Merge pull request #15373 from snipe/fixes/#15366_custom_fields

Fixed #15366 use the non-admin edit encrypted custom fields permissions
2024-11-09 23:24:06 -08:00 · 2024-08-22 15:00:16 +01:00 · 2024-08-22 15:00:16 +01:00 · 833dace2b4
parent ec365b0804 56e31d2303
commit 833dace2b4
2 changed files with 4 additions and 4 deletions
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@ -602,7 +602,7 @@ class AssetsController extends Controller
                if ($field->field_encrypted == '1') {
                    Log::debug('This model field is encrypted in this fieldset.');

-                    if (Gate::allows('admin')) {
+                    if (Gate::allows('assets.view.encrypted_custom_fields')) {

                        // If input value is null, use custom field's default value
                        if (($field_val == null) && ($request->has('model_id') != '')) {
@ -695,7 +695,7 @@ class AssetsController extends Controller
                            }
                        }
                        if ($field->field_encrypted == '1') {
-                            if (Gate::allows('admin')) {
+                            if (Gate::allows('assets.view.encrypted_custom_fields')) {
                                $field_val = Crypt::encrypt($field_val);
                            } else {
                                $problems_updating_encrypted_custom_fields = true;
--- a/app/Http/Controllers/Assets/AssetsController.php
+++ b/app/Http/Controllers/Assets/AssetsController.php
@ -165,7 +165,7 @@ class AssetsController extends Controller
            if (($model) && ($model->fieldset)) {
                foreach ($model->fieldset->fields as $field) {
                    if ($field->field_encrypted == '1') {
-                        if (Gate::allows('admin')) {
+                        if (Gate::allows('assets.view.encrypted_custom_fields')) {
                            if (is_array($request->input($field->db_column))) {
                                $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                            } else {
@ -388,7 +388,7 @@ class AssetsController extends Controller
            foreach ($model->fieldset->fields as $field) {

                if ($field->field_encrypted == '1') {
-                    if (Gate::allows('admin')) {
+                    if (Gate::allows('assets.view.encrypted_custom_fields')) {
                        if (is_array($request->input($field->db_column))) {
                            $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                        } else {