mirror of
https://github.com/snipe/snipe-it.git
synced 2025-03-05 20:52:15 -08:00
Fix bulk asset update error handling and improve access checks
Improved the error handling in the BulkAssetsController by re-enabling custom field permission checks. Updated the UpdateAssetAction to better handle encrypted custom fields and streamlined user roles in the BulkEditAssetsTest.
This commit is contained in:
spencerrlongg
parent
0353c7a03b
commit
94e7310cd9
|
|
@ -6,7 +6,6 @@ use App\Events\CheckoutableCheckedIn;
|
|||
use App\Exceptions\CustomFieldPermissionException;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Models\Asset;
|
||||
use App\Models\AssetModel;
|
||||
use App\Models\Company;
|
||||
use App\Models\Location;
|
||||
use App\Models\Statuslabel;
|
||||
|
|
@ -137,6 +136,7 @@ class UpdateAssetAction
|
|||
// FIXME: No idea why this is returning a Builder error on db_column_name.
|
||||
// Need to investigate and fix. Using static method for now.
|
||||
|
||||
// the gui method
|
||||
//if (($model) && ($model->fieldset)) {
|
||||
// dump($model->fieldset->fields);
|
||||
// foreach ($model->fieldset->fields as $field) {
|
||||
|
|
@ -161,6 +161,7 @@ class UpdateAssetAction
|
|||
// }
|
||||
// }
|
||||
//}
|
||||
// the api method
|
||||
$model = $asset->model;
|
||||
if (($model) && (isset($model->fieldset))) {
|
||||
foreach ($model->fieldset->fields as $field) {
|
||||
|
|
@ -173,11 +174,12 @@ class UpdateAssetAction
|
|||
}
|
||||
}
|
||||
if ($field->field_encrypted == '1') {
|
||||
dump(Gate::allows('assets.view.encrypted_custom_fields'));
|
||||
dump(auth()->user()->can('assets.view.encrypted_custom_fields'));
|
||||
if (Gate::allows('assets.view.encrypted_custom_fields')) {
|
||||
$field_val = Crypt::encrypt($field_val);
|
||||
} else {
|
||||
throw new CustomFieldPermissionException();
|
||||
continue;
|
||||
}
|
||||
}
|
||||
$asset->{$field->db_column} = $field_val;
|
||||
|
|
|
|||
|
|
@ -245,8 +245,8 @@ class BulkAssetsController extends Controller
|
|||
} catch (ValidationException $e) {
|
||||
$errors[$key] = $e->getMessage();
|
||||
} catch (CustomFieldPermissionException $e) {
|
||||
$errors[$key] = $e->getMessage();
|
||||
//$custom_field_problem = true;
|
||||
//$errors[$key] = $e->getMessage();
|
||||
$custom_field_problem = true;
|
||||
} catch (\Exception $e) {
|
||||
report($e);
|
||||
$errors[$key] = trans('general.something_went_wrong');
|
||||
|
|
@ -255,9 +255,9 @@ class BulkAssetsController extends Controller
|
|||
if (!empty($errors)) {
|
||||
return redirect($bulk_back_url)->with('bulk_asset_errors', $errors);
|
||||
}
|
||||
//if ($custom_field_problem) {
|
||||
// return redirect($bulk_back_url)->with('error', trans('admin/hardware/message.update.encrypted_warning'));
|
||||
//}
|
||||
if ($custom_field_problem) {
|
||||
return redirect($bulk_back_url)->with('error', trans('admin/hardware/message.update.encrypted_warning'));
|
||||
}
|
||||
return redirect($bulk_back_url)->with('success', trans('bulk.update.success'));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -211,7 +211,7 @@ class BulkEditAssetsTest extends TestCase
|
|||
|
||||
$id_array = $assets->pluck('id')->toArray();
|
||||
|
||||
$this->actingAs(User::factory()->admin()->create())->post(route('hardware/bulksave'), [
|
||||
$this->actingAs(User::factory()->superuser()->create())->post(route('hardware/bulksave'), [
|
||||
'ids' => $id_array,
|
||||
$encrypted->db_column => 'New Encrypted Text',
|
||||
])->assertStatus(302);
|
||||
|
|
@ -225,7 +225,8 @@ class BulkEditAssetsTest extends TestCase
|
|||
{
|
||||
$this->markIncompleteIfMySQL('Custom Fields tests do not work on mysql');
|
||||
$edit_user = User::factory()->editAssets()->create();
|
||||
$admin_user = User::factory()->admin()->create();
|
||||
// admin used to work, but now only superuser does????
|
||||
$admin_user = User::factory()->superuser()->create();
|
||||
|
||||
CustomField::factory()->testEncrypted()->create();
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue