From 4804e5b3abfac38b1c96a1a5b9f6ce3ce128408c Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 14 Feb 2022 15:34:06 -0800 Subject: [PATCH 1/2] Added Asset edit/delete gates to maintenances Signed-off-by: snipe --- app/Http/Controllers/Api/AssetMaintenancesController.php | 5 +++++ app/Http/Controllers/AssetMaintenancesController.php | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/app/Http/Controllers/Api/AssetMaintenancesController.php b/app/Http/Controllers/Api/AssetMaintenancesController.php index 50c96946071e..4a07ab86adff 100644 --- a/app/Http/Controllers/Api/AssetMaintenancesController.php +++ b/app/Http/Controllers/Api/AssetMaintenancesController.php @@ -33,6 +33,7 @@ class AssetMaintenancesController extends Controller */ public function index(Request $request) { + $this->authorize('view', Asset::class); $maintenances = AssetMaintenance::with('asset', 'asset.model','asset.location', 'supplier', 'asset.company', 'admin'); if ($request->filled('search')) { @@ -101,6 +102,7 @@ public function index(Request $request) */ public function store(Request $request) { + $this->authorize('edit', Asset::class); // create a new model instance $assetMaintenance = new AssetMaintenance(); $assetMaintenance->supplier_id = $request->input('supplier_id'); @@ -153,6 +155,7 @@ public function store(Request $request) */ public function update(Request $request, $assetMaintenanceId = null) { + $this->authorize('edit', Asset::class); // Check if the asset maintenance exists $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId); @@ -216,6 +219,7 @@ public function update(Request $request, $assetMaintenanceId = null) */ public function destroy($assetMaintenanceId) { + $this->authorize('edit', Asset::class); // Check if the asset maintenance exists $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId); @@ -241,6 +245,7 @@ public function destroy($assetMaintenanceId) */ public function show($assetMaintenanceId) { + $this->authorize('view', Asset::class); $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId); if (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) { return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot view a maintenance for that asset')); diff --git a/app/Http/Controllers/AssetMaintenancesController.php b/app/Http/Controllers/AssetMaintenancesController.php index 5700b5affb5d..37c7fcea4d1d 100644 --- a/app/Http/Controllers/AssetMaintenancesController.php +++ b/app/Http/Controllers/AssetMaintenancesController.php @@ -50,6 +50,7 @@ private static function getInsufficientPermissionsRedirect() */ public function index() { + $this->authorize('view', Asset::class); return view('asset_maintenances/index'); } @@ -66,6 +67,7 @@ public function index() */ public function create() { + $this->authorize('create', Asset::class); $asset = null; if ($asset = Asset::find(request('asset_id'))) { @@ -96,6 +98,7 @@ public function create() */ public function store(Request $request) { + $this->authorize('create', Asset::class); // create a new model instance $assetMaintenance = new AssetMaintenance(); $assetMaintenance->supplier_id = $request->input('supplier_id'); @@ -148,6 +151,7 @@ public function store(Request $request) */ public function edit($assetMaintenanceId = null) { + $this->authorize('edit', Asset::class); // Check if the asset maintenance exists if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) { // Redirect to the improvement management page @@ -200,6 +204,7 @@ public function edit($assetMaintenanceId = null) */ public function update(Request $request, $assetMaintenanceId = null) { + $this->authorize('edit', Asset::class); // Check if the asset maintenance exists if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) { // Redirect to the asset maintenance management page @@ -266,6 +271,7 @@ public function update(Request $request, $assetMaintenanceId = null) */ public function destroy($assetMaintenanceId) { + $this->authorize('delete', Asset::class); // Check if the asset maintenance exists if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) { // Redirect to the asset maintenance management page @@ -294,6 +300,8 @@ public function destroy($assetMaintenanceId) */ public function show($assetMaintenanceId) { + $this->authorize('view', Asset::class); + // Check if the asset maintenance exists if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) { // Redirect to the asset maintenance management page From cab4fa16873250af5e2f8d2a789f51cff8f6b74e Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 14 Feb 2022 15:42:23 -0800 Subject: [PATCH 2/2] Fixes some conceptual gates Signed-off-by: snipe --- app/Http/Controllers/AssetMaintenancesController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/AssetMaintenancesController.php b/app/Http/Controllers/AssetMaintenancesController.php index 37c7fcea4d1d..a833cddd3461 100644 --- a/app/Http/Controllers/AssetMaintenancesController.php +++ b/app/Http/Controllers/AssetMaintenancesController.php @@ -67,7 +67,7 @@ public function index() */ public function create() { - $this->authorize('create', Asset::class); + $this->authorize('edit', Asset::class); $asset = null; if ($asset = Asset::find(request('asset_id'))) { @@ -98,7 +98,7 @@ public function create() */ public function store(Request $request) { - $this->authorize('create', Asset::class); + $this->authorize('edit', Asset::class); // create a new model instance $assetMaintenance = new AssetMaintenance(); $assetMaintenance->supplier_id = $request->input('supplier_id'); @@ -271,7 +271,7 @@ public function update(Request $request, $assetMaintenanceId = null) */ public function destroy($assetMaintenanceId) { - $this->authorize('delete', Asset::class); + $this->authorize('edit', Asset::class); // Check if the asset maintenance exists if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) { // Redirect to the asset maintenance management page