gavin/snipe-it
1
0
Fork 0
mirror of https://github.com/grokability/snipe-it.git synced 2026-03-12 17:52:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated test, fixed route

Browse Source
This commit is contained in:
snipe
2026-03-06 04:38:48 +00:00
parent a1e62ccd46
commit 68a863e63e
3 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/Http/Controllers/Api/UsersController.php
View File

@@ -530,8 +530,6 @@ class UsersController extends Controller
*/
public function update(SaveUserRequest $request, User $user): JsonResponse
{
$this->authorize('update', User::class);
$this->authorize('update', $user);
/**
@@ -588,16 +586,24 @@ class UsersController extends Controller
// if someone needs to null them out
if ($request->has('permissions')) {
$permissions_array = $request->input('permissions');
\Log::error(print_r($permissions_array, true));
// Strip out the individual superuser permission if the API user isn't a superadmin
if (!auth()->user()->isSuperUser()) {
unset($permissions_array['superuser']);
if (array_key_exists('superuser', $permissions_array)) {
unset($permissions_array['superuser']);
}
}
// Strip out the individual admin permission if the API user isn't an admin
if (!auth()->user()->isAdmin()) {
unset($permissions_array['admin']);
if ((is_array($permissions_array)) && (array_key_exists('admin', $permissions_array))) {
unset($permissions_array['admin']);
}
}
$user->permissions = $permissions_array;

5
routes/web/fields.php
View File

@@ -41,10 +41,13 @@ Route::group([ 'prefix' => 'fields','middleware' => ['auth'] ], function () {
'except' => ['show', 'view']
]);
// This is a shim to handle bootstrap tables
// @todo: normalize this in the JS
Route::get(
'fieldsets/{fieldset}/edit',
[CustomFieldsetsController::class, 'show']
)->name('fieldsets.show');
)->name('fieldsets.edit.show');
Route::get(
'fieldsets/{fieldset}',

4
tests/Feature/Users/Api/UpdateUserTest.php
View File

@@ -110,7 +110,7 @@ class UpdateUserTest extends TestCase
'username' => 'mabel',
'password' => 'super-secret',
'password_confirmation' => 'super-secret',
'email' => 'mabel@onlymurderspod.com',
'email' => 'mabel@example.org',
'permissions' => '{"a.new.permission":"1"}',
'activated' => true,
'phone' => '619-555-5555',
@@ -138,7 +138,7 @@ class UpdateUserTest extends TestCase
$this->assertEquals('Mora', $user->last_name, 'Last name was not updated');
$this->assertEquals('mabel', $user->username, 'Username was not updated');
$this->assertTrue(Hash::check('super-secret', $user->password), 'Password was not updated');
$this->assertEquals('mabel@onlymurderspod.com', $user->email, 'Email was not updated');
$this->assertEquals('mabel@example.org', $user->email, 'Email was not updated');
$this->assertArrayHasKey('a.new.permission', $user->decodePermissions(), 'Permissions were not updated');
$this->assertTrue((bool) $user->activated, 'User not marked as activated');
$this->assertEquals('619-555-5555', $user->phone, 'Phone was not updated');