DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-09-19 23:37:38 -07:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Fixed #15366 - use permission for encrypted custom fields

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-08-22 14:58:09 +01:00
parent ca8864c061
commit 56e31d2303
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/Http/Controllers/Api/AssetsController.php
View file

@ -602,7 +602,7 @@ class AssetsController extends Controller
if ($field->field_encrypted == '1') { if ($field->field_encrypted == '1') {
Log::debug('This model field is encrypted in this fieldset.'); Log::debug('This model field is encrypted in this fieldset.');
if (Gate::allows('admin')) { if (Gate::allows('assets.view.encrypted_custom_fields')) {
// If input value is null, use custom field's default value // If input value is null, use custom field's default value
if (($field_val == null) && ($request->has('model_id') != '')) { if (($field_val == null) && ($request->has('model_id') != '')) {
@ -695,7 +695,7 @@ class AssetsController extends Controller
} }
} }
if ($field->field_encrypted == '1') { if ($field->field_encrypted == '1') {
if (Gate::allows('admin')) { if (Gate::allows('assets.view.encrypted_custom_fields')) {
$field_val = Crypt::encrypt($field_val); $field_val = Crypt::encrypt($field_val);
} else { } else {
$problems_updating_encrypted_custom_fields = true; $problems_updating_encrypted_custom_fields = true;

4
app/Http/Controllers/Assets/AssetsController.php
View file

@ -165,7 +165,7 @@ class AssetsController extends Controller
if (($model) && ($model->fieldset)) { if (($model) && ($model->fieldset)) {
foreach ($model->fieldset->fields as $field) { foreach ($model->fieldset->fields as $field) {
if ($field->field_encrypted == '1') { if ($field->field_encrypted == '1') {
if (Gate::allows('admin')) { if (Gate::allows('assets.view.encrypted_custom_fields')) {
if (is_array($request->input($field->db_column))) { if (is_array($request->input($field->db_column))) {
$asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column))); $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
} else { } else {
@ -388,7 +388,7 @@ class AssetsController extends Controller
foreach ($model->fieldset->fields as $field) { foreach ($model->fieldset->fields as $field) {
if ($field->field_encrypted == '1') { if ($field->field_encrypted == '1') {
if (Gate::allows('admin')) { if (Gate::allows('assets.view.encrypted_custom_fields')) {
if (is_array($request->input($field->db_column))) { if (is_array($request->input($field->db_column))) {
$asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column))); $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
} else { } else {