DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-12 16:44:08 -08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Corrected gates, added fillable

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2023-03-18 11:53:20 -07:00
parent c7f4a93c17
commit 8dd3ae8a37
2 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
app/Http/Controllers/Api/GroupsController.php
View file

@ -8,6 +8,7 @@ use App\Http\Transformers\GroupsTransformer;
use App\Models\Group; use App\Models\Group;
use Illuminate\Http\Request; use Illuminate\Http\Request;
class GroupsController extends Controller class GroupsController extends Controller
{ {
/** /**
@ -19,6 +20,8 @@ class GroupsController extends Controller
*/ */
public function index(Request $request) public function index(Request $request)
{ {
$this->authorize('superadmin');
$this->authorize('view', Group::class); $this->authorize('view', Group::class);
$allowed_columns = ['id', 'name', 'created_at', 'users_count']; $allowed_columns = ['id', 'name', 'created_at', 'users_count'];
@ -59,9 +62,11 @@ class GroupsController extends Controller
*/ */
public function store(Request $request) public function store(Request $request)
{ {
$this->authorize('create', Group::class); $this->authorize('superadmin');
$group = new Group; $group = new Group;
$group->fill($request->all());
$group->name = $request->input('name');
$group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
if ($group->save()) { if ($group->save()) {
return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success'))); return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));
@ -80,7 +85,7 @@ class GroupsController extends Controller
*/ */
public function show($id) public function show($id)
{ {
$this->authorize('view', Group::class); $this->authorize('superadmin');
$group = Group::findOrFail($id); $group = Group::findOrFail($id);
return (new GroupsTransformer)->transformGroup($group); return (new GroupsTransformer)->transformGroup($group);
@ -97,9 +102,11 @@ class GroupsController extends Controller
*/ */
public function update(Request $request, $id) public function update(Request $request, $id)
{ {
$this->authorize('update', Group::class); $this->authorize('superadmin');
$group = Group::findOrFail($id); $group = Group::findOrFail($id);
$group->fill($request->all());
$group->name = $request->input('name');
$group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
if ($group->save()) { if ($group->save()) {
return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success'))); return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success')));
@ -118,9 +125,8 @@ class GroupsController extends Controller
*/ */
public function destroy($id) public function destroy($id)
{ {
$this->authorize('delete', Group::class); $this->authorize('superadmin');
$group = Group::findOrFail($id); $group = Group::findOrFail($id);
$this->authorize('delete', $group);
$group->delete(); $group->delete();
return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/groups/message.delete.success'))); return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/groups/message.delete.success')));

5
app/Models/Group.php
View file

@ -16,6 +16,11 @@ class Group extends SnipeModel
'name' => 'required|min:2|max:255', 'name' => 'required|min:2|max:255',
]; ];
protected $fillable = [
'name',
'permissions'
];
/** /**
* Whether the model should inject it's identifier to the unique * Whether the model should inject it's identifier to the unique
* validation rules before attempting validation. If this property * validation rules before attempting validation. If this property