mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Merge pull request #13726 from snipe/fixes/tighter_checkin_on_log_match
Added tighter controls for matching log ID and item_id
This commit is contained in:
commit
7a0d3f788f
|
@ -146,9 +146,8 @@ class AccessoriesFilesController extends Controller
|
|||
$this->authorize('view', $accessory);
|
||||
$this->authorize('accessories.files', $accessory);
|
||||
|
||||
if (! $log = Actionlog::find($fileId)) {
|
||||
return response('No matching record for that asset/file', 500)
|
||||
->header('Content-Type', 'text/plain');
|
||||
if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $accessory->id)->first()) {
|
||||
return redirect()->route('accessories.index')->with('error', trans('admin/users/message.log_record_not_found'));
|
||||
}
|
||||
|
||||
$file = 'private_uploads/accessories/'.$log->filename;
|
||||
|
|
|
@ -86,7 +86,7 @@ class AssetFilesController extends Controller
|
|||
if (isset($asset->id)) {
|
||||
$this->authorize('view', $asset);
|
||||
|
||||
if (! $log = Actionlog::find($fileId)) {
|
||||
if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $asset->id)->first()) {
|
||||
return response('No matching record for that asset/file', 500)
|
||||
->header('Content-Type', 'text/plain');
|
||||
}
|
||||
|
|
|
@ -140,7 +140,7 @@ class ConsumablesFilesController extends Controller
|
|||
$this->authorize('view', $consumable);
|
||||
$this->authorize('consumables.files', $consumable);
|
||||
|
||||
if (! $log = Actionlog::find($fileId)) {
|
||||
if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $consumable->id)->first()) {
|
||||
return response('No matching record for that asset/file', 500)
|
||||
->header('Content-Type', 'text/plain');
|
||||
}
|
||||
|
|
|
@ -137,7 +137,7 @@ class LicenseFilesController extends Controller
|
|||
$this->authorize('view', $license);
|
||||
$this->authorize('licenses.files', $license);
|
||||
|
||||
if (! $log = Actionlog::find($fileId)) {
|
||||
if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $license->id)->first()) {
|
||||
return response('No matching record for that asset/file', 500)
|
||||
->header('Content-Type', 'text/plain');
|
||||
}
|
||||
|
|
|
@ -143,18 +143,20 @@ class UserFilesController extends Controller
|
|||
|
||||
$this->authorize('view', $user);
|
||||
|
||||
$log = Actionlog::find($fileId);
|
||||
if ($log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $user->id)->first()) {
|
||||
|
||||
// Display the file inline
|
||||
if (request('inline') == 'true') {
|
||||
$headers = [
|
||||
'Content-Disposition' => 'inline',
|
||||
];
|
||||
return Storage::download('private_uploads/users/'.$log->filename, $log->filename, $headers);
|
||||
// Display the file inline
|
||||
if (request('inline') == 'true') {
|
||||
$headers = [
|
||||
'Content-Disposition' => 'inline',
|
||||
];
|
||||
return Storage::download('private_uploads/users/'.$log->filename, $log->filename, $headers);
|
||||
}
|
||||
|
||||
return Storage::download('private_uploads/users/'.$log->filename);
|
||||
}
|
||||
|
||||
return Storage::download('private_uploads/users/'.$log->filename);
|
||||
|
||||
return redirect()->route('users.index')->with('error', trans('admin/users/message.log_record_not_found'));
|
||||
}
|
||||
|
||||
// Redirect to the user management page if the user doesn't exist
|
||||
|
|
|
@ -15,7 +15,7 @@ return array(
|
|||
'password_resets_sent' => 'The selected users who are activated and have a valid email addresses have been sent a password reset link.',
|
||||
'password_reset_sent' => 'A password reset link has been sent to :email!',
|
||||
'user_has_no_email' => 'This user does not have an email address in their profile.',
|
||||
'user_has_no_assets_assigned' => 'This user does not have any assets assigned',
|
||||
'log_record_not_found' => 'A matching log record for this user could not be found.',
|
||||
|
||||
|
||||
'success' => array(
|
||||
|
|
Loading…
Reference in a new issue