From fe2ad3edd8cbc5ed5d56d2a44ebc1f2a1e64132d Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 07:41:27 +1100
Subject: [PATCH 01/16] Fixes for multidb Task Scheduler

---
 app/Jobs/Ninja/TaskScheduler.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/app/Jobs/Ninja/TaskScheduler.php b/app/Jobs/Ninja/TaskScheduler.php
index 69862f8877c2..f4a6104d1a07 100644
--- a/app/Jobs/Ninja/TaskScheduler.php
+++ b/app/Jobs/Ninja/TaskScheduler.php
@@ -42,6 +42,23 @@ class TaskScheduler implements ShouldQueue
      */
     public function handle()
     {
+
+        if (! config('ninja.db.multi_db_enabled')) {
+        
+            Scheduler::with('company')
+                ->where('is_paused', false)
+                ->where('is_deleted', false)
+                ->whereNotNull('next_run')
+                ->where('next_run', '<=', now())
+                ->cursor()
+                ->each(function ($scheduler) {
+                    $this->doJob($scheduler);
+                });
+
+
+            return;
+        }
+
         foreach (MultiDB::$dbs as $db) {
             MultiDB::setDB($db);
 

From 526a26868ac53260554e2c29392d78aa0089a07f Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 08:15:40 +1100
Subject: [PATCH 02/16] Fixes for schema

---
 .../2014_10_13_000000_create_users_table.php  | 24 +++++-----
 ...40557_add_is_public_to_documents_table.php |  8 ++--
 ...31_change_custom_surcharge_column_type.php | 48 +++++++++----------
 3 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/database/migrations/2014_10_13_000000_create_users_table.php b/database/migrations/2014_10_13_000000_create_users_table.php
index 59de4b5047b4..bf25b3891e35 100644
--- a/database/migrations/2014_10_13_000000_create_users_table.php
+++ b/database/migrations/2014_10_13_000000_create_users_table.php
@@ -476,10 +476,10 @@ return new class extends Migration {
             $t->string('custom_value4')->nullable();
             $t->datetime('next_send_date')->nullable();
 
-            $t->string('custom_surcharge1')->nullable();
-            $t->string('custom_surcharge2')->nullable();
-            $t->string('custom_surcharge3')->nullable();
-            $t->string('custom_surcharge4')->nullable();
+            $t->decimal('custom_surcharge1', 20, 6)->nullable();
+            $t->decimal('custom_surcharge2', 20, 6)->nullable();
+            $t->decimal('custom_surcharge3', 20, 6)->nullable();
+            $t->decimal('custom_surcharge4', 20, 6)->nullable();
             $t->boolean('custom_surcharge_tax1')->default(false);
             $t->boolean('custom_surcharge_tax2')->default(false);
             $t->boolean('custom_surcharge_tax3')->default(false);
@@ -554,10 +554,10 @@ return new class extends Migration {
             $t->string('custom_value4')->nullable();
             $t->datetime('next_send_date')->nullable();
 
-            $t->string('custom_surcharge1')->nullable();
-            $t->string('custom_surcharge2')->nullable();
-            $t->string('custom_surcharge3')->nullable();
-            $t->string('custom_surcharge4')->nullable();
+            $t->decimal('custom_surcharge1', 20, 6)->nullable();
+            $t->decimal('custom_surcharge2', 20, 6)->nullable();
+            $t->decimal('custom_surcharge3', 20, 6)->nullable();
+            $t->decimal('custom_surcharge4', 20, 6)->nullable();
             $t->boolean('custom_surcharge_tax1')->default(false);
             $t->boolean('custom_surcharge_tax2')->default(false);
             $t->boolean('custom_surcharge_tax3')->default(false);
@@ -791,10 +791,10 @@ return new class extends Migration {
             $t->string('custom_value3')->nullable();
             $t->string('custom_value4')->nullable();
 
