DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-11 22:07:29 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix asset creation with API and FullMultipleCompanySupport

Browse source 
It is currently possible to create an asset with arbitrary company without being superuser and FullMultipleCompanySupport enabled.
This bug goes back to 75ac7f80b9 which is part of version 6.3.0.
Fix this by restoring the previous behaviour to check the company_id with getIdForCurrentUser().
This commit is contained in:
Tobias Regnery 2024-10-11 12:09:09 +02:00
parent 8aa298f6b0
commit fb4fe30049
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/Http/Controllers/Api/AssetsController.php
View file

@ -598,6 +598,7 @@ class AssetsController extends Controller
$asset->model()->associate(AssetModel::find((int) $request->get('model_id')));
$asset->fill($request->validated());
$asset->company_id = Company::getIdForCurrentUser($request->validated()['company_id']);
$asset->created_by = auth()->id();
/**