mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-07-09 03:14:30 -04:00
Adding permissions to the API
This commit is contained in:
Hillel Coren
parent
4db5a19885
commit
1b92f66482
@ -70,6 +70,7 @@ class BaseAPIController extends Controller
|
|||||||
|
|
||||||
protected function returnList($query)
|
protected function returnList($query)
|
||||||
{
|
{
|
||||||
|
//\DB::enableQueryLog();
|
||||||
if ($clientPublicId = Input::get('client_id')) {
|
if ($clientPublicId = Input::get('client_id')) {
|
||||||
$filter = function($query) use ($clientPublicId) {
|
$filter = function($query) use ($clientPublicId) {
|
||||||
$query->where('public_id', '=', $clientPublicId);
|
$query->where('public_id', '=', $clientPublicId);
|
||||||
@ -77,11 +78,20 @@ class BaseAPIController extends Controller
|
|||||||
$query->whereHas('client', $filter);
|
$query->whereHas('client', $filter);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( ! Utils::hasPermission('view_all')){
|
||||||
|
if ($this->entityType == ENTITY_USER) {
|
||||||
|
$query->where('id', '=', Auth::user()->id);
|
||||||
|
} else {
|
||||||
|
$query->where('user_id', '=', Auth::user()->id);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$transformerClass = EntityModel::getTransformerName($this->entityType);
|
$transformerClass = EntityModel::getTransformerName($this->entityType);
|
||||||
$transformer = new $transformerClass(Auth::user()->account, Input::get('serializer'));
|
$transformer = new $transformerClass(Auth::user()->account, Input::get('serializer'));
|
||||||
|
|
||||||
$data = $this->createCollection($query, $transformer, $this->entityType);
|
$data = $this->createCollection($query, $transformer, $this->entityType);
|
||||||
|
|
||||||
|
//return \DB::getQueryLog();
|
||||||
return $this->response($data);
|
return $this->response($data);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -101,11 +111,11 @@ class BaseAPIController extends Controller
|
|||||||
$entityType = null;
|
$entityType = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($query instanceof LengthAwarePaginator) {
|
if (is_a($query, "Illuminate\Database\Eloquent\Builder")) {
|
||||||
$resource = new Collection($query, $transformer, $entityType);
|
|
||||||
} else {
|
|
||||||
$resource = new Collection($query->get(), $transformer, $entityType);
|
$resource = new Collection($query->get(), $transformer, $entityType);
|
||||||
$resource->setPaginator(new IlluminatePaginatorAdapter($query->paginate()));
|
$resource->setPaginator(new IlluminatePaginatorAdapter($query->paginate()));
|
||||||
|
} else {
|
||||||
|
$resource = new Collection($query, $transformer, $entityType);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->manager->createData($resource)->toArray();
|
return $this->manager->createData($resource)->toArray();
|
||||||
|
|||||||
@ -59,8 +59,7 @@ class ClientApiController extends BaseAPIController
|
|||||||
->withTrashed();
|
->withTrashed();
|
||||||
|
|
||||||
// Filter by email
|
// Filter by email
|
||||||
if (Input::has('email')) {
|
if ($email = Input::get('email')) {
|
||||||
$email = Input::get('email');
|
|
||||||
$clients = $clients->whereHas('contacts', function ($query) use ($email) {
|
$clients = $clients->whereHas('contacts', function ($query) use ($email) {
|
||||||
$query->where('email', $email);
|
$query->where('email', $email);
|
||||||
});
|
});
|
||||||
@ -200,7 +199,6 @@ class ClientApiController extends BaseAPIController
|
|||||||
|
|
||||||
public function destroy($publicId)
|
public function destroy($publicId)
|
||||||
{
|
{
|
||||||
|
|
||||||
$client = Client::scope($publicId)->withTrashed()->first();
|
$client = Client::scope($publicId)->withTrashed()->first();
|
||||||
$this->clientRepo->delete($client);
|
$this->clientRepo->delete($client);
|
||||||
|
|
||||||
@ -213,8 +211,6 @@ class ClientApiController extends BaseAPIController
|
|||||||
$data = $this->createItem($client, $transformer, ENTITY_CLIENT);
|
$data = $this->createItem($client, $transformer, ENTITY_CLIENT);
|
||||||
|
|
||||||
return $this->response($data);
|
return $this->response($data);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -1,4 +1,4 @@
|
|||||||
<?php //[STAMP] a3cf36879dbbec28f15389e7d8d325a2
|
<?php //[STAMP] 33bf8261bed0f36cf769e15182e6d905
|
||||||
namespace _generated;
|
namespace _generated;
|
||||||
|
|
||||||
// This class was automatically generated by build task
|
// This class was automatically generated by build task
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user