mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Do not makes group editable if the user is not an admin
This fixes a bug where the field was (correctly) disabled if the editing user isn’t a superadmin, but because the field was disabled, it would clear the permission groups.
This commit is contained in:
parent
c47d391946
commit
8323ed27c2
|
@ -315,12 +315,16 @@ class UsersController extends Controller
|
|||
return redirect()->route('users')->with('error', $error);
|
||||
}
|
||||
|
||||
// First handle anything exclusive to editing.
|
||||
if ($request->has('groups')) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
} else {
|
||||
$user->groups()->sync(array());
|
||||
|
||||
// Only save groups if the user is a super user
|
||||
if (Auth::user()->isSuperUser()) {
|
||||
if ($request->has('groups')) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
} else {
|
||||
$user->groups()->sync(array());
|
||||
}
|
||||
}
|
||||
|
||||
// Do we want to update the user password?
|
||||
if ($request->has('password')) {
|
||||
$user->password = bcrypt($request->input('password'));
|
||||
|
|
|
@ -368,27 +368,40 @@
|
|||
<div class="form-group{{ $errors->has('groups') ? ' has-error' : '' }}">
|
||||
<label class="col-md-3 control-label" for="groups"> {{ trans('general.groups') }}</label>
|
||||
<div class="col-md-5">
|
||||
<div class="controls">
|
||||
<select
|
||||
name="groups[]"
|
||||
id="groups[]"
|
||||
multiple="multiple"
|
||||
class="form-control"
|
||||
{{ ((Config::get('app.lock_passwords') || ($user->id==Auth::user()->id) || (!Auth::user()->isSuperUser())) ? ' disabled' : '') }}
|
||||
>
|
||||
|
||||
@foreach ($groups as $id => $group)
|
||||
<option value="{{ $id }}"
|
||||
{{ ($userGroups->keys()->contains($id) ? ' selected="selected"' : '') }}>
|
||||
{{ $group }}
|
||||
</option>
|
||||
@endforeach
|
||||
</select>
|
||||
@if ((Config::get('app.lock_passwords') || ($user->id==Auth::user()->id) || (!Auth::user()->isSuperUser())))
|
||||
|
||||
@if (count($userGroups->keys()) > 0)
|
||||
<ul>
|
||||
@foreach ($groups as $id => $group)
|
||||
{!! ($userGroups->keys()->contains($id) ? '<li>'.e($group).'</li>' : '') !!}
|
||||
@endforeach
|
||||
</ul>
|
||||
@endif
|
||||
|
||||
<span class="help-block">Only superadmins may edit group memberships.</p>
|
||||
@else
|
||||
<div class="controls">
|
||||
<select
|
||||
name="groups[]"
|
||||
id="groups[]"
|
||||
multiple="multiple"
|
||||
class="form-control">
|
||||
|
||||
@foreach ($groups as $id => $group)
|
||||
<option value="{{ $id }}"
|
||||
{{ ($userGroups->keys()->contains($id) ? ' selected="selected"' : '') }}>
|
||||
{{ $group }}
|
||||
</option>
|
||||
@endforeach
|
||||
</select>
|
||||
|
||||
<span class="help-block">
|
||||
{{ trans('admin/users/table.groupnotes') }}
|
||||
</span>
|
||||
</div>
|
||||
@endif
|
||||
|
||||
<span class="help-block">
|
||||
{{ trans('admin/users/table.groupnotes') }}
|
||||
</span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<!-- Email user -->
|
||||
|
|
Loading…
Reference in a new issue