DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-09-20 07:47:41 -07:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Hoist the autorization higher in the stack so we’re not doing logic or math when the user isn’t authorized to touch this

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2023-01-23 21:49:17 -08:00
parent 2bdf3d3f44
commit dc155846ca
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Controllers/Accessories/AccessoriesController.php
View file

@ -63,6 +63,7 @@ class AccessoriesController extends Controller
public function store(ImageUploadRequest $request)
{
$this->authorize(Accessory::class);
// create a new model instance
$accessory = new Accessory();
@ -82,7 +83,6 @@ class AccessoriesController extends Controller
$accessory->supplier_id = request('supplier_id');
$accessory->notes = request('notes');
$accessory = $request->handleImages($accessory);
// Was the accessory created?
@ -129,6 +129,8 @@ class AccessoriesController extends Controller
{
if ($accessory = Accessory::withCount('users as users_count')->find($accessoryId)) {
$this->authorize($accessory);
$validator = Validator::make($request->all(), [
"qty" => "required|numeric|min:$accessory->users_count"
]);
@ -139,7 +141,7 @@ class AccessoriesController extends Controller
->withInput();
}
$this->authorize($accessory);
// Update the accessory data
$accessory->name = request('name');