updates

2023-02-20 10:20:12 +10:00
parent 9961aba160
commit ccc30a8b7a
30 changed files with 1026 additions and 646 deletions
--- a/app/Filters/FilterAbstract.php
+++ b/app/Filters/FilterAbstract.php
@@ -165,9 +165,10 @@ abstract class FilterAbstract
     *
     * @param array     $attributes Attributes currently visible.
     * @param User|null $user       Current logged in user or null.
+     * @param object    $modelData  Model data if a single object is requested.
     * @return mixed
     */
-    protected function seeAttributes(array $attributes, mixed $user)
+    protected function seeAttributes(array $attributes, mixed $user, ?object $modelData = null)
    {
        return $attributes;
    }
@@ -224,7 +225,7 @@ abstract class FilterAbstract
        }

        /* Run attribute modifiers*/
-        $modifiedAttribs = $this->seeAttributes($attributes, $this->request->user());
+        $modifiedAttribs = $this->seeAttributes($attributes, $this->request->user(), $model);
        if (is_array($modifiedAttribs) === true) {
            $attributes = $modifiedAttribs;
        }
--- a/app/Filters/UserFilter.php
+++ b/app/Filters/UserFilter.php
@@ -19,11 +19,12 @@ class UserFilter extends FilterAbstract
     *
     * @param array     $attributes Attributes currently visible.
     * @param User|null $user       Current logged in user or null.
+     * @param object    $userData   User model if single object is requested.
     * @return mixed
     */
-    protected function seeAttributes(array $attributes, mixed $user)
+    protected function seeAttributes(array $attributes, mixed $user, ?object $userData = null)
    {
-        if ($user?->hasPermission('admin/users') !== true) {
+        if ($user?->hasPermission('admin/users') !== true && ($user === null || $userData === null || $user?->id !== $userData?->id)) {
            return ['id', 'username'];
        }
    }