gavin/snipe-it
1
0
Fork 0
mirror of https://github.com/grokability/snipe-it.git synced 2026-03-12 17:52:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added permissions

Browse Source
This commit is contained in:
snipe
2026-03-10 15:08:40 +00:00
parent bbe7393a61
commit 8f6782bdfa
5 changed files with 108 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
app/Http/Controllers/Api/UsersController.php
View File

@@ -109,7 +109,6 @@ class UsersController extends Controller
'last_name',
'first_name',
'display_name',
'email',
'jobtitle',
'username',
'employee_num',
@@ -126,13 +125,6 @@ class UsersController extends Controller
'accessories_count',
'manages_users_count',
'manages_locations_count',
'phone',
'mobile',
'address',
'city',
'state',
'country',
'zip',
'id',
'ldap_import',
'two_factor_optin',
@@ -142,7 +134,6 @@ class UsersController extends Controller
'start_date',
'end_date',
'autoassign_licenses',
'website',
'locale',
'notes',
'employee_num',
@@ -159,6 +150,21 @@ class UsersController extends Controller
];
// Do not even request these fields if the requesting user cannot manage user contact info
if (auth()->user()->can('manageContactInfo')) {
array_push($allowed_columns,
'address',
'city',
'country',
'email',
'mobile',
'phone',
'state',
'website',
'zip',
);
}
$filter = [];
if ($request->filled('filter')) {
@@ -196,13 +202,39 @@ class UsersController extends Controller
$users = $users->where('users.company_id', '=', $request->input('company_id'));
}
if ($request->filled('phone')) {
$users = $users->where('users.phone', '=', $request->input('phone'));
// Check that the user can view contact info
if (auth()->user()->can('manageContactInfo')) {
if ($request->filled('phone')) {
$users = $users->where('users.phone', '=', $request->input('phone'));
}
if ($request->filled('mobile')) {
$users = $users->where('users.mobile', '=', $request->input('mobile'));
}
if ($request->filled('email')) {
$users = $users->where('users.email', '=', $request->input('email'));
}
if ($request->filled('state')) {
$users = $users->where('users.state', '=', $request->input('state'));
}
if ($request->filled('country')) {
$users = $users->where('users.country', '=', $request->input('country'));
}
if ($request->filled('website')) {
$users = $users->where('users.website', '=', $request->input('website'));
}
if ($request->filled('zip')) {
$users = $users->where('users.zip', '=', $request->input('zip'));
}
}
if ($request->filled('mobile')) {
$users = $users->where('users.mobile', '=', $request->input('mobile'));
}
if ($request->filled('location_id')) {
$users = $users->where('users.location_id', '=', $request->input('location_id'));
@@ -212,10 +244,6 @@ class UsersController extends Controller
$users = $users->where('users.created_by', '=', $request->input('created_by'));
}
if ($request->filled('email')) {
$users = $users->where('users.email', '=', $request->input('email'));
}
if ($request->filled('username')) {
$users = $users->where('users.username', '=', $request->input('username'));
}
@@ -236,21 +264,6 @@ class UsersController extends Controller
$users = $users->where('users.employee_num', '=', $request->input('employee_num'));
}
if ($request->filled('state')) {
$users = $users->where('users.state', '=', $request->input('state'));
}
if ($request->filled('country')) {
$users = $users->where('users.country', '=', $request->input('country'));
}
if ($request->filled('website')) {
$users = $users->where('users.website', '=', $request->input('website'));
}
if ($request->filled('zip')) {
$users = $users->where('users.zip', '=', $request->input('zip'));
}
if ($request->filled('group_id')) {
$users = $users->ByGroup($request->input('group_id'));

