Merge pull request #13726 from snipe/fixes/tighter_checkin_on_log_match

Added tighter controls for matching log ID and item_id
This commit is contained in:
snipe 2023-10-09 15:19:10 +01:00 committed by GitHub
commit 7a0d3f788f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 17 additions and 16 deletions

View file

@ -146,9 +146,8 @@ class AccessoriesFilesController extends Controller
$this->authorize('view', $accessory);
$this->authorize('accessories.files', $accessory);
if (! $log = Actionlog::find($fileId)) {
return response('No matching record for that asset/file', 500)
->header('Content-Type', 'text/plain');
if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $accessory->id)->first()) {
return redirect()->route('accessories.index')->with('error', trans('admin/users/message.log_record_not_found'));
}
$file = 'private_uploads/accessories/'.$log->filename;

View file

@ -86,7 +86,7 @@ class AssetFilesController extends Controller
if (isset($asset->id)) {
$this->authorize('view', $asset);
if (! $log = Actionlog::find($fileId)) {
if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $asset->id)->first()) {
return response('No matching record for that asset/file', 500)
->header('Content-Type', 'text/plain');
}

View file

@ -140,7 +140,7 @@ class ConsumablesFilesController extends Controller
$this->authorize('view', $consumable);
$this->authorize('consumables.files', $consumable);
if (! $log = Actionlog::find($fileId)) {
if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $consumable->id)->first()) {
return response('No matching record for that asset/file', 500)
->header('Content-Type', 'text/plain');
}

View file

@ -137,7 +137,7 @@ class LicenseFilesController extends Controller
$this->authorize('view', $license);
$this->authorize('licenses.files', $license);
if (! $log = Actionlog::find($fileId)) {
if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $license->id)->first()) {
return response('No matching record for that asset/file', 500)
->header('Content-Type', 'text/plain');
}

View file

@ -143,7 +143,7 @@ class UserFilesController extends Controller
$this->authorize('view', $user);
$log = Actionlog::find($fileId);
if ($log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $user->id)->first()) {
// Display the file inline
if (request('inline') == 'true') {
@ -154,7 +154,9 @@ class UserFilesController extends Controller
}
return Storage::download('private_uploads/users/'.$log->filename);
}
return redirect()->route('users.index')->with('error', trans('admin/users/message.log_record_not_found'));
}
// Redirect to the user management page if the user doesn't exist

View file

@ -15,7 +15,7 @@ return array(
'password_resets_sent' => 'The selected users who are activated and have a valid email addresses have been sent a password reset link.',
'password_reset_sent' => 'A password reset link has been sent to :email!',
'user_has_no_email' => 'This user does not have an email address in their profile.',
'user_has_no_assets_assigned' => 'This user does not have any assets assigned',
'log_record_not_found' => 'A matching log record for this user could not be found.',
'success' => array(