mirror/snipe-it
3
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2026-03-29 11:56:19 +00:00
Code Issues Projects Releases Wiki Activity

Fixing authorization issues (#5807)

Browse Source 
* adds permission checks for companies

* adds permission checks for depreciations

* adds permission check for all reports

* fixes permissions for departments

* fixes permission naming (edit -> update)

* fixes authorization checking wrong permission in API

The authorization was checking for the non-existent „edit“ method where it should have checked for the „update“ method.

* adds authorization checks for select2 lists

* adds missing authorization checks for api

* fixes user authorization check for creating users

* adds additional check viewing assets on showing a users assets

* Removes authorization checks for select2 lists

Reference: https://github.com/snipe/snipe-it/pull/5807#pullrequestreview-136018755
This commit is contained in:
Till Deeke
2018-07-13 03:28:02 +02:00
committed by snipe
parent 9dc226e3d6
commit 48bbbe0f40
22 changed files with 89 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Controllers/ReportsController.php
View File

@ -26,6 +26,14 @@ use Illuminate\Http\Request;
*/
class ReportsController extends Controller
{
/**
* Checks for correct permissions
*/
public function __construct() {
parent::__construct();
$this->authorize('reports.view');
}
/**
* Returns a view that displays the accessories report.