mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-06-05 04:04:36 -04:00
Fix permission issue with quotes
This commit is contained in:
Hillel Coren
parent
84736dac9d
commit
29bccd650d
@ -113,16 +113,16 @@ class QuoteController extends BaseController
|
|||||||
$rates = TaxRate::scope()->orderBy('name')->get();
|
$rates = TaxRate::scope()->orderBy('name')->get();
|
||||||
$options = [];
|
$options = [];
|
||||||
$defaultTax = false;
|
$defaultTax = false;
|
||||||
|
|
||||||
foreach ($rates as $rate) {
|
foreach ($rates as $rate) {
|
||||||
$options[$rate->rate . ' ' . $rate->name] = $rate->name . ' ' . ($rate->rate+0) . '%';
|
$options[$rate->rate . ' ' . $rate->name] = $rate->name . ' ' . ($rate->rate+0) . '%';
|
||||||
|
|
||||||
// load default invoice tax
|
// load default invoice tax
|
||||||
if ($rate->id == $account->default_tax_rate_id) {
|
if ($rate->id == $account->default_tax_rate_id) {
|
||||||
$defaultTax = $rate;
|
$defaultTax = $rate;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'entityType' => ENTITY_QUOTE,
|
'entityType' => ENTITY_QUOTE,
|
||||||
'account' => Auth::user()->account,
|
'account' => Auth::user()->account,
|
||||||
@ -130,7 +130,7 @@ class QuoteController extends BaseController
|
|||||||
'taxRateOptions' => $options,
|
'taxRateOptions' => $options,
|
||||||
'defaultTax' => $defaultTax,
|
'defaultTax' => $defaultTax,
|
||||||
'countries' => Cache::get('countries'),
|
'countries' => Cache::get('countries'),
|
||||||
'clients' => Client::scope()->with('contacts', 'country')->orderBy('name')->get(),
|
'clients' => Client::scope()->viewable()->with('contacts', 'country')->orderBy('name')->get(),
|
||||||
'taxRates' => TaxRate::scope()->orderBy('name')->get(),
|
'taxRates' => TaxRate::scope()->orderBy('name')->get(),
|
||||||
'currencies' => Cache::get('currencies'),
|
'currencies' => Cache::get('currencies'),
|
||||||
'sizes' => Cache::get('sizes'),
|
'sizes' => Cache::get('sizes'),
|
||||||
|
|||||||
@ -30,7 +30,7 @@ class EntityModel extends Eloquent
|
|||||||
} else {
|
} else {
|
||||||
$lastEntity = $className::scope(false, $entity->account_id);
|
$lastEntity = $className::scope(false, $entity->account_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
$lastEntity = $lastEntity->orderBy('public_id', 'DESC')
|
$lastEntity = $lastEntity->orderBy('public_id', 'DESC')
|
||||||
->first();
|
->first();
|
||||||
|
|
||||||
@ -86,6 +86,15 @@ class EntityModel extends Eloquent
|
|||||||
return $query;
|
return $query;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function scopeViewable($query)
|
||||||
|
{
|
||||||
|
if (Auth::check() && ! Auth::user()->hasPermission('view_all')) {
|
||||||
|
$query->where($this->getEntityType(). 's.user_id', '=', Auth::user()->id);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $query;
|
||||||
|
}
|
||||||
|
|
||||||
public function scopeWithArchived($query)
|
public function scopeWithArchived($query)
|
||||||
{
|
{
|
||||||
return $query->withTrashed()->where('is_deleted', '=', false);
|
return $query->withTrashed()->where('is_deleted', '=', false);
|
||||||
@ -110,7 +119,7 @@ class EntityModel extends Eloquent
|
|||||||
{
|
{
|
||||||
return 'App\\Ninja\\Transformers\\' . ucwords(Utils::toCamelCase($entityType)) . 'Transformer';
|
return 'App\\Ninja\\Transformers\\' . ucwords(Utils::toCamelCase($entityType)) . 'Transformer';
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setNullValues()
|
public function setNullValues()
|
||||||
{
|
{
|
||||||
foreach ($this->fillable as $field) {
|
foreach ($this->fillable as $field) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user