-            $t->string('custom_surcharge1')->nullable();
-            $t->string('custom_surcharge2')->nullable();
-            $t->string('custom_surcharge3')->nullable();
-            $t->string('custom_surcharge4')->nullable();
+            $t->decimal('custom_surcharge1', 20, 6)->nullable();
+            $t->decimal('custom_surcharge2', 20, 6)->nullable();
+            $t->decimal('custom_surcharge3', 20, 6)->nullable();
+            $t->decimal('custom_surcharge4', 20, 6)->nullable();
             $t->boolean('custom_surcharge_tax1')->default(false);
             $t->boolean('custom_surcharge_tax2')->default(false);
             $t->boolean('custom_surcharge_tax3')->default(false);
diff --git a/database/migrations/2020_08_18_140557_add_is_public_to_documents_table.php b/database/migrations/2020_08_18_140557_add_is_public_to_documents_table.php
index 8628c31217b3..5944297e60d4 100644
--- a/database/migrations/2020_08_18_140557_add_is_public_to_documents_table.php
+++ b/database/migrations/2020_08_18_140557_add_is_public_to_documents_table.php
@@ -59,10 +59,10 @@ return new class extends Migration {
             $table->boolean('auto_bill_enabled')->default(0);
             $table->unsignedInteger('design_id')->nullable();
             $table->boolean('uses_inclusive_taxes')->default(0);
-            $table->string('custom_surcharge1')->nullable();
-            $table->string('custom_surcharge2')->nullable();
-            $table->string('custom_surcharge3')->nullable();
-            $table->string('custom_surcharge4')->nullable();
+            $table->decimal('custom_surcharge1', 20, 6)->nullable();
+            $table->decimal('custom_surcharge2', 20, 6)->nullable();
+            $table->decimal('custom_surcharge3', 20, 6)->nullable();
+            $table->decimal('custom_surcharge4', 20, 6)->nullable();
             $table->boolean('custom_surcharge_tax1')->default(false);
             $table->boolean('custom_surcharge_tax2')->default(false);
             $table->boolean('custom_surcharge_tax3')->default(false);
diff --git a/database/migrations/2021_01_17_040331_change_custom_surcharge_column_type.php b/database/migrations/2021_01_17_040331_change_custom_surcharge_column_type.php
index cf00db8af5e3..538a3ddf9e5f 100644
--- a/database/migrations/2021_01_17_040331_change_custom_surcharge_column_type.php
+++ b/database/migrations/2021_01_17_040331_change_custom_surcharge_column_type.php
@@ -12,33 +12,33 @@ return new class extends Migration {
      */
     public function up()
     {
-        Schema::table('invoices', function (Blueprint $table) {
-            $table->decimal('custom_surcharge1', 20, 6)->change();
-            $table->decimal('custom_surcharge2', 20, 6)->change();
-            $table->decimal('custom_surcharge3', 20, 6)->change();
-            $table->decimal('custom_surcharge4', 20, 6)->change();
-        });
+        // Schema::table('invoices', function (Blueprint $table) {
+        //     $table->decimal('custom_surcharge1', 20, 6)->change();
+        //     $table->decimal('custom_surcharge2', 20, 6)->change();
+        //     $table->decimal('custom_surcharge3', 20, 6)->change();
+        //     $table->decimal('custom_surcharge4', 20, 6)->change();
+        // });
 
-        Schema::table('recurring_invoices', function (Blueprint $table) {
-            $table->decimal('custom_surcharge1', 20, 6)->change();
-            $table->decimal('custom_surcharge2', 20, 6)->change();
-            $table->decimal('custom_surcharge3', 20, 6)->change();
-            $table->decimal('custom_surcharge4', 20, 6)->change();
-        });
+        // Schema::table('recurring_invoices', function (Blueprint $table) {
+        //     $table->decimal('custom_surcharge1', 20, 6)->change();
+        //     $table->decimal('custom_surcharge2', 20, 6)->change();
+        //     $table->decimal('custom_surcharge3', 20, 6)->change();
+        //     $table->decimal('custom_surcharge4', 20, 6)->change();
+        // });
 
-        Schema::table('quotes', function (Blueprint $table) {
-            $table->decimal('custom_surcharge1', 20, 6)->change();
-            $table->decimal('custom_surcharge2', 20, 6)->change();
-            $table->decimal('custom_surcharge3', 20, 6)->change();
-            $table->decimal('custom_surcharge4', 20, 6)->change();
-        });
+        // Schema::table('quotes', function (Blueprint $table) {
+        //     $table->decimal('custom_surcharge1', 20, 6)->change();
+        //     $table->decimal('custom_surcharge2', 20, 6)->change();
+        //     $table->decimal('custom_surcharge3', 20, 6)->change();
+        //     $table->decimal('custom_surcharge4', 20, 6)->change();
+        // });
 
-        Schema::table('credits', function (Blueprint $table) {
-            $table->decimal('custom_surcharge1', 20, 6)->change();
-            $table->decimal('custom_surcharge2', 20, 6)->change();
-            $table->decimal('custom_surcharge3', 20, 6)->change();
-            $table->decimal('custom_surcharge4', 20, 6)->change();
-        });
+        // Schema::table('credits', function (Blueprint $table) {
+        //     $table->decimal('custom_surcharge1', 20, 6)->change();
+        //     $table->decimal('custom_surcharge2', 20, 6)->change();
+        //     $table->decimal('custom_surcharge3', 20, 6)->change();
+        //     $table->decimal('custom_surcharge4', 20, 6)->change();
+        // });
     }
 
