encrypted_custom_fields')) {
 
                         // If input value is null, use custom field's default value
                         if (($field_val == null) && ($request->has('model_id') != '')) {
@@ -695,7 +695,7 @@ class AssetsController extends Controller
                             }
                         }
                         if ($field->field_encrypted == '1') {
-                            if (Gate::allows('admin')) {
+                            if (Gate::allows('assets.view.encrypted_custom_fields')) {
                                 $field_val = Crypt::encrypt($field_val);
                             } else {
                                 $problems_updating_encrypted_custom_fields = true;
diff --git a/app/Http/Controllers/Assets/AssetsController.php b/app/Http/Controllers/Assets/AssetsController.php
index 75646e7267..59b22b386d 100755
--- a/app/Http/Controllers/Assets/AssetsController.php
+++ b/app/Http/Controllers/Assets/AssetsController.php
@@ -165,7 +165,7 @@ class AssetsController extends Controller
             if (($model) && ($model->fieldset)) {
                 foreach ($model->fieldset->fields as $field) {
                     if ($field->field_encrypted == '1') {
-                        if (Gate::allows('admin')) {
+                        if (Gate::allows('assets.view.encrypted_custom_fields')) {
                             if (is_array($request->input($field->db_column))) {
                                 $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                             } else {
@@ -388,7 +388,7 @@ class AssetsController extends Controller
             foreach ($model->fieldset->fields as $field) {
 
                 if ($field->field_encrypted == '1') {
-                    if (Gate::allows('admin')) {
+                    if (Gate::allows('assets.view.encrypted_custom_fields')) {
                         if (is_array($request->input($field->db_column))) {
                             $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                         } else {