DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
snipe-it/app/Http/Controllers
History
Tobias Regnery fdcc17ca2c Fix user creation with FullMultipleCompanySupport enabled over API 
It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled.
Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed.

Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled.
2024-10-16 11:47:18 +02:00
..
Accessories Change user_id to created_by 2024-09-17 22:16:41 +01:00
Account change the other one too 2024-10-01 14:26:32 -05:00
Api Fix user creation with FullMultipleCompanySupport enabled over API 2024-10-16 11:47:18 +02:00
Assets Added checkin action on delete for checked out assets 2024-10-01 14:29:02 +01:00
Auth Prevent passing an array as login 2024-08-18 04:51:36 +01:00
Components Use auth()->id() instead of Auth::id() 2024-09-19 17:31:46 +01:00
Consumables Use auth()->id() instead of Auth::id() 2024-09-19 17:31:46 +01:00
Kits Added created_by to kits 2024-09-19 17:01:17 +01:00
Licenses Use auth()->id() instead of Auth::id() 2024-09-19 17:31:46 +01:00
Users Make controller gate match dropdown gate 2024-09-25 20:33:00 +01:00
ActionlogController.php
AssetMaintenancesController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
AssetModelsController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
AssetModelsFilesController.php
BulkAssetModelsController.php
CategoriesController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
CheckInOutRequest.php Default to user 2024-08-07 18:04:39 +01:00
CompaniesController.php Added created by to company on save 2024-09-19 20:34:54 +01:00
Controller.php
CustomFieldsController.php Use auth()->id() instead of Auth::id() 2024-09-19 17:31:46 +01:00
CustomFieldsetsController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
DashboardController.php Reflash session so login message is displayed 2024-09-09 14:54:19 -07:00
DepartmentsController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
DepreciationsController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
GoogleAuthController.php
GroupsController.php
HealthController.php Removed die() 2024-10-02 15:48:35 +01:00
LabelsController.php
LocationsController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
ManufacturersController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
ModalController.php
ProfileController.php Change controller to assume a collection. (This is dumb, but whatever) 2024-10-03 16:19:27 +01:00
ReportsController.php Merge remote-tracking branch 'upstream/develop' into eol_date_range_for_reports 2024-08-19 19:33:44 -04:00
SettingsController.php Remove form request from get LDAP method 2024-10-09 22:15:49 +01:00
StatuslabelsController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
SuppliersController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
ViewAssetsController.php change error to warning 2024-10-01 14:24:03 -05:00