mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 21:54:14 -08:00
fdcc17ca2c
It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled. Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed. Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled. |
||
---|---|---|
.. | ||
Console | ||
Events | ||
Exceptions | ||
Helpers | ||
Http | ||
Importer | ||
Jobs | ||
LegacyEncrypter | ||
Listeners | ||
Livewire | ||
Models | ||
Notifications | ||
Observers | ||
Policies | ||
Presenters | ||
Providers | ||
Rules | ||
Services | ||
View |