mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-07-09 03:14:30 -04:00
Working on permissions in the API
This commit is contained in:
parent
e7f4368cbb
commit
6acddfc3c7
@ -306,7 +306,7 @@ class AppController extends BaseController
|
|||||||
|
|
||||||
public function stats()
|
public function stats()
|
||||||
{
|
{
|
||||||
if (Input::get('password') != env('RESELLER_PASSWORD')) {
|
if ( ! hash_equals(Input::get('password'), env('RESELLER_PASSWORD'))) {
|
||||||
sleep(3);
|
sleep(3);
|
||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
|
@ -18,6 +18,7 @@ use App\Ninja\Repositories\InvoiceRepository;
|
|||||||
use App\Ninja\Mailers\ContactMailer as Mailer;
|
use App\Ninja\Mailers\ContactMailer as Mailer;
|
||||||
use App\Http\Controllers\BaseAPIController;
|
use App\Http\Controllers\BaseAPIController;
|
||||||
use App\Ninja\Transformers\InvoiceTransformer;
|
use App\Ninja\Transformers\InvoiceTransformer;
|
||||||
|
use App\Http\Requests\InvoiceRequest;
|
||||||
use App\Http\Requests\CreateInvoiceAPIRequest;
|
use App\Http\Requests\CreateInvoiceAPIRequest;
|
||||||
use App\Http\Requests\UpdateInvoiceAPIRequest;
|
use App\Http\Requests\UpdateInvoiceAPIRequest;
|
||||||
use App\Services\InvoiceService;
|
use App\Services\InvoiceService;
|
||||||
@ -82,17 +83,9 @@ class InvoiceApiController extends BaseAPIController
|
|||||||
* )
|
* )
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public function show($publicId)
|
public function show(InvoiceRequest $request)
|
||||||
{
|
{
|
||||||
$invoice = Invoice::scope($publicId)->withTrashed()->first();
|
return $this->itemResponse($request->entity());
|
||||||
|
|
||||||
if(!$invoice)
|
|
||||||
return $this->errorResponse(['message'=>'Invoice does not exist!'], 404);
|
|
||||||
|
|
||||||
$transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
|
|
||||||
$data = $this->createItem($invoice, $transformer, 'invoice');
|
|
||||||
|
|
||||||
return $this->response($data);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -187,11 +180,11 @@ class InvoiceApiController extends BaseAPIController
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$invoice = Invoice::scope($invoice->public_id)->with('client', 'invoice_items', 'invitations')->first();
|
$invoice = Invoice::scope($invoice->public_id)
|
||||||
$transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
|
->with('client', 'invoice_items', 'invitations')
|
||||||
$data = $this->createItem($invoice, $transformer, 'invoice');
|
->first();
|
||||||
|
|
||||||
return $this->response($data);
|
return $this->itemResponse($invoice);
|
||||||
}
|
}
|
||||||
|
|
||||||
private function prepareData($data, $client)
|
private function prepareData($data, $client)
|
||||||
@ -277,36 +270,21 @@ class InvoiceApiController extends BaseAPIController
|
|||||||
$item[$key] = $val;
|
$item[$key] = $val;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $item;
|
return $item;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function emailInvoice()
|
public function emailInvoice(InvoiceRequest $request)
|
||||||
{
|
{
|
||||||
$data = Input::all();
|
$invoice = $request->entity();
|
||||||
$error = null;
|
|
||||||
|
|
||||||
$invoice = Invoice::scope($data['id'])->withTrashed()->first();
|
$this->mailer->sendInvoice($invoice);
|
||||||
|
|
||||||
if(!$invoice)
|
|
||||||
return $this->errorResponse(['message'=>'Invoice does not exist.'], 400);
|
|
||||||
|
|
||||||
|
|
||||||
$this->mailer->sendInvoice($invoice, false, false);
|
|
||||||
|
|
||||||
|
|
||||||
if($error) {
|
|
||||||
return $this->errorResponse(['message'=>'There was an error sending the invoice'], 400);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$response = json_encode(RESULT_SUCCESS, JSON_PRETTY_PRINT);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
$response = json_encode(RESULT_SUCCESS, JSON_PRETTY_PRINT);
|
||||||
$headers = Utils::getApiHeaders();
|
$headers = Utils::getApiHeaders();
|
||||||
return Response::make($response, $error ? 400 : 200, $headers);
|
return Response::make($response, 200, $headers);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @SWG\Put(
|
* @SWG\Put(
|
||||||
* path="/invoices",
|
* path="/invoices",
|
||||||
@ -330,43 +308,23 @@ class InvoiceApiController extends BaseAPIController
|
|||||||
*/
|
*/
|
||||||
public function update(UpdateInvoiceAPIRequest $request, $publicId)
|
public function update(UpdateInvoiceAPIRequest $request, $publicId)
|
||||||
{
|
{
|
||||||
if ($request->action == ACTION_ARCHIVE) {
|
if ($request->action == ACTION_CONVERT) {
|
||||||
$invoice = Invoice::scope($publicId)->firstOrFail();
|
$quote = $request->entity();
|
||||||
$this->invoiceRepo->archive($invoice);
|
|
||||||
|
|
||||||
$transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
|
|
||||||
$data = $this->createItem($invoice, $transformer, 'invoice');
|
|
||||||
|
|
||||||
return $this->response($data);
|
|
