Fixes potential for accidental update/deletion of edited model

2016-01-08 22:22:41 -05:00 · 2016-01-08 22:22:41 -05:00 · 71e6d2e1b6
commit 71e6d2e1b6
parent 65a91baa16
1 changed files with 11 additions and 3 deletions
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@ -122,13 +122,21 @@ class Server extends Model

        $result = $query->first();

-        // @TODO: saving after calling this could end up resetting the daemon secret.
-        // We probably need to just allow access to self::getUserDaemonSecret() to
-        // get this result.
        if(!is_null($result)) {
            $result->daemonSecret = self::getUserDaemonSecret($result);
        }

+        // Prevent saving of model called in this manner.
+        // Prevents accidental overwrite of main daemon secret.
+        $result::saving(function () {
+            return false;
+        });
+
+        // Prevent deleting this model call.
+        $result::deleting(function () {
+            return false;
+        });
+
        self::$serverUUIDInstance[$uuid] = $result;
        return self::$serverUUIDInstance[$uuid];