snipe-it/app
Tobias Regnery fdcc17ca2c Fix user creation with FullMultipleCompanySupport enabled over API
It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled.
Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed.

Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled.
2024-10-16 11:47:18 +02:00
..
Console Clean up how we use the '$location' in LDAP sync command 2024-10-15 17:26:31 +01:00
Events Allow admin to be nullable (for cli) 2024-07-03 20:50:35 +01:00
Exceptions Cleaned up facade names and references 2024-05-29 12:38:15 +01:00
Helpers Added icon for dept 2024-08-31 13:48:42 +01:00
Http Fix user creation with FullMultipleCompanySupport enabled over API 2024-10-16 11:47:18 +02:00
Importer Add matching Model::reguard() 2024-10-02 10:50:40 -07:00
Jobs Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00
LegacyEncrypter Minor code cleanup bits and bobs (#6805) 2019-03-13 20:12:03 -07:00
Listeners Merge pull request #15524 from Godmartinz/double-notif-bug 2024-09-30 19:24:19 +01:00
Livewire Change user_id to created_by 2024-09-17 22:16:41 +01:00
Models Fixed typo 2024-10-15 12:42:09 +01:00
Notifications refreshed the assetstatus relationship 2024-09-19 12:23:07 -07:00
Observers Change user_id to created_by 2024-09-17 22:16:41 +01:00
Policies Fixed tests 2024-04-17 09:26:07 +01:00
Presenters Fixed #15651 - admin user now displaying on maintenances page 2024-10-11 11:16:24 +01:00
Providers Trying to use the email_array translation 2024-10-09 19:30:25 +01:00
Rules Fixed #13396 - do not allow checkout to undeployable status types 2024-09-24 15:35:00 +01:00
Services Change user_id to created_by 2024-09-17 22:16:41 +01:00
View retargeted new label engine to correct 1d column 2024-07-29 10:42:26 -07:00