Merge pull request #8606 from uberbrady/fix_cant_manage_self

Add a new custom validator for Users
2024-09-20 07:47:41 -07:00 · 2020-10-23 19:16:11 -07:00 · 2020-10-23 19:16:11 -07:00 · 89e36dbc42
parent d317052ede 0eda53c484
commit 89e36dbc42
3 changed files with 23 additions and 1 deletions
--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -74,7 +74,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
        'password'                => 'required|min:8',
        'locale'                  => 'max:10|nullable',
        'website'                 => 'url|nullable',
-        'manager_id'              => 'nullable|exists:users,id',
+        'manager_id'              => 'nullable|exists:users,id|cant_manage_self',
        'location_id'             => 'exists:locations,id|nullable',
    ];

--- a/app/Providers/ValidationServiceProvider.php
+++ b/app/Providers/ValidationServiceProvider.php
@ -107,6 +107,27 @@ class ValidationServiceProvider extends ServiceProvider
            return preg_match('/\p{Z}|\p{S}|\p{P}/', $value);
        });

+        Validator::extend('cant_manage_self', function ($attribute, $value, $parameters, $validator) {
+            // $value is the actual *value* of the thing that's being validated
+            // $attribute is the name of the field that the validation is running on - probably manager_id in our case
+            // $parameters are the optional parameters - an array for everything, split on commas. But we don't take any params here.
+            // $validator gives us proper access to the rest of the actual data
+            $data = $validator->getData();
+
+            if(array_key_exists("id", $data)) {
+                if ($value && $value == $data['id']) {
+                    // if you definitely have an ID - you're saving an existing user - and your ID matches your manager's ID - fail.
+                    return false;
+                } else {
+                    return true;
+                }
+            } else {
+                // no 'id' key to compare against (probably because this is a new user)
+                // so it automatically passes this validation
+                return true;
+            }
+        });
+

    }

--- a/resources/lang/en/validation.php
+++ b/resources/lang/en/validation.php
@ -117,6 +117,7 @@ return array(
        "hashed_pass"      => "Your current password is incorrect",
        "statuslabel_type" => "You must select a valid status label type",
    ],
+    'cant_manage_self'  => "A user cannot be their own manager",

    /*
    |--------------------------------------------------------------------------