mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 21:24:13 -08:00
48bbbe0f40
* adds permission checks for companies * adds permission checks for depreciations * adds permission check for all reports * fixes permissions for departments * fixes permission naming (edit -> update) * fixes authorization checking wrong permission in API The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method. * adds authorization checks for select2 lists * adds missing authorization checks for api * fixes user authorization check for creating users * adds additional check viewing assets on showing a users assets * Removes authorization checks for select2 lists Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755
122 lines
3.6 KiB
PHP
122 lines
3.6 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
use Illuminate\Http\Request;
|
|
use App\Http\Controllers\Controller;
|
|
use App\Helpers\Helper;
|
|
use App\Models\Group;
|
|
use App\Http\Transformers\GroupsTransformer;
|
|
|
|
class GroupsController extends Controller
|
|
{
|
|
/**
|
|
* Display a listing of the resource.
|
|
*
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
* @since [v4.0]
|
|
* @return \Illuminate\Http\Response
|
|
*/
|
|
public function index(Request $request)
|
|
{
|
|
$this->authorize('view', Group::class);
|
|
$allowed_columns = ['id','name','created_at', 'users_count'];
|
|
|
|
$groups = Group::select('id','name','permissions','created_at','updated_at')->withCount('users');
|
|
|
|
if ($request->has('search')) {
|
|
$groups = $groups->TextSearch($request->input('search'));
|
|
}
|
|
|
|
$offset = $request->input('offset', 0);
|
|
$limit = $request->input('limit', 50);
|
|
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
|
|
$sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
|
|
$groups->orderBy($sort, $order);
|
|
|
|
$total = $groups->count();
|
|
$groups = $groups->skip($offset)->take($limit)->get();
|
|
return (new GroupsTransformer)->transformGroups($groups, $total);
|
|
}
|
|
|
|
|
|
/**
|
|
* Store a newly created resource in storage.
|
|
*
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
* @since [v4.0]
|
|
* @param \Illuminate\Http\Request $request
|
|
* @return \Illuminate\Http\Response
|
|
*/
|
|
public function store(Request $request)
|
|
{
|
|
$this->authorize('create', Group::class);
|
|
$group = new Group;
|
|
$group->fill($request->all());
|
|
|
|
if ($group->save()) {
|
|
return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));
|
|
}
|
|
return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
|
|
|
|
}
|
|
|
|
/**
|
|
* Display the specified resource.
|
|
*
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
* @since [v4.0]
|
|
* @param int $id
|
|
* @return \Illuminate\Http\Response
|
|
*/
|
|
public function show($id)
|
|
{
|
|
$this->authorize('view', Group::class);
|
|
$group = Group::findOrFail($id);
|
|
return (new GroupsTransformer)->transformGroup($group);
|
|
}
|
|
|
|
|
|
/**
|
|
* Update the specified resource in storage.
|
|
*
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
* @since [v4.0]
|
|
* @param \Illuminate\Http\Request $request
|
|
* @param int $id
|
|
* @return \Illuminate\Http\Response
|
|
*/
|
|
public function update(Request $request, $id)
|
|
{
|
|
$this->authorize('update', Group::class);
|
|
$group = Group::findOrFail($id);
|
|
$group->fill($request->all());
|
|
|
|
if ($group->save()) {
|
|
return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success')));
|
|
}
|
|
|
|
return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
|
|
}
|
|
|
|
/**
|
|
* Remove the specified resource from storage.
|
|
*
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
* @since [v4.0]
|
|
* @param int $id
|
|
* @return \Illuminate\Http\Response
|
|
*/
|
|
public function destroy($id)
|
|
{
|
|
$this->authorize('delete', Group::class);
|
|
$group = Group::findOrFail($id);
|
|
$this->authorize('delete', $group);
|
|
$group->delete();
|
|
return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/groups/message.delete.success')));
|
|
|
|
}
|
|
|
|
|
|
}
|