From 71e6d2e1b6d824ac1b042f2d355b10aa4ace535b Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Fri, 8 Jan 2016 22:22:41 -0500 Subject: [PATCH] Fixes potential for accidental update/deletion of edited model --- app/Models/Server.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/app/Models/Server.php b/app/Models/Server.php index 190e989e..afc50cc3 100644 --- a/app/Models/Server.php +++ b/app/Models/Server.php @@ -122,13 +122,21 @@ class Server extends Model $result = $query->first(); - // @TODO: saving after calling this could end up resetting the daemon secret. - // We probably need to just allow access to self::getUserDaemonSecret() to - // get this result. if(!is_null($result)) { $result->daemonSecret = self::getUserDaemonSecret($result); } + // Prevent saving of model called in this manner. + // Prevents accidental overwrite of main daemon secret. + $result::saving(function () { + return false; + }); + + // Prevent deleting this model call. + $result::deleting(function () { + return false; + }); + self::$serverUUIDInstance[$uuid] = $result; return self::$serverUUIDInstance[$uuid];