     /**

From 5e012aa52072a007f0f148339a5f3c35593aafe3 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 08:25:43 +1100
Subject: [PATCH 03/16] Setup permissions for Bank Transactions

---
 app/Http/Controllers/BaseController.php |  4 ++--
 app/Policies/BankTransactionPolicy.php  |  2 +-
 tests/Unit/PermissionsTest.php          | 17 +++++++++++++++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php
index 76e85b80ce6b..7eb00f722853 100644
--- a/app/Http/Controllers/BaseController.php
+++ b/app/Http/Controllers/BaseController.php
@@ -450,7 +450,7 @@ class BaseController extends Controller
                 'company.bank_transactions'=> function ($query) use ($updated_at, $user) {
                     $query->where('updated_at', '>=', $updated_at);
 
-                    if (! $user->isAdmin()) {
+                    if (! $user->hasPermission('view_bank_transaction')) {
                         $query->where('bank_transactions.user_id', $user->id);
                     }
                 },
@@ -796,7 +796,7 @@ class BaseController extends Controller
                 'company.bank_transactions'=> function ($query) use ($created_at, $user) {
                     $query->where('created_at', '>=', $created_at);
 
-                    if (! $user->isAdmin()) {
+                    if (! $user->hasPermission('bank_transactions')) {
                         $query->where('bank_transactions.user_id', $user->id);
                     }
                 },
diff --git a/app/Policies/BankTransactionPolicy.php b/app/Policies/BankTransactionPolicy.php
index 00b57861aa6d..9819e0768bc6 100644
--- a/app/Policies/BankTransactionPolicy.php
+++ b/app/Policies/BankTransactionPolicy.php
@@ -26,6 +26,6 @@ class BankTransactionPolicy extends EntityPolicy
      */
     public function create(User $user) : bool
     {
-        return $user->isAdmin();
+        return $user->isAdmin() || $user->hasPermission('create_invoice') || $user->hasPermission('create_all');
     }
 }
diff --git a/tests/Unit/PermissionsTest.php b/tests/Unit/PermissionsTest.php
index 91fa3e9854a0..71a64962a1ee 100644
--- a/tests/Unit/PermissionsTest.php
+++ b/tests/Unit/PermissionsTest.php
@@ -13,10 +13,12 @@ namespace Tests\Unit;
 
 use App\Factory\CompanyUserFactory;
 use App\Models\Account;
+use App\Models\Client;
 use App\Models\Company;
 use App\Models\CompanyToken;
 use App\Models\CompanyUser;
 use App\Models\Invoice;
+use App\Models\RecurringInvoice;
 use App\Models\User;
 use Illuminate\Foundation\Testing\DatabaseTransactions;
 use Tests\MockAccountData;
@@ -77,6 +79,21 @@ class PermissionsTest extends TestCase
 
     }
 
+    public function testPermissionResolution()
+    {
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(Invoice::class)));
+
+        $this->assertEquals('view_invoice', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(Client::class)));
+        $this->assertEquals('view_client', $class);
+
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(RecurringInvoice::class)));
+        $this->assertEquals('view_recurring_invoice', $class);
+
+    }
+
     public function testExactPermissions()
     {
 

From 9ee5c2bace10e550d16a965c9db6dabf4f35fdf4 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 08:29:39 +1100
Subject: [PATCH 04/16] Tests for permissions

---
 tests/Unit/PermissionsTest.php | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/tests/Unit/PermissionsTest.php b/tests/Unit/PermissionsTest.php
index 71a64962a1ee..0b4de1d48844 100644
--- a/tests/Unit/PermissionsTest.php
+++ b/tests/Unit/PermissionsTest.php
@@ -88,10 +88,40 @@ class PermissionsTest extends TestCase
         $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(Client::class)));
         $this->assertEquals('view_client', $class);
 
-
         $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(RecurringInvoice::class)));
         $this->assertEquals('view_recurring_invoice', $class);
 
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\Product::class)));
+        $this->assertEquals('view_product', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\Payment::class)));
+        $this->assertEquals('view_payment', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\Quote::class)));
+        $this->assertEquals('view_quote', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\Credit::class)));
+        $this->assertEquals('view_credit', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\Project::class)));
+        $this->assertEquals('view_project', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\Task::class)));
+        $this->assertEquals('view_task', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\Vendor::class)));
+        $this->assertEquals('view_vendor', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\PurchaseOrder::class)));
+        $this->assertEquals('view_purchase_order', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\Expense::class)));
+        $this->assertEquals('view_expense', $class);
+
+        $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\BankTransaction::class)));
+        $this->assertEquals('view_bank_transaction', $class);
+
+
     }
 
     public function testExactPermissions()

