From 30cf7eb750d1f0619093c1b61aa87e73b40e3620 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Fri, 17 Mar 2023 02:42:50 -0700
Subject: [PATCH 1/2] Disallow action in demo mode

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/Users/BulkUsersController.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/Users/BulkUsersController.php b/app/Http/Controllers/Users/BulkUsersController.php
index 3334d3c0b..bbf3ced55 100644
--- a/app/Http/Controllers/Users/BulkUsersController.php
+++ b/app/Http/Controllers/Users/BulkUsersController.php
@@ -62,7 +62,7 @@ class BulkUsersController extends Controller
             }
         }
 
-        return redirect()->back()->with('error', 'No users selected');
+        return redirect()->back()->with('error', trans('general.no_users_selected'));
     }
 
     /**
@@ -79,7 +79,7 @@ class BulkUsersController extends Controller
         $this->authorize('update', User::class);
 
         if ((! $request->filled('ids')) || $request->input('ids') <= 0) {
-            return redirect()->back()->with('error', 'No users selected');
+            return redirect()->back()->with('error', trans('general.no_users_selected'));
         }
         $user_raw_array = $request->input('ids');
 
@@ -166,11 +166,11 @@ class BulkUsersController extends Controller
         $this->authorize('update', User::class);
 
         if ((! $request->filled('ids')) || (count($request->input('ids')) == 0)) {
-            return redirect()->back()->with('error', 'No users selected');
+            return redirect()->back()->with('error', trans('general.no_users_selected'));
         }
 
         if (config('app.lock_passwords')) {
-            return redirect()->route('users.index')->with('error', 'Bulk delete is not enabled in this installation');
+            return redirect()->route('users.index')->with('error', trans('general.feature_disabled'));
         }
 
         $user_raw_array = request('ids');
@@ -266,6 +266,10 @@ class BulkUsersController extends Controller
     {
         $this->authorize('update', User::class);
 
+        if (config('app.lock_passwords')) {
+            return redirect()->route('users.index')->with('error', trans('general.feature_disabled'));
+        }
+
         $user_ids_to_merge = $request->input('ids_to_merge');
         $user_ids_to_merge = array_diff($user_ids_to_merge, array($request->input('merge_into_id')));
 

From e557f03cc2684ce951270b2a9359ba29b946311b Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Fri, 17 Mar 2023 02:43:33 -0700
Subject: [PATCH 2/2] Disable submit if app is locked

Signed-off-by: snipe <snipe@snipe.net>
---
 resources/views/users/confirm-merge.blade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/views/users/confirm-merge.blade.php b/resources/views/users/confirm-merge.blade.php
index 0bb0871fb..9f0e3bc6f 100644
--- a/resources/views/users/confirm-merge.blade.php
+++ b/resources/views/users/confirm-merge.blade.php
@@ -110,7 +110,7 @@
                     </div> <!--/box-body-->
                     <div class="box-footer text-right">
                         <a class="btn btn-link pull-left" href="{{ URL::previous() }}">{{ trans('button.cancel') }}</a>
-                        <button type="submit" class="btn btn-success"><i class="fas fa-check icon-white" aria-hidden="true"></i> {{ trans('button.submit') }}</button>
+                        <button type="submit" class="btn btn-success"{{ (config('app.lock_passwords') ? ' disabled' : '') }}><i class="fas fa-check icon-white" aria-hidden="true"></i> {{ trans('button.submit') }}</button>
                     </div><!-- /.box-footer -->
 
                     @foreach ($users as $user)