mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-07-09 03:14:30 -04:00
Guards for hosted - reports access
This commit is contained in:
parent
fc624682ba
commit
4aaf3bab52
@ -11,10 +11,14 @@
|
|||||||
|
|
||||||
namespace App\Http\Requests\Report;
|
namespace App\Http\Requests\Report;
|
||||||
|
|
||||||
|
use App\Utils\Ninja;
|
||||||
use App\Http\Requests\Request;
|
use App\Http\Requests\Request;
|
||||||
|
use Illuminate\Auth\Access\AuthorizationException;
|
||||||
|
|
||||||
class GenericReportRequest extends Request
|
class GenericReportRequest extends Request
|
||||||
{
|
{
|
||||||
|
private string $error_message = '';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determine if the user is authorized to make this request.
|
* Determine if the user is authorized to make this request.
|
||||||
*
|
*
|
||||||
@ -22,11 +26,7 @@ class GenericReportRequest extends Request
|
|||||||
*/
|
*/
|
||||||
public function authorize(): bool
|
public function authorize(): bool
|
||||||
{
|
{
|
||||||
/** @var \App\Models\User $user */
|
return $this->checkAuthority();
|
||||||
$user = auth()->user();
|
|
||||||
|
|
||||||
return $user->isAdmin() || $user->hasPermission('view_reports');
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function rules()
|
public function rules()
|
||||||
@ -70,4 +70,25 @@ class GenericReportRequest extends Request
|
|||||||
|
|
||||||
$this->replace($input);
|
$this->replace($input);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function checkAuthority()
|
||||||
|
{
|
||||||
|
$this->error_message = ctrans('texts.authorization_failure');
|
||||||
|
|
||||||
|
/** @var \App\Models\User $user */
|
||||||
|
$user = auth()->user();
|
||||||
|
|
||||||
|
if(Ninja::isHosted() && $user->account->isFreeHostedClient()){
|
||||||
|
$this->error_message = ctrans('texts.upgrade_to_view_reports');
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $user->isAdmin() || $user->hasPermission('view_reports');
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function failedAuthorization()
|
||||||
|
{
|
||||||
|
throw new AuthorizationException($this->error_message);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -18,6 +18,8 @@ class ProductSalesReportRequest extends Request
|
|||||||
{
|
{
|
||||||
use MakesHash;
|
use MakesHash;
|
||||||
|
|
||||||
|
private string $error_message = '';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determine if the user is authorized to make this request.
|
* Determine if the user is authorized to make this request.
|
||||||
*
|
*
|
||||||
@ -25,7 +27,7 @@ class ProductSalesReportRequest extends Request
|
|||||||
*/
|
*/
|
||||||
public function authorize(): bool
|
public function authorize(): bool
|
||||||
{
|
{
|
||||||
return auth()->user()->isAdmin();
|
return $this->checkAuthority();
|
||||||
}
|
}
|
||||||
|
|
||||||
public function rules()
|
public function rules()
|
||||||
@ -67,4 +69,26 @@ class ProductSalesReportRequest extends Request
|
|||||||
|
|
||||||
$this->replace($input);
|
$this->replace($input);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function checkAuthority()
|
||||||
|
{
|
||||||
|
$this->error_message = ctrans('texts.authorization_failure');
|
||||||
|
|
||||||
|
/** @var \App\Models\User $user */
|
||||||
|
$user = auth()->user();
|
||||||
|
|
||||||
|
if(Ninja::isHosted() && $user->account->isFreeHostedClient()){
|
||||||
|
$this->error_message = ctrans('texts.upgrade_to_view_reports');
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $user->isAdmin() || $user->hasPermission('view_reports');
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function failedAuthorization()
|
||||||
|
{
|
||||||
|
throw new AuthorizationException($this->error_message);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -12,9 +12,13 @@
|
|||||||
namespace App\Http\Requests\Report;
|
namespace App\Http\Requests\Report;
|
||||||
|
|
||||||
use App\Http\Requests\Request;
|
use App\Http\Requests\Request;
|
||||||
|
use Illuminate\Auth\Access\AuthorizationException;
|
||||||
|
|
||||||
class ProfitLossRequest extends Request
|
class ProfitLossRequest extends Request
|
||||||
{
|
{
|
||||||
|
|
||||||
|
private string $error_message = '';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determine if the user is authorized to make this request.
