From 1f77856829c00586f9833f7f6eff23efcf202fb0 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Sun, 21 Jan 2024 13:47:25 +1100
Subject: [PATCH] Fixes for bank transactions

---
 app/Http/Controllers/BankTransactionController.php | 12 +++++++-----
 .../BankTransaction/BulkBankTransactionRequest.php |  5 +----
 .../CreateBankTransactionRequest.php               |  5 ++++-
 app/Policies/EntityPolicy.php                      |  2 --
 routes/api.php                                     |  2 +-
 tests/Feature/BankTransactionApiTest.php           | 14 ++++++++++++++
 6 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/app/Http/Controllers/BankTransactionController.php b/app/Http/Controllers/BankTransactionController.php
index 6df1d828a717..7613bb9ce0ed 100644
--- a/app/Http/Controllers/BankTransactionController.php
+++ b/app/Http/Controllers/BankTransactionController.php
@@ -99,22 +99,24 @@ class BankTransactionController extends BaseController
 
     public function bulk(BulkBankTransactionRequest $request)
     {
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
         $action = $request->input('action');
 
         $ids = request()->input('ids');
 
         $bank_transactions = BankTransaction::withTrashed()->whereIn('id', $this->transformKeys($ids))->company()->get();
 
-        if ($action == 'convert_matched') { //catch this action
+        if ($action == 'convert_matched' && $user->can('edit', $bank_transactions->first())) { //catch this action
             $this->bank_transaction_repo->convert_matched($bank_transactions);
         } else {
-            $bank_transactions->each(function ($bank_transaction, $key) use ($action) {
-                $this->bank_transaction_repo->{$action}($bank_transaction);
+            $bank_transactions->each(function ($bank_transaction, $key) use ($action, $user) {
+                if($user->can('edit', $bank_transaction))
+                    $this->bank_transaction_repo->{$action}($bank_transaction);
             });
         }
 
-        /* Need to understand which permission are required for the given bulk action ie. view / edit */
-
         return $this->listResponse(BankTransaction::withTrashed()->whereIn('id', $this->transformKeys($ids))->company());
     }
 
diff --git a/app/Http/Requests/BankTransaction/BulkBankTransactionRequest.php b/app/Http/Requests/BankTransaction/BulkBankTransactionRequest.php
index ae0dc087d2ef..47fadd22a7ff 100644
--- a/app/Http/Requests/BankTransaction/BulkBankTransactionRequest.php
+++ b/app/Http/Requests/BankTransaction/BulkBankTransactionRequest.php
@@ -22,10 +22,7 @@ class BulkBankTransactionRequest extends Request
      */
     public function authorize(): bool
     {
-        /** @var \App\Models\User $user **/
-        $user = auth()->user();
-
-        return $user->isAdmin();
+        return true;
     }
 
     public function rules(): array
diff --git a/app/Http/Requests/BankTransaction/CreateBankTransactionRequest.php b/app/Http/Requests/BankTransaction/CreateBankTransactionRequest.php
index 00aeb899d19e..befd0db69ea5 100644
--- a/app/Http/Requests/BankTransaction/CreateBankTransactionRequest.php
+++ b/app/Http/Requests/BankTransaction/CreateBankTransactionRequest.php
@@ -23,6 +23,9 @@ class CreateBankTransactionRequest extends Request
      */
     public function authorize(): bool
     {
-        return auth()->user()->can('create', BankTransaction::class);
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
+        return $user->can('create', BankTransaction::class);
     }
 }
diff --git a/app/Policies/EntityPolicy.php b/app/Policies/EntityPolicy.php
index 7789726251ef..915031c24f85 100644
--- a/app/Policies/EntityPolicy.php
+++ b/app/Policies/EntityPolicy.php
@@ -31,8 +31,6 @@ class EntityPolicy
      */
     public function before($user, $ability)
     {
-        //if($user->isAdmin())
-        //	return true;
     }
 
     /**
diff --git a/routes/api.php b/routes/api.php
index 7024c67d3131..8903843abe1f 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -139,7 +139,7 @@ Route::group(['middleware' => ['throttle:api', 'api_db', 'token_auth', 'locale']
 
     Route::post('bank_integrations/bulk', [BankIntegrationController::class, 'bulk'])->name('bank_integrations.bulk');
 
-    Route::resource('bank_transactions', BankTransactionController::class); // name = (clients. index / create / show / update / destroy / edit
+    Route::resource('bank_transactions', BankTransactionController::class); // name = (bank_transactions. index / create / show / update / destroy / edit
     Route::post('bank_transactions/bulk', [BankTransactionController::class, 'bulk'])->name('bank_transactions.bulk');
     Route::post('bank_transactions/match', [BankTransactionController::class, 'match'])->name('bank_transactions.match');
 
diff --git a/tests/Feature/BankTransactionApiTest.php b/tests/Feature/BankTransactionApiTest.php
index a0a6868ac890..4ed2667684b9 100644
--- a/tests/Feature/BankTransactionApiTest.php
+++ b/tests/Feature/BankTransactionApiTest.php
@@ -31,6 +31,8 @@ class BankTransactionApiTest extends TestCase
     use DatabaseTransactions;
     use MockAccountData;
 
+    public $faker;
+
     protected function setUp() :void
     {
         parent::setUp();
@@ -44,6 +46,18 @@ class BankTransactionApiTest extends TestCase
         Model::reguard();
     }
 
+    public function testBankTransactionCreate()
+    {
+        nlog("creeeeate");
+        
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->get('/api/v1/bank_transactions/create');
+
+        $response->assertStatus(200);
+    }
+
 
     public function testBankTransactionGetClientStatus()
     {