Re-order gating and refactor group syncing

Signed-off-by: snipe <snipe@snipe.net>
snipe · May 21, 2024 · 34f1ea1 · 34f1ea1
1 parent e3561ad
commit 34f1ea1
Showing 1 changed file with 7 additions and 19 deletions.
diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
@@ -475,7 +475,7 @@ public function update(SaveUserRequest $request, $id)
         if ($request->has('permissions')) {
             $permissions_array = $request->input('permissions');
 
-            // Strip out the superuser permission if the API user isn't a superadmin
+            // Strip out the individual superuser permission if the API user isn't a superadmin
             if (! Auth::user()->isSuperUser()) {
                 unset($permissions_array['superuser']);
             }
@@ -493,32 +493,20 @@ public function update(SaveUserRequest $request, $id)
 
         if ($user->save()) {
 
-            // Check if the request has groups passed and has a value
-            if ($request->filled('groups')) {
+            // Check if the request has groups passed and has a value, AND that the user us a superuser
+            if (($request->has('groups')) && (Auth::user()->isSuperUser())) {
 
                 $validator = Validator::make($request->all(), [
                     'groups.*' => 'integer|exists:permission_groups,id',
                 ]);
-
-                if ($validator->fails()){
-                    return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
-                }
 
-                // Only save groups if the user is a superuser
-                if (Auth::user()->isSuperUser()) {
-                    $user->groups()->sync($request->input('groups'));
-                }
+                $user->groups()->sync($request->input('groups'));
 
-            // The groups field has been passed but it is null, so we should blank it out
-            } elseif ($request->has('groups')) {
-
-                // Only save groups if the user is a superuser
-                if (Auth::user()->isSuperUser()) {
-                    $user->groups()->sync($request->input('groups'));
+                if ($validator->fails()) {
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
                 }
-            }
-
 
+            }
             return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
         }