DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-15 10:04:13 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity
snipe-it/app/Http/Controllers/Api
History
Tobias Regnery fdcc17ca2c Fix user creation with FullMultipleCompanySupport enabled over API 
It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled.
Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed.

Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled.
2024-10-16 11:47:18 +02:00
..
AccessoriesController.php Merge branch 'develop' into testing/fmcs-accessories 2024-09-30 12:59:27 -07:00
AssetFilesController.php More type-hinting 2024-07-05 07:07:20 +01:00
AssetMaintenancesController.php Merge remote-tracking branch 'origin/develop' into features/add_created_at_created_by 2024-09-20 13:43:50 +01:00
AssetModelFilesController.php Fix some typos in models file handler. 2024-08-21 22:24:08 +02:00
AssetModelsController.php Eager load adminuser 2024-09-20 14:33:26 +01:00
AssetsController.php Refactor asset creation with API 2024-10-14 15:14:41 +02:00
CategoriesController.php Eager load adminuser 2024-09-19 19:56:39 +01:00
CompaniesController.php Refactor isDeletable on companies 2024-09-19 20:38:34 +01:00
ComponentsController.php Added created_by to components 2024-09-19 17:01:36 +01:00
ConsumablesController.php Small fix for notifications checkout 2024-09-20 19:11:52 +01:00
CustomFieldsController.php More type-hinting 2024-07-05 07:07:20 +01:00
CustomFieldsetsController.php More type-hinting 2024-07-05 07:07:20 +01:00
DepartmentsController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
DepreciationsController.php Removed duplicate line 2024-09-19 18:26:08 +01:00
GroupsController.php Additional consistencies 2024-09-19 17:20:56 +01:00
ImportController.php More type-hinting 2024-07-05 07:07:20 +01:00
LabelsController.php More type-hinting 2024-07-05 07:07:20 +01:00
LicensesController.php Added created_by 2024-09-19 17:01:48 +01:00
LicenseSeatsController.php Change user_id to created_by 2024-09-17 22:16:41 +01:00
LocationsController.php Include accessories count 2024-08-07 20:19:47 +01:00
ManufacturersController.php Added created_by for manufacturers 2024-09-19 18:04:50 +01:00
PredefinedKitsController.php Eager load adminuser 2024-09-19 19:41:46 +01:00
ProfileController.php Fixed API key missing translations 2024-07-09 13:17:46 +01:00
ReportsController.php Changed action_date to created_at 2024-09-25 17:25:15 +01:00
SettingsController.php More type-hinting 2024-07-05 07:07:20 +01:00
StatuslabelsController.php Added created_by to status label 2024-09-19 18:22:11 +01:00
SuppliersController.php More type-hinting 2024-07-05 07:07:20 +01:00
UsersController.php Fix user creation with FullMultipleCompanySupport enabled over API 2024-10-16 11:47:18 +02:00