Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-24 02:14:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Improve bulk route auth layer

Browse Source
This commit is contained in:
David Bomba 2023-01-22 16:40:02 +11:00
parent 5888252267
commit 3438d19a10
4 changed files with 38 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/CompanyGatewayController.php
View File

@ -501,16 +501,14 @@ class CompanyGatewayController extends BaseController
{
$action = $request->input('action');
$ids = $request->input('ids');
$company_gateways = CompanyGateway::withTrashed()
->whereIn('id',$this->transformKeys($ids))
->whereIn('id', $request->ids)
->company()
->cursor()
->each(function ($company_gateway, $key) use ($action) {
$this->company_repo->{$action}($company_gateway);
});
return $this->listResponse(CompanyGateway::withTrashed()->company()->whereIn('id', $this->transformKeys($ids)));
return $this->listResponse(CompanyGateway::withTrashed()->company()->whereIn('id', $request->ids));
}
}

7
app/Http/Controllers/CreditController.php
View File

@ -503,7 +503,10 @@ class CreditController extends BaseController
if(Ninja::isHosted() && (stripos($action, 'email') !== false) && !auth()->user()->company()->account->account_sms_verified)
return response(['message' => 'Please verify your account to send emails.'], 400);
$credits = Credit::withTrashed()->whereIn('id', $this->transformKeys($ids))->company()->get();
$credits = Credit::withTrashed()
->whereIn('id', $request->ids)
->company()
->get();
if (! $credits) {
return response()->json(['message' => ctrans('texts.no_credits_found')]);
@ -547,7 +550,7 @@ class CreditController extends BaseController
}
});
return $this->listResponse(Credit::withTrashed()->company()->whereIn('id', $this->transformKeys($ids)));
return $this->listResponse(Credit::withTrashed()->company()->whereIn('id', $request->ids));
}
public function action(ActionCreditRequest $request, Credit $credit, $action)

19
app/Http/Requests/CompanyGateway/BulkCompanyGatewayRequest.php
View File

@ -12,14 +12,12 @@
namespace App\Http\Requests\CompanyGateway;
use App\Http\Requests\Request;
use App\Http\ValidationRules\ValidCompanyGatewayFeesAndLimitsRule;
use App\Models\Gateway;
use App\Utils\Traits\CompanyGatewayFeesAndLimitsSaver;
use App\Utils\Traits\MakesHash;
use Illuminate\Validation\Rule;
class BulkCompanyGatewayRequest extends Request
{
use MakesHash;
/**
* Determine if the user is authorized to make this request.
@ -35,11 +33,22 @@ class BulkCompanyGatewayRequest extends Request
{
return [
'ids' => 'required|bail|array',
'ids' => ['required','bail','array',Rule::exists('company_gateways','id')->where('company_id', auth()->user()->company()->id)],
'action' => 'required|bail|in:archive,restore,delete'
];
}
public function prepareForValidation()
{
$input = $this->all();
if(isset($input['ids']))
$input['ids'] = $this->transformKeys($input['ids']);
$this->replace($input);
}
}

20
app/Http/Requests/Credit/BulkCreditRequest.php
View File

@ -11,10 +11,13 @@
namespace App\Http\Requests\Credit;
use App\Utils\Traits\MakesHash;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class BulkCreditRequest extends FormRequest
{
use MakesHash;
/**
* Determine if the user is authorized to make this request.
*
@ -33,8 +36,19 @@ class BulkCreditRequest extends FormRequest
public function rules()
{
return [
'ids' => 'required|bail|array',
'action' => 'required|bail|in:archive,restore,delete,email,bulk_download,bulk_print,mark_paid,clone_to_credit,history,mark_sent,download,send_email'
];
'ids' => ['required','bail','array',Rule::exists('credits','id')->where('company_id', auth()->user()->company()->id)],
'action' => 'required|bail|in:archive,restore,delete,email,bulk_download,bulk_print,mark_paid,clone_to_credit,history,mark_sent,download,send_email'
];
}
public function prepareForValidation()
{
$input = $this->all();
if(isset($input['ids']))
$input['ids'] = $this->transformKeys($input['ids']);
$this->replace($input);
}
}