DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-09 23:24:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Extend #6229 to include superuser permission check (#6772)

Browse source
This commit is contained in:
Sxderp 2021-04-05 23:26:06 -04:00 committed by GitHub
parent 26b97d2b0b
commit f01c93e162
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
app/Models/User.php
View file

@ -114,20 +114,12 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
/** /**
* Check user permissions * Internally check the user permission for the given section
* *
* Parses the user and group permission masks to see if the user
* is authorized to do the thing
*
* @author A. Gianotto <snipe@snipe.net>
* @since [v1.0]
* @return boolean * @return boolean
*/ */
public function hasAccess($section) protected function checkPermissionSection($section)
{ {
if ($this->isSuperUser()) {
return true;
}
$user_groups = $this->groups; $user_groups = $this->groups;
@ -158,6 +150,24 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
return false; return false;
} }
/**
* Check user permissions
*
* Parses the user and group permission masks to see if the user
* is authorized to do the thing
*
* @author A. Gianotto <snipe@snipe.net>
* @since [v1.0]
* @return boolean
*/
public function hasAccess($section)
{
if ($this->isSuperUser()) {
return true;
}
return $this->checkPermissionSection($section);
}
/** /**
* Checks if the user is a SuperUser * Checks if the user is a SuperUser
* *
@ -167,23 +177,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
*/ */
public function isSuperUser() public function isSuperUser()
{ {
if (!$user_permissions = json_decode($this->permissions, true)) { return $this->checkPermissionSection('superuser');
return false;
}
foreach ($this->groups as $user_group) {
$group_permissions = json_decode($user_group->permissions, true);
$group_array = (array)$group_permissions;
if ((array_key_exists('superuser', $group_array)) && ($group_permissions['superuser']=='1')) {
return true;
}
}
if ((array_key_exists('superuser', $user_permissions)) && ($user_permissions['superuser']=='1')) {
return true;
}
return false;
} }