DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-23 11:43:47 -08:00
Code Issues Actions 13 Packages Projects Releases Wiki Activity

Fix permission issue for API fieldsets and fields endpoints (#7294)

Browse source 
Close snipe/snipe-it#7250
This commit is contained in:
Marián Skrip 2019-07-24 19:57:09 +02:00 committed by snipe
parent af1857b6ee
commit 8a1f6b74e8
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/Http/Controllers/Api/CustomFieldsController.php
View file

@ -23,7 +23,7 @@ class CustomFieldsController extends Controller
public function index() public function index()
{ {
$this->authorize('index', CustomFields::class); $this->authorize('index', CustomField::class);
$fields = CustomField::get(); $fields = CustomField::get();
return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count()); return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count());
} }
@ -37,7 +37,7 @@ class CustomFieldsController extends Controller
*/ */
public function show($id) public function show($id)
{ {
$this->authorize('show', CustomField::class); $this->authorize('view', CustomField::class);
if ($field = CustomField::find($id)) { if ($field = CustomField::find($id)) {
return (new CustomFieldsTransformer)->transformCustomField($field); return (new CustomFieldsTransformer)->transformCustomField($field);
} }
@ -58,9 +58,9 @@ class CustomFieldsController extends Controller
{ {
$this->authorize('update', CustomField::class); $this->authorize('update', CustomField::class);
$field = CustomField::findOrFail($id); $field = CustomField::findOrFail($id);
/** /**
* Updated values for the field, * Updated values for the field,
* without the "field_encrypted" flag, preventing the change of encryption status * without the "field_encrypted" flag, preventing the change of encryption status
* @var array * @var array
*/ */

2
app/Http/Controllers/Api/CustomFieldsetsController.php
View file

@ -50,7 +50,7 @@ class CustomFieldsetsController extends Controller
*/ */
public function show($id) public function show($id)
{ {
$this->authorize('show', CustomFieldset::class); $this->authorize('view', CustomFieldset::class);
if ($fieldset = CustomFieldset::find($id)) { if ($fieldset = CustomFieldset::find($id)) {
return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset); return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset);
} }