Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-06 11:14:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix permission issue with quotes

Browse Source
This commit is contained in:
Hillel Coren 2016-05-26 15:50:23 +03:00
parent 84736dac9d
commit 29bccd650d
2 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/QuoteController.php
View File

@ -130,7 +130,7 @@ class QuoteController extends BaseController
'taxRateOptions' => $options, 'taxRateOptions' => $options,
'defaultTax' => $defaultTax, 'defaultTax' => $defaultTax,
'countries' => Cache::get('countries'), 'countries' => Cache::get('countries'),
'clients' => Client::scope()->with('contacts', 'country')->orderBy('name')->get(), 'clients' => Client::scope()->viewable()->with('contacts', 'country')->orderBy('name')->get(),
'taxRates' => TaxRate::scope()->orderBy('name')->get(), 'taxRates' => TaxRate::scope()->orderBy('name')->get(),
'currencies' => Cache::get('currencies'), 'currencies' => Cache::get('currencies'),
'sizes' => Cache::get('sizes'), 'sizes' => Cache::get('sizes'),

9
app/Models/EntityModel.php
View File

@ -86,6 +86,15 @@ class EntityModel extends Eloquent
return $query; return $query;
} }
public function scopeViewable($query)
{
if (Auth::check() && ! Auth::user()->hasPermission('view_all')) {
$query->where($this->getEntityType(). 's.user_id', '=', Auth::user()->id);
}
return $query;
}
public function scopeWithArchived($query) public function scopeWithArchived($query)
{ {
return $query->withTrashed()->where('is_deleted', '=', false); return $query->withTrashed()->where('is_deleted', '=', false);