mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Merge pull request #12910 from snipe/fixes/finer_permissions_for_bulk_assets
Added more granular permissions on bulk actions for assets
This commit is contained in:
commit
efc0929bbc
|
@ -29,7 +29,7 @@ class BulkAssetsController extends Controller
|
||||||
*/
|
*/
|
||||||
public function edit(Request $request)
|
public function edit(Request $request)
|
||||||
{
|
{
|
||||||
$this->authorize('update', Asset::class);
|
$this->authorize('view', Asset::class);
|
||||||
|
|
||||||
if (! $request->filled('ids')) {
|
if (! $request->filled('ids')) {
|
||||||
return redirect()->back()->with('error', trans('admin/hardware/message.update.no_assets_selected'));
|
return redirect()->back()->with('error', trans('admin/hardware/message.update.no_assets_selected'));
|
||||||
|
@ -44,6 +44,7 @@ class BulkAssetsController extends Controller
|
||||||
if ($request->filled('bulk_actions')) {
|
if ($request->filled('bulk_actions')) {
|
||||||
switch ($request->input('bulk_actions')) {
|
switch ($request->input('bulk_actions')) {
|
||||||
case 'labels':
|
case 'labels':
|
||||||
|
$this->authorize('view', Asset::class);
|
||||||
return view('hardware/labels')
|
return view('hardware/labels')
|
||||||
->with('assets', Asset::find($asset_ids))
|
->with('assets', Asset::find($asset_ids))
|
||||||
->with('settings', Setting::getSettings())
|
->with('settings', Setting::getSettings())
|
||||||
|
@ -51,6 +52,7 @@ class BulkAssetsController extends Controller
|
||||||
->with('count', 0);
|
->with('count', 0);
|
||||||
|
|
||||||
case 'delete':
|
case 'delete':
|
||||||
|
$this->authorize('delete', Asset::class);
|
||||||
$assets = Asset::with('assignedTo', 'location')->find($asset_ids);
|
$assets = Asset::with('assignedTo', 'location')->find($asset_ids);
|
||||||
$assets->each(function ($asset) {
|
$assets->each(function ($asset) {
|
||||||
$this->authorize('delete', $asset);
|
$this->authorize('delete', $asset);
|
||||||
|
@ -59,6 +61,7 @@ class BulkAssetsController extends Controller
|
||||||
return view('hardware/bulk-delete')->with('assets', $assets);
|
return view('hardware/bulk-delete')->with('assets', $assets);
|
||||||
|
|
||||||
case 'restore':
|
case 'restore':
|
||||||
|
$this->authorize('update', Asset::class);
|
||||||
$assets = Asset::withTrashed()->find($asset_ids);
|
$assets = Asset::withTrashed()->find($asset_ids);
|
||||||
$assets->each(function ($asset) {
|
$assets->each(function ($asset) {
|
||||||
$this->authorize('delete', $asset);
|
$this->authorize('delete', $asset);
|
||||||
|
@ -67,6 +70,7 @@ class BulkAssetsController extends Controller
|
||||||
return view('hardware/bulk-restore')->with('assets', $assets);
|
return view('hardware/bulk-restore')->with('assets', $assets);
|
||||||
|
|
||||||
case 'edit':
|
case 'edit':
|
||||||
|
$this->authorize('update', Asset::class);
|
||||||
return view('hardware/bulk')
|
return view('hardware/bulk')
|
||||||
->with('assets', $asset_ids)
|
->with('assets', $asset_ids)
|
||||||
->with('statuslabel_list', Helper::statusLabelList());
|
->with('statuslabel_list', Helper::statusLabelList());
|
||||||
|
@ -333,6 +337,7 @@ class BulkAssetsController extends Controller
|
||||||
|
|
||||||
}
|
}
|
||||||
public function restore(Request $request) {
|
public function restore(Request $request) {
|
||||||
|
$this->authorize('update', Asset::class);
|
||||||
$assetIds = $request->get('ids');
|
$assetIds = $request->get('ids');
|
||||||
if (empty($assetIds)) {
|
if (empty($assetIds)) {
|
||||||
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.restore.nothing_updated'));
|
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.restore.nothing_updated'));
|
||||||
|
|
Loading…
Reference in a new issue