DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Refactorered methods

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-04-11 14:40:00 +01:00
parent a19b86add0
commit f54a94bd4c
1 changed files with 124 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
app/Http/Controllers/Users/UsersController.php
View file

@ -183,8 +183,12 @@ class UsersController extends Controller
public function edit($id)
{
if ($user = Company::scopeCompanyables(User::find($id))) {
$this->authorize('update', $user);
$this->authorize('update', User::class);
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
$user = Company::scopeCompanyables($user)->find($id);
if ($user) {
$permissions = config('permissions');
$groups = Group::pluck('name', 'id');
@ -211,27 +215,30 @@ class UsersController extends Controller
*/
public function update(SaveUserRequest $request, $id = null)
{
// We need to reverse the UI specific logic for our
// permissions here before we update the user.
$permissions = $request->input('permissions', []);
app('request')->request->set('permissions', $permissions);
$this->authorize('update', User::class);
// This is a janky hack to prevent people from changing admin demo user data on the public demo.
// The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
// Thanks, jerks. You are why we can't have nice things. - snipe
if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
return redirect()->route('users.index')->with('error', 'Permission denied. You cannot update user information for superadmins on the demo.');
return redirect()->route('users.index')->with('error', trans('general.permission_denied_superuser_demo'));
}
try {
$user = User::findOrFail($id);
} catch (ModelNotFoundException $e) {
return redirect()->route('users.index')
->with('error', trans('admin/users/message.user_not_found', compact('id')));
}
// We need to reverse the UI specific logic for our
// permissions here before we update the user.
$permissions = $request->input('permissions', []);
app('request')->request->set('permissions', $permissions);
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
$user = Company::scopeCompanyables($user)->find($id);
// User is valid - continue...
if ($user) {
$this->authorize('update', $user);
// Figure out of this user was an admin before this edit
$orig_permissions_array = $user->decodePermissions();
$orig_superuser = '0';
@ -246,10 +253,8 @@ class UsersController extends Controller
$user->groups()->sync($request->input('groups'));
}
// Update the user
if ($request->filled('username')) {
// Update the user fields
$user->username = trim($request->input('username'));
}
$user->email = trim($request->input('email'));
$user->first_name = $request->input('first_name');
$user->last_name = $request->input('last_name');
@ -301,9 +306,6 @@ class UsersController extends Controller
// Handle uploaded avatar
app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
//\Log::debug(print_r($user, true));
// Was the user updated?
if ($user->save()) {
// Redirect to the user page
return redirect()->route('users.index')
@ -311,6 +313,11 @@ class UsersController extends Controller
}
return redirect()->back()->withInput()->withErrors($user->getErrors());
}
return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', compact('id')));
}
/**
@ -326,7 +333,7 @@ class UsersController extends Controller
{
try {
// Get user information
$user = User::findOrFail($id);
$user = Company::scopeCompanyables(User::findOrFail($id));
// Authorize takes care of many of our logic checks now.
$this->authorize('delete', User::class);
@ -429,17 +436,25 @@ class UsersController extends Controller
public function show($userId = null)
{
if (! $user = Company::scopeCompanyables(User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId))) {
// Redirect to the user management page
return redirect()->route('users.index')
->with('error', trans('admin/users/message.user_not_found', ['id' => $userId]));
}
$this->authorize('view', $user);
// We can use the more generic auth check here since the company scoping is happening at the query level
$this->authorize('view', User::class);
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
$user = Company::scopeCompanyables($user)->find($userId);
//dd($user);
if ($user) {
\Log::debug('User '.$user->username.' is found - checking permission');
$userlog = $user->userlog->load('item');
return view('users/view', compact('user', 'userlog'))
->with('settings', Setting::getSettings());
return view('users/view', compact('user', 'userlog'))->with('settings', Setting::getSettings());
}
return redirect()->route('users.index')
->with('error', trans('admin/users/message.user_not_found', ['id' => $userId]));
}
/**
@ -547,8 +562,20 @@ class UsersController extends Controller
// Open output stream
$handle = fopen('php://output', 'w');
Company::scopeCompanyables(User::with('assets', 'accessories', 'consumables', 'department', 'licenses', 'manager', 'groups', 'userloc', 'company')
->orderBy('created_at', 'DESC')
$users = User::with(
'assets',
'accessories',
'consumables',
'department',
'licenses',
'manager',
'groups',
'userloc',
'company'
)->orderBy('created_at', 'DESC');
// FMCS scoping
Company::scopeCompanyables($users)
->chunk(500, function ($users) use ($handle) {
$headers = [
// strtolower to prevent Excel from trying to open it as a SYLK file
@ -605,7 +632,7 @@ class UsersController extends Controller
fputcsv($handle, $values);
}
}));
});
// Close the output stream
fclose($handle);