Working on permissions in the API

app/Http/Controllers/AppController.php

@@ -306,7 +306,7 @@ class AppController extends BaseController
 
     public function stats()
     {
-        if (Input::get('password') != env('RESELLER_PASSWORD')) {
+        if ( ! hash_equals(Input::get('password'), env('RESELLER_PASSWORD'))) {
             sleep(3);
             return '';
         }

app/Http/Controllers/InvoiceApiController.php

@@ -18,6 +18,7 @@ use App\Ninja\Repositories\InvoiceRepository;
 use App\Ninja\Mailers\ContactMailer as Mailer;
 use App\Http\Controllers\BaseAPIController;
 use App\Ninja\Transformers\InvoiceTransformer;
+use App\Http\Requests\InvoiceRequest;
 use App\Http\Requests\CreateInvoiceAPIRequest;
 use App\Http\Requests\UpdateInvoiceAPIRequest;
 use App\Services\InvoiceService;
@@ -82,17 +83,9 @@ class InvoiceApiController extends BaseAPIController
          * )
          */
 
-    public function show($publicId)
+    public function show(InvoiceRequest $request)
     {
-        $invoice = Invoice::scope($publicId)->withTrashed()->first();
-
-        if(!$invoice)
-            return $this->errorResponse(['message'=>'Invoice does not exist!'], 404);
-
-        $transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
-        $data = $this->createItem($invoice, $transformer, 'invoice');
-
-        return $this->response($data);
+        return $this->itemResponse($request->entity());
     }
 
     /**
@@ -187,11 +180,11 @@ class InvoiceApiController extends BaseAPIController
             }
         }
 
-        $invoice = Invoice::scope($invoice->public_id)->with('client', 'invoice_items', 'invitations')->first();
-        $transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
-        $data = $this->createItem($invoice, $transformer, 'invoice');
-
-        return $this->response($data);
+        $invoice = Invoice::scope($invoice->public_id)
+                        ->with('client', 'invoice_items', 'invitations')
+                        ->first();
+                        
+        return $this->itemResponse($invoice);
     }
 
     private function prepareData($data, $client)
@@ -277,36 +270,21 @@ class InvoiceApiController extends BaseAPIController
                 $item[$key] = $val;
             }
         }
-
+        
         return $item;
     }
 
-    public function emailInvoice()
+    public function emailInvoice(InvoiceRequest $request)
     {
-        $data = Input::all();
-        $error = null;
+        $invoice = $request->entity();
 
-        $invoice = Invoice::scope($data['id'])->withTrashed()->first();
-
-        if(!$invoice)
-            return $this->errorResponse(['message'=>'Invoice does not exist.'], 400);
-
-
-        $this->mailer->sendInvoice($invoice, false, false);
-
-
-        if($error) {
-            return $this->errorResponse(['message'=>'There was an error sending the invoice'], 400);
-        }
-        else {
-            $response = json_encode(RESULT_SUCCESS, JSON_PRETTY_PRINT);
-        }
+        $this->mailer->sendInvoice($invoice);
 
+        $response = json_encode(RESULT_SUCCESS, JSON_PRETTY_PRINT);
         $headers = Utils::getApiHeaders();
-        return Response::make($response, $error ? 400 : 200, $headers);
+        return Response::make($response, 200, $headers);
     }
 
-
         /**
          * @SWG\Put(
          *   path="/invoices",
@@ -330,43 +308,23 @@ class InvoiceApiController extends BaseAPIController
          */
     public function update(UpdateInvoiceAPIRequest $request, $publicId)
     {
-        if ($request->action == ACTION_ARCHIVE) {
-            $invoice = Invoice::scope($publicId)->firstOrFail();
-            $this->invoiceRepo->archive($invoice);
-
-            $transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
-            $data = $this->createItem($invoice, $transformer, 'invoice');
-
-            return $this->response($data);
-        }
-        else if ($request->action == ACTION_CONVERT) {
-            $quote = Invoice::scope($publicId)->firstOrFail();
+        if ($request->action == ACTION_CONVERT) {
+            $quote = $request->entity();            
             $invoice = $this->invoiceRepo->cloneInvoice($quote, $quote->id);
-
-            $transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
-            $data = $this->createItem($invoice, $transformer, 'invoice');
-
-            return $this->response($data);
-        }
-        else if ($request->action == ACTION_RESTORE) {
-            $invoice = Invoice::scope($publicId)->withTrashed()->firstOrFail();
-            $this->invoiceRepo->restore($invoice);
-
-            $transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
-            $data = $this->createItem($invoice, $transformer, 'invoice');
-
-            return $this->response($data);
+            return $this->itemResponse($invoice);
+        } elseif ($request->action) {
+            return $this->handleAction($request);
         }
 
         $data = $request->input();
         $data['public_id'] = $publicId;
         $this->invoiceService->save($data);
 
-        $invoice = Invoice::scope($publicId)->with('client', 'invoice_items', 'invitations')->firstOrFail();
-        $transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
-        $data = $this->createItem($invoice, $transformer, 'invoice');
-
-        return $this->response($data);
+        $invoice = Invoice::scope($publicId)
+                        ->with('client', 'invoice_items', 'invitations')
+                        ->firstOrFail();
+                        
+        return $this->itemResponse($invoice);
     }
 
         /**

app/Http/Controllers/PaymentApiController.php

@@ -153,11 +153,6 @@ class PaymentApiController extends BaseAPIController
 
         $this->paymentRepo->delete($payment);
 
-        /*
-        $invoice = Invoice::scope($invoiceId)->with('client', 'invoice_items', 'invitations')->with(['payments' => function($query) {
-            $query->withTrashed();
-        }])->first();
-        */
         $transformer = new PaymentTransformer(\Auth::user()->account, Input::get('serializer'));
         $data = $this->createItem($payment, $transformer, 'invoice');
 

app/Http/Requests/CreateProductRequest.php

@@ -0,0 +1,26 @@
+<?php namespace App\Http\Requests;
+
+class CreateProductRequest extends ProductRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return $this->user()->can('create', ENTITY_PRODUCT);
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'product_key' => 'required',
+        ];
+    }
+}

app/Http/Requests/ProductRequest.php

@@ -0,0 +1,6 @@
+<?php namespace App\Http\Requests;
+
+class ProductRequest extends EntityRequest {
+
+    protected $entityType = ENTITY_PRODUCT;
+}

app/Http/Requests/TaxRateRequest.php

@@ -0,0 +1,7 @@
+<?php namespace App\Http\Requests;
+
+class TaxRateRequest extends EntityRequest {
+
+    protected $entityType = ENTITY_TAX_RATE;
+    
+}

app/Http/Requests/UpdateProductRequest.php

@@ -0,0 +1,26 @@
+<?php namespace App\Http\Requests;
+
+class UpdateProductRequest extends ProductRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return $this->user()->can('edit', $this->entity());
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'product_key' => 'required',
+        ];
+    }
+}