From f217ea2441a9b4b375ad18d4a66044d7274d2ea5 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 08:32:41 +1100
Subject: [PATCH 05/16] Tests for permissions

---
 tests/Unit/PermissionsTest.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/Unit/PermissionsTest.php b/tests/Unit/PermissionsTest.php
index 0b4de1d48844..a4853bc965cb 100644
--- a/tests/Unit/PermissionsTest.php
+++ b/tests/Unit/PermissionsTest.php
@@ -121,6 +121,9 @@ class PermissionsTest extends TestCase
         $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(App\Models\BankTransaction::class)));
         $this->assertEquals('view_bank_transaction', $class);
 
+        $this->assertEquals('invoice', \Illuminate\Support\Str::snake(class_basename(Invoice::class)));
+
+        $this->assertEquals('recurring_invoice', \Illuminate\Support\Str::snake(class_basename(RecurringInvoice::class)));
 
     }
 

From e2ef82b26662f3c0de9d6be108e4dc64335ff73e Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 09:31:40 +1100
Subject: [PATCH 06/16] Fixes for content-disposition in CORS

---
 app/Http/Controllers/BaseController.php                 | 2 +-
 config/cors.php                                         | 2 +-
 resources/views/portal/ninja2020/layout/clean.blade.php | 9 +++++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php
index 7eb00f722853..73903e1a8373 100644
--- a/app/Http/Controllers/BaseController.php
+++ b/app/Http/Controllers/BaseController.php
@@ -861,7 +861,7 @@ class BaseController extends Controller
 /**/
         // 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected
         // 28-03-2022 this is definitely correct here, do not append _ to the view, it resolved correctly when snake cased
-        if (auth()->user() && ! auth()->user()->hasPermission('view'.lcfirst(class_basename(Str::snake($this->entity_type))))) {
+        if (auth()->user() && ! auth()->user()->hasPermission('view_'.Str::snake(class_basename($this->entity_type)))) {
             //06-10-2022 - some entities do not have assigned_user_id - this becomes an issue when we have a large company and low permission users
             if(in_array($this->entity_type, [User::class])){
                 $query->where('id', auth()->user()->id);
diff --git a/config/cors.php b/config/cors.php
index d90557c1a441..fdb09ab1d89f 100644
--- a/config/cors.php
+++ b/config/cors.php
@@ -23,7 +23,7 @@ return [
 
     'allowed_origins_patterns' => [],
 
-    'allowed_headers' => ['X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
+    'allowed_headers' => ['X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Disposition,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
 
     'exposed_headers' => ['X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
 
diff --git a/resources/views/portal/ninja2020/layout/clean.blade.php b/resources/views/portal/ninja2020/layout/clean.blade.php
index 083045a7985a..17ee40e4947f 100644
--- a/resources/views/portal/ninja2020/layout/clean.blade.php
+++ b/resources/views/portal/ninja2020/layout/clean.blade.php
@@ -2,6 +2,15 @@
 <html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
 
     <head>
+        @if(App\Utils\Ninja::isHosted())
+            <!-- G Tag Manager -->
+            <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+            new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
+            j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
+            'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
+            })(window,document,'script','dataLayer','GTM-WMJ5W23');</script>
+            <!-- End G Tag Manager -->
+        @endif
         <!-- Error: {{ session('error') }} -->
         @if (isset($company) && $company->matomo_url && $company->matomo_id)
             <script>

From f6e740b58256ab240775c343ab192595800bcc8f Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 09:39:29 +1100
Subject: [PATCH 07/16] add filename to headers for inline files

---
 app/Http/Controllers/InvoiceController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/InvoiceController.php b/app/Http/Controllers/InvoiceController.php
index b75c0c83d6ca..a1c0d1e3ef2f 100644
--- a/app/Http/Controllers/InvoiceController.php
+++ b/app/Http/Controllers/InvoiceController.php
@@ -866,7 +866,7 @@ class InvoiceController extends BaseController
 
         $file = $invoice->service()->getInvoicePdf($contact);
 
-        $headers = ['Content-Type' => 'application/pdf'];
+        $headers = ['Content-Type' => 'application/pdf', 'filename' => basename($file)];
 
         if (request()->input('inline') == 'true') {
             $headers = array_merge($headers, ['Content-Disposition' => 'inline']);

From 9f061ad0bb4d9fec64d58a6bd2cfbcbb5e139ea5 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 09:43:46 +1100
Subject: [PATCH 08/16] add filename to headers for inline files

