Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-03 04:04:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

Improve bulk route auth layer

Browse Source
This commit is contained in:
David Bomba 2023-01-22 16:40:02 +11:00
parent 5888252267
commit 3438d19a10
4 changed files with 38 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/CompanyGatewayController.php
View File

@ -501,16 +501,14 @@ class CompanyGatewayController extends BaseController
{ {
$action = $request->input('action'); $action = $request->input('action');
$ids = $request->input('ids');
$company_gateways = CompanyGateway::withTrashed() $company_gateways = CompanyGateway::withTrashed()
->whereIn('id',$this->transformKeys($ids)) ->whereIn('id', $request->ids)
->company() ->company()
->cursor() ->cursor()
->each(function ($company_gateway, $key) use ($action) { ->each(function ($company_gateway, $key) use ($action) {
$this->company_repo->{$action}($company_gateway); $this->company_repo->{$action}($company_gateway);
}); });
return $this->listResponse(CompanyGateway::withTrashed()->company()->whereIn('id', $this->transformKeys($ids))); return $this->listResponse(CompanyGateway::withTrashed()->company()->whereIn('id', $request->ids));
} }
} }

7
app/Http/Controllers/CreditController.php
View File

@ -503,7 +503,10 @@ class CreditController extends BaseController
if(Ninja::isHosted() && (stripos($action, 'email') !== false) && !auth()->user()->company()->account->account_sms_verified) if(Ninja::isHosted() && (stripos($action, 'email') !== false) && !auth()->user()->company()->account->account_sms_verified)
return response(['message' => 'Please verify your account to send emails.'], 400); return response(['message' => 'Please verify your account to send emails.'], 400);
$credits = Credit::withTrashed()->whereIn('id', $this->transformKeys($ids))->company()->get(); $credits = Credit::withTrashed()
->whereIn('id', $request->ids)
->company()
->get();
if (! $credits) { if (! $credits) {
return response()->json(['message' => ctrans('texts.no_credits_found')]); return response()->json(['message' => ctrans('texts.no_credits_found')]);
@ -547,7 +550,7 @@ class CreditController extends BaseController
} }
}); });
return $this->listResponse(Credit::withTrashed()->company()->whereIn('id', $this->transformKeys($ids))); return $this->listResponse(Credit::withTrashed()->company()->whereIn('id', $request->ids));
} }
public function action(ActionCreditRequest $request, Credit $credit, $action) public function action(ActionCreditRequest $request, Credit $credit, $action)

19
app/Http/Requests/CompanyGateway/BulkCompanyGatewayRequest.php
View File

@ -12,14 +12,12 @@
namespace App\Http\Requests\CompanyGateway; namespace App\Http\Requests\CompanyGateway;
use App\Http\Requests\Request; use App\Http\Requests\Request;
use App\Http\ValidationRules\ValidCompanyGatewayFeesAndLimitsRule; use App\Utils\Traits\MakesHash;
use App\Models\Gateway;
use App\Utils\Traits\CompanyGatewayFeesAndLimitsSaver;
use Illuminate\Validation\Rule; use Illuminate\Validation\Rule;
class BulkCompanyGatewayRequest extends Request class BulkCompanyGatewayRequest extends Request
{ {
use MakesHash;
/** /**
* Determine if the user is authorized to make this request. * Determine if the user is authorized to make this request.
@ -35,11 +33,22 @@ class BulkCompanyGatewayRequest extends Request
{ {
return [ return [
'ids' => 'required|bail|array', 'ids' => ['required','bail','array',Rule::exists('company_gateways','id')->where('company_id', auth()->user()->company()->id)],
'action' => 'required|bail|in:archive,restore,delete' 'action' => 'required|bail|in:archive,restore,delete'
]; ];
} }
public function prepareForValidation()
{
$input = $this->all();
if(isset($input['ids']))
$input['ids'] = $this->transformKeys($input['ids']);
$this->replace($input);
}
} }

20
app/Http/Requests/Credit/BulkCreditRequest.php
View File

@ -11,10 +11,13 @@
namespace App\Http\Requests\Credit; namespace App\Http\Requests\Credit;
use App\Utils\Traits\MakesHash;
use Illuminate\Foundation\Http\FormRequest; use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
class BulkCreditRequest extends FormRequest class BulkCreditRequest extends FormRequest
{ {
use MakesHash;
/** /**
* Determine if the user is authorized to make this request. * Determine if the user is authorized to make this request.
* *
@ -33,8 +36,19 @@ class BulkCreditRequest extends FormRequest
public function rules() public function rules()
{ {
return [ return [
'ids' => 'required|bail|array', 'ids' => ['required','bail','array',Rule::exists('credits','id')->where('company_id', auth()->user()->company()->id)],
'action' => 'required|bail|in:archive,restore,delete,email,bulk_download,bulk_print,mark_paid,clone_to_credit,history,mark_sent,download,send_email' 'action' => 'required|bail|in:archive,restore,delete,email,bulk_download,bulk_print,mark_paid,clone_to_credit,history,mark_sent,download,send_email'
]; ];
} }
public function prepareForValidation()
{
$input = $this->all();
if(isset($input['ids']))
$input['ids'] = $this->transformKeys($input['ids']);
$this->replace($input);
}
} }