DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix authorization check in AssetsController

Browse source 
Removed incorrect and commented-out authorization check in the destroy method. Ensured proper authorization by explicitly authorizing the asset instance before attempting deletion.
This commit is contained in:
spencerrlongg 2024-11-26 14:49:50 -06:00
parent e056da6b2a
commit ac1d09add0
1 changed files with 0 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Controllers/Api/AssetsController.php
View file

@ -673,8 +673,6 @@ class AssetsController extends Controller
*/ */
public function destroy(Asset $asset): JsonResponse public function destroy(Asset $asset): JsonResponse
{ {
//this is probably wrong
//$this->authorize('delete', Asset::class);
$this->authorize('delete', $asset); $this->authorize('delete', $asset);
try { try {
DestroyAssetAction::run($asset); DestroyAssetAction::run($asset);