||||||
}
|
|
||||||
else if ($request->action == ACTION_CONVERT) {
|
|
||||||
$quote = Invoice::scope($publicId)->firstOrFail();
|
|
||||||
$invoice = $this->invoiceRepo->cloneInvoice($quote, $quote->id);
|
$invoice = $this->invoiceRepo->cloneInvoice($quote, $quote->id);
|
||||||
|
return $this->itemResponse($invoice);
|
||||||
$transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
|
} elseif ($request->action) {
|
||||||
$data = $this->createItem($invoice, $transformer, 'invoice');
|
return $this->handleAction($request);
|
||||||
|
|
||||||
return $this->response($data);
|
|
||||||
}
|
|
||||||
else if ($request->action == ACTION_RESTORE) {
|
|
||||||
$invoice = Invoice::scope($publicId)->withTrashed()->firstOrFail();
|
|
||||||
$this->invoiceRepo->restore($invoice);
|
|
||||||
|
|
||||||
$transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
|
|
||||||
$data = $this->createItem($invoice, $transformer, 'invoice');
|
|
||||||
|
|
||||||
return $this->response($data);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$data = $request->input();
|
$data = $request->input();
|
||||||
$data['public_id'] = $publicId;
|
$data['public_id'] = $publicId;
|
||||||
$this->invoiceService->save($data);
|
$this->invoiceService->save($data);
|
||||||
|
|
||||||
$invoice = Invoice::scope($publicId)->with('client', 'invoice_items', 'invitations')->firstOrFail();
|
$invoice = Invoice::scope($publicId)
|
||||||
$transformer = new InvoiceTransformer(\Auth::user()->account, Input::get('serializer'));
|
->with('client', 'invoice_items', 'invitations')
|
||||||
$data = $this->createItem($invoice, $transformer, 'invoice');
|
->firstOrFail();
|
||||||
|
|
||||||
return $this->response($data);
|
return $this->itemResponse($invoice);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -153,11 +153,6 @@ class PaymentApiController extends BaseAPIController
|
|||||||
|
|
||||||
$this->paymentRepo->delete($payment);
|
$this->paymentRepo->delete($payment);
|
||||||
|
|
||||||
/*
|
|
||||||
$invoice = Invoice::scope($invoiceId)->with('client', 'invoice_items', 'invitations')->with(['payments' => function($query) {
|
|
||||||
$query->withTrashed();
|
|
||||||
}])->first();
|
|
||||||
*/
|
|
||||||
$transformer = new PaymentTransformer(\Auth::user()->account, Input::get('serializer'));
|
$transformer = new PaymentTransformer(\Auth::user()->account, Input::get('serializer'));
|
||||||
$data = $this->createItem($payment, $transformer, 'invoice');
|
$data = $this->createItem($payment, $transformer, 'invoice');
|
||||||
|
|
||||||
|
26
app/Http/Requests/CreateProductRequest.php
Normal file
26
app/Http/Requests/CreateProductRequest.php
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<?php namespace App\Http\Requests;
|
||||||
|
|
||||||
|
class CreateProductRequest extends ProductRequest
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Determine if the user is authorized to make this request.
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function authorize()
|
||||||
|
{
|
||||||
|
return $this->user()->can('create', ENTITY_PRODUCT);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the validation rules that apply to the request.
|
||||||
|
*
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function rules()
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
'product_key' => 'required',
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
6
app/Http/Requests/ProductRequest.php
Normal file
6
app/Http/Requests/ProductRequest.php
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<?php namespace App\Http\Requests;
|
||||||
|
|
||||||
|
class ProductRequest extends EntityRequest {
|
||||||
|
|
||||||
|
protected $entityType = ENTITY_PRODUCT;
|
||||||
|
}
|
7
app/Http/Requests/TaxRateRequest.php
Normal file
7
app/Http/Requests/TaxRateRequest.php
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
<?php namespace App\Http\Requests;
|
||||||
|
|
||||||
|
class TaxRateRequest extends EntityRequest {
|
||||||
|
|
||||||
|
protected $entityType = ENTITY_TAX_RATE;
|
||||||
|
|
||||||
|
}
|
26
app/Http/Requests/UpdateProductRequest.php
Normal file
26
app/Http/Requests/UpdateProductRequest.php
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
<?php namespace App\Http\Requests;
|
||||||
|
|
||||||
|
class UpdateProductRequest extends ProductRequest
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Determine if the user is authorized to make this request.
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function authorize()
|
||||||
|
{
|
||||||
|
return $this->user()->can('edit', $this->entity());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the validation rules that apply to the request.
|
||||||
|
*
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function rules()
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
'product_key' => 'required',
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user