mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Fixes/import permissions mask (#6826)
* Check for empty headers in import * Added import permission * Fixed model path in docblock * Added import gate to default blade * Check if the user is an admin OR idf they have import permissions * Walked back that admin permission Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission
This commit is contained in:
parent
5893e25b43
commit
7b33f95e83
|
@ -25,7 +25,7 @@ class ImportController extends Controller
|
||||||
*/
|
*/
|
||||||
public function index()
|
public function index()
|
||||||
{
|
{
|
||||||
//
|
$this->authorize('import');
|
||||||
$imports = Import::latest()->get();
|
$imports = Import::latest()->get();
|
||||||
return (new ImportsTransformer)->transformImports($imports);
|
return (new ImportsTransformer)->transformImports($imports);
|
||||||
|
|
||||||
|
@ -39,10 +39,8 @@ class ImportController extends Controller
|
||||||
*/
|
*/
|
||||||
public function store()
|
public function store()
|
||||||
{
|
{
|
||||||
//
|
$this->authorize('import');
|
||||||
if (!Company::isCurrentUserAuthorized()) {
|
if (!config('app.lock_passwords')) {
|
||||||
return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions'));
|
|
||||||
} elseif (!config('app.lock_passwords')) {
|
|
||||||
$files = Input::file('files');
|
$files = Input::file('files');
|
||||||
$path = config('app.private_uploads').'/imports';
|
$path = config('app.private_uploads').'/imports';
|
||||||
$results = [];
|
$results = [];
|
||||||
|
@ -119,7 +117,7 @@ class ImportController extends Controller
|
||||||
*/
|
*/
|
||||||
public function process(ItemImportRequest $request, $import_id)
|
public function process(ItemImportRequest $request, $import_id)
|
||||||
{
|
{
|
||||||
$this->authorize('create', Asset::class);
|
$this->authorize('import');
|
||||||
// Run a backup immediately before processing
|
// Run a backup immediately before processing
|
||||||
Artisan::call('backup:run');
|
Artisan::call('backup:run');
|
||||||
$errors = $request->import(Import::find($import_id));
|
$errors = $request->import(Import::find($import_id));
|
||||||
|
@ -162,7 +160,7 @@ class ImportController extends Controller
|
||||||
*/
|
*/
|
||||||
public function destroy($import_id)
|
public function destroy($import_id)
|
||||||
{
|
{
|
||||||
$this->authorize('create', Asset::class);
|
$this->authorize('import');
|
||||||
$import = Import::find($import_id);
|
$import = Import::find($import_id);
|
||||||
try {
|
try {
|
||||||
unlink(config('app.private_uploads').'/imports/'.$import->file_path);
|
unlink(config('app.private_uploads').'/imports/'.$import->file_path);
|
||||||
|
|
|
@ -12,7 +12,7 @@ class ImportsController extends Controller
|
||||||
{
|
{
|
||||||
public function index()
|
public function index()
|
||||||
{
|
{
|
||||||
$this->authorize('create', Asset::class);
|
$this->authorize('import');
|
||||||
$imports = Import::latest()->get();
|
$imports = Import::latest()->get();
|
||||||
$imports = (new ImportsTransformer)->transformImports($imports);
|
$imports = (new ImportsTransformer)->transformImports($imports);
|
||||||
return view('importer/import')->with('imports', $imports);
|
return view('importer/import')->with('imports', $imports);
|
||||||
|
|
|
@ -43,6 +43,20 @@ class ItemImportRequest extends FormRequest
|
||||||
$import->save();
|
$import->save();
|
||||||
$fieldMappings=[];
|
$fieldMappings=[];
|
||||||
if ($import->field_map) {
|
if ($import->field_map) {
|
||||||
|
|
||||||
|
// This checks to make sure the field header has been mapped.
|
||||||
|
// If it hasn't been, it will throw an array_flip error
|
||||||
|
foreach ($import->field_map as $field => $fieldValue) {
|
||||||
|
$errorMessage = null;
|
||||||
|
|
||||||
|
if(is_null($fieldValue)){
|
||||||
|
$errorMessage = 'All import fields must be mapped.';
|
||||||
|
$this->errorCallback($import, $field, $errorMessage);
|
||||||
|
|
||||||
|
return $this->errors;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// We submit as csv field: column, but the importer is happier if we flip it here.
|
// We submit as csv field: column, but the importer is happier if we flip it here.
