add auth to api call, gave more specificity to the relationship

2025-10-29 19:31:41 +00:00 · 2025-06-05 10:59:16 -07:00 · 2025-06-05 10:59:16 -07:00 · e2e54677ee
commit e2e54677ee
parent 68c082e0dc
3 changed files with 4 additions and 1 deletions
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@ -748,6 +748,8 @@ class UsersController extends Controller
     */
    public function eulas(User $user, ActionlogsTransformer $transformer)
    {
+        $this->authorize('view', Asset::class);
+
        $eulas = $user->eulas;
        return response()->json(
            $transformer->transformActionlogs($eulas, $eulas->count())
--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -562,6 +562,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
    {
        return $this->hasMany(Actionlog::class, 'target_id')
            ->with('item')
+            ->select(['id', 'target_id', 'target_type', 'action_type', 'filename', 'accept_signature', 'created_at'])
            ->where('target_type', self::class)
            ->where('action_type', 'accepted')
            ->whereNotNull('filename')
--- a/routes/api.php
+++ b/routes/api.php
@ -1094,7 +1094,7 @@ Route::group(['prefix' => 'v1', 'middleware' => ['api', 'api-throttle:api']], fu
                ]
            )->name('api.users.me');

-            Route::get('/users/{user}/eulas',
+            Route::get('{user}/eulas',
                [
                    Api\UsersController::class,
                    'eulas'