Merge pull request #8606 from uberbrady/fix_cant_manage_self

Add a new custom validator for Users
This commit is contained in:
snipe 2020-10-23 19:16:11 -07:00 committed by GitHub
commit 89e36dbc42
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 1 deletions

View file

@ -74,7 +74,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
'password' => 'required|min:8',
'locale' => 'max:10|nullable',
'website' => 'url|nullable',
'manager_id' => 'nullable|exists:users,id',
'manager_id' => 'nullable|exists:users,id|cant_manage_self',
'location_id' => 'exists:locations,id|nullable',
];

View file

@ -107,6 +107,27 @@ class ValidationServiceProvider extends ServiceProvider
return preg_match('/\p{Z}|\p{S}|\p{P}/', $value);
});
Validator::extend('cant_manage_self', function ($attribute, $value, $parameters, $validator) {
// $value is the actual *value* of the thing that's being validated
// $attribute is the name of the field that the validation is running on - probably manager_id in our case
// $parameters are the optional parameters - an array for everything, split on commas. But we don't take any params here.
// $validator gives us proper access to the rest of the actual data
$data = $validator->getData();
if(array_key_exists("id", $data)) {
if ($value && $value == $data['id']) {
// if you definitely have an ID - you're saving an existing user - and your ID matches your manager's ID - fail.
return false;
} else {
return true;
}
} else {
// no 'id' key to compare against (probably because this is a new user)
// so it automatically passes this validation
return true;
}
});
}

View file

@ -117,6 +117,7 @@ return array(
"hashed_pass" => "Your current password is incorrect",
"statuslabel_type" => "You must select a valid status label type",
],
'cant_manage_self' => "A user cannot be their own manager",
/*
|--------------------------------------------------------------------------