From f98f978502a591cc7a9a2bf1d3c398d61b8ad598 Mon Sep 17 00:00:00 2001 From: snipe Date: Wed, 11 Dec 2024 16:53:15 +0000 Subject: [PATCH] Fixed typos Signed-off-by: snipe --- app/Http/Requests/SaveUserRequest.php | 2 +- app/Policies/SnipePermissionsPolicy.php | 20 ++++++++------------ 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/app/Http/Requests/SaveUserRequest.php b/app/Http/Requests/SaveUserRequest.php index b2d9389b2c..b8ddac7d79 100644 --- a/app/Http/Requests/SaveUserRequest.php +++ b/app/Http/Requests/SaveUserRequest.php @@ -18,7 +18,7 @@ class SaveUserRequest extends FormRequest */ public function authorize() { - return Gate::allows('users.create'); + return (Gate::allows('users.create') || Gate::allows('users.edit')); } public function response(array $errors) diff --git a/app/Policies/SnipePermissionsPolicy.php b/app/Policies/SnipePermissionsPolicy.php index 96c94cd776..12cd7a1343 100644 --- a/app/Policies/SnipePermissionsPolicy.php +++ b/app/Policies/SnipePermissionsPolicy.php @@ -23,7 +23,7 @@ use Illuminate\Auth\Access\HandlesAuthorization; abstract class SnipePermissionsPolicy { /** - * This should return the key of the model in the users json permission string. + * This should return the key of the model in the user's JSON permission string. * * @return bool */ @@ -37,11 +37,7 @@ abstract class SnipePermissionsPolicy { /** * If an admin, they can do all item related tasks, but ARE constrained by FMCSA company access. - * That scoping happens on the model level (except for the Users model) via the Companyable trait. - * - * This does lead to some inconsistencies in the responses, since attempting to edit assets, - * accessories, etc (anything other than users) will result in a Forbidden error, whereas the users - * area will redirect with "That user doesn't exist" since the scoping is handled directly on those queries. + * That scoping happens on the model level via the Companyable trait. * * The *superuser* global permission gets handled in the AuthServiceProvider before() method. * @@ -53,7 +49,7 @@ abstract class SnipePermissionsPolicy } /** - * If we got here by $this→authorize('something', $actualModel) then we can continue on Il but if we got here + * If we got here by $this→authorize('something', $actualModel) then we can continue on, but if we got here * via $this→authorize('something', Model::class) then calling Company:: isCurrentUserHasAccess($item) gets weird. * Bail out here by returning "nothing" and allow the relevant method lower in this class to be called and handle authorization. */ @@ -85,7 +81,7 @@ abstract class SnipePermissionsPolicy } /** - * Determine whether the user can view the accessory. + * Determine whether the user can view the item. * * @param \App\Models\User $user * @return mixed @@ -112,7 +108,7 @@ abstract class SnipePermissionsPolicy } /** - * Determine whether the user can update the accessory. + * Determine whether the user can update the item. * * @param \App\Models\User $user * @return mixed @@ -124,7 +120,7 @@ abstract class SnipePermissionsPolicy /** - * Determine whether the user can update the accessory. + * Determine whether the user can checkout the item. * * @param \App\Models\User $user * @return mixed @@ -135,7 +131,7 @@ abstract class SnipePermissionsPolicy } /** - * Determine whether the user can delete the accessory. + * Determine whether the user can delete the item. * * @param \App\Models\User $user * @return mixed @@ -151,7 +147,7 @@ abstract class SnipePermissionsPolicy } /** - * Determine whether the user can manage the accessory. + * Determine whether the user can manage the item. * * @param \App\Models\User $user * @return mixed