DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-12-26 06:04:08 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Do not makes group editable if the user is not an admin

Browse source 
This fixes a bug where the field was (correctly) disabled if the editing user isn’t a superadmin, but because the field was disabled, it would clear the permission groups.
This commit is contained in:
snipe 2016-10-31 18:57:35 -07:00
parent c47d391946
commit 8323ed27c2
2 changed files with 41 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
app/Http/Controllers/UsersController.php
View file

@ -315,12 +315,16 @@ class UsersController extends Controller
return redirect()->route('users')->with('error', $error); return redirect()->route('users')->with('error', $error);
} }
// First handle anything exclusive to editing.
if ($request->has('groups')) { // Only save groups if the user is a super user
$user->groups()->sync($request->input('groups')); if (Auth::user()->isSuperUser()) {
} else { if ($request->has('groups')) {
$user->groups()->sync(array()); $user->groups()->sync($request->input('groups'));
} else {
$user->groups()->sync(array());
}
} }
// Do we want to update the user password? // Do we want to update the user password?
if ($request->has('password')) { if ($request->has('password')) {
$user->password = bcrypt($request->input('password')); $user->password = bcrypt($request->input('password'));

51
resources/views/users/edit.blade.php
View file

@ -368,27 +368,40 @@
<div class="form-group{{ $errors->has('groups') ? ' has-error' : '' }}"> <div class="form-group{{ $errors->has('groups') ? ' has-error' : '' }}">
<label class="col-md-3 control-label" for="groups"> {{ trans('general.groups') }}</label> <label class="col-md-3 control-label" for="groups"> {{ trans('general.groups') }}</label>
<div class="col-md-5"> <div class="col-md-5">
<div class="controls">
<select
name="groups[]"
id="groups[]"
multiple="multiple"
class="form-control"
{{ ((Config::get('app.lock_passwords') || ($user->id==Auth::user()->id) || (!Auth::user()->isSuperUser())) ? ' disabled' : '') }}
>
@foreach ($groups as $id => $group) @if ((Config::get('app.lock_passwords') || ($user->id==Auth::user()->id) || (!Auth::user()->isSuperUser())))
<option value="{{ $id }}"
{{ ($userGroups->keys()->contains($id) ? ' selected="selected"' : '') }}> @if (count($userGroups->keys()) > 0)
{{ $group }} <ul>
</option> @foreach ($groups as $id => $group)
@endforeach {!! ($userGroups->keys()->contains($id) ? '<li>'.e($group).'</li>' : '') !!}
</select> @endforeach
</ul>
@endif
<span class="help-block">Only superadmins may edit group memberships.</p>
@else
<div class="controls">
<select
name="groups[]"
id="groups[]"
multiple="multiple"
class="form-control">
@foreach ($groups as $id => $group)
<option value="{{ $id }}"
{{ ($userGroups->keys()->contains($id) ? ' selected="selected"' : '') }}>
{{ $group }}
</option>
@endforeach
</select>
<span class="help-block">
{{ trans('admin/users/table.groupnotes') }}
</span>
</div>
@endif
<span class="help-block">
{{ trans('admin/users/table.groupnotes') }}
</span>
</div>
</div> </div>
</div> </div>
<!-- Email user --> <!-- Email user -->