Switch GET to POST for asset request

Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2021-12-16 20:36:08 -08:00
parent a05fe9c1f7
commit 9b2dd6522f
4 changed files with 5 additions and 5 deletions

View file

@ -179,7 +179,7 @@ class ViewAssetsController extends Controller
$logaction->logaction('request canceled'); $logaction->logaction('request canceled');
$settings->notify(new RequestAssetCancelation($data)); $settings->notify(new RequestAssetCancelation($data));
return redirect()->route('requestable-assets') return redirect()->route('requestable-assets')
->with('success')->with('success', trans('admin/hardware/message.requests.cancel-success')); ->with('success')->with('success', trans('admin/hardware/message.requests.cancel'));
} }
$logaction->logaction('requested'); $logaction->logaction('requested');

View file

@ -77,7 +77,7 @@ return array(
'requests' => array( 'requests' => array(
'error' => 'Asset was not requested, please try again', 'error' => 'Asset was not requested, please try again',
'success' => 'Asset requested successfully.', 'success' => 'Asset requested successfully.',
'canceled' => 'Checkout request successfully canceled' 'cancel' => 'Checkout request successfully canceled'
) )
); );

View file

@ -365,9 +365,9 @@
// This is only used by the requestable assets section // This is only used by the requestable assets section
function assetRequestActionsFormatter (row, value) { function assetRequestActionsFormatter (row, value) {
if (value.available_actions.cancel == true) { if (value.available_actions.cancel == true) {
return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="GET"><button class="btn btn-danger btn-sm" data-toggle="tooltip" title="Cancel this item request">{{ trans('button.cancel') }}</button></form>'; return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="POST">@csrf<button class="btn btn-danger btn-sm" data-toggle="tooltip" title="Cancel this item request">{{ trans('button.cancel') }}</button></form>';
} else if (value.available_actions.request == true) { } else if (value.available_actions.request == true) {
return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="GET"><button class="btn btn-primary btn-sm" data-toggle="tooltip" title="Request this item">{{ trans('button.request') }}</button></form>'; return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="POST">@csrf<button class="btn btn-primary btn-sm" data-toggle="tooltip" title="Request this item">{{ trans('button.request') }}</button></form>';
} }
} }

View file

@ -261,7 +261,7 @@ Route::group([ 'prefix' => 'account', 'middleware' => ['auth']], function () {
'requestable-assets', 'requestable-assets',
[ 'as' => 'requestable-assets', 'uses' => 'ViewAssetsController@getRequestableIndex' ] [ 'as' => 'requestable-assets', 'uses' => 'ViewAssetsController@getRequestableIndex' ]
); );
Route::get( Route::post(
'request-asset/{assetId}', 'request-asset/{assetId}',
[ 'as' => 'account/request-asset', 'uses' => 'ViewAssetsController@getRequestAsset' ] [ 'as' => 'account/request-asset', 'uses' => 'ViewAssetsController@getRequestAsset' ]
); );