Fixes for bank transactions

app/Http/Controllers/BankTransactionController.php

@@ -99,22 +99,24 @@ class BankTransactionController extends BaseController
 
     public function bulk(BulkBankTransactionRequest $request)
     {
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
         $action = $request->input('action');
 
         $ids = request()->input('ids');
 
         $bank_transactions = BankTransaction::withTrashed()->whereIn('id', $this->transformKeys($ids))->company()->get();
 
-        if ($action == 'convert_matched') { //catch this action
+        if ($action == 'convert_matched' && $user->can('edit', $bank_transactions->first())) { //catch this action
             $this->bank_transaction_repo->convert_matched($bank_transactions);
         } else {
-            $bank_transactions->each(function ($bank_transaction, $key) use ($action) {
+            $bank_transactions->each(function ($bank_transaction, $key) use ($action, $user) {
-                $this->bank_transaction_repo->{$action}($bank_transaction);
+                if($user->can('edit', $bank_transaction))
+                    $this->bank_transaction_repo->{$action}($bank_transaction);
             });
         }
 
-        /* Need to understand which permission are required for the given bulk action ie. view / edit */
-
         return $this->listResponse(BankTransaction::withTrashed()->whereIn('id', $this->transformKeys($ids))->company());
     }
 

app/Http/Requests/BankTransaction/BulkBankTransactionRequest.php

@@ -22,10 +22,7 @@ class BulkBankTransactionRequest extends Request
      */
     public function authorize(): bool
     {
-        /** @var \App\Models\User $user **/
+        return true;
-        $user = auth()->user();
-
-        return $user->isAdmin();
     }
 
     public function rules(): array

app/Http/Requests/BankTransaction/CreateBankTransactionRequest.php

@@ -23,6 +23,9 @@ class CreateBankTransactionRequest extends Request
      */
     public function authorize(): bool
     {
-        return auth()->user()->can('create', BankTransaction::class);
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
+        return $user->can('create', BankTransaction::class);
     }
 }

app/Policies/EntityPolicy.php

@@ -31,8 +31,6 @@ class EntityPolicy
      */
     public function before($user, $ability)
     {
-        //if($user->isAdmin())
-        //	return true;
     }
 
     /**

routes/api.php

@@ -139,7 +139,7 @@ Route::group(['middleware' => ['throttle:api', 'api_db', 'token_auth', 'locale']
 
     Route::post('bank_integrations/bulk', [BankIntegrationController::class, 'bulk'])->name('bank_integrations.bulk');
 
-    Route::resource('bank_transactions', BankTransactionController::class); // name = (clients. index / create / show / update / destroy / edit
+    Route::resource('bank_transactions', BankTransactionController::class); // name = (bank_transactions. index / create / show / update / destroy / edit
     Route::post('bank_transactions/bulk', [BankTransactionController::class, 'bulk'])->name('bank_transactions.bulk');
     Route::post('bank_transactions/match', [BankTransactionController::class, 'match'])->name('bank_transactions.match');
 

tests/Feature/BankTransactionApiTest.php

@@ -31,6 +31,8 @@ class BankTransactionApiTest extends TestCase
     use DatabaseTransactions;
     use MockAccountData;
 
+    public $faker;
+
     protected function setUp() :void
     {
         parent::setUp();
@@ -44,6 +46,18 @@ class BankTransactionApiTest extends TestCase
         Model::reguard();
     }
 
+    public function testBankTransactionCreate()
+    {
+        nlog("creeeeate");
+        
+        $response = $this->withHeaders([
+            'X-API-SECRET' => config('ninja.api_secret'),
+            'X-API-TOKEN' => $this->token,
+        ])->get('/api/v1/bank_transactions/create');
+
+        $response->assertStatus(200);
+    }
+
 
     public function testBankTransactionGetClientStatus()
     {