diff --git a/app/Http/Controllers/Licenses/LicenseFilesController.php b/app/Http/Controllers/Licenses/LicenseFilesController.php
index 81a2f26ede57..db414edebfe0 100644
--- a/app/Http/Controllers/Licenses/LicenseFilesController.php
+++ b/app/Http/Controllers/Licenses/LicenseFilesController.php
@@ -135,6 +135,7 @@ public function show($licenseId = null, $fileId = null, $download = true)
// the license is valid
if (isset($license->id)) {
$this->authorize('view', $license);
+ $this->authorize('licenses.files', $license);
if (! $log = Actionlog::find($fileId)) {
return response('No matching record for that asset/file', 500)
@@ -171,6 +172,6 @@ public function show($licenseId = null, $fileId = null, $download = true)
}
}
- return redirect()->route('license.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId]));
+ return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId]));
}
}
diff --git a/app/Policies/LicensePolicy.php b/app/Policies/LicensePolicy.php
index 7a92b5b7de58..3f2f780d9b46 100644
--- a/app/Policies/LicensePolicy.php
+++ b/app/Policies/LicensePolicy.php
@@ -42,8 +42,12 @@ public function viewKeys(User $user, License $license = null)
* @param \App\Models\User $user
* @return mixed
*/
- public function files(User $user)
+ public function viewFiles(User $user)
{
- return $user->hasAccess($this->columnName().'.files');
+ if ($user->hasAccess('licenses.files')) {
+ return true;
+ }
+ return false;
+
}
}
diff --git a/app/Policies/SnipePermissionsPolicy.php b/app/Policies/SnipePermissionsPolicy.php
index 703385ec99ec..d4f2d88ccd83 100644
--- a/app/Policies/SnipePermissionsPolicy.php
+++ b/app/Policies/SnipePermissionsPolicy.php
@@ -61,6 +61,11 @@ public function view(User $user, $item = null)
return $user->hasAccess($this->columnName().'.view');
}
+ public function files(User $user, $item = null)
+ {
+ return $user->hasAccess($this->columnName().'.files');
+ }
+
/**
* Determine whether the user can create accessories.
*
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index ac466d0ca981..7541e39919a4 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -122,6 +122,13 @@ public function boot()
});
+ Gate::define('licenses.files', function ($user) {
+ if ($user->hasAccess('licenses.files')) {
+ return true;
+ }
+ });
+
+
// -----------------------------------------
// Reports
// -----------------------------------------
diff --git a/resources/lang/en/admin/licenses/message.php b/resources/lang/en/admin/licenses/message.php
index 87a7c3d0b9da..dd7e54dea4aa 100644
--- a/resources/lang/en/admin/licenses/message.php
+++ b/resources/lang/en/admin/licenses/message.php
@@ -2,7 +2,7 @@
return array(
- 'does_not_exist' => 'License does not exist.',
+ 'does_not_exist' => 'License does not exist or you do not have permission to view it.',
'user_does_not_exist' => 'User does not exist.',
'asset_does_not_exist' => 'The asset you are trying to associate with this license does not exist.',
'owner_doesnt_match_asset' => 'The asset you are trying to associate with this license is owned by somene other than the person selected in the assigned to dropdown.',
diff --git a/resources/views/licenses/view.blade.php b/resources/views/licenses/view.blade.php
index 1f6b085a4753..d0623cf405f6 100755
--- a/resources/views/licenses/view.blade.php
+++ b/resources/views/licenses/view.blade.php
@@ -36,7 +36,8 @@
-
+
+ @can('licenses.files', $license)
@@ -46,6 +47,7 @@
+ @endcan
@@ -416,7 +418,7 @@ class="table table-striped snipe-table"
- @can('files', $license)
+ @can('licenses.files', $license)