diff --git a/app/controllers/admin/UsersController.php b/app/controllers/admin/UsersController.php index 7db9741715..8b79045f72 100755 --- a/app/controllers/admin/UsersController.php +++ b/app/controllers/admin/UsersController.php @@ -48,7 +48,7 @@ class UsersController extends AdminController { 'email' => 'email|unique:users,email', 'password' => 'required|min:6', 'password_confirm' => 'required|min:6|same:password', - 'company_id' => 'required|integer', + 'company_id' => 'integer', ); /** @@ -124,7 +124,7 @@ class UsersController extends AdminController { // Get the inputs, with some exceptions $inputs = Input::except('csrf_token', 'password_confirm', 'groups', 'email_user'); - $inputs['company_id'] = Company::getIdFromInput($inputs['company_id']); + $inputs['company_id'] = Company::getIdForUser(Input::get('company_id')); // @TODO: Figure out WTF I need to do this. if ($inputs['manager_id'] == '') { @@ -365,7 +365,7 @@ class UsersController extends AdminController { $user->jobtitle = Input::get('jobtitle'); $user->phone = Input::get('phone'); $user->location_id = Input::get('location_id'); - $user->company_id = Company::getIdFromInput(Input::get('company_id')); + $user->company_id = Company::getIdForUser(Input::get('company_id')); $user->manager_id = Input::get('manager_id'); $user->notes = Input::get('notes'); @@ -698,6 +698,7 @@ class UsersController extends AdminController { $this->encodeAllPermissions($permissions); $location_list = array('' => '') + Location::lists('name', 'id'); + $company_list = Company::getSelectList(); $manager_list = array('' => 'Select a User') + DB::table('users') ->select(DB::raw('concat(last_name,", ",first_name," (",email,")") as full_name, id')) ->whereNull('deleted_at') @@ -709,6 +710,7 @@ class UsersController extends AdminController { // Show the page return View::make('backend/users/edit', compact('groups', 'userGroups', 'permissions', 'userPermissions')) ->with('location_list', $location_list) + ->with('company_list', $company_list) ->with('manager_list', $manager_list) ->with('user', $user) ->with('clone_user', $user_to_clone); diff --git a/app/models/Company.php b/app/models/Company.php index 2e690a935f..9c844a9b1c 100644 --- a/app/models/Company.php +++ b/app/models/Company.php @@ -65,11 +65,21 @@ final class Company extends Elegant public static function isCurrentUserAuthorized() { - if (!static::isFullMultipleCompanySupportEnabled()) { return TRUE; } - else - { - $current_user = Sentry::getUser(); - return ($current_user->company_id == NULL); + return (!static::isFullMultipleCompanySupportEnabled() || Sentry::getUser()->company_id == NULL); + } + + public static function canManageUsersCompanies() + { + return (!static::isFullMultipleCompanySupportEnabled() || Sentry::getUser()->isSuperUser() || + Sentry::getUser()->company_id == NULL); + } + + public static function getIdForUser($unescaped_input) + { + if (!static::isFullMultipleCompanySupportEnabled() || Sentry::getUser()->isSuperUser()) { + return static::getIdFromInput($unescaped_input); + } else { + return static::getIdForCurrentUser($unescaped_input); } } diff --git a/app/views/backend/users/edit.blade.php b/app/views/backend/users/edit.blade.php index c7aa657504..c44338e038 100755 --- a/app/views/backend/users/edit.blade.php +++ b/app/views/backend/users/edit.blade.php @@ -50,17 +50,18 @@


- - -
-
- {{ Form::label('company_id', Lang::get('general.company')) }} + @if (Company::canManageUsersCompanies()) + +
+
+ {{ Form::label('company_id', Lang::get('general.company')) }} +
+
+ {{ Form::select('company_id', $company_list , Input::old('company_id', $user->company_id), array('class'=>'select2', 'style'=>'width:350px')) }} + {{ $errors->first('company_id', '
:message') }} +
-
- {{ Form::select('company_id', $company_list , Input::old('company_id', $user->company_id), array('class'=>'select2', 'style'=>'width:350px')) }} - {{ $errors->first('company_id', '
:message') }} -
-
+ @endif