Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-01 19:34:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Minor fixes for quote permissions

Browse Source
This commit is contained in:
David Bomba 2022-02-17 23:07:16 +11:00
parent 697b379889
commit 6ec6ae8756
4 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Requests/ClientPortal/Credits/ShowCreditRequest.php
View File

@ -15,7 +15,8 @@ class ShowCreditRequest extends FormRequest
public function authorize() public function authorize()
{ {
return !$this->credit->is_deleted return !$this->credit->is_deleted
&& auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_CREDITS; && auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_CREDITS
&& auth()->guard('contact')->user()->client_id === $this->credit->client_id;
} }
/** /**

3
app/Http/Requests/ClientPortal/Documents/ShowDocumentRequest.php
View File

@ -27,9 +27,10 @@ class ShowDocumentRequest extends FormRequest
*/ */
public function authorize() public function authorize()
{ {
return auth()->guard('contact')->user()->client_id == $this->document->documentable_id return auth()->guard('contact')->user()->client_id == $this->document->documentable_id
|| $this->document->documentable->client_id == auth()->guard('contact')->user()->client_id
|| $this->document->company_id == auth()->guard('contact')->user()->company_id; || $this->document->company_id == auth()->guard('contact')->user()->company_id;
} }
/** /**

2
app/Http/Requests/ClientPortal/Invoices/ShowInvoiceRequest.php
View File

@ -23,7 +23,7 @@ class ShowInvoiceRequest extends Request
*/ */
public function authorize() : bool public function authorize() : bool
{ {
return auth()->guard('contact')->user()->client_id == $this->invoice->client_id return auth()->guard('contact')->user()->client_id === $this->invoice->client_id
&& auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_INVOICES; && auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_INVOICES;
} }
} }

2
app/Http/Requests/ClientPortal/Quotes/ShowQuoteRequest.php
View File

@ -19,7 +19,7 @@ class ShowQuoteRequest extends FormRequest
{ {
public function authorize() public function authorize()
{ {
return auth()->user()->client->id === $this->quote->client_id return auth()->guard('contact')->user()->client->id === $this->quote->client_id
&& auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_QUOTES; && auth()->guard('contact')->user()->company->enabled_modules & PortalComposer::MODULE_QUOTES;
} }