From 5f8ae65310423296f4137edd53fd8aa0791089bf Mon Sep 17 00:00:00 2001 From: Hillel Coren Date: Thu, 7 Jul 2016 11:44:15 +0300 Subject: [PATCH] Working on expense category permissions --- app/Http/Controllers/ExpenseController.php | 2 +- .../Requests/CreateExpenseCategoryRequest.php | 2 +- .../Requests/UpdateExpenseCategoryRequest.php | 2 +- app/Models/EntityModel.php | 7 ++- .../Datatables/ExpenseCategoryDatatable.php | 8 ++- .../ExpenseCategoryRepository.php | 1 + app/Policies/EntityPolicy.php | 3 +- app/Policies/ExpenseCategoryPolicy.php | 53 ++++++++++++++++++- resources/views/expenses/edit.blade.php | 14 +++-- resources/views/list.blade.php | 2 +- 10 files changed, 78 insertions(+), 16 deletions(-) diff --git a/app/Http/Controllers/ExpenseController.php b/app/Http/Controllers/ExpenseController.php index fa3eae6acd2a..d41b68c01aaf 100644 --- a/app/Http/Controllers/ExpenseController.php +++ b/app/Http/Controllers/ExpenseController.php @@ -236,7 +236,7 @@ class ExpenseController extends BaseController 'countries' => Cache::get('countries'), 'customLabel1' => Auth::user()->account->custom_vendor_label1, 'customLabel2' => Auth::user()->account->custom_vendor_label2, - 'categories' => ExpenseCategory::scope()->orderBy('name')->get(), + 'categories' => ExpenseCategory::whereAccountId(Auth::user()->account_id)->orderBy('name')->get(), ]; } diff --git a/app/Http/Requests/CreateExpenseCategoryRequest.php b/app/Http/Requests/CreateExpenseCategoryRequest.php index fa240bc65424..98c57832bfb4 100644 --- a/app/Http/Requests/CreateExpenseCategoryRequest.php +++ b/app/Http/Requests/CreateExpenseCategoryRequest.php @@ -10,7 +10,7 @@ class CreateExpenseCategoryRequest extends ExpenseCategoryRequest */ public function authorize() { - return $this->user()->is_admin; + return $this->user()->can('create', ENTITY_EXPENSE_CATEGORY); } /** diff --git a/app/Http/Requests/UpdateExpenseCategoryRequest.php b/app/Http/Requests/UpdateExpenseCategoryRequest.php index bc5149018700..74049e3eab4f 100644 --- a/app/Http/Requests/UpdateExpenseCategoryRequest.php +++ b/app/Http/Requests/UpdateExpenseCategoryRequest.php @@ -9,7 +9,7 @@ class UpdateExpenseCategoryRequest extends ExpenseCategoryRequest */ public function authorize() { - return $this->user()->is_admin; + return $this->user()->can('edit', $this->entity()); } /** diff --git a/app/Models/EntityModel.php b/app/Models/EntityModel.php index 22874ace4a65..4a98ef817e6d 100644 --- a/app/Models/EntityModel.php +++ b/app/Models/EntityModel.php @@ -50,10 +50,9 @@ class EntityModel extends Eloquent $entity->setRelation('account', $account); if (method_exists($className, 'trashed')){ - $lastEntity = $className::withTrashed() - ->scope(false, $entity->account_id); + $lastEntity = $className::whereAccountId($entity->account_id)->withTrashed(); } else { - $lastEntity = $className::scope(false, $entity->account_id); + $lastEntity = $className::whereAccountId($entity->account_id); } $lastEntity = $lastEntity->orderBy('public_id', 'DESC') @@ -122,7 +121,7 @@ class EntityModel extends Eloquent } if (Auth::check() && ! Auth::user()->hasPermission('view_all')) { - $query->where($this->getEntityType(). 's.user_id', '=', Auth::user()->id); + $query->where(Utils::pluralizeEntityType($this->getEntityType()) . '.user_id', '=', Auth::user()->id); } return $query; diff --git a/app/Ninja/Datatables/ExpenseCategoryDatatable.php b/app/Ninja/Datatables/ExpenseCategoryDatatable.php index 5c8f7c78d20d..7ef850b0a49c 100644 --- a/app/Ninja/Datatables/ExpenseCategoryDatatable.php +++ b/app/Ninja/Datatables/ExpenseCategoryDatatable.php @@ -15,7 +15,11 @@ class ExpenseCategoryDatatable extends EntityDatatable 'name', function ($model) { - return link_to("expense_categories/{$model->public_id}/edit", $model->category ?: '')->toHtml(); + if ( ! Auth::user()->can('editByOwner', [ENTITY_EXPENSE_CATEGORY, $model->user_id])) { + return $model->category; + } + + return link_to("expense_categories/{$model->public_id}/edit", $model->category)->toHtml(); } ], ]; @@ -30,7 +34,7 @@ class ExpenseCategoryDatatable extends EntityDatatable return URL::to("expense_categories/{$model->public_id}/edit") ; }, function ($model) { - return Auth::user()->is_admin; + return Auth::user()->can('editByOwner', [ENTITY_EXPENSE_CATEGORY, $model->user_id]); } ], ]; diff --git a/app/Ninja/Repositories/ExpenseCategoryRepository.php b/app/Ninja/Repositories/ExpenseCategoryRepository.php index c7366fb34120..90edbd2d7412 100644 --- a/app/Ninja/Repositories/ExpenseCategoryRepository.php +++ b/app/Ninja/Repositories/ExpenseCategoryRepository.php @@ -19,6 +19,7 @@ class ExpenseCategoryRepository extends BaseRepository ->select( 'expense_categories.name as category', 'expense_categories.public_id', + 'expense_categories.user_id', 'expense_categories.deleted_at' ); diff --git a/app/Policies/EntityPolicy.php b/app/Policies/EntityPolicy.php index 4b71e459f9e4..3eca53333f6c 100644 --- a/app/Policies/EntityPolicy.php +++ b/app/Policies/EntityPolicy.php @@ -2,7 +2,6 @@ namespace App\Policies; - use App\Models\User; use Illuminate\Auth\Access\HandlesAuthorization; @@ -58,4 +57,4 @@ class EntityPolicy public static function editByOwner(User $user, $ownerUserId) { return $user->hasPermission('edit_all') || $user->id == $ownerUserId; } -} \ No newline at end of file +} diff --git a/app/Policies/ExpenseCategoryPolicy.php b/app/Policies/ExpenseCategoryPolicy.php index 8b13f8a28f81..bac89b183c2f 100644 --- a/app/Policies/ExpenseCategoryPolicy.php +++ b/app/Policies/ExpenseCategoryPolicy.php @@ -2,4 +2,55 @@ namespace App\Policies; -class ExpenseCategoryPolicy extends EntityPolicy {} +use App\Models\User; + +class ExpenseCategoryPolicy extends EntityPolicy +{ + + /** + * @param User $user + * @return bool + */ + public static function create(User $user) { + return $user->is_admin; + } + + /** + * @param User $user + * @param $item + * + * @return bool + */ + public static function edit(User $user, $item) { + return $user->is_admin; + } + + /** + * @param User $user + * @param $item + * + * @return bool + */ + public static function view(User $user, $item) { + return true; + } + + /** + * @param User $user + * @param $ownerUserId + * @return bool + */ + public static function viewByOwner(User$user, $ownerUserId) { + return true; + } + + /** + * @param User $user + * @param $ownerUserId + * @return bool + */ + public static function editByOwner(User $user, $ownerUserId) { + return $user->is_admin; + } + +} diff --git a/resources/views/expenses/edit.blade.php b/resources/views/expenses/edit.blade.php index c5889d8d7292..c0d36eab7f50 100644 --- a/resources/views/expenses/edit.blade.php +++ b/resources/views/expenses/edit.blade.php @@ -132,12 +132,20 @@
- {!! Button::normal(trans('texts.cancel'))->asLinkTo(URL::to('/expenses'))->appendIcon(Icon::create('remove-circle')) !!} - {!! Button::success(trans('texts.save'))->submit()->appendIcon(Icon::create('floppy-disk')) !!} - {!! Button::normal(trans('texts.categories'))->asLinkTo(URL::to('/expense_categories'))->appendIcon(Icon::create('list')) !!} + {!! Button::normal(trans('texts.cancel')) + ->asLinkTo(URL::to('/expenses')) + ->appendIcon(Icon::create('remove-circle')) + ->large() !!} + + {!! Button::success(trans('texts.save')) + ->appendIcon(Icon::create('floppy-disk')) + ->large() + ->submit() !!} + @if ($expense) {!! DropdownButton::normal(trans('texts.more_actions')) ->withContents($actions) + ->large() ->dropup() !!} @endif
diff --git a/resources/views/list.blade.php b/resources/views/list.blade.php index 224486a2a80d..dac58dd2ca92 100644 --- a/resources/views/list.blade.php +++ b/resources/views/list.blade.php @@ -45,7 +45,7 @@ {!! Button::normal(trans('texts.credits'))->asLinkTo(URL::to('/credits'))->appendIcon(Icon::create('list')) !!} @endif - @if (Auth::user()->hasPermission('create_all')) + @if (Auth::user()->can('create', $entityType)) {!! Button::primary(trans("texts.new_{$entityType}"))->asLinkTo(url(Utils::pluralizeEntityType($entityType) . '/create'))->appendIcon(Icon::create('plus-sign')) !!} @endif