From bb96a190fdb8618ae359d8f8e428130a75879000 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Wed, 22 May 2024 12:34:48 +0100
Subject: [PATCH] Moved validator

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/Api/UsersController.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index 006b6de9a..24def9414 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -496,17 +496,20 @@ class UsersController extends Controller
             // Check if the request has groups passed and has a value, AND that the user us a superuser
             if (($request->has('groups')) && (Auth::user()->isSuperUser())) {
 
-                $validator = Validator::make($request->all(), [
+                $validator = Validator::make($request->only('groups'), [
                     'groups.*' => 'integer|exists:permission_groups,id',
                 ]);
 
-                $user->groups()->sync($request->input('groups'));
-
                 if ($validator->fails()) {
-                    return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $validator->errors()));
                 }
 
+                // Sync the groups since the user is a superuser and the groups pass validation
+                $user->groups()->sync($request->input('groups'));
+
+
             }
+
             return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
         }