From 71e6d2e1b6d824ac1b042f2d355b10aa4ace535b Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Fri, 8 Jan 2016 22:22:41 -0500
Subject: [PATCH] Fixes potential for accidental update/deletion of edited
 model

---
 app/Models/Server.php | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/app/Models/Server.php b/app/Models/Server.php
index 190e989e0..afc50cc36 100644
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@@ -122,13 +122,21 @@ class Server extends Model
 
         $result = $query->first();
 
-        // @TODO: saving after calling this could end up resetting the daemon secret.
-        // We probably need to just allow access to self::getUserDaemonSecret() to
-        // get this result.
         if(!is_null($result)) {
             $result->daemonSecret = self::getUserDaemonSecret($result);
         }
 
+        // Prevent saving of model called in this manner.
+        // Prevents accidental overwrite of main daemon secret.
+        $result::saving(function () {
+            return false;
+        });
+
+        // Prevent deleting this model call.
+        $result::deleting(function () {
+            return false;
+        });
+
         self::$serverUUIDInstance[$uuid] = $result;
         return self::$serverUUIDInstance[$uuid];