Skip to content

Commit

Permalink
Merge pull request #10672 from snipe/fixes/missing_gates_for_maintena…
Browse files Browse the repository at this point in the history 
…nces

Added Asset edit/delete gates to maintenances
  • Loading branch information
@snipe
snipe committed Feb 14, 2022
2 parents 885ab64 + cab4fa1 commit 321be47
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
5 changes: 5 additions & 0 deletions app/Http/Controllers/Api/AssetMaintenancesController.php
View file
Expand Up @@ -33,6 +33,7 @@ class AssetMaintenancesController extends Controller
*/
public function index(Request $request)
{
$this->authorize('view', Asset::class);
$maintenances = AssetMaintenance::with('asset', 'asset.model','asset.location', 'supplier', 'asset.company', 'admin');

if ($request->filled('search')) {
Expand Down Expand Up @@ -101,6 +102,7 @@ public function index(Request $request)
*/
public function store(Request $request)
{
$this->authorize('edit', Asset::class);
// create a new model instance
$assetMaintenance = new AssetMaintenance();
$assetMaintenance->supplier_id = $request->input('supplier_id');
Expand Down Expand Up @@ -153,6 +155,7 @@ public function store(Request $request)
*/
public function update(Request $request, $assetMaintenanceId = null)
{
$this->authorize('edit', Asset::class);
// Check if the asset maintenance exists
$assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);

Expand Down Expand Up @@ -216,6 +219,7 @@ public function update(Request $request, $assetMaintenanceId = null)
*/
public function destroy($assetMaintenanceId)
{
$this->authorize('edit', Asset::class);
// Check if the asset maintenance exists
$assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);

Expand All @@ -241,6 +245,7 @@ public function destroy($assetMaintenanceId)
*/
public function show($assetMaintenanceId)
{
$this->authorize('view', Asset::class);
$assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
if (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot view a maintenance for that asset'));
Expand Down
8 changes: 8 additions & 0 deletions app/Http/Controllers/AssetMaintenancesController.php
View file
Expand Up @@ -50,6 +50,7 @@ private static function getInsufficientPermissionsRedirect()
*/
public function index()
{
$this->authorize('view', Asset::class);
return view('asset_maintenances/index');
}

Expand All @@ -66,6 +67,7 @@ public function index()
*/
public function create()
{
$this->authorize('edit', Asset::class);
$asset = null;

if ($asset = Asset::find(request('asset_id'))) {
Expand Down Expand Up @@ -96,6 +98,7 @@ public function create()
*/
public function store(Request $request)
{
$this->authorize('edit', Asset::class);
// create a new model instance
$assetMaintenance = new AssetMaintenance();
$assetMaintenance->supplier_id = $request->input('supplier_id');
Expand Down Expand Up @@ -148,6 +151,7 @@ public function store(Request $request)
*/
public function edit($assetMaintenanceId = null)
{
$this->authorize('edit', Asset::class);
// Check if the asset maintenance exists
if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
// Redirect to the improvement management page
Expand Down Expand Up @@ -200,6 +204,7 @@ public function edit($assetMaintenanceId = null)
*/
public function update(Request $request, $assetMaintenanceId = null)
{
$this->authorize('edit', Asset::class);
// Check if the asset maintenance exists
if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
// Redirect to the asset maintenance management page
Expand Down Expand Up @@ -266,6 +271,7 @@ public function update(Request $request, $assetMaintenanceId = null)
*/
public function destroy($assetMaintenanceId)
{
$this->authorize('edit', Asset::class);
// Check if the asset maintenance exists
if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
// Redirect to the asset maintenance management page
Expand Down Expand Up @@ -294,6 +300,8 @@ public function destroy($assetMaintenanceId)
*/
public function show($assetMaintenanceId)
{
$this->authorize('view', Asset::class);

// Check if the asset maintenance exists
if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
// Redirect to the asset maintenance management page
Expand Down

0 comments on commit 321be47

Please sign in to comment.