Fixed ambiguous query on non-super admins with FCS

This commit is contained in:
snipe 2017-12-12 21:14:12 -08:00
parent 9c108873e9
commit f1a911d305
3 changed files with 14 additions and 14 deletions

View file

@ -88,7 +88,7 @@ class AssetsController extends Controller
$allowed_columns[]=$field->db_column_name(); $allowed_columns[]=$field->db_column_name();
} }
$assets = Company::scopeCompanyables(Asset::select('assets.*'))->with( $assets = Company::scopeCompanyables(Asset::select('assets.*'),"company_id","assets")->with(
'location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo', 'location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
'model.category', 'model.manufacturer', 'model.fieldset','supplier'); 'model.category', 'model.manufacturer', 'model.fieldset','supplier');

View file

@ -55,7 +55,7 @@ final class Company extends SnipeModel
} }
} }
private static function scopeCompanyablesDirectly($query, $column = 'company_id') private static function scopeCompanyablesDirectly($query, $column = 'company_id', $table_name = null )
{ {
if (Auth::user()) { if (Auth::user()) {
$company_id = Auth::user()->company_id; $company_id = Auth::user()->company_id;
@ -63,7 +63,8 @@ final class Company extends SnipeModel
$company_id = null; $company_id = null;
} }
return $query->where($column, '=', $company_id); $table = ($table_name) ? DB::getTablePrefix().$table_name."." : '';
return $query->where($table.$column, '=', $company_id);
} }
public static function getIdFromInput($unescaped_input) public static function getIdFromInput($unescaped_input)
@ -131,13 +132,13 @@ final class Company extends SnipeModel
} }
} }
public static function scopeCompanyables($query, $column = 'company_id') public static function scopeCompanyables($query, $column = 'company_id', $table_name = null )
{ {
// If not logged in and hitting this, assume we are on the command line and don't scope?' // If not logged in and hitting this, assume we are on the command line and don't scope?'
if (!static::isFullMultipleCompanySupportEnabled() || (Auth::check() && Auth::user()->isSuperUser()) || (!Auth::check())) { if (!static::isFullMultipleCompanySupportEnabled() || (Auth::check() && Auth::user()->isSuperUser()) || (!Auth::check())) {
return $query; return $query;
} else { } else {
return static::scopeCompanyablesDirectly($query, $column); return static::scopeCompanyablesDirectly($query, $column, $table_name);
} }
} }
@ -149,7 +150,6 @@ final class Company extends SnipeModel
return $query; return $query;
} else { } else {
$f = function ($q) { $f = function ($q) {
static::scopeCompanyablesDirectly($q); static::scopeCompanyablesDirectly($q);
}; };
@ -166,31 +166,31 @@ final class Company extends SnipeModel
public function users() public function users()
{ {
return $this->hasMany(User::class); return $this->hasMany(User::class, 'users.company_id');
} }
public function assets() public function assets()
{ {
return $this->hasMany(Asset::class); return $this->hasMany(Asset::class, 'assets.company_id');
} }
public function licenses() public function licenses()
{ {
return $this->hasMany(License::class); return $this->hasMany(License::class, 'licenses.company_id');
} }
public function accessories() public function accessories()
{ {
return $this->hasMany(Accessory::class); return $this->hasMany(Accessory::class, 'accessories.company_id');
} }
public function consumables() public function consumables()
{ {
return $this->hasMany(Consumable::class); return $this->hasMany(Consumable::class, 'consumables.company_id');
} }
public function components() public function components()
{ {
return $this->hasMany(Component::class); return $this->hasMany(Component::class, 'components.company_id');
} }
/** /**