mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-10 07:34:06 -08:00
Merge pull request #8606 from uberbrady/fix_cant_manage_self
Add a new custom validator for Users
This commit is contained in:
commit
89e36dbc42
|
@ -74,7 +74,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
|
|||
'password' => 'required|min:8',
|
||||
'locale' => 'max:10|nullable',
|
||||
'website' => 'url|nullable',
|
||||
'manager_id' => 'nullable|exists:users,id',
|
||||
'manager_id' => 'nullable|exists:users,id|cant_manage_self',
|
||||
'location_id' => 'exists:locations,id|nullable',
|
||||
];
|
||||
|
||||
|
|
|
@ -107,6 +107,27 @@ class ValidationServiceProvider extends ServiceProvider
|
|||
return preg_match('/\p{Z}|\p{S}|\p{P}/', $value);
|
||||
});
|
||||
|
||||
Validator::extend('cant_manage_self', function ($attribute, $value, $parameters, $validator) {
|
||||
// $value is the actual *value* of the thing that's being validated
|
||||
// $attribute is the name of the field that the validation is running on - probably manager_id in our case
|
||||
// $parameters are the optional parameters - an array for everything, split on commas. But we don't take any params here.
|
||||
// $validator gives us proper access to the rest of the actual data
|
||||
$data = $validator->getData();
|
||||
|
||||
if(array_key_exists("id", $data)) {
|
||||
if ($value && $value == $data['id']) {
|
||||
// if you definitely have an ID - you're saving an existing user - and your ID matches your manager's ID - fail.
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
// no 'id' key to compare against (probably because this is a new user)
|
||||
// so it automatically passes this validation
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -117,6 +117,7 @@ return array(
|
|||
"hashed_pass" => "Your current password is incorrect",
|
||||
"statuslabel_type" => "You must select a valid status label type",
|
||||
],
|
||||
'cant_manage_self' => "A user cannot be their own manager",
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
Loading…
Reference in a new issue