Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Adding permissions to the API

Browse Source
This commit is contained in:
Hillel Coren 2016-05-02 09:33:48 +03:00
parent 4db5a19885
commit 1b92f66482
4 changed files with 581 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app/Http/Controllers/BaseAPIController.php
View File

@ -70,6 +70,7 @@ class BaseAPIController extends Controller
protected function returnList($query)
{
//\DB::enableQueryLog();
if ($clientPublicId = Input::get('client_id')) {
$filter = function($query) use ($clientPublicId) {
$query->where('public_id', '=', $clientPublicId);
@ -77,11 +78,20 @@ class BaseAPIController extends Controller
$query->whereHas('client', $filter);
}
if ( ! Utils::hasPermission('view_all')){
if ($this->entityType == ENTITY_USER) {
$query->where('id', '=', Auth::user()->id);
} else {
$query->where('user_id', '=', Auth::user()->id);
}
}
$transformerClass = EntityModel::getTransformerName($this->entityType);
$transformer = new $transformerClass(Auth::user()->account, Input::get('serializer'));
$data = $this->createCollection($query, $transformer, $this->entityType);
//return \DB::getQueryLog();
return $this->response($data);
}
@ -101,11 +111,11 @@ class BaseAPIController extends Controller
$entityType = null;
}
if ($query instanceof LengthAwarePaginator) {
$resource = new Collection($query, $transformer, $entityType);
} else {
if (is_a($query, "Illuminate\Database\Eloquent\Builder")) {
$resource = new Collection($query->get(), $transformer, $entityType);
$resource->setPaginator(new IlluminatePaginatorAdapter($query->paginate()));
} else {
$resource = new Collection($query, $transformer, $entityType);
}
return $this->manager->createData($resource)->toArray();

8
app/Http/Controllers/ClientApiController.php
View File

@ -59,8 +59,7 @@ class ClientApiController extends BaseAPIController
->withTrashed();
// Filter by email
if (Input::has('email')) {
$email = Input::get('email');
if ($email = Input::get('email')) {
$clients = $clients->whereHas('contacts', function ($query) use ($email) {
$query->where('email', $email);
});
@ -200,7 +199,6 @@ class ClientApiController extends BaseAPIController
public function destroy($publicId)
{
$client = Client::scope($publicId)->withTrashed()->first();
$this->clientRepo->delete($client);
@ -213,8 +211,6 @@ class ClientApiController extends BaseAPIController
$data = $this->createItem($client, $transformer, ENTITY_CLIENT);
return $this->response($data);
}
}
}

2
tests/_support/_generated/AcceptanceTesterActions.php
View File

@ -1,4 +1,4 @@
<?php //[STAMP] a3cf36879dbbec28f15389e7d8d325a2
<?php //[STAMP] 33bf8261bed0f36cf769e15182e6d905
namespace _generated;
// This class was automatically generated by build task

693
tests/_support/_generated/FunctionalTesterActions.php
View File

File diff suppressed because it is too large Load Diff