Hoist the autorization higher in the stack so we’re not doing logic or math when the user isn’t authorized to touch this

Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2023-01-23 21:49:17 -08:00
parent 2bdf3d3f44
commit dc155846ca

View file

@ -63,6 +63,7 @@ class AccessoriesController extends Controller
public function store(ImageUploadRequest $request) public function store(ImageUploadRequest $request)
{ {
$this->authorize(Accessory::class); $this->authorize(Accessory::class);
// create a new model instance // create a new model instance
$accessory = new Accessory(); $accessory = new Accessory();
@ -82,7 +83,6 @@ class AccessoriesController extends Controller
$accessory->supplier_id = request('supplier_id'); $accessory->supplier_id = request('supplier_id');
$accessory->notes = request('notes'); $accessory->notes = request('notes');
$accessory = $request->handleImages($accessory); $accessory = $request->handleImages($accessory);
// Was the accessory created? // Was the accessory created?
@ -129,6 +129,8 @@ class AccessoriesController extends Controller
{ {
if ($accessory = Accessory::withCount('users as users_count')->find($accessoryId)) { if ($accessory = Accessory::withCount('users as users_count')->find($accessoryId)) {
$this->authorize($accessory);
$validator = Validator::make($request->all(), [ $validator = Validator::make($request->all(), [
"qty" => "required|numeric|min:$accessory->users_count" "qty" => "required|numeric|min:$accessory->users_count"
]); ]);
@ -139,7 +141,7 @@ class AccessoriesController extends Controller
->withInput(); ->withInput();
} }
$this->authorize($accessory);
// Update the accessory data // Update the accessory data
$accessory->name = request('name'); $accessory->name = request('name');