Skip to content

Commit cd58823

Browse files
CloCkWeRXCloCkWeRX
committed
Fix test
1 parent 7f7ed25 commit cd58823

File tree

2 files changed

+28
-35
lines changed

2 files changed

+28
-35
lines changed

app/Http/Controllers/Api/UsersController.php

Lines changed: 17 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -484,8 +484,23 @@ public function update(SaveUserRequest $request, User $user): JsonResponse
484484
return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
485485
}
486486

487-
if ($request->filled('password')) {
488-
$user->password = bcrypt($request->input('password'));
487+
// check for permissions related fields and pull them out if the current user cannot edit them
488+
if (auth()->user()->can('canEditAuthFields', $user) && auth()->user()->can('editableOnDemo')) {
489+
if ($request->filled('password')) {
490+
$user->password = bcrypt($request->input('password'));
491+
}
492+
493+
if ($request->filled('username')) {
494+
$user->username = $request->input('username');
495+
}
496+
497+
if ($request->filled('email')) {
498+
$user->email = $request->input('email');
499+
}
500+
501+
if ($request->filled('activated')) {
502+
$user->activated = $request->input('activated');
503+
}
489504
}
490505

491506
// We need to use has() instead of filled()
@@ -519,39 +534,6 @@ public function update(SaveUserRequest $request, User $user): JsonResponse
519534
if ($validator->fails()) {
520535
return response()->json(Helper::formatStandardApiResponse('error', null, $validator->errors()));
521536
}
522-
}
523-
524-
// check for permissions related fields and pull them out if the current user cannot edit them
525-
if (auth()->user()->can('canEditAuthFields', $user) && auth()->user()->can('editableOnDemo')) {
526-
527-
if ($request->filled('password')) {
528-
$user->password = bcrypt($request->input('password'));
529-
}
530-
531-
if ($request->filled('username')) {
532-
$user->username = $request->input('username');
533-
}
534-
535-
if ($request->filled('email')) {
536-
$user->email = $request->input('email');
537-
}
538-
539-
if ($request->filled('activated')) {
540-
$user->activated = $request->input('activated');
541-
}
542-
543-
}
544-
545-
// We need to use has() instead of filled()
546-
// here because we need to overwrite permissions
547-
// if someone needs to null them out
548-
if ($request->has('permissions')) {
549-
$permissions_array = $request->input('permissions');
550-
551-
// Strip out the individual superuser permission if the API user isn't a superadmin
552-
if (!auth()->user()->isSuperUser()) {
553-
unset($permissions_array['superuser']);
554-
}
555537

556538
// Sync the groups since the user is a superuser and the groups pass validation
557539
$user->groups()->sync($request->input('groups'));

0 commit comments

Comments
 (0)