DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-09-19 23:37:38 -07:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Merge pull request #10498 from Haxatron/master

Browse source 
Fix access control
This commit is contained in:
snipe 2022-01-10 19:24:31 -08:00 committed by GitHub
parent b78e610ce3 bb095641c2
commit cf14a0222c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/Http/Controllers/BulkAssetModelsController.php
View file

@ -32,6 +32,7 @@ class BulkAssetModelsController extends Controller
// If deleting....
if ($request->input('bulk_actions')=='delete') {
$this->authorize('delete', AssetModel::class);
$valid_count = 0;
foreach ($models as $model) {
if ($model->assets_count == 0) {
@ -42,7 +43,7 @@ class BulkAssetModelsController extends Controller
// Otherwise display the bulk edit screen
}
$this->authorize('update', AssetModel::class);
$nochange = ['NC' => 'No Change'];
return view('models/bulk-edit', compact('models'))
->with('fieldset_list', $nochange + Helper::customFieldsetList())
@ -63,7 +64,8 @@ class BulkAssetModelsController extends Controller
*/
public function update(Request $request)
{
$this->authorize('update', AssetModel::class);
$models_raw_array = $request->input('ids');
$update_array = array();
@ -103,6 +105,8 @@ class BulkAssetModelsController extends Controller
*/
public function destroy(Request $request)
{
$this->authorize('delete', AssetModel::class);
$models_raw_array = $request->input('ids');
if ((is_array($models_raw_array)) && (count($models_raw_array) > 0)) {