Fixed grokability#15366 - use permission for encrypted custom fields

snipe · FlorentDotMe · commit dd629c4f2673 · 2024-09-09T14:12:40.000Z
Signed-off-by: snipe &lt;snipe@snipe.net&gt;
diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php
@@ -602,7 +602,7 @@ public function store(StoreAssetRequest $request): JsonResponse
                 if ($field->field_encrypted == '1') {
                     Log::debug('This model field is encrypted in this fieldset.');
 
-                    if (Gate::allows('admin')) {
+                    if (Gate::allows('assets.view.encrypted_custom_fields')) {
 
                         // If input value is null, use custom field's default value
                         if (($field_val == null) && ($request->has('model_id') != '')) {
@@ -695,7 +695,7 @@ public function update(UpdateAssetRequest $request, Asset $asset): JsonResponse
                             }
                         }
                         if ($field->field_encrypted == '1') {
-                            if (Gate::allows('admin')) {
+                            if (Gate::allows('assets.view.encrypted_custom_fields')) {
                                 $field_val = Crypt::encrypt($field_val);
                             } else {
                                 $problems_updating_encrypted_custom_fields = true;
diff --git a/app/Http/Controllers/Assets/AssetsController.php b/app/Http/Controllers/Assets/AssetsController.php
@@ -165,7 +165,7 @@ public function store(ImageUploadRequest $request) : RedirectResponse
             if (($model) && ($model->fieldset)) {
                 foreach ($model->fieldset->fields as $field) {
                     if ($field->field_encrypted == '1') {
-                        if (Gate::allows('admin')) {
+                        if (Gate::allows('assets.view.encrypted_custom_fields')) {
                             if (is_array($request->input($field->db_column))) {
                                 $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                             } else {
@@ -388,7 +388,7 @@ public function update(ImageUploadRequest $request, $assetId = null) : RedirectR
             foreach ($model->fieldset->fields as $field) {
 
                 if ($field->field_encrypted == '1') {
-                    if (Gate::allows('admin')) {
+                    if (Gate::allows('assets.view.encrypted_custom_fields')) {
                         if (is_array($request->input($field->db_column))) {
                             $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                         } else {
