diff --git a/app/Http/Controllers/Api/ImportController.php b/app/Http/Controllers/Api/ImportController.php index d8d550501e..464dee1e1b 100644 --- a/app/Http/Controllers/Api/ImportController.php +++ b/app/Http/Controllers/Api/ImportController.php @@ -25,7 +25,7 @@ class ImportController extends Controller */ public function index() { - // + $this->authorize('import'); $imports = Import::latest()->get(); return (new ImportsTransformer)->transformImports($imports); @@ -39,10 +39,8 @@ class ImportController extends Controller */ public function store() { - // - if (!Company::isCurrentUserAuthorized()) { - return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions')); - } elseif (!config('app.lock_passwords')) { + $this->authorize('import'); + if (!config('app.lock_passwords')) { $files = Input::file('files'); $path = config('app.private_uploads').'/imports'; $results = []; @@ -119,7 +117,7 @@ class ImportController extends Controller */ public function process(ItemImportRequest $request, $import_id) { - $this->authorize('create', Asset::class); + $this->authorize('import'); // Run a backup immediately before processing Artisan::call('backup:run'); $errors = $request->import(Import::find($import_id)); @@ -162,7 +160,7 @@ class ImportController extends Controller */ public function destroy($import_id) { - $this->authorize('create', Asset::class); + $this->authorize('import'); $import = Import::find($import_id); try { unlink(config('app.private_uploads').'/imports/'.$import->file_path); diff --git a/app/Http/Controllers/ImportsController.php b/app/Http/Controllers/ImportsController.php index 1331b7dd86..c3bd66245a 100644 --- a/app/Http/Controllers/ImportsController.php +++ b/app/Http/Controllers/ImportsController.php @@ -12,7 +12,7 @@ class ImportsController extends Controller { public function index() { - $this->authorize('create', Asset::class); + $this->authorize('import'); $imports = Import::latest()->get(); $imports = (new ImportsTransformer)->transformImports($imports); return view('importer/import')->with('imports', $imports); diff --git a/app/Http/Requests/ItemImportRequest.php b/app/Http/Requests/ItemImportRequest.php index b25522e786..fdbb5e76f8 100644 --- a/app/Http/Requests/ItemImportRequest.php +++ b/app/Http/Requests/ItemImportRequest.php @@ -43,6 +43,20 @@ class ItemImportRequest extends FormRequest $import->save(); $fieldMappings=[]; if ($import->field_map) { + + // This checks to make sure the field header has been mapped. + // If it hasn't been, it will throw an array_flip error + foreach ($import->field_map as $field => $fieldValue) { + $errorMessage = null; + + if(is_null($fieldValue)){ + $errorMessage = 'All import fields must be mapped.'; + $this->errorCallback($import, $field, $errorMessage); + + return $this->errors; + } + } + // We submit as csv field: column, but the importer is happier if we flip it here. $fieldMappings = array_change_key_case(array_flip($import->field_map), CASE_LOWER); // dd($fieldMappings); diff --git a/app/Policies/SnipePermissionsPolicy.php b/app/Policies/SnipePermissionsPolicy.php index b8d4501bdf..e17f4f68e5 100644 --- a/app/Policies/SnipePermissionsPolicy.php +++ b/app/Policies/SnipePermissionsPolicy.php @@ -53,7 +53,7 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can view the accessory. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function view(User $user, $item = null) @@ -64,7 +64,7 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can create accessories. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function create(User $user) @@ -75,7 +75,7 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can update the accessory. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function update(User $user, $item = null) @@ -86,7 +86,7 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can delete the accessory. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function delete(User $user, $item = null) @@ -97,11 +97,13 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can manage the accessory. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function manage(User $user, $item = null) { return $user->hasAccess($this->columnName().'.edit'); } + + } diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index bff39fbf18..2c8e07e518 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -113,6 +113,14 @@ class AuthServiceProvider extends ServiceProvider }); + // Can the user import CSVs? + Gate::define('import', function ($user) { + if ($user->hasAccess('import') ) { + return true; + } + }); + + # ----------------------------------------- # Reports # ----------------------------------------- diff --git a/config/permissions.php b/config/permissions.php index 2950391808..7ffa69e491 100644 --- a/config/permissions.php +++ b/config/permissions.php @@ -27,6 +27,15 @@ return array( ) ), + 'CSV Import' => array( + array( + 'permission' => 'import', + 'label' => '', + 'note' => 'This will allow users to import even if access to users, assets, etc is denied elsewhere.', + 'display' => true, + ) + ), + 'Reports' => array( array( 'permission' => 'reports.view', diff --git a/resources/views/layouts/default.blade.php b/resources/views/layouts/default.blade.php index 196b085bbc..03f3037447 100644 --- a/resources/views/layouts/default.blade.php +++ b/resources/views/layouts/default.blade.php @@ -520,7 +520,7 @@ @endcan - @can('create', \App\Models\Asset::class) + @can('import')