From bb095641c2f421f744796d184287c46fc9303591 Mon Sep 17 00:00:00 2001
From: Haxatron <76475453+Haxatron@users.noreply.github.com>
Date: Thu, 6 Jan 2022 09:50:11 +0800
Subject: [PATCH] Update BulkAssetModelsController.php

https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7
---
 app/Http/Controllers/BulkAssetModelsController.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/BulkAssetModelsController.php b/app/Http/Controllers/BulkAssetModelsController.php
index 088e8da509ac..38dd65c76baf 100644
--- a/app/Http/Controllers/BulkAssetModelsController.php
+++ b/app/Http/Controllers/BulkAssetModelsController.php
@@ -32,6 +32,7 @@ public function edit(Request $request)
 
             // If deleting....
             if ($request->input('bulk_actions')=='delete') {
+                $this->authorize('delete', AssetModel::class);
                 $valid_count = 0;
                 foreach ($models as $model) {
                     if ($model->assets_count == 0) {
@@ -42,7 +43,7 @@ public function edit(Request $request)
 
             // Otherwise display the bulk edit screen
             }
-
+            $this->authorize('update', AssetModel::class);
             $nochange = ['NC' => 'No Change'];
             return view('models/bulk-edit', compact('models'))
                 ->with('fieldset_list', $nochange + Helper::customFieldsetList())
@@ -63,7 +64,8 @@ public function edit(Request $request)
      */
     public function update(Request $request)
     {
-
+        $this->authorize('update', AssetModel::class);
+      
         $models_raw_array = $request->input('ids');
         $update_array = array();
 
@@ -103,6 +105,8 @@ public function update(Request $request)
      */
     public function destroy(Request $request)
     {
+        $this->authorize('delete', AssetModel::class);
+      
         $models_raw_array = $request->input('ids');
 
         if ((is_array($models_raw_array)) && (count($models_raw_array) > 0)) {