Users and Usergroups cannot Create Asset without having the View Asset permission

[rdggdr]

Expected Behavior (or desired behavior if a feature request)

I granted usergroup HUserGroup the permissions to create assets and edit assets. They do not have permission to View Asset etc. I would expect this to mean that a user in HUserGroup can add assets into the system, but not see assets created by others.

---

Actual Behavior

They do not get a menu option to create assets. They also cannot create assets (Sadpanda error after clicking Save on the asset log form - I accessed it directly via the URL instead of looking for a menu). If I grant HUserGroup the permission to view assets, they can then create assets.

---

Please confirm you have done the following before posting your bug report:

• [x] I have enabled debug mode
• [x] I have read checked the Common Issues page

---

Please provide answers to these questions before posting your bug report:

• Version of Snipe-IT you're running v3.5.2-11-g5a835a5
• What OS and web server you're running Snipe-IT on Ubuntu 16.04 LTS, Apache2.4.18, PHP 7.0.8-0ubuntu0.16.04.3, Laravel 5.2.45
• What method you used to install Snipe-IT (install.sh, manual installation, docker, etc) Manual installation
• If you're getting an error in your browser, include that error No error showing in console
• What specific Snipe-IT page you're on, and what specific element you're interacting with to trigger the error As above - it's failing gracefully to the Sadpanda permission error page after submitting a new asset on /hardware/create
• If a stacktrace is provided in the error, include that too. NA
• Any errors that appear in your browser's error console. NA
• Confirm whether the error is reproduceable on the demo. It is - I set up my own installation just to test this issue, because I know that there are restrictions with permissions on the demo
• Include any additional information you can find in app/storage/logs and your webserver's logs. Not seeing any relevant errors in the server web logs. There's a long stack trace in /storage/logs/laravel.log but it doesn't look like a problem.
• Include what you've done so far in the installation, and if you got any error messages along the way. Vanilla build on a fresh LAMP stack on a Linode server. All I've done is add some custom fields, a custom fieldset, and a couple of manufacturers.
• Indicate whether or not you've manually edited any data directly in the database No

[snipe]

The assumption is that if a user can add an asset, they can see assets. (Otherwise, they can't even see the ones they created.) This is working as expected in your scenario.