From 7ec44e46ce7aaaee1c140a67ed3468ac84986e2f Mon Sep 17 00:00:00 2001 From: snipe Date: Sat, 22 Jun 2024 20:35:28 +0100 Subject: [PATCH] Added ability check for restoring users at all Signed-off-by: snipe --- app/Http/Controllers/Api/UsersController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index b01f3df672..bd90ab856a 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -742,10 +742,12 @@ class UsersController extends Controller * @since [v6.0.0] * @return \Illuminate\Http\JsonResponse */ - public function restore($userId = null) + public function restore($userId) { + $this->authorize('delete', User::class); if ($user = User::withTrashed()->find($userId)) { + $this->authorize('delete', $user); if ($user->deleted_at == '') { @@ -764,8 +766,6 @@ class UsersController extends Controller return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.restored')), 200); } - // Check validation to make sure we're not restoring a user with the same username as an existing user - return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors())); } return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found')), 200);