---
 app/Http/Controllers/InvoiceController.php | 2 +-
 app/Http/Middleware/Cors.php               | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/InvoiceController.php b/app/Http/Controllers/InvoiceController.php
index a1c0d1e3ef2f..b75c0c83d6ca 100644
--- a/app/Http/Controllers/InvoiceController.php
+++ b/app/Http/Controllers/InvoiceController.php
@@ -866,7 +866,7 @@ class InvoiceController extends BaseController
 
         $file = $invoice->service()->getInvoicePdf($contact);
 
-        $headers = ['Content-Type' => 'application/pdf', 'filename' => basename($file)];
+        $headers = ['Content-Type' => 'application/pdf'];
 
         if (request()->input('inline') == 'true') {
             $headers = array_merge($headers, ['Content-Disposition' => 'inline']);
diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
index d0346e48277c..0343ccd6f587 100644
--- a/app/Http/Middleware/Cors.php
+++ b/app/Http/Middleware/Cors.php
@@ -16,7 +16,7 @@ class Cors
             // ALLOW OPTIONS METHOD
             $headers = [
                 'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
-                'Access-Control-Allow-Headers'=> 'X-API-PASSWORD-BASE64,X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
+                'Access-Control-Allow-Headers'=> 'X-API-PASSWORD-BASE64,X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Disposition,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
             ];
 
             return Response::make('OK', 200, $headers);
@@ -26,7 +26,7 @@ class Cors
 
         $response->headers->set('Access-Control-Allow-Origin', '*');
         $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-        $response->headers->set('Access-Control-Allow-Headers', 'X-API-PASSWORD-BASE64,X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
+        $response->headers->set('Access-Control-Allow-Headers', 'X-API-PASSWORD-BASE64,X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Disposition,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
         $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
         $response->headers->set('X-APP-VERSION', config('ninja.app_version'));
         $response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));

From 220340381853400a6cdafecf6fca590cd7de7f6d Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 09:49:40 +1100
Subject: [PATCH 09/16] add filename to headers for inline files

---
 app/Http/Middleware/Cors.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
index 0343ccd6f587..f5cb51145651 100644
--- a/app/Http/Middleware/Cors.php
+++ b/app/Http/Middleware/Cors.php
@@ -27,7 +27,7 @@ class Cors
         $response->headers->set('Access-Control-Allow-Origin', '*');
         $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
         $response->headers->set('Access-Control-Allow-Headers', 'X-API-PASSWORD-BASE64,X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Disposition,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
-        $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
+        $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,Content-Disposition');
         $response->headers->set('X-APP-VERSION', config('ninja.app_version'));
         $response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));
 

From 3312e7ce12355cb7a5384e3ddb844e88c5b1a1e0 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 11:01:27 +1100
Subject: [PATCH 10/16] Update permissions logic

---
 app/Http/Controllers/ActivityController.php |  6 ++--
 app/Models/User.php                         | 13 ++++---
 tests/Unit/PermissionsTest.php              | 38 +++++++++++++++++++--
 3 files changed, 48 insertions(+), 9 deletions(-)

diff --git a/app/Http/Controllers/ActivityController.php b/app/Http/Controllers/ActivityController.php
index 12ce6c4f50c6..fea2a3d4e695 100644
--- a/app/Http/Controllers/ActivityController.php
+++ b/app/Http/Controllers/ActivityController.php
@@ -87,13 +87,15 @@ class ActivityController extends BaseController
     {
         $default_activities = $request->has('rows') ? $request->input('rows') : 50;
 
-        $activities = Activity::orderBy('created_at', 'DESC')->company()
+        $activities = Activity::orderBy('created_at', 'DESC')
+                                ->company()
                                 ->take($default_activities);
 
         if ($request->has('react')) {
 
             if(!auth()->user()->isAdmin())
-                return response()->json(['data' => []], 200);
+                $activities->where('user_id', auth()->user()->id);
+                // return response()->json(['data' => []], 200);
 
             $system = ctrans('texts.system');
 
diff --git a/app/Models/User.php b/app/Models/User.php
index 63e94b633b67..28529ad75922 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -358,18 +358,21 @@ class User extends Authenticatable implements MustVerifyEmail
     public function hasPermission($permission) : bool
     {
         $parts = explode('_', $permission);
-        $all_permission = '';
+        $all_permission = false;
 
         if (count($parts) > 1) {
             $all_permission = $parts[0].'_all';
         }
 
-//empty $all_permissions leads to stripos returning true;
-
         return  $this->isOwner() ||
                 $this->isAdmin() ||
-                (is_int(stripos($this->token()->cu->permissions, $all_permission))) ||
-                (is_int(stripos($this->token()->cu->permissions, $permission)));
+                (stripos($all_permission, $this->token()->cu->permissions) !== false) ||
+                (stripos($permission,  $this->token()->cu->permissions) !== false);
+
+        // return  $this->isOwner() ||
+        //         $this->isAdmin() ||
+        //         (is_int(stripos($this->token()->cu->permissions, $all_permission))) ||
+        //         (is_int(stripos($this->token()->cu->permissions, $permission)));
 
