DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-12-26 14:09:43 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Fix access control - https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862/

Browse source
This commit is contained in:
Haxatron 2021-12-09 12:57:04 +08:00 committed by GitHub
parent 86afe6c4b1
commit 918e7c8dae
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Http/Controllers/AssetModelsController.php
View file

@ -269,6 +269,7 @@ class AssetModelsController extends Controller
*/ */
public function getClone($modelId = null) public function getClone($modelId = null)
{ {
$this->authorize('view', AssetModel::class);
// Check if the model exists // Check if the model exists
if (is_null($model_to_clone = AssetModel::find($modelId))) { if (is_null($model_to_clone = AssetModel::find($modelId))) {
return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist')); return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));