DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Apply company scoping for users

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-04-10 12:34:32 +01:00
parent d0f171ebc6
commit adacdc038d
1 changed files with 13 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
app/Http/Controllers/Users/UsersController.php
View file

@ -182,7 +182,8 @@ class UsersController extends Controller
*/ */
public function edit($id) public function edit($id)
{ {
if ($user = User::find($id)) {
if ($user = Company::scopeCompanyables(User::find($id))) {
$this->authorize('update', $user); $this->authorize('update', $user);
$permissions = config('permissions'); $permissions = config('permissions');
$groups = Group::pluck('name', 'id'); $groups = Group::pluck('name', 'id');
@ -427,16 +428,16 @@ class UsersController extends Controller
*/ */
public function show($userId = null) public function show($userId = null)
{ {
if (! $user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId)) {
if (! $user = Company::scopeCompanyables(User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId))) {
// Redirect to the user management page // Redirect to the user management page
return redirect()->route('users.index') return redirect()->route('users.index')
->with('error', trans('admin/users/message.user_not_found', ['id' => $userId])); ->with('error', trans('admin/users/message.user_not_found', ['id' => $userId]));
} }
$this->authorize('view', $user);
$userlog = $user->userlog->load('item'); $userlog = $user->userlog->load('item');
$this->authorize('view', $user);
return view('users/view', compact('user', 'userlog')) return view('users/view', compact('user', 'userlog'))
->with('settings', Setting::getSettings()); ->with('settings', Setting::getSettings());
} }
@ -454,7 +455,7 @@ class UsersController extends Controller
{ {
try { try {
// Get user information // Get user information
$user = User::findOrFail($id); $user = Company::scopeCompanyables(User::findOrFail($id));
$this->authorize('update', $user); $this->authorize('update', $user);
// Check if we are not trying to unsuspend ourselves // Check if we are not trying to unsuspend ourselves
@ -500,7 +501,7 @@ class UsersController extends Controller
try { try {
// Get the user information // Get the user information
$user_to_clone = User::withTrashed()->find($id); $user_to_clone = Company::scopeCompanyables(User::withTrashed()->find($id));
$user = clone $user_to_clone; $user = clone $user_to_clone;
$user->first_name = ''; $user->first_name = '';
$user->last_name = ''; $user->last_name = '';
@ -546,7 +547,7 @@ class UsersController extends Controller
// Open output stream // Open output stream
$handle = fopen('php://output', 'w'); $handle = fopen('php://output', 'w');
User::with('assets', 'accessories', 'consumables', 'department', 'licenses', 'manager', 'groups', 'userloc', 'company') Company::scopeCompanyables(User::with('assets', 'accessories', 'consumables', 'department', 'licenses', 'manager', 'groups', 'userloc', 'company')
->orderBy('created_at', 'DESC') ->orderBy('created_at', 'DESC')
->chunk(500, function ($users) use ($handle) { ->chunk(500, function ($users) use ($handle) {
$headers = [ $headers = [
@ -565,7 +566,7 @@ class UsersController extends Controller
trans('general.licenses'), trans('general.licenses'),
trans('general.accessories'), trans('general.accessories'),
trans('general.consumables'), trans('general.consumables'),
trans('admin/users/table.groups'), trans('general.groups'),
trans('general.notes'), trans('general.notes'),
trans('admin/users/table.activated'), trans('admin/users/table.activated'),
trans('general.created_at'), trans('general.created_at'),
@ -604,7 +605,7 @@ class UsersController extends Controller
fputcsv($handle, $values); fputcsv($handle, $values);
} }
}); }));
// Close the output stream // Close the output stream
fclose($handle); fclose($handle);
@ -626,7 +627,7 @@ class UsersController extends Controller
public function printInventory($id) public function printInventory($id)
{ {
$this->authorize('view', User::class); $this->authorize('view', User::class);
$show_user = User::where('id', $id)->withTrashed()->first(); $show_user = Company::scopeCompanyables(User::where('id', $id)->withTrashed()->first());
$assets = Asset::where('assigned_to', $id)->where('assigned_type', User::class)->with('model', 'model.category')->get(); $assets = Asset::where('assigned_to', $id)->where('assigned_type', User::class)->with('model', 'model.category')->get();
$accessories = $show_user->accessories()->get(); $accessories = $show_user->accessories()->get();
$consumables = $show_user->consumables()->get(); $consumables = $show_user->consumables()->get();
@ -651,7 +652,7 @@ class UsersController extends Controller
{ {
$this->authorize('view', User::class); $this->authorize('view', User::class);
if (!$user = User::find($id)) { if (!$user = Company::scopeCompanyables(User::find($id))) {
return redirect()->back() return redirect()->back()
->with('error', trans('admin/users/message.user_not_found', ['id' => $id])); ->with('error', trans('admin/users/message.user_not_found', ['id' => $id]));
} }
@ -672,7 +673,7 @@ class UsersController extends Controller
*/ */
public function sendPasswordReset($id) public function sendPasswordReset($id)
{ {
if (($user = User::find($id)) && ($user->activated == '1') && ($user->email != '') && ($user->ldap_import == '0')) { if (($user = Company::scopeCompanyables(User::find($id))) && ($user->activated == '1') && ($user->email != '') && ($user->ldap_import == '0')) {
$credentials = ['email' => trim($user->email)]; $credentials = ['email' => trim($user->email)];
try { try {