     }
 
diff --git a/tests/Unit/PermissionsTest.php b/tests/Unit/PermissionsTest.php
index a4853bc965cb..d30d944fe3dc 100644
--- a/tests/Unit/PermissionsTest.php
+++ b/tests/Unit/PermissionsTest.php
@@ -159,6 +159,40 @@ class PermissionsTest extends TestCase
         
     }
 
+    public function testReturnTypesOfStripos()
+    {
+
+
+        $this->assertEquals(0, stripos("view_client", ''));
+
+        $all_permission = '[]';
+        $this->assertFalse(stripos($all_permission, "view_client") !== false);
+        $this->assertTrue(stripos($all_permission, "view_client") == 0);
+        $this->assertFalse(is_int(stripos($all_permission, "view_client")));
+
+        $all_permission = ' ';
+        $this->assertFalse(stripos($all_permission, "view_client") !== false);
+        $this->assertFalse(is_int(stripos($all_permission, "view_client")));
+        
+        $all_permission = "";//problems are empty strings
+        $this->assertTrue(empty($all_permission));
+
+        $this->assertFalse( stripos($all_permission, "view_client") !== false);
+        $this->assertFalse( is_int(stripos($all_permission, "view_client")));
+        
+        $all_permission = 'view';//will always pass currently
+        $this->assertFalse( stripos($all_permission, "view_client") !== false);
+        $this->assertFalse(is_int(stripos($all_permission, "view_client")));
+
+        $all_permission = "view_client";
+        $this->assertTrue(stripos($all_permission, "view_client") !== false);
+        $this->assertTrue(is_int(stripos($all_permission, "view_client")) !== false);
+
+        $this->assertTrue(is_int(stripos($all_permission, "view_client")));
+
+
+    }
+
     public function testViewClientPermission()
     {
 
@@ -166,8 +200,8 @@ class PermissionsTest extends TestCase
         $low_cu->permissions = '["view_client"]';
         $low_cu->save();
 
-        //this is aberrant
-        $this->assertTrue($this->user->hasPermission("viewclient"));
+        // this is aberrant
+        $this->assertFalse($this->user->hasPermission("view____client"));
 
     }
 

From 527b81768a1156557dec01e95fb9f46d1207b461 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 12:23:05 +1100
Subject: [PATCH 11/16] Fixes for incomplete tests

---
 app/Policies/EntityPolicy.php                     |  4 ++--
 tests/Feature/Bank/BankTransactionRuleTest.php    | 14 ++++++++++++++
 tests/Feature/PdfMaker/ExampleIntegrationTest.php |  4 ++--
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/app/Policies/EntityPolicy.php b/app/Policies/EntityPolicy.php
index 99ca027916e3..ac5155c7c97c 100644
--- a/app/Policies/EntityPolicy.php
+++ b/app/Policies/EntityPolicy.php
@@ -47,7 +47,7 @@ class EntityPolicy
     public function edit(User $user, $entity) : bool
     {
         return ($user->isAdmin() && $entity->company_id == $user->companyId())
-            || ($user->hasPermission('edit_'.strtolower(\Illuminate\Support\Str::snake(class_basename($entity)))) && $entity->company_id == $user->companyId())
+            || ($user->hasPermission('edit_'.\Illuminate\Support\Str::snake(class_basename($entity))) && $entity->company_id == $user->companyId())
             || ($user->hasPermission('edit_all') && $entity->company_id == $user->companyId())
             || ($user->owns($entity) && $entity->company_id == $user->companyId())
             || ($user->assigned($entity) && $entity->company_id == $user->companyId());
@@ -64,7 +64,7 @@ class EntityPolicy
     public function view(User $user, $entity) : bool
     {
         return ($user->isAdmin() && $entity->company_id == $user->companyId())
-            || ($user->hasPermission('view_'.strtolower(\Illuminate\Support\Str::snake(class_basename($entity)))) && $entity->company_id == $user->companyId())
+            || ($user->hasPermission('view_'.\Illuminate\Support\Str::snake(class_basename($entity))) && $entity->company_id == $user->companyId())
             || ($user->hasPermission('view_all') && $entity->company_id == $user->companyId())
             || ($user->owns($entity) && $entity->company_id == $user->companyId())
             || ($user->assigned($entity) && $entity->company_id == $user->companyId());
diff --git a/tests/Feature/Bank/BankTransactionRuleTest.php b/tests/Feature/Bank/BankTransactionRuleTest.php
index 299c693998f4..7ee479dd8544 100644
--- a/tests/Feature/Bank/BankTransactionRuleTest.php
+++ b/tests/Feature/Bank/BankTransactionRuleTest.php
@@ -18,6 +18,7 @@ use App\Models\BankIntegration;
 use App\Models\BankTransaction;
 use App\Models\BankTransactionRule;
 use App\Models\Invoice;
+use App\Services\Bank\ProcessBankRules;
 use Illuminate\Foundation\Testing\DatabaseTransactions;
 use Illuminate\Validation\ValidationException;
 use Tests\MockAccountData;
@@ -41,6 +42,19 @@ class BankTransactionRuleTest extends TestCase
         $this->withoutExceptionHandling();
     }
 
