mirror/snipe-it
3
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2026-03-07 08:58:51 +00:00
Code Issues Projects Releases Wiki Activity

Move sanitization of input to the model attribute setters. This cleans up a lot of checks in the various controller methods and ensures data will be set in the model accurately regardless of where it's set. Add unit tests for these methods (#3102)

Browse Source
This commit is contained in:
Daniel Meltzer
2016-12-26 18:17:46 -05:00
committed by snipe
parent fd450e2773
commit 06af9311fc
19 changed files with 403 additions and 417 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
app/Http/Controllers/UsersController.php
View File

@ -118,9 +118,9 @@ class UsersController extends Controller
$user->activated = $request->input('activated', $user->activated);
$user->jobtitle = $request->input('jobtitle');
$user->phone = $request->input('phone');
$user->location_id = $request->input('location_id');
$user->company_id = Company::getIdForUser($request->input('company_id'));
$user->manager_id = $request->input('manager_id');
$user->location_id = $request->input('location_id', null);
$user->company_id = Company::getIdForUser($request->input('company_id', null));
$user->manager_id = $request->input('manager_id', null);
$user->notes = $request->input('notes');
// Strip out the superuser permission if the user isn't a superadmin
@ -129,24 +129,8 @@ class UsersController extends Controller
if (!Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']);
}
$user->permissions = json_encode($permissions_array);
if ($user->manager_id == "") {
$user->manager_id = null;
}
if ($user->location_id == "") {
$user->location_id = null;
}
if ($user->company_id == "") {
$user->company_id = null;
}
if ($user->save()) {
if ($request->has('groups')) {
@ -339,9 +323,9 @@ class UsersController extends Controller
$user->activated = $request->input('activated', $user->activated);
$user->jobtitle = $request->input('jobtitle');
$user->phone = $request->input('phone');
$user->location_id = $request->input('location_id');
$user->company_id = Company::getIdForUser($request->input('company_id'));
$user->manager_id = $request->input('manager_id');
$user->location_id = $request->input('location_id', null);
$user->company_id = Company::getIdForUser($request->input('company_id', null));
$user->manager_id = $request->input('manager_id', null);
$user->notes = $request->input('notes');
// Strip out the superuser permission if the user isn't a superadmin
@ -354,18 +338,6 @@ class UsersController extends Controller
$user->permissions = json_encode($permissions_array);
if ($user->manager_id == "") {
$user->manager_id = null;
}
if ($user->location_id == "") {
$user->location_id = null;
}
if ($user->company_id == "") {
$user->company_id = null;
}
// Was the user updated?
if ($user->save()) {
// Prepare the success message
@ -404,7 +376,6 @@ class UsersController extends Controller
}
if ($user->accessories()->count() > 0) {
// Redirect to the user management page
return redirect()->route('users.index')->with('error', 'This user still has ' . $user->accessories()->count() . ' accessories associated with them.');
}