mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Hoist the autorization higher in the stack so we’re not doing logic or math when the user isn’t authorized to touch this
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
parent
2bdf3d3f44
commit
dc155846ca
|
@ -63,6 +63,7 @@ class AccessoriesController extends Controller
|
|||
public function store(ImageUploadRequest $request)
|
||||
{
|
||||
$this->authorize(Accessory::class);
|
||||
|
||||
// create a new model instance
|
||||
$accessory = new Accessory();
|
||||
|
||||
|
@ -82,7 +83,6 @@ class AccessoriesController extends Controller
|
|||
$accessory->supplier_id = request('supplier_id');
|
||||
$accessory->notes = request('notes');
|
||||
|
||||
|
||||
$accessory = $request->handleImages($accessory);
|
||||
|
||||
// Was the accessory created?
|
||||
|
@ -129,6 +129,8 @@ class AccessoriesController extends Controller
|
|||
{
|
||||
if ($accessory = Accessory::withCount('users as users_count')->find($accessoryId)) {
|
||||
|
||||
$this->authorize($accessory);
|
||||
|
||||
$validator = Validator::make($request->all(), [
|
||||
"qty" => "required|numeric|min:$accessory->users_count"
|
||||
]);
|
||||
|
@ -139,7 +141,7 @@ class AccessoriesController extends Controller
|
|||
->withInput();
|
||||
}
|
||||
|
||||
$this->authorize($accessory);
|
||||
|
||||
|
||||
// Update the accessory data
|
||||
$accessory->name = request('name');
|
||||
|
|
Loading…
Reference in a new issue