snipe-it icon indicating copy to clipboard operation
snipe-it copied to clipboard

Published 20 hours ago verified publisher icon snipe

Users in groups with "view and modify encrypted" can't modify custom fields

Open DrekiDegga opened this issue 10 months ago • 0 comments

Debug mode

Describe the bug

Users in groups with "View and Modify Encrypted Custom Fields" set to "Grant" can view the field contents but not edit it.

Reproduction steps

  1. Create permission group
  2. Add "View and Modify Encrypted Custom Fields" permission to group
  3. Add user to group
  4. Have user try to edit the field. and hit save. ...

Expected behavior

The custom encrypted field would be updated.

Screenshots

No response

Snipe-IT Version

v6.3.4 build 13139 (g6f9ba6ede)

Operating System

Hosted instance at Snipe-IT.io

Web Server

Hosted instance at Snipe-IT.io

PHP Version

Hosted instance at Snipe-IT.io

Operating System

windows 11

Browser

chrome

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

This action is unauthorized./var/www/snipe-it/vendor/laravel/framework/src/Illuminate/Auth/Access/Response.php#119Illuminate\Auth\Access\AuthorizationException

    public function authorize()
    {
        if ($this->denied()) {
            throw (new AuthorizationException($this->message(), $this->code()))
                        ->setResponse($this);
        }


array:54 [▼
  0 => array:5 [▶]
  1 => array:5 [▶]
  2 => array:5 [▶]
  3 => array:5 [▶]
  4 => array:5 [▶]
  5 => array:5 [▶]
  6 => array:5 [▶]
  7 => array:5 [▶]
  8 => array:5 [▶]
  9 => array:5 [▶]
  10 => array:5 [▶]
  11 => array:5 [▶]
  12 => array:5 [▶]
  13 => array:5 [▶]
  14 => array:5 [▶]
  15 => array:5 [▶]
  16 => array:5 [▶]
  17 => array:5 [▶]
  18 => array:5 [▶]
  19 => array:5 [▶]
  20 => array:5 [▶]
  21 => array:5 [▶]
  22 => array:5 [▶]
  23 => array:5 [▶]
  24 => array:5 [▶]
  25 => array:5 [▶]
  26 => array:5 [▶]
  27 => array:5 [▶]
  28 => array:5 [▶]
  29 => array:5 [▶]
  30 => array:5 [▶]
  31 => array:5 [▶]
  32 => array:5 [▶]
  33 => array:5 [▶]
  34 => array:5 [▶]
  35 => array:5 [▶]
  36 => array:5 [▶]
  37 => array:5 [▶]
  38 => array:5 [▶]
  39 => array:5 [▶]
  40 => array:5 [▶]
  41 => array:5 [▶]
  42 => array:5 [▶]
  43 => array:5 [▶]
  44 => array:5 [▶]
  45 => array:5 [▶]
  46 => array:5 [▶]
  47 => array:5 [▶]
  48 => array:5 [▶]
  49 => array:5 [▶]
  50 => array:5 [▶]
  51 => array:5 [▶]
  52 => array:5 [▶]
  53 => array:5 [▶]
]

Additional context

Without debug on, The user isn't notified of a problem. the field simply doesn't get updated.

DrekiDegga avatar Apr 16 '24 14:04 DrekiDegga