|
* Determine if the user is authorized to make this request.
|
||||||
*
|
*
|
||||||
@ -22,10 +26,7 @@ class ProfitLossRequest extends Request
|
|||||||
*/
|
*/
|
||||||
public function authorize(): bool
|
public function authorize(): bool
|
||||||
{
|
{
|
||||||
/** @var \App\Models\User $user */
|
return $this->checkAuthority();
|
||||||
$user = auth()->user();
|
|
||||||
|
|
||||||
return $user->isAdmin();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function rules()
|
public function rules()
|
||||||
@ -51,4 +52,26 @@ class ProfitLossRequest extends Request
|
|||||||
|
|
||||||
$this->replace($input);
|
$this->replace($input);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function checkAuthority()
|
||||||
|
{
|
||||||
|
$this->error_message = ctrans('texts.authorization_failure');
|
||||||
|
|
||||||
|
/** @var \App\Models\User $user */
|
||||||
|
$user = auth()->user();
|
||||||
|
|
||||||
|
if(Ninja::isHosted() && $user->account->isFreeHostedClient()){
|
||||||
|
$this->error_message = ctrans('texts.upgrade_to_view_reports');
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $user->isAdmin() || $user->hasPermission('view_reports');
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function failedAuthorization()
|
||||||
|
{
|
||||||
|
throw new AuthorizationException($this->error_message);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -11,10 +11,14 @@
|
|||||||
|
|
||||||
namespace App\Http\Requests\Report;
|
namespace App\Http\Requests\Report;
|
||||||
|
|
||||||
|
use App\Utils\Ninja;
|
||||||
use App\Http\Requests\Request;
|
use App\Http\Requests\Request;
|
||||||
|
use Illuminate\Auth\Access\AuthorizationException;
|
||||||
|
|
||||||
class ReportPreviewRequest extends Request
|
class ReportPreviewRequest extends Request
|
||||||
{
|
{
|
||||||
|
private string $error_message = '';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determine if the user is authorized to make this request.
|
* Determine if the user is authorized to make this request.
|
||||||
*
|
*
|
||||||
@ -22,11 +26,7 @@ class ReportPreviewRequest extends Request
|
|||||||
*/
|
*/
|
||||||
public function authorize(): bool
|
public function authorize(): bool
|
||||||
{
|
{
|
||||||
/** @var \App\Models\User $user */
|
return $this->checkAuthority();
|
||||||
$user = auth()->user();
|
|
||||||
|
|
||||||
return $user->isAdmin() || $user->hasPermission('view_reports');
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function rules()
|
public function rules()
|
||||||
@ -38,4 +38,26 @@ class ReportPreviewRequest extends Request
|
|||||||
public function prepareForValidation()
|
public function prepareForValidation()
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function checkAuthority()
|
||||||
|
{
|
||||||
|
$this->error_message = ctrans('texts.authorization_failure');
|
||||||
|
|
||||||
|
/** @var \App\Models\User $user */
|
||||||
|
$user = auth()->user();
|
||||||
|
|
||||||
|
if(Ninja::isHosted() && $user->account->isFreeHostedClient()){
|
||||||
|
$this->error_message = ctrans('texts.upgrade_to_view_reports');
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $user->isAdmin() || $user->hasPermission('view_reports');
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function failedAuthorization()
|
||||||
|
{
|
||||||
|
throw new AuthorizationException($this->error_message);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -108,8 +108,8 @@ class TemplateAction implements ShouldQueue
|
|||||||
->where('company_id', $this->company->id)
|
->where('company_id', $this->company->id)
|
||||||
->get();
|
->get();
|
||||||
|
|
||||||
|
/** Set a global currency_code */
|
||||||
$first_entity = $result->first();
|
$first_entity = $result->first();
|
||||||
|
|
||||||
if($first_entity->client)
|
if($first_entity->client)
|
||||||
$currency_code = $first_entity->client->currency()->code;
|
$currency_code = $first_entity->client->currency()->code;
|
||||||
elseif($first_entity instanceof Client)
|
elseif($first_entity instanceof Client)
|
||||||
|
Loading…
x
Reference in New Issue
Block a user