diff --git a/app/Http/Controllers/ActivityController.php b/app/Http/Controllers/ActivityController.php index 12ce6c4f50c6..fea2a3d4e695 100644 --- a/app/Http/Controllers/ActivityController.php +++ b/app/Http/Controllers/ActivityController.php @@ -87,13 +87,15 @@ class ActivityController extends BaseController { $default_activities = $request->has('rows') ? $request->input('rows') : 50; - $activities = Activity::orderBy('created_at', 'DESC')->company() + $activities = Activity::orderBy('created_at', 'DESC') + ->company() ->take($default_activities); if ($request->has('react')) { if(!auth()->user()->isAdmin()) - return response()->json(['data' => []], 200); + $activities->where('user_id', auth()->user()->id); + // return response()->json(['data' => []], 200); $system = ctrans('texts.system'); diff --git a/app/Models/User.php b/app/Models/User.php index 63e94b633b67..28529ad75922 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -358,18 +358,21 @@ class User extends Authenticatable implements MustVerifyEmail public function hasPermission($permission) : bool { $parts = explode('_', $permission); - $all_permission = ''; + $all_permission = false; if (count($parts) > 1) { $all_permission = $parts[0].'_all'; } -//empty $all_permissions leads to stripos returning true; - return $this->isOwner() || $this->isAdmin() || - (is_int(stripos($this->token()->cu->permissions, $all_permission))) || - (is_int(stripos($this->token()->cu->permissions, $permission))); + (stripos($all_permission, $this->token()->cu->permissions) !== false) || + (stripos($permission, $this->token()->cu->permissions) !== false); + + // return $this->isOwner() || + // $this->isAdmin() || + // (is_int(stripos($this->token()->cu->permissions, $all_permission))) || + // (is_int(stripos($this->token()->cu->permissions, $permission))); } diff --git a/tests/Unit/PermissionsTest.php b/tests/Unit/PermissionsTest.php index a4853bc965cb..d30d944fe3dc 100644 --- a/tests/Unit/PermissionsTest.php +++ b/tests/Unit/PermissionsTest.php @@ -159,6 +159,40 @@ class PermissionsTest extends TestCase } + public function testReturnTypesOfStripos() + { + + + $this->assertEquals(0, stripos("view_client", '')); + + $all_permission = '[]'; + $this->assertFalse(stripos($all_permission, "view_client") !== false); + $this->assertTrue(stripos($all_permission, "view_client") == 0); + $this->assertFalse(is_int(stripos($all_permission, "view_client"))); + + $all_permission = ' '; + $this->assertFalse(stripos($all_permission, "view_client") !== false); + $this->assertFalse(is_int(stripos($all_permission, "view_client"))); + + $all_permission = "";//problems are empty strings + $this->assertTrue(empty($all_permission)); + + $this->assertFalse( stripos($all_permission, "view_client") !== false); + $this->assertFalse( is_int(stripos($all_permission, "view_client"))); + + $all_permission = 'view';//will always pass currently + $this->assertFalse( stripos($all_permission, "view_client") !== false); + $this->assertFalse(is_int(stripos($all_permission, "view_client"))); + + $all_permission = "view_client"; + $this->assertTrue(stripos($all_permission, "view_client") !== false); + $this->assertTrue(is_int(stripos($all_permission, "view_client")) !== false); + + $this->assertTrue(is_int(stripos($all_permission, "view_client"))); + + + } + public function testViewClientPermission() { @@ -166,8 +200,8 @@ class PermissionsTest extends TestCase $low_cu->permissions = '["view_client"]'; $low_cu->save(); - //this is aberrant - $this->assertTrue($this->user->hasPermission("viewclient")); + // this is aberrant + $this->assertFalse($this->user->hasPermission("view____client")); }