11
app/Http/Controllers/Users/BulkUsersController.php
View File

@@ -148,7 +148,7 @@ class BulkUsersController extends Controller
{
$this->authorize('update', User::class);
if ((! $request->filled('ids')) || $request->input('ids') <= 0) {
if ((!$request->filled('ids')) || $request->input('ids') <= 0) {
return redirect()->back()->with('error', trans('general.no_users_selected'));
}
$user_raw_array = $request->input('ids');
@@ -172,9 +172,16 @@ class BulkUsersController extends Controller
->conditionallyAddItem('display_name')
->conditionallyAddItem('start_date')
->conditionallyAddItem('end_date')
->conditionallyAddItem('city')
->conditionallyAddItem('autoassign_licenses');
// Check that the user can manage contact info for users
if (auth()->user()->can('manageContactInfo')) {
$this->conditionallyAddItem('city')
->conditionallyAddItem('state')
->conditionallyAddItem('country')
->conditionallyAddItem('zip');
}
// If the manager_id is one of the users being updated, generate a warning.
if (array_search($request->input('manager_id'), $user_raw_array)) {

8
config/permissions.php
View File

@@ -251,6 +251,14 @@ return [
'permission' => 'users.delete',
'display' => true,
],
[
'permission' => 'users.files',
'display' => true,
],
[
'permission' => 'users.contact',
'display' => true,
],
],

10
resources/lang/en-US/permissions.php
View File

@@ -226,6 +226,16 @@ return array(
'usersdelete' => [
'name' => 'Delete Users',
],
'usersfiles' => [
'name' => 'Manage User Files',
'note' => 'Allows the user to view, upload, download, and delete files associated with users.',
],
'userscontact' => [
'name' => 'View/Edit User Contact Info',
'note' => 'Allows the user to view and edit personal contact information about the user. This includes: address, city, state/province, country, postal code, phone number, mobile number, email and website. ',
],
'models' => [
'name' => 'Models',
'note' => 'Grants access to the Models section of the application.',

39
resources/views/users/bulk-edit.blade.php
View File

@@ -19,8 +19,7 @@
margin-left: -20px;
}
</style>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<x-container class="col-md-6 col-md-offset-3">
<p>{{ trans('admin/users/general.bulk_update_help') }}</p>
@@ -108,6 +107,7 @@
</div>
</div>
@can('manageContactInfo', $user)
<!-- City -->
<div class="form-group{{ $errors->has('city') ? ' has-error' : '' }}">
<label class="col-md-3 control-label" for="city">{{ trans('general.city') }}</label>
@@ -117,6 +117,37 @@
</div>
</div>
<div class="form-group{{ $errors->has('state') ? ' has-error' : '' }}">
<label class="col-md-3 control-label" for="state">{{ trans('general.state') }}</label>
<div class="col-md-4">
<input class="form-control" type="text" name="state" id="state" aria-label="state" />
{!! $errors->first('state', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
</div>
</div>
<!-- Country -->
<div class="form-group{{ $errors->has('country') ? ' has-error' : '' }}">
<label class="col-md-3 control-label" for="country">{{ trans('general.country') }}</label>
<div class="col-md-6">
<x-input.country-select
name="country"
class="col-md-12"
/>
<p class="help-block">{{ trans('general.countries_manually_entered_help') }}</p>
{!! $errors->first('country', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
</div>
</div>
<div class="form-group{{ $errors->has('zip') ? ' has-error' : '' }}">
<label class="col-md-3 control-label" for="zip">{{ trans('general.zip') }}</label>
<div class="col-md-4">
<input class="form-control" type="text" name="zip" id="zip" aria-label="zip" />
{!! $errors->first('zip', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
</div>
</div>
@endcan
<!-- remote -->
<div class="form-group">
<div class="col-sm-3 control-label">
@@ -162,7 +193,7 @@
</div>
</div> <!--/form-group-->
<!-- activated -->
<!-- autoassign -->
<div class="form-group">
<div class="col-sm-3 control-label">
{{ trans('general.autoassign_licenses') }}
@@ -303,5 +334,5 @@
</div> <!--/.box.box-default-->
</form>
</div> <!--/.col-md-8-->
</div>
</x-container>
@stop