Asset roles not working as expected in 3.2 (possibly since 3.0)

[ghost]

Expected Behavior (or desired behavior if a feature request)

Assign Assets:Edit role to a Group - Assign that group to a user 'snipetest' - user 'snipetest' should then be able to edit assets.

---

Actual Behavior

User is unable to edit asset - button not visible - this is via the 'list assets' view, if you try via the other entry point (click on asset, then edit) it fails also with a 403.

Only permission that allows editing of assets is Super Admin.....

---

Please confirm you have done the following before posting your bug report:

• I have enabled debug mode
• I have read checked the Common Issues page

---

Please provide answers to these questions before posting your bug report:

• Version of Snipe-IT you're running - 3.2
• What OS and web server you're running Snipe-IT on - IIS8 - Win 2012 server
• What method you used to install Snipe-IT (install.sh, manual installation, docker, etc) - manual
• If you're getting an error in your browser, include that error - no browser errors per se.
• What specific Snipe-IT page you're on, and what specific element you're interacting with to trigger the error
• If a stacktrace is provided in the error, include that too.
• Any errors that appear in your browser's error console.
• Confirm whether the error is reproduceable on the demo. - cannot test on demo as demo doesn't allow altering of roles.
• Include any additional information you can find in app/storage/logs and your webserver's logs.
• Include what you've done so far in the installation, and if you got any error messages along the way.
• Indicate whether or not you've manually edited any data directly in the database

[SK9413]

Same

#2395

And you can reproduce the bug on the demo by creating new account.

[VanillaNinjaD]

Same here. Thought I was crazy.

Snipe-IT - 3.2
OS - Ubuntu 14.04.5
Install - Manual

[snipe]

Can you confirm that the user you're seeing the issue on is not a member of any other permission groups that deny the Asset: Edit permission?

[VanillaNinjaD]

Yes

Brian Nguyen's Permissions from the Database - {"superuser":"0","admin":"0","reports.view":"0","assets.view":"0","assets.create":"0","assets.edit":"0","assets.delete":"0","assets.checkin":"0","assets.checkout":"0","assets.view.requestable":"0","accessories.view":"0","accessory.create":"0","accessories.edit":"0","accessories.delete":"0","accessories.checkout":"0","accessories.checkin":"0","consumables.view":"0","consumables.create":"0","consumables.edit":"0","consumables.delete":"0","consumables.checkout":"0","licenses.view":"0","licenses.create":"0","licenses.edit":"0","licenses.delete":"0","licenses.checkout":"0","licenses.keys":"0","components.view":"0","components.create":"0","components.edit":"0","components.delete":"0","components.checkout":"0","components.checkin":"0","users.view":"0","users.create":"0","users.edit":"0","users.delete":"0"}

ADMIN Group Permissions - {"superuser":"0","admin":"1","reports.view":"1","assets.view":"1","assets.create":"1","assets.edit":"1","assets.delete":"0","assets.checkin":"1","assets.checkout":"1","assets.view.requestable":"1","accessories.view":"1","accessory.create":"1","accessories.edit":"1","accessories.delete":"0","accessories.checkout":"1","accessories.checkin":"1","consumables.view":"1","consumables.create":"1","consumables.edit":"1","consumables.delete":"0","consumables.checkout":"1","licenses.view":"1","licenses.create":"1","licenses.edit":"1","licenses.delete":"0","licenses.checkout":"1","licenses.keys":"1","components.view":"1","components.create":"1","components.edit":"1","components.delete":"0","components.checkout":"1","components.checkin":"1","users.view":"1","users.create":"1","users.edit":"1","users.delete":"0"}

If I give him superuser permissions her can create labels. Otherwise we see the following error.

This can be reproduced for all of my users.

[snipe]

If I give him superuser permissions her can create labels.

Via the group, or via his own permissions?

Is is just label creation/asset editing, or are there other things that he can't do that he should be able to do?

[VanillaNinjaD]

Via the group.

The users have complete "Inherit" permissions

Give me a minute or two to check on the other actions

[VanillaNinjaD]

Seems limited to actions considered "editing" which appear to be label generation and actual asset editing

I see your commit, would you like me to pull it down and test?

[snipe]

If you wouldn't mind, that would be great. It's only on the develop branch right now

[VanillaNinjaD]

I'll report back soon! Thanks!

[snipe]

(You may also want to run migrations, as there's a small tweak to the DB on the develop branch)

[VanillaNinjaD]

Like a charm!

[snipe]

Awesome! I'll get that merged into master then.

[VanillaNinjaD]

I simply pasted the assets.edit gate into the AuthServiceProvider.php to test

I think I may stay with this setup until the merge hits master, I like to avoid the testing branch for production.

Thank you for the quick responses

[VanillaNinjaD]

pulled master, ran migrations and tested

works perfectly

[snipe]

Awesome, thanks!