Fix bulk asset update error handling and improve access checks

Improved the error handling in the BulkAssetsController by re-enabling custom field permission checks. Updated the UpdateAssetAction to better handle encrypted custom fields and streamlined user roles in the BulkEditAssetsTest.
This commit is contained in:
spencerrlongg 2024-11-19 19:57:26 -06:00
parent 0353c7a03b
commit 94e7310cd9
3 changed files with 12 additions and 9 deletions

View file

@ -6,7 +6,6 @@ use App\Events\CheckoutableCheckedIn;
use App\Exceptions\CustomFieldPermissionException;
use App\Http\Requests\ImageUploadRequest;
use App\Models\Asset;
use App\Models\AssetModel;
use App\Models\Company;
use App\Models\Location;
use App\Models\Statuslabel;
@ -137,6 +136,7 @@ class UpdateAssetAction
// FIXME: No idea why this is returning a Builder error on db_column_name.
// Need to investigate and fix. Using static method for now.
// the gui method
//if (($model) && ($model->fieldset)) {
// dump($model->fieldset->fields);
// foreach ($model->fieldset->fields as $field) {
@ -161,6 +161,7 @@ class UpdateAssetAction
// }
// }
//}
// the api method
$model = $asset->model;
if (($model) && (isset($model->fieldset))) {
foreach ($model->fieldset->fields as $field) {
@ -173,11 +174,12 @@ class UpdateAssetAction
}
}
if ($field->field_encrypted == '1') {
dump(Gate::allows('assets.view.encrypted_custom_fields'));
dump(auth()->user()->can('assets.view.encrypted_custom_fields'));
if (Gate::allows('assets.view.encrypted_custom_fields')) {
$field_val = Crypt::encrypt($field_val);
} else {
throw new CustomFieldPermissionException();
continue;
}
}
$asset->{$field->db_column} = $field_val;

View file

@ -245,8 +245,8 @@ class BulkAssetsController extends Controller
} catch (ValidationException $e) {
$errors[$key] = $e->getMessage();
} catch (CustomFieldPermissionException $e) {
$errors[$key] = $e->getMessage();
//$custom_field_problem = true;
//$errors[$key] = $e->getMessage();
$custom_field_problem = true;
} catch (\Exception $e) {
report($e);
$errors[$key] = trans('general.something_went_wrong');
@ -255,9 +255,9 @@ class BulkAssetsController extends Controller
if (!empty($errors)) {
return redirect($bulk_back_url)->with('bulk_asset_errors', $errors);
}
//if ($custom_field_problem) {
// return redirect($bulk_back_url)->with('error', trans('admin/hardware/message.update.encrypted_warning'));
//}
if ($custom_field_problem) {
return redirect($bulk_back_url)->with('error', trans('admin/hardware/message.update.encrypted_warning'));
}
return redirect($bulk_back_url)->with('success', trans('bulk.update.success'));
}

View file

@ -211,7 +211,7 @@ class BulkEditAssetsTest extends TestCase
$id_array = $assets->pluck('id')->toArray();
$this->actingAs(User::factory()->admin()->create())->post(route('hardware/bulksave'), [
$this->actingAs(User::factory()->superuser()->create())->post(route('hardware/bulksave'), [
'ids' => $id_array,
$encrypted->db_column => 'New Encrypted Text',
])->assertStatus(302);
@ -225,7 +225,8 @@ class BulkEditAssetsTest extends TestCase
{
$this->markIncompleteIfMySQL('Custom Fields tests do not work on mysql');
$edit_user = User::factory()->editAssets()->create();
$admin_user = User::factory()->admin()->create();
// admin used to work, but now only superuser does????
$admin_user = User::factory()->superuser()->create();
CustomField::factory()->testEncrypted()->create();