Merge pull request #15563 from snipe/refined_gates_on_user_bulk
Some checks are pending
Crowdin Action / upload-sources-to-crowdin (push) Waiting to run
Docker images (Alpine) / docker (push) Waiting to run
Docker images / docker (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.1) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.2) (push) Waiting to run
Tests in MySQL / PHP ${{ matrix.php-version }} (8.3) (push) Waiting to run
Tests in SQLite / PHP ${{ matrix.php-version }} (8.1.1) (push) Waiting to run

Update for #15534 - Refined gates on user bulk
This commit is contained in:
snipe 2024-09-25 20:35:58 +01:00 committed by GitHub
commit ac6411743b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 29 additions and 20 deletions

View file

@ -36,7 +36,7 @@ class BulkUsersController extends Controller
*/ */
public function edit(Request $request) public function edit(Request $request)
{ {
$this->authorize('update', User::class); $this->authorize('view', User::class);
// Make sure there were users selected // Make sure there were users selected
if (($request->filled('ids')) && (count($request->input('ids')) > 0)) { if (($request->filled('ids')) && (count($request->input('ids')) > 0)) {
@ -48,16 +48,18 @@ class BulkUsersController extends Controller
// bulk edit, display the bulk edit form // bulk edit, display the bulk edit form
if ($request->input('bulk_actions') == 'edit') { if ($request->input('bulk_actions') == 'edit') {
$this->authorize('update', User::class);
return view('users/bulk-edit', compact('users')) return view('users/bulk-edit', compact('users'))
->with('groups', Group::pluck('name', 'id')); ->with('groups', Group::pluck('name', 'id'));
// bulk delete, display the bulk delete confirmation form // bulk delete, display the bulk delete confirmation form
} elseif ($request->input('bulk_actions') == 'delete') { } elseif ($request->input('bulk_actions') == 'delete') {
$this->authorize('delete', User::class);
return view('users/confirm-bulk-delete')->with('users', $users)->with('statuslabel_list', Helper::statusLabelList()); return view('users/confirm-bulk-delete')->with('users', $users)->with('statuslabel_list', Helper::statusLabelList());
// merge, confirm they have at least 2 users selected and display the merge screen // merge, confirm they have at least 2 users selected and display the merge screen
} elseif ($request->input('bulk_actions') == 'merge') { } elseif ($request->input('bulk_actions') == 'merge') {
$this->authorize('delete', User::class);
if (($request->filled('ids')) && (count($request->input('ids')) > 1)) { if (($request->filled('ids')) && (count($request->input('ids')) > 1)) {
return view('users/confirm-merge')->with('users', $users); return view('users/confirm-merge')->with('users', $users);
// Not enough users selected, send them back // Not enough users selected, send them back

View file

@ -1,3 +1,4 @@
@can('view', \App\Models\User::class)
<div id="userBulkEditToolbar"> <div id="userBulkEditToolbar">
{{ Form::open([ {{ Form::open([
'method' => 'POST', 'method' => 'POST',
@ -6,19 +7,25 @@
'id' => 'usersBulkForm']) }} 'id' => 'usersBulkForm']) }}
@if (request('status')!='deleted') @if (request('status')!='deleted')
@can('delete', \App\Models\User::class)
<div id="users-toolbar"> <div id="users-toolbar">
<label for="bulk_actions" class="sr-only">{{ trans('general.bulk_actions') }}</label> <label for="bulk_actions" class="sr-only">{{ trans('general.bulk_actions') }}</label>
<select name="bulk_actions" class="form-control select2" style="min-width:300px;" aria-label="bulk_actions"> <select name="bulk_actions" class="form-control select2" style="min-width:300px;" aria-label="bulk_actions">
@can('update', \App\Models\User::class)
<option value="edit">{{ trans('general.bulk_edit') }}</option> <option value="edit">{{ trans('general.bulk_edit') }}</option>
@endcan
@can('delete', \App\Models\User::class)
<option value="delete">{!! trans('general.bulk_checkin_delete') !!}</option> <option value="delete">{!! trans('general.bulk_checkin_delete') !!}</option>
<option value="merge">{!! trans('general.merge_users') !!}</option> <option value="merge">{!! trans('general.merge_users') !!}</option>
@endcan
<option value="bulkpasswordreset">{{ trans('button.send_password_link') }}</option> <option value="bulkpasswordreset">{{ trans('button.send_password_link') }}</option>
<option value="print">{{ trans('admin/users/general.print_assigned') }}</option> <option value="print">{{ trans('admin/users/general.print_assigned') }}</option>
</select> </select>
<button class="btn btn-primary" id="bulkUserEditButton" disabled>{{ trans('button.go') }}</button> <button class="btn btn-primary" id="bulkUserEditButton" disabled>{{ trans('button.go') }}</button>
</div> </div>
@endcan
@endif @endif
{{ Form::close() }} {{ Form::close() }}
</div> </div>
@endcan