Hoist the autorization higher in the stack so we’re not doing logic or math when the user isn’t authorized to touch this

Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2023-01-23 21:49:17 -08:00
parent 2bdf3d3f44
commit dc155846ca

View file

@ -63,6 +63,7 @@ class AccessoriesController extends Controller
public function store(ImageUploadRequest $request)
{
$this->authorize(Accessory::class);
// create a new model instance
$accessory = new Accessory();
@ -82,7 +83,6 @@ class AccessoriesController extends Controller
$accessory->supplier_id = request('supplier_id');
$accessory->notes = request('notes');
$accessory = $request->handleImages($accessory);
// Was the accessory created?
@ -129,6 +129,8 @@ class AccessoriesController extends Controller
{
if ($accessory = Accessory::withCount('users as users_count')->find($accessoryId)) {
$this->authorize($accessory);
$validator = Validator::make($request->all(), [
"qty" => "required|numeric|min:$accessory->users_count"
]);
@ -139,7 +141,7 @@ class AccessoriesController extends Controller
->withInput();
}
$this->authorize($accessory);
// Update the accessory data
$accessory->name = request('name');