Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for permissions on list response

Browse Source
This commit is contained in:
David Bomba 2022-01-10 19:48:18 +11:00
parent 239b180a21
commit 3e3b4e40e5
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Filters/RecurringExpenseFilters.php
View File

@ -58,7 +58,7 @@ class RecurringExpenseFilters extends QueryFilters
return $this->builder; return $this->builder;
} }
$table = 'expenses'; $table = 'recurring_expenses';
$filters = explode(',', $filter); $filters = explode(',', $filter);
return $this->builder->where(function ($query) use ($filters, $table) { return $this->builder->where(function ($query) use ($filters, $table) {

2
app/Filters/RecurringInvoiceFilters.php
View File

@ -53,7 +53,7 @@ class RecurringInvoiceFilters extends QueryFilters
return $this->builder; return $this->builder;
} }
$table = 'recurring_'; $table = 'recurring_invoices';
$filters = explode(',', $filter); $filters = explode(',', $filter);
return $this->builder->where(function ($query) use ($filters, $table) { return $this->builder->where(function ($query) use ($filters, $table) {

5
app/Http/Controllers/BaseController.php
View File

@ -22,6 +22,7 @@ use App\Utils\Traits\AppSetup;
use Illuminate\Contracts\Container\BindingResolutionException; use Illuminate\Contracts\Container\BindingResolutionException;
use Illuminate\Database\Eloquent\Builder; use Illuminate\Database\Eloquent\Builder;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Str;
use League\Fractal\Manager; use League\Fractal\Manager;
use League\Fractal\Pagination\IlluminatePaginatorAdapter; use League\Fractal\Pagination\IlluminatePaginatorAdapter;
use League\Fractal\Resource\Collection; use League\Fractal\Resource\Collection;
@ -619,7 +620,9 @@ class BaseController extends Controller
$query->with($includes); $query->with($includes);
if (auth()->user() && ! auth()->user()->hasPermission('view_'.lcfirst(class_basename($this->entity_type)))) { // 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected
// if (auth()->user() && ! auth()->user()->hasPermission('view_'.lcfirst(class_basename($this->entity_type)))) {
if (auth()->user() && ! auth()->user()->hasPermission('view'.lcfirst(class_basename(Str::snake($this->entity_type))))) {
$query->where('user_id', '=', auth()->user()->id); $query->where('user_id', '=', auth()->user()->id);
} }