Switch GET to POST for asset request

snipe · snipe · commit 9b2dd6522f21 · 2021-12-16T20:36:08.000-08:00
Signed-off-by: snipe &lt;snipe@snipe.net&gt;
diff --git a/app/Http/Controllers/ViewAssetsController.php b/app/Http/Controllers/ViewAssetsController.php
@@ -179,7 +179,7 @@ public function getRequestAsset($assetId = null)
             $logaction->logaction('request canceled');
             $settings->notify(new RequestAssetCancelation($data));
             return redirect()->route('requestable-assets')
-                ->with('success')->with('success', trans('admin/hardware/message.requests.cancel-success'));
+                ->with('success')->with('success', trans('admin/hardware/message.requests.cancel'));
         }
 
         $logaction->logaction('requested');
diff --git a/resources/lang/en/admin/hardware/message.php b/resources/lang/en/admin/hardware/message.php
@@ -77,7 +77,7 @@
     'requests' => array(
         'error'   		=> 'Asset was not requested, please try again',
         'success' 		=> 'Asset requested successfully.',
-        'canceled'      => 'Checkout request successfully canceled'
+        'cancel'      => 'Checkout request successfully canceled'
     )
 
 );
diff --git a/resources/views/partials/bootstrap-table.blade.php b/resources/views/partials/bootstrap-table.blade.php
@@ -365,9 +365,9 @@ function genericCheckinCheckoutFormatter(destination) {
     // This is only used by the requestable assets section
     function assetRequestActionsFormatter (row, value) {
         if (value.available_actions.cancel == true)  {
-            return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="GET"><button class="btn btn-danger btn-sm" data-toggle="tooltip" title="Cancel this item request">{{ trans('button.cancel') }}</button></form>';
+            return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="POST">@csrf<button class="btn btn-danger btn-sm" data-toggle="tooltip" title="Cancel this item request">{{ trans('button.cancel') }}</button></form>';
         } else if (value.available_actions.request == true)  {
-            return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="GET"><button class="btn btn-primary btn-sm" data-toggle="tooltip" title="Request this item">{{ trans('button.request') }}</button></form>';
+            return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="POST">@csrf<button class="btn btn-primary btn-sm" data-toggle="tooltip" title="Request this item">{{ trans('button.request') }}</button></form>';
         }
 
     }
diff --git a/routes/web.php b/routes/web.php
@@ -261,7 +261,7 @@
         'requestable-assets',
         [ 'as' => 'requestable-assets', 'uses' => 'ViewAssetsController@getRequestableIndex' ]
     );
-    Route::get(
+    Route::post(
         'request-asset/{assetId}',
         [ 'as' => 'account/request-asset', 'uses' => 'ViewAssetsController@getRequestAsset' ]
     );

Original file line number	Diff line number	Diff line change
`@@ -179,7 +179,7 @@ public function getRequestAsset($assetId = null)`
`179`	`179`	`$logaction->logaction('request canceled');`
`180`	`180`	`$settings->notify(new RequestAssetCancelation($data));`
`181`	`181`	`return redirect()->route('requestable-assets')`
`182`		`- ->with('success')->with('success', trans('admin/hardware/message.requests.cancel-success'));`
	`182`	`+ ->with('success')->with('success', trans('admin/hardware/message.requests.cancel'));`
`183`	`183`	`}`
`184`	`184`
`185`	`185`	`$logaction->logaction('requested');`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@`
`77`	`77`	`'requests' => array(`
`78`	`78`	`'error' => 'Asset was not requested, please try again',`
`79`	`79`	`'success' => 'Asset requested successfully.',`
`80`		`- 'canceled' => 'Checkout request successfully canceled'`
	`80`	`+ 'cancel' => 'Checkout request successfully canceled'`
`81`	`81`	`)`
`82`	`82`
`83`	`83`	`);`
Original file line number	Diff line number	Diff line change
`@@ -365,9 +365,9 @@ function genericCheckinCheckoutFormatter(destination) {`
`365`	`365`	`// This is only used by the requestable assets section`
`366`	`366`	`function assetRequestActionsFormatter (row, value) {`
`367`	`367`	`if (value.available_actions.cancel == true) {`
`368`		`- return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="GET"><button class="btn btn-danger btn-sm" data-toggle="tooltip" title="Cancel this item request">{{ trans('button.cancel') }}</button></form>';`
	`368`	`+ return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="POST">@csrf<button class="btn btn-danger btn-sm" data-toggle="tooltip" title="Cancel this item request">{{ trans('button.cancel') }}</button></form>';`
`369`	`369`	`} else if (value.available_actions.request == true) {`
`370`		`- return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="GET"><button class="btn btn-primary btn-sm" data-toggle="tooltip" title="Request this item">{{ trans('button.request') }}</button></form>';`
	`370`	`+ return '<form action="{{ url('/') }}/account/request-asset/'+ value.id + '" method="POST">@csrf<button class="btn btn-primary btn-sm" data-toggle="tooltip" title="Request this item">{{ trans('button.request') }}</button></form>';`
`371`	`371`	`}`
`372`	`372`
`373`	`373`	`}`