+    public function testMatchingWithStripos()
+    {
+
+
+        $bt_value = strtolower(str_replace(" ", "", 'hello soldier'));
+        $rule_value = strtolower(str_replace(" ", "", 'solider'));
+        $rule_length = iconv_strlen($rule_value);
+
+        $this->assertFalse(stripos($rule_value, $bt_value) !== false);    
+        $this->assertFalse(stripos($bt_value, $rule_value) !== false);
+
+    }
+
     public function testBankRuleBulkActions()
     {
         $data = [
diff --git a/tests/Feature/PdfMaker/ExampleIntegrationTest.php b/tests/Feature/PdfMaker/ExampleIntegrationTest.php
index 2c6f2061d5c2..3337550e1442 100644
--- a/tests/Feature/PdfMaker/ExampleIntegrationTest.php
+++ b/tests/Feature/PdfMaker/ExampleIntegrationTest.php
@@ -31,7 +31,7 @@ class ExampleIntegrationTest extends TestCase
 
     public function testExample()
     {
-        $this->markTestIncomplete();
+        // $this->markTestIncomplete();
 
         $invoice = $this->invoice;
         $invitation = $invoice->invitations()->first();
@@ -61,6 +61,6 @@ class ExampleIntegrationTest extends TestCase
 
 //        nlog($maker->getCompiledHTML(true));
 
-        $this->assertTrue(true);
+        $this->assertNotNull($maker->getCompiledHTML(true));
     }
 }

From 3c76bfa90cf1281d44831e9f031c63975958a629 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 13:38:47 +1100
Subject: [PATCH 12/16] Fixes for check data script

---
 app/Console/Commands/CheckData.php | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/app/Console/Commands/CheckData.php b/app/Console/Commands/CheckData.php
index 7ffba27472b4..c943863d8731 100644
--- a/app/Console/Commands/CheckData.php
+++ b/app/Console/Commands/CheckData.php
@@ -448,13 +448,23 @@ class CheckData extends Command
                         //check contact exists!
                         if($contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->exists())
                         {
-                            $invitation = new $entity_obj();
-                            $invitation->company_id = $entity->company_id;
-                            $invitation->user_id = $entity->user_id;
-                            $invitation->{$entity_key} = $entity->id;
-                            $invitation->{$contact_id} = $contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->first()->id;
-                            $invitation->key = Str::random(config('ninja.key_length'));
-                            $this->logMessage("Add invitation for {$entity_key} - {$entity->id}");
+
+                            $contact = $contact_class::where('company_id', $entity->company_id)->where($client_vendor_key,$entity->{$client_vendor_key})->first();
+
+                            //double check if an archived invite exists
+                            if($contact && $entity->invitations()->withTrashed()->where($contact_id, $contact->id)->count() != 0) {
+                                $i = $entity->invitations()->withTrashed()->where($contact_id, $contact->id)->first();
+                                $i->restore();
+                            }
+                            else {
+                                $invitation = new $entity_obj();
+                                $invitation->company_id = $entity->company_id;
+                                $invitation->user_id = $entity->user_id;
+                                $invitation->{$entity_key} = $entity->id;
+                                $invitation->{$contact_id} = $contact->id;
+                                $invitation->key = Str::random(config('ninja.key_length'));
+                                $this->logMessage("Add invitation for {$entity_key} - {$entity->id}");
+                            }
                         }
                         else
                             $this->logMessage("No contact present, so cannot add invitation for {$entity_key} - {$entity->id}");

From 17f71c7c98a0461a8c5492a2e63eed9764e4428b Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 13:58:01 +1100
Subject: [PATCH 13/16] Add back example integration

