mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-26 06:04:08 -08:00
Do not makes group editable if the user is not an admin
This fixes a bug where the field was (correctly) disabled if the editing user isn’t a superadmin, but because the field was disabled, it would clear the permission groups.
This commit is contained in:
parent
c47d391946
commit
8323ed27c2
|
@ -315,12 +315,16 @@ class UsersController extends Controller
|
||||||
return redirect()->route('users')->with('error', $error);
|
return redirect()->route('users')->with('error', $error);
|
||||||
}
|
}
|
||||||
|
|
||||||
// First handle anything exclusive to editing.
|
|
||||||
|
// Only save groups if the user is a super user
|
||||||
|
if (Auth::user()->isSuperUser()) {
|
||||||
if ($request->has('groups')) {
|
if ($request->has('groups')) {
|
||||||
$user->groups()->sync($request->input('groups'));
|
$user->groups()->sync($request->input('groups'));
|
||||||
} else {
|
} else {
|
||||||
$user->groups()->sync(array());
|
$user->groups()->sync(array());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Do we want to update the user password?
|
// Do we want to update the user password?
|
||||||
if ($request->has('password')) {
|
if ($request->has('password')) {
|
||||||
$user->password = bcrypt($request->input('password'));
|
$user->password = bcrypt($request->input('password'));
|
||||||
|
|
|
@ -368,14 +368,25 @@
|
||||||
<div class="form-group{{ $errors->has('groups') ? ' has-error' : '' }}">
|
<div class="form-group{{ $errors->has('groups') ? ' has-error' : '' }}">
|
||||||
<label class="col-md-3 control-label" for="groups"> {{ trans('general.groups') }}</label>
|
<label class="col-md-3 control-label" for="groups"> {{ trans('general.groups') }}</label>
|
||||||
<div class="col-md-5">
|
<div class="col-md-5">
|
||||||
|
|
||||||
|
@if ((Config::get('app.lock_passwords') || ($user->id==Auth::user()->id) || (!Auth::user()->isSuperUser())))
|
||||||
|
|
||||||
|
@if (count($userGroups->keys()) > 0)
|
||||||
|
<ul>
|
||||||
|
@foreach ($groups as $id => $group)
|
||||||
|
{!! ($userGroups->keys()->contains($id) ? '<li>'.e($group).'</li>' : '') !!}
|
||||||
|
@endforeach
|
||||||
|
</ul>
|
||||||
|
@endif
|
||||||
|
|
||||||
|
<span class="help-block">Only superadmins may edit group memberships.</p>
|
||||||
|
@else
|
||||||
<div class="controls">
|
<div class="controls">
|
||||||
<select
|
<select
|
||||||
name="groups[]"
|
name="groups[]"
|
||||||
id="groups[]"
|
id="groups[]"
|
||||||
multiple="multiple"
|
multiple="multiple"
|
||||||
class="form-control"
|
class="form-control">
|
||||||
{{ ((Config::get('app.lock_passwords') || ($user->id==Auth::user()->id) || (!Auth::user()->isSuperUser())) ? ' disabled' : '') }}
|
|
||||||
>
|
|
||||||
|
|
||||||
@foreach ($groups as $id => $group)
|
@foreach ($groups as $id => $group)
|
||||||
<option value="{{ $id }}"
|
<option value="{{ $id }}"
|
||||||
|
@ -389,6 +400,8 @@
|
||||||
{{ trans('admin/users/table.groupnotes') }}
|
{{ trans('admin/users/table.groupnotes') }}
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
|
@endif
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<!-- Email user -->
|
<!-- Email user -->
|
||||||
|
|
Loading…
Reference in a new issue