mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Only allow asset files to be deleted, maintenances to be added if user has assets.edit permission
This commit is contained in:
parent
abcc01f5e0
commit
f5e100a6a5
|
@ -21,6 +21,7 @@ use App\Models\Setting;
|
|||
use App\Models\Asset;
|
||||
use App\Helpers\Helper;
|
||||
use Auth;
|
||||
use Gate;
|
||||
|
||||
/**
|
||||
* This controller handles all actions related to Asset Maintenance for
|
||||
|
@ -119,8 +120,12 @@ class AssetMaintenancesController extends Controller
|
|||
$settings = Setting::getSettings();
|
||||
|
||||
foreach ($maintenances as $maintenance) {
|
||||
|
||||
$actions = '<nobr><a href="'.route('update/asset_maintenance', $maintenance->id).'" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="'.route('delete/asset_maintenance', $maintenance->id).'" data-content="'.trans('admin/asset_maintenances/message.delete.confirm').'" data-title="'.trans('general.delete').' '.htmlspecialchars($maintenance->title).'?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></nobr>';
|
||||
$actions = '';
|
||||
if (Gate::allows('assets.edit')) {
|
||||
$actions .= '<nobr><a href="' . route('update/asset_maintenance',
|
||||
$maintenance->id) . '" class="btn btn-warning btn-sm" style="margin-right:5px;"><i class="fa fa-pencil icon-white"></i></a><a data-html="false" class="btn delete-asset btn-danger btn-sm" data-toggle="modal" href="' . route('delete/asset_maintenance',
|
||||
$maintenance->id) . '" data-content="' . trans('admin/asset_maintenances/message.delete.confirm') . '" data-title="' . trans('general.delete') . ' ' . htmlspecialchars($maintenance->title) . '?" onClick="return false;"><i class="fa fa-trash icon-white"></i></a></nobr>';
|
||||
}
|
||||
|
||||
if (($maintenance->cost) && (isset($maintenance->asset)) && ($maintenance->asset->assetloc) && ($maintenance->asset->assetloc->currency!='')) {
|
||||
$maintenance_cost = $maintenance->asset->assetloc->currency.$maintenance->cost;
|
||||
|
|
|
@ -481,16 +481,25 @@ Route::group([ 'prefix' => 'admin','middleware' => ['web','auth']], function ()
|
|||
# Asset Maintenances
|
||||
Route::group([ 'prefix' => 'asset_maintenances', 'middleware'=>'authorize:assets.view' ], function () {
|
||||
|
||||
Route::get(
|
||||
'create/{assetId?}',
|
||||
[ 'as' => 'create/asset_maintenances', 'uses' => 'AssetMaintenancesController@getCreate' ]
|
||||
);
|
||||
Route::post('create/{assetId?}', 'AssetMaintenancesController@postCreate');
|
||||
Route::get('/', [ 'as' => 'asset_maintenances', 'uses' => 'AssetMaintenancesController@getIndex' ]);
|
||||
Route::get(
|
||||
'{assetMaintenanceId}/edit',
|
||||
[ 'as' => 'update/asset_maintenance', 'uses' => 'AssetMaintenancesController@getEdit' ]
|
||||
);
|
||||
Route::get('create/{assetId?}',
|
||||
[ 'as' => 'create/asset_maintenances',
|
||||
'middleware' => 'authorize:assets.edit',
|
||||
'uses' => 'AssetMaintenancesController@getCreate'
|
||||
]);
|
||||
|
||||
Route::post('create/{assetId?}',
|
||||
[ 'as' => 'create/asset_maintenances.save',
|
||||
'middleware' => 'authorize:assets.edit',
|
||||
'uses' => 'AssetMaintenancesController@postCreate'
|
||||
]);
|
||||
|
||||
Route::get('{assetMaintenanceId}/edit',
|
||||
[ 'as' => 'update/asset_maintenance',
|
||||
'middleware' => 'authorize:assets.edit',
|
||||
'uses' => 'AssetMaintenancesController@getEdit'
|
||||
]);
|
||||
|
||||
|
||||
Route::post('{assetMaintenanceId}/edit', 'AssetMaintenancesController@postEdit');
|
||||
Route::get(
|
||||
'{assetMaintenanceId}/delete',
|
||||
|
@ -500,6 +509,8 @@ Route::group([ 'prefix' => 'admin','middleware' => ['web','auth']], function ()
|
|||
'{assetMaintenanceId}/view',
|
||||