|
||||||
$fieldMappings = array_change_key_case(array_flip($import->field_map), CASE_LOWER);
|
$fieldMappings = array_change_key_case(array_flip($import->field_map), CASE_LOWER);
|
||||||
// dd($fieldMappings);
|
// dd($fieldMappings);
|
||||||
|
|
|
@ -53,7 +53,7 @@ abstract class SnipePermissionsPolicy
|
||||||
/**
|
/**
|
||||||
* Determine whether the user can view the accessory.
|
* Determine whether the user can view the accessory.
|
||||||
*
|
*
|
||||||
* @param \App\User $user
|
* @param \App\Models\User $user
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function view(User $user, $item = null)
|
public function view(User $user, $item = null)
|
||||||
|
@ -64,7 +64,7 @@ abstract class SnipePermissionsPolicy
|
||||||
/**
|
/**
|
||||||
* Determine whether the user can create accessories.
|
* Determine whether the user can create accessories.
|
||||||
*
|
*
|
||||||
* @param \App\User $user
|
* @param \App\Models\User $user
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function create(User $user)
|
public function create(User $user)
|
||||||
|
@ -75,7 +75,7 @@ abstract class SnipePermissionsPolicy
|
||||||
/**
|
/**
|
||||||
* Determine whether the user can update the accessory.
|
* Determine whether the user can update the accessory.
|
||||||
*
|
*
|
||||||
* @param \App\User $user
|
* @param \App\Models\User $user
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function update(User $user, $item = null)
|
public function update(User $user, $item = null)
|
||||||
|
@ -86,7 +86,7 @@ abstract class SnipePermissionsPolicy
|
||||||
/**
|
/**
|
||||||
* Determine whether the user can delete the accessory.
|
* Determine whether the user can delete the accessory.
|
||||||
*
|
*
|
||||||
* @param \App\User $user
|
* @param \App\Models\User $user
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function delete(User $user, $item = null)
|
public function delete(User $user, $item = null)
|
||||||
|
@ -97,11 +97,13 @@ abstract class SnipePermissionsPolicy
|
||||||
/**
|
/**
|
||||||
* Determine whether the user can manage the accessory.
|
* Determine whether the user can manage the accessory.
|
||||||
*
|
*
|
||||||
* @param \App\User $user
|
* @param \App\Models\User $user
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function manage(User $user, $item = null)
|
public function manage(User $user, $item = null)
|
||||||
{
|
{
|
||||||
return $user->hasAccess($this->columnName().'.edit');
|
return $user->hasAccess($this->columnName().'.edit');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -113,6 +113,14 @@ class AuthServiceProvider extends ServiceProvider
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
|
// Can the user import CSVs?
|
||||||
|
Gate::define('import', function ($user) {
|
||||||
|
if ($user->hasAccess('import') ) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
|
||||||
# -----------------------------------------
|
# -----------------------------------------
|
||||||
# Reports
|
# Reports
|
||||||
# -----------------------------------------
|
# -----------------------------------------
|
||||||
|
|
|
@ -27,6 +27,15 @@ return array(
|
||||||
)
|
)
|
||||||
),
|
),
|
||||||
|
|
||||||
|
'CSV Import' => array(
|
||||||
|
array(
|
||||||
|
'permission' => 'import',
|
||||||
|
'label' => '',
|
||||||
|
'note' => 'This will allow users to import even if access to users, assets, etc is denied elsewhere.',
|
||||||
|
'display' => true,
|
||||||
|
)
|
||||||
|
),
|
||||||
|
|
||||||
'Reports' => array(
|
'Reports' => array(
|
||||||
array(
|
array(
|
||||||
'permission' => 'reports.view',
|
'permission' => 'reports.view',
|
||||||
|
|
|
@ -520,7 +520,7 @@
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
@endcan
|
@endcan
|
||||||
@can('create', \App\Models\Asset::class)
|
@can('import')
|
||||||
<li{!! (Request::is('import/*') ? ' class="active"' : '') !!}>
|
<li{!! (Request::is('import/*') ? ' class="active"' : '') !!}>
|
||||||
<a href="{{ route('imports.index') }}">
|
<a href="{{ route('imports.index') }}">
|
||||||
<i class="fa fa-cloud-download"></i>
|
<i class="fa fa-cloud-download"></i>
|
||||||
|
|
Loading…
Reference in a new issue