Fixed #6956 - viewKeys policy inconsistent (#7009)

* Fixed #6956 - Added additional gates show showing/hiding license keys

* Modified gate to allow user to see licenses if they can create or edit the license as well
This commit is contained in:
snipe 2019-05-08 08:14:49 -04:00 committed by GitHub
parent 23fa5d0bf4
commit d016076806
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 58 additions and 13 deletions

View file

@ -179,7 +179,9 @@ class LicensesController extends Controller
$license->purchase_date = $request->input('purchase_date');
$license->purchase_order = $request->input('purchase_order');
$license->reassignable = $request->input('reassignable', 0);
if (Gate::allows('viewKeys', $license)) {
$license->serial = $request->input('serial');
}
$license->termination_date = $request->input('termination_date');
$license->seats = e($request->input('seats'));
$license->manufacturer_id = $request->input('manufacturer_id');

View file

@ -14,15 +14,26 @@ class LicensePolicy extends CheckoutablePermissionsPolicy
}
/**
* Determine whether the user can view license keys
* Determine whether the user can view license keys.
* This gets a little tricky, UX/logic-wise. If a user has the ability
* to create a license (which requires a product key), shouldn't they
* have the ability to see the product key as well?
*
* Example: I create the license, realize I need to change
* something (maybe I got the product key wrong), and now I can never
* see/edit that product key.
*
* @see https://github.com/snipe/snipe-it/issues/6956
* @param \App\Models\User $user
* @param \App\Models\License $license
* @return mixed
*/
public function viewKeys(User $user, License $license = null)
{
return $user->hasAccess('licenses.keys');
if ($user->hasAccess('licenses.keys') || $user->hasAccess('licenses.create') || $user->hasAccess('licenses.edit')) {
return true;
}
return false;
}
}

View file

@ -38,7 +38,13 @@
<div class="form-group">
<label class="col-sm-2 control-label">{{ trans('admin/hardware/form.serial') }}</label>
<div class="col-md-6">
<p class="form-control-static">{{ $licenseSeat->license->serial }}</p>
<p class="form-control-static">
@can('viewKeys', $licenseSeat->license)
{{ $licenseSeat->license->serial }}
@else
------------
@endcan
</p>
</div>
</div>

View file

@ -37,7 +37,13 @@
<div class="form-group">
<label class="col-sm-3 control-label">{{ trans('admin/hardware/form.serial') }}</label>
<div class="col-md-9">
<p class="form-control-static" style="word-wrap: break-word;">{{ $license->serial }}</p>
<p class="form-control-static" style="word-wrap: break-word;">
@can('viewKeys', $license)
{{ $license->serial }}
@else
------------
@endcan
</p>
</div>
</div>

View file

@ -10,7 +10,10 @@
@section('inputFields')
@include ('partials.forms.edit.name', ['translated_name' => trans('admin/licenses/form.name')])
@include ('partials.forms.edit.category-select', ['translated_name' => trans('admin/categories/general.category_name'), 'fieldname' => 'category_id', 'required' => 'true', 'category_type' => 'license'])
<!-- Serial-->
@can('viewKeys', $item)
<div class="form-group {{ $errors->has('serial') ? ' has-error' : '' }}">
<label for="serial" class="col-md-3 control-label">{{ trans('admin/licenses/form.license_key') }}</label>
<div class="col-md-7{{ (\App\Helpers\Helper::checkIfRequired($item, 'serial')) ? ' required' : '' }}">
@ -18,6 +21,7 @@
{!! $errors->first('serial', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
</div>
</div>
@endcan
<!-- Seats -->
<div class="form-group {{ $errors->has('seats') ? ' has-error' : '' }}">

View file

@ -51,7 +51,13 @@
<tr>
<td>{{ is_null($license->company) ? '' : $license->company->name }}</td>
<td>{{ $license->name }}</td>
<td>{{ mb_strimwidth($license->serial, 0, 50, "...") }}</td>
<td>
@can('viewKeys', $license)
{{ $license->serial }}
@else
------------
@endcan
</td>
<td>{{ $license->seats }}</td>
<td>{{ $license->remaincount() }}</td>
<td>{{ $license->expiration_date }}</td>

View file

@ -117,7 +117,13 @@
<tr>
<td>{{ $lcounter }}</td>
<td>{{ $license->name }}</td>
<td>{{ $license->serial }}</td>
<td>
@can('viewKeys', $license)
{{ $license->serial }}
@else
------------
@endcan
</td>
<td>{{ $license->assetlog->first()->created_at }}</td>
</tr>
@php

View file

@ -375,7 +375,11 @@
{!! $license->present()->nameUrl() !!}
</td>
<td>
@can('viewKeys', $license)
{!! $license->present()->serialUrl() !!}
@else
------------
@endcan
</td>
<td class="hidden-print">
@can('update', $license)