[ 'as' => 'view/asset_maintenance', 'uses' => 'AssetMaintenancesController@getView' ]
|
||||
);
|
||||
|
||||
Route::get('/', [ 'as' => 'asset_maintenances', 'uses' => 'AssetMaintenancesController@getIndex' ]);
|
||||
});
|
||||
|
||||
# Accessories
|
||||
|
|
|
@ -8,7 +8,9 @@
|
|||
|
||||
|
||||
@section('header_right')
|
||||
@can('assets.edit')
|
||||
<a href="{{ route('create/asset_maintenances') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
|
||||
@endcan
|
||||
@stop
|
||||
|
||||
|
||||
|
@ -45,7 +47,9 @@
|
|||
<th data-searchable="true" data-sortable="true" data-field="cost" class="text-right">{{ trans('admin/asset_maintenances/form.cost') }}</th>
|
||||
<th data-searchable="true" data-sortable="true" data-field="user_id">{{ trans('general.admin') }}</th>
|
||||
<th data-searchable="true" data-sortable="true" data-field="notes" data-visible="false">{{ trans('admin/asset_maintenances/form.notes') }}</th>
|
||||
<th data-switchable="false" data-searchable="false" data-sortable="false" data-field="actions">{{ trans('table.actions') }}</th>
|
||||
@can('assets.edit')
|
||||
<th data-switchable="false" data-searchable="false" data-sortable="false" data-field="actions">{{ trans('table.actions') }}</th>
|
||||
@endcan
|
||||
</tr>
|
||||
</thead>
|
||||
</table>
|
||||
|
|
|
@ -65,7 +65,7 @@
|
|||
<a href="#files" data-toggle="tab"><span class="hidden-lg hidden-md"><i class="fa fa-files-o"></i></span> <span class="hidden-xs hidden-sm">Files</span></a>
|
||||
</li>
|
||||
<li class="pull-right">
|
||||
<a href="#" data-toggle="modal" data-target="#uploadFileModal"><i class="fa fa-paperclip"></i> </a>
|
||||
<!-- <a href="#" data-toggle="modal" data-target="#uploadFileModal"><i class="fa fa-paperclip"></i> </a> -->
|
||||
</li>
|
||||
</ul>
|
||||
<div class="tab-content">
|
||||
|
@ -496,9 +496,11 @@
|
|||
<div class="tab-pane fade" id="maintenances">
|
||||
<div class="row">
|
||||
<div class="col-md-12">
|
||||
@can('assets.edit')
|
||||
<h6>{{ trans('general.asset_maintenances') }}
|
||||
[ <a href="{{ route('create/asset_maintenances', $asset->id) }}">{{ trans('button.add') }}</a> ]
|
||||
</h6>
|
||||
@endcan
|
||||
|
||||
<!-- Asset Maintenance table -->
|
||||
@if (count($asset->assetmaintenances) > 0)
|
||||
|
@ -514,7 +516,9 @@
|
|||
<th>{{ trans('admin/asset_maintenances/table.is_warranty') }}</th>
|
||||
<th>{{ trans('admin/asset_maintenances/form.cost') }}</th>
|
||||
<th>{{ trans('general.admin') }}</th>
|
||||
<th>{{ trans('table.actions') }}</th>
|
||||
@can('assets.edit')
|
||||
<th>{{ trans('table.actions') }}</th>
|
||||
@endcan
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
|
@ -537,9 +541,11 @@
|
|||
@endif
|
||||
</td>
|
||||
<?php $totalCost += $assetMaintenance->cost; ?>
|
||||
@can('assets.edit')
|
||||
<td>
|
||||
<a href="{{ route('update/asset_maintenance', $assetMaintenance->id) }}" class="btn btn-warning btn-sm"><i class="fa fa-pencil icon-white"></i></a>
|
||||
</td>
|
||||
@endcan
|
||||
</tr>
|
||||
@endif
|
||||
@endforeach
|
||||
|
@ -665,6 +671,7 @@
|
|||
<div class="tab-pane fade" id="files">
|
||||
<div class="row">
|
||||
|
||||
@can('assets.edit')
|
||||
{{ Form::open([
|
||||
'method' => 'POST',
|
||||
'route' => ['upload/asset', $asset->id],
|
||||
|
@ -688,6 +695,7 @@
|
|||
</div>
|
||||
|
||||
{{ Form::close() }}
|
||||
@endcan
|
||||
|
||||
<div class="col-md-12">
|
||||
|
||||
|
@ -724,7 +732,9 @@
|
|||
@endif
|
||||
</td>
|
||||
<td>
|
||||
@can('assets.edit')
|
||||
<a class="btn delete-asset btn-danger btn-sm" href="{{ route('delete/assetfile', [$asset->id, $file->id]) }}"><i class="fa fa-trash icon-white"></i></a>
|
||||
@endcan
|
||||
</td>
|
||||
</tr>
|
||||
@endforeach
|
||||
|
|
Loading…
Reference in a new issue