PDF testing that HTML Generates\n and stuff
---
 tests/Feature/PdfMaker/ExampleIntegrationTest.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/tests/Feature/PdfMaker/ExampleIntegrationTest.php b/tests/Feature/PdfMaker/ExampleIntegrationTest.php
index 3337550e1442..1f923f9f5fbc 100644
--- a/tests/Feature/PdfMaker/ExampleIntegrationTest.php
+++ b/tests/Feature/PdfMaker/ExampleIntegrationTest.php
@@ -57,10 +57,6 @@ class ExampleIntegrationTest extends TestCase
             ->design($design)
             ->build();
 
-        //      exec('echo "" > storage/logs/laravel.log');
-
-//        nlog($maker->getCompiledHTML(true));
-
         $this->assertNotNull($maker->getCompiledHTML(true));
     }
 }

From 86824138c902c03b198f44efc63e70c664d74a12 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 18:13:33 +1100
Subject: [PATCH 14/16] Updates for check data

---
 app/Console/Commands/CheckData.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Console/Commands/CheckData.php b/app/Console/Commands/CheckData.php
index c943863d8731..1b3857ff72a9 100644
--- a/app/Console/Commands/CheckData.php
+++ b/app/Console/Commands/CheckData.php
@@ -455,6 +455,7 @@ class CheckData extends Command
                             if($contact && $entity->invitations()->withTrashed()->where($contact_id, $contact->id)->count() != 0) {
                                 $i = $entity->invitations()->withTrashed()->where($contact_id, $contact->id)->first();
                                 $i->restore();
+                                $this->logMessage("Found a valid contact and invitation restoring for {$entity_key} - {$entity->id}");
                             }
                             else {
                                 $invitation = new $entity_obj();

From 35454828920a0ab6b51b5ca696c8a803db799a15 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 23 Jan 2023 18:40:04 +1100
Subject: [PATCH 15/16] Find trashed invoices

---
 app/Services/Subscription/SubscriptionService.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Services/Subscription/SubscriptionService.php b/app/Services/Subscription/SubscriptionService.php
index 3c59d33fdfbc..cb9e0e5a38fc 100644
--- a/app/Services/Subscription/SubscriptionService.php
+++ b/app/Services/Subscription/SubscriptionService.php
@@ -98,7 +98,7 @@ class SubscriptionService
                               ->save();
 
             //update the invoice and attach to the recurring invoice!!!!!
-            $invoice = Invoice::find($payment_hash->fee_invoice_id);
+            $invoice = Invoice::withTrashed()->find($payment_hash->fee_invoice_id);
             $invoice->recurring_id = $recurring_invoice->id;
             $invoice->is_proforma = false;
             $invoice->save();

From cf6a81ef0fcd437366c4537aadcc7de8cce1080c Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 24 Jan 2023 07:25:06 +1100
Subject: [PATCH 16/16] Version bump

---
 VERSION.txt                  | 2 +-
 app/Models/BaseModel.php     | 2 +-
 app/Models/ClientContact.php | 2 +-
 config/ninja.php             | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/VERSION.txt b/VERSION.txt
index e92da973fed6..02cc04aa1bc4 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-5.5.60
\ No newline at end of file
+5.5.61
\ No newline at end of file
diff --git a/app/Models/BaseModel.php b/app/Models/BaseModel.php
index 0573f1864890..d95e051757c2 100644
--- a/app/Models/BaseModel.php
+++ b/app/Models/BaseModel.php
@@ -174,7 +174,7 @@ class BaseModel extends Model
 
         return $this
             ->withTrashed()
-            ->company()
+            // ->company()
             ->where('id', $this->decodePrimaryKey($value))->firstOrFail();
     }
 
diff --git a/app/Models/ClientContact.php b/app/Models/ClientContact.php
index 887607bd1400..264e303403fb 100644
--- a/app/Models/ClientContact.php
+++ b/app/Models/ClientContact.php
@@ -240,7 +240,7 @@ class ClientContact extends Authenticatable implements HasLocalePreference
     {
         return $this
             ->withTrashed()
-            ->company()
+            // ->company()
             ->where('id', $this->decodePrimaryKey($value))->firstOrFail();
     }
 
diff --git a/config/ninja.php b/config/ninja.php
index ea66940ea2d4..d6f71c5cb730 100644
--- a/config/ninja.php
+++ b/config/ninja.php
@@ -14,8 +14,8 @@ return [
     'require_https' => env('REQUIRE_HTTPS', true),
     'app_url' => rtrim(env('APP_URL', ''), '/'),
     'app_domain' => env('APP_DOMAIN', 'invoicing.co'),
-    'app_version' => '5.5.60',
-    'app_tag' => '5.5.60',
+    'app_version' => '5.5.61',
+    'app_tag' => '5.5.61',
     'minimum_client_version' => '5.0.16',
     'terms_version' => '1.0.1',
     'api_secret' => env('API_SECRET', ''),