diff --git a/app/Http/Requests/User/UpdateUserRequest.php b/app/Http/Requests/User/UpdateUserRequest.php index 2e92537cb0d2..762467ded494 100644 --- a/app/Http/Requests/User/UpdateUserRequest.php +++ b/app/Http/Requests/User/UpdateUserRequest.php @@ -13,7 +13,6 @@ namespace App\Http\Requests\User; use App\Http\Requests\Request; use App\Http\ValidationRules\UniqueUserRule; -use Illuminate\Support\Facades\Log; class UpdateUserRequest extends Request { @@ -25,7 +24,6 @@ class UpdateUserRequest extends Request public function authorize() : bool { -Log::error($this->user); return auth()->user()->can('edit', $this->user); } @@ -33,6 +31,7 @@ Log::error($this->user); public function rules() { + $this->sanitize(); $input = $this->all(); @@ -43,4 +42,18 @@ Log::error($this->user); ]; } + public function sanitize() + { + $input = $this->all(); + + + if(!isset($input['email'])) + { + $input['email'] = null; + } + + $this->replace($input); + } + + } \ No newline at end of file diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php index 2b0a67b374f9..786946ad21c1 100644 --- a/app/Policies/UserPolicy.php +++ b/app/Policies/UserPolicy.php @@ -12,6 +12,7 @@ namespace App\Policies; use App\Models\Client; +use App\Models\CompanyUser; use App\Models\User; /** @@ -30,15 +31,21 @@ class UserPolicy extends EntityPolicy { return $user->isAdmin() || $user->hasPermission('create_user'); - + } - //we need to override as User does not have the company_id property!!!!! + /* + * + * We need to override as User does not have the company_id property!!!!! + * + * We use the CompanyUser table as a proxy + */ public function edit(User $user, $user_entity) : bool { + $company_user = CompanyUser::whereUserId($user_entity->id)->whereCompanyId($user->companyId())->first(); - return ($user->isAdmin() && $user_entity->companyId() == $user->companyId());; + return ($user->isAdmin() && $company_user); }