DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-02 08:21:09 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Set view as base permission, drill down for more intrusive actions

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-09-25 19:44:39 +01:00
parent 9b03f46490
commit f6d7ea19e4
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Controllers/Users/BulkUsersController.php
View file

@ -36,7 +36,7 @@ class BulkUsersController extends Controller
*/ */
public function edit(Request $request) public function edit(Request $request)
{ {
$this->authorize('update', User::class); $this->authorize('view', User::class);
// Make sure there were users selected // Make sure there were users selected
if (($request->filled('ids')) && (count($request->input('ids')) > 0)) { if (($request->filled('ids')) && (count($request->input('ids')) > 0)) {
@ -48,16 +48,18 @@ class BulkUsersController extends Controller
// bulk edit, display the bulk edit form // bulk edit, display the bulk edit form
if ($request->input('bulk_actions') == 'edit') { if ($request->input('bulk_actions') == 'edit') {
$this->authorize('update', User::class);
return view('users/bulk-edit', compact('users')) return view('users/bulk-edit', compact('users'))
->with('groups', Group::pluck('name', 'id')); ->with('groups', Group::pluck('name', 'id'));
// bulk delete, display the bulk delete confirmation form // bulk delete, display the bulk delete confirmation form
} elseif ($request->input('bulk_actions') == 'delete') { } elseif ($request->input('bulk_actions') == 'delete') {
$this->authorize('delete', User::class);
return view('users/confirm-bulk-delete')->with('users', $users)->with('statuslabel_list', Helper::statusLabelList()); return view('users/confirm-bulk-delete')->with('users', $users)->with('statuslabel_list', Helper::statusLabelList());
// merge, confirm they have at least 2 users selected and display the merge screen // merge, confirm they have at least 2 users selected and display the merge screen
} elseif ($request->input('bulk_actions') == 'merge') { } elseif ($request->input('bulk_actions') == 'merge') {
$this->authorize('update', User::class);
if (($request->filled('ids')) && (count($request->input('ids')) > 1)) { if (($request->filled('ids')) && (count($request->input('ids')) > 1)) {
return view('users/confirm-merge')->with('users', $users); return view('users/confirm-merge')->with('users', $users);
// Not enough users selected, send them back // Not enough users selected, send them back