Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed #15366 use the non-admin edit encrypted custom fields permissions #15373

Merged
merged 1 commit into from
Aug 22, 2024

Conversation

snipe
Copy link
Owner

@snipe snipe commented Aug 22, 2024

Fixed #15366, allowing users with the "view/edit encrypted custom fields" permission.

Copy link

what-the-diff bot commented Aug 22, 2024

PR Summary

  • Updated permission checks in AssetsController
    Changes were made in the AssetsController.php file located in both the app/Http/Controllers/Api/ and app/Http/Controllers/Assets/ directories. The code was updated to check if a user has the permission 'assets.view.encrypted_custom_fields' instead of just checking if the user is an admin, improving security and better role management by allowing more granular access control. This change is reflected at lines 602 and 695 in the former directory and lines 165 and 388 in the latter one.

@snipe snipe merged commit 833dace into develop Aug 22, 2024
8 of 9 checks passed
@snipe snipe deleted the fixes/#15366_custom_fields branch August 22, 2024 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant