From 7b33f95e837f609226c5c1127b99d05b57a4e9c0 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 18 Mar 2019 11:58:08 -0700 Subject: [PATCH] Fixes/import permissions mask (#6826) * Check for empty headers in import * Added import permission * Fixed model path in docblock * Added import gate to default blade * Check if the user is an admin OR idf they have import permissions * Walked back that admin permission Since admins are bound by full company support, it makes less sense to let admins have this permission by default, versus having them specifically designated to the import permission --- app/Http/Controllers/Api/ImportController.php | 12 +++++------- app/Http/Controllers/ImportsController.php | 2 +- app/Http/Requests/ItemImportRequest.php | 14 ++++++++++++++ app/Policies/SnipePermissionsPolicy.php | 12 +++++++----- app/Providers/AuthServiceProvider.php | 8 ++++++++ config/permissions.php | 9 +++++++++ resources/views/layouts/default.blade.php | 2 +- 7 files changed, 45 insertions(+), 14 deletions(-) diff --git a/app/Http/Controllers/Api/ImportController.php b/app/Http/Controllers/Api/ImportController.php index d8d550501e..464dee1e1b 100644 --- a/app/Http/Controllers/Api/ImportController.php +++ b/app/Http/Controllers/Api/ImportController.php @@ -25,7 +25,7 @@ class ImportController extends Controller */ public function index() { - // + $this->authorize('import'); $imports = Import::latest()->get(); return (new ImportsTransformer)->transformImports($imports); @@ -39,10 +39,8 @@ class ImportController extends Controller */ public function store() { - // - if (!Company::isCurrentUserAuthorized()) { - return redirect()->route('hardware.index')->with('error', trans('general.insufficient_permissions')); - } elseif (!config('app.lock_passwords')) { + $this->authorize('import'); + if (!config('app.lock_passwords')) { $files = Input::file('files'); $path = config('app.private_uploads').'/imports'; $results = []; @@ -119,7 +117,7 @@ class ImportController extends Controller */ public function process(ItemImportRequest $request, $import_id) { - $this->authorize('create', Asset::class); + $this->authorize('import'); // Run a backup immediately before processing Artisan::call('backup:run'); $errors = $request->import(Import::find($import_id)); @@ -162,7 +160,7 @@ class ImportController extends Controller */ public function destroy($import_id) { - $this->authorize('create', Asset::class); + $this->authorize('import'); $import = Import::find($import_id); try { unlink(config('app.private_uploads').'/imports/'.$import->file_path); diff --git a/app/Http/Controllers/ImportsController.php b/app/Http/Controllers/ImportsController.php index 1331b7dd86..c3bd66245a 100644 --- a/app/Http/Controllers/ImportsController.php +++ b/app/Http/Controllers/ImportsController.php @@ -12,7 +12,7 @@ class ImportsController extends Controller { public function index() { - $this->authorize('create', Asset::class); + $this->authorize('import'); $imports = Import::latest()->get(); $imports = (new ImportsTransformer)->transformImports($imports); return view('importer/import')->with('imports', $imports); diff --git a/app/Http/Requests/ItemImportRequest.php b/app/Http/Requests/ItemImportRequest.php index b25522e786..fdbb5e76f8 100644 --- a/app/Http/Requests/ItemImportRequest.php +++ b/app/Http/Requests/ItemImportRequest.php @@ -43,6 +43,20 @@ class ItemImportRequest extends FormRequest $import->save(); $fieldMappings=[]; if ($import->field_map) { + + // This checks to make sure the field header has been mapped. + // If it hasn't been, it will throw an array_flip error + foreach ($import->field_map as $field => $fieldValue) { + $errorMessage = null; + + if(is_null($fieldValue)){ + $errorMessage = 'All import fields must be mapped.'; + $this->errorCallback($import, $field, $errorMessage); + + return $this->errors; + } + } + // We submit as csv field: column, but the importer is happier if we flip it here. $fieldMappings = array_change_key_case(array_flip($import->field_map), CASE_LOWER); // dd($fieldMappings); diff --git a/app/Policies/SnipePermissionsPolicy.php b/app/Policies/SnipePermissionsPolicy.php index b8d4501bdf..e17f4f68e5 100644 --- a/app/Policies/SnipePermissionsPolicy.php +++ b/app/Policies/SnipePermissionsPolicy.php @@ -53,7 +53,7 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can view the accessory. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function view(User $user, $item = null) @@ -64,7 +64,7 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can create accessories. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function create(User $user) @@ -75,7 +75,7 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can update the accessory. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function update(User $user, $item = null) @@ -86,7 +86,7 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can delete the accessory. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function delete(User $user, $item = null) @@ -97,11 +97,13 @@ abstract class SnipePermissionsPolicy /** * Determine whether the user can manage the accessory. * - * @param \App\User $user + * @param \App\Models\User $user * @return mixed */ public function manage(User $user, $item = null) { return $user->hasAccess($this->columnName().'.edit'); } + + } diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index bff39fbf18..2c8e07e518 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -113,6 +113,14 @@ class AuthServiceProvider extends ServiceProvider }); + // Can the user import CSVs? + Gate::define('import', function ($user) { + if ($user->hasAccess('import') ) { + return true; + } + }); + + # ----------------------------------------- # Reports # ----------------------------------------- diff --git a/config/permissions.php b/config/permissions.php index 2950391808..7ffa69e491 100644 --- a/config/permissions.php +++ b/config/permissions.php @@ -27,6 +27,15 @@ return array( ) ), + 'CSV Import' => array( + array( + 'permission' => 'import', + 'label' => '', + 'note' => 'This will allow users to import even if access to users, assets, etc is denied elsewhere.', + 'display' => true, + ) + ), + 'Reports' => array( array( 'permission' => 'reports.view', diff --git a/resources/views/layouts/default.blade.php b/resources/views/layouts/default.blade.php index 196b085bbc..03f3037447 100644 --- a/resources/views/layouts/default.blade.php +++ b/resources/views/layouts/default.blade.php @@ -520,7 +520,7 @@ @endcan - @can('create', \App\Models\Asset::class) + @can('import')