403 when adding Asset Maintenance after 5.4 upgrade

[markr-metra-autosound-com]

I upgraded to 5.4.0 and now I get a 403 Unauthorized when I go into an asset and click New Maintenance. The error shows instead of the form.

When I loaded the Laravel console, the gate has the following:

array:4 [[▼]() "ability" => "edit" "result" => null "user" => 3 "arguments" => "[0 => App\Models\Asset]" ]

The user I am logged in as is an Administrator with Asset:Edit inherited from the Administrator Role. I even explicitly set Asset:Edit my user level to be sure.

I reran the OS file permission commands, and all the post-upgrading composer/artisan stuff from the Snipe KB.

As far as I can tell this is the only place throwing the 403, everything else looks ok...

Any ideas?

Thanks!

[markr-metra-autosound-com]

For what it's worth, the route is /hardware/maintenances/create?asset_id=195

[markr-metra-autosound-com]

Not to spam my own thread, but I commented out

$this->authorize('edit', Asset::class);

in AssetMaintenancesController::create() and store(), the error went away.

Obviously this was only for debugging purposes, then I put the lines back.

This was only to test if the Gate was the issue...anybody reading this THAT IS NOT A FIX SO DO NOT DO IT

[gmoler]

i dont know if this is helpful, but i'm also getting a 403 on maintenance create

would also be helpful to know exactly what permission grants/denies maintenance create, might be helpful to have it's own permissions section

edit: noticed this was reported in a 5.3.10 branch as well in 10711, i'm on the hosted 5.4 branch

[markr-metra-autosound-com]

According to the source it looks like it inherits from the Asset model (programming model, not the Asset Model entity you set up in Snipe). So if you have have Asset create/edit, in theory these should be working... unless I'm reading that wrong, which is totally possible