Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/snipe/snipe-it
Browse files Browse the repository at this point in the history
  • Loading branch information
snipe committed Feb 11, 2022
2 parents e032cf1 + 10c26f3 commit 16f963f
Show file tree
Hide file tree
Showing 8 changed files with 26 additions and 3 deletions.
1 change: 1 addition & 0 deletions app/Http/Controllers/Api/AssetModelsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,7 @@ public function destroy($id)
public function selectlist(Request $request)
{

$this->authorize('view.selectlists');
$assetmodels = AssetModel::select([
'models.id',
'models.name',
Expand Down
2 changes: 1 addition & 1 deletion app/Http/Controllers/Api/CategoriesController.php
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ public function destroy($id)
*/
public function selectlist(Request $request, $category_type = 'asset')
{

$this->authorize('view.selectlists');
$categories = Category::select([
'id',
'name',
Expand Down
2 changes: 1 addition & 1 deletion app/Http/Controllers/Api/CompaniesController.php
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ public function destroy($id)
*/
public function selectlist(Request $request)
{

$this->authorize('view.selectlists');
$companies = Company::select([
'companies.id',
'companies.name',
Expand Down
1 change: 1 addition & 0 deletions app/Http/Controllers/Api/DepartmentsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ public function destroy($id)
public function selectlist(Request $request)
{

$this->authorize('view.selectlists');
$departments = Department::select([
'id',
'name',
Expand Down
2 changes: 2 additions & 0 deletions app/Http/Controllers/Api/LocationsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,8 @@ public function destroy($id)
public function selectlist(Request $request)
{

$this->authorize('view.selectlists');

$locations = Location::select([
'locations.id',
'locations.name',
Expand Down
1 change: 1 addition & 0 deletions app/Http/Controllers/Api/ManufacturersController.php
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ public function destroy($id)
public function selectlist(Request $request)
{

$this->authorize('view.selectlists');
$manufacturers = Manufacturer::select([
'id',
'name',
Expand Down
2 changes: 2 additions & 0 deletions app/Http/Controllers/Api/SuppliersController.php
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,8 @@ public function destroy($id)
public function selectlist(Request $request)
{

$this->authorize('view.selectlists');

$suppliers = Supplier::select([
'id',
'name',
Expand Down
18 changes: 17 additions & 1 deletion app/Providers/AuthServiceProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,8 @@ public function boot()
return $user->hasAccess('self.checkout_assets');
});

// This is largely used to determine whether to display the gear icon sidenav
// in the left-side navigation
Gate::define('backend.interact', function ($user) {
return $user->can('view', Statuslabel::class)
|| $user->can('view', AssetModel::class)
Expand All @@ -168,7 +170,21 @@ public function boot()
|| $user->can('view', Manufacturer::class)
|| $user->can('view', CustomField::class)
|| $user->can('view', CustomFieldset::class)
|| $user->can('view', Depreciation::class);
|| $user->can('view', Depreciation::class);
});


// This determines whether or not an API user should be able to get the selectlists.
// This can seem a little confusing, since view properties may not have been granted
// to the logged in API user, but creating assets, licenses, etc won't work
// if the user can't view and interact with the select lists.
Gate::define('view.selectlists', function ($user) {
return $user->can(['create','update'], Asset::class)
|| $user->can(['create','update'], License::class)
|| $user->can(['create','update'], Component::class)
|| $user->can(['create','update'], Consumable::class)
|| $user->can(['create','update'], Accessory::class)
|| $user->can(['create','update'], User::class);
});
}
}

0 comments on commit 16f963f

Please sign in to comment.