ouyang/snipe-it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes weird manager_id validation

Browse Source 
This is a shit fix - need to find out what’s happening here.
This commit is contained in:
snipe
2017-11-03 12:48:00 -07:00
parent 53a1511cac
commit 416455fe01
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/Api/UsersController.php
+4
View File
@@ -225,6 +225,10 @@ class UsersController extends Controller
$user = User::findOrFail($id);
$user->fill($request->all());
if ($user->id == $request->input('manager_id')) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
}
if ($request->has('password')) {
$user->password = bcrypt($request->input('password'));
}
app/Http/Controllers/UsersController.php
+4 -1
View File
@@ -106,7 +106,6 @@ class UsersController extends Controller
$user->password = bcrypt($request->input('password'));
$data['password'] = $request->input('password');
}
// Update the user
$user->first_name = $request->input('first_name');
$user->last_name = $request->input('last_name');
$user->locale = $request->input('locale');
@@ -278,6 +277,10 @@ class UsersController extends Controller
try {
$user = User::find($id);
if ($user->id == $request->input('manager_id')) {
return redirect()->back()->withInput()->with('error', 'You cannot be your own manager.');
}
$this->authorize('update', $user);
// Figure out of this user was an admin before this edit
$orig_permissions_array = $user->decodePermissions();