From 40241cbf384af9f20edc69dfd5a411dab17780f4 Mon Sep 17 00:00:00 2001 From: Hillel Coren Date: Wed, 8 Jun 2016 17:56:48 +0300 Subject: [PATCH] Restrict client list --- app/Http/Controllers/CreditController.php | 8 ++++---- app/Http/Controllers/PaymentController.php | 11 ++++++----- app/Http/Controllers/TaskController.php | 12 ++++++------ 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/app/Http/Controllers/CreditController.php b/app/Http/Controllers/CreditController.php index c4250903fd32..ff1257d4456c 100644 --- a/app/Http/Controllers/CreditController.php +++ b/app/Http/Controllers/CreditController.php @@ -64,7 +64,7 @@ class CreditController extends BaseController 'method' => 'POST', 'url' => 'credits', 'title' => trans('texts.new_credit'), - 'clients' => Client::scope()->with('contacts')->orderBy('name')->get(), + 'clients' => Client::scope()->viewable()->with('contacts')->orderBy('name')->get(), ); return View::make('credits.edit', $data); @@ -74,9 +74,9 @@ class CreditController extends BaseController public function edit($publicId) { $credit = Credit::scope($publicId)->firstOrFail(); - + $this->authorize('edit', $credit); - + $credit->credit_date = Utils::fromSqlDate($credit->credit_date); $data = array( @@ -90,7 +90,7 @@ class CreditController extends BaseController return View::make('credit.edit', $data); } */ - + public function store(CreateCreditRequest $request) { $credit = $this->creditRepo->save($request->input()); diff --git a/app/Http/Controllers/PaymentController.php b/app/Http/Controllers/PaymentController.php index 0b93d45374b0..2054b65bafcb 100644 --- a/app/Http/Controllers/PaymentController.php +++ b/app/Http/Controllers/PaymentController.php @@ -32,7 +32,7 @@ use App\Http\Requests\UpdatePaymentRequest; class PaymentController extends BaseController { protected $entityType = ENTITY_PAYMENT; - + public function __construct(PaymentRepository $paymentRepo, InvoiceRepository $invoiceRepo, AccountRepository $accountRepo, ContactMailer $contactMailer, PaymentService $paymentService) { // parent::__construct(); @@ -71,6 +71,7 @@ class PaymentController extends BaseController public function create(PaymentRequest $request) { $invoices = Invoice::scope() + ->viewable() ->where('is_recurring', '=', false) ->where('is_quote', '=', false) ->where('invoices.balance', '>', 0) @@ -88,7 +89,7 @@ class PaymentController extends BaseController 'title' => trans('texts.new_payment'), 'paymentTypes' => Cache::get('paymentTypes'), 'paymentTypeId' => Input::get('paymentTypeId'), - 'clients' => Client::scope()->with('contacts')->orderBy('name')->get(), ); + 'clients' => Client::scope()->viewable()->with('contacts')->orderBy('name')->get(), ); return View::make('payments.edit', $data); } @@ -96,7 +97,7 @@ class PaymentController extends BaseController public function edit(PaymentRequest $request) { $payment = $request->entity(); - + $payment->payment_date = Utils::fromSqlDate($payment->payment_date); $data = array( @@ -565,7 +566,7 @@ class PaymentController extends BaseController Session::flash('error', $message); } return Redirect::to($invitation->getLink()); - } elseif (method_exists($gateway, 'completePurchase') + } elseif (method_exists($gateway, 'completePurchase') && !$accountGateway->isGateway(GATEWAY_TWO_CHECKOUT) && !$accountGateway->isGateway(GATEWAY_CHECKOUT_COM)) { $details = $this->paymentService->getPaymentDetails($invitation, $accountGateway); @@ -597,7 +598,7 @@ class PaymentController extends BaseController public function store(CreatePaymentRequest $request) { $input = $request->input(); - + $input['invoice_id'] = Invoice::getPrivateId($input['invoice']); $input['client_id'] = Client::getPrivateId($input['client']); $payment = $this->paymentRepo->save($input); diff --git a/app/Http/Controllers/TaskController.php b/app/Http/Controllers/TaskController.php index 229a4751116e..8eb90df15944 100644 --- a/app/Http/Controllers/TaskController.php +++ b/app/Http/Controllers/TaskController.php @@ -117,7 +117,7 @@ class TaskController extends BaseController $this->checkTimezone(); $task = $request->entity(); - + $actions = []; if ($task->invoice) { $actions[] = ['url' => URL::to("invoices/{$task->invoice->public_id}/edit"), 'label' => trans("texts.view_invoice")]; @@ -167,14 +167,14 @@ class TaskController extends BaseController public function update(UpdateTaskRequest $request) { $task = $request->entity(); - + return $this->save($task->public_id); } private static function getViewModel() { return [ - 'clients' => Client::scope()->with('contacts')->orderBy('name')->get(), + 'clients' => Client::scope()->viewable()->with('contacts')->orderBy('name')->get(), 'account' => Auth::user()->account, ]; } @@ -182,7 +182,7 @@ class TaskController extends BaseController private function save($publicId = null) { $action = Input::get('action'); - + if (in_array($action, ['archive', 'delete', 'restore'])) { return self::bulk(); } @@ -210,7 +210,7 @@ class TaskController extends BaseController $tasks = Task::scope($ids)->with('client')->get(); $clientPublicId = false; $data = []; - + foreach ($tasks as $task) { if ($task->client) { if (!$clientPublicId) { @@ -228,7 +228,7 @@ class TaskController extends BaseController Session::flash('error', trans('texts.task_error_invoiced')); return Redirect::to('tasks'); } - + $account = Auth::user()->account; $data[] = [ 'publicId' => $task->public_id,