Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-11-04 05:37:33 -05:00
Code Issues Packages Projects Releases Wiki Activity

Use new ACL for refunds

Browse Source
This commit is contained in:
Joshua Dwire 2016-05-06 14:19:58 -04:00
parent 9ed44bdfe4
commit 7469ea998c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Services/PaymentService.php
View File

@ -723,7 +723,7 @@ class PaymentService extends BaseService
return "javascript:showRefundModal({$model->public_id}, '{$max_refund}', '{$formatted}', '{$symbol}')"; return "javascript:showRefundModal({$model->public_id}, '{$max_refund}', '{$formatted}', '{$symbol}')";
}, },
function ($model) { function ($model) {
return Payment::canEditItem($model) && $model->payment_status_id != PAYMENT_STATUS_FAILED && return Auth::user()->can('editByOwner', [ENTITY_PAYMENT, $model->user_id]) && $model->payment_status_id != PAYMENT_STATUS_FAILED &&
$model->refunded < $model->amount && $model->refunded < $model->amount &&
( (
($model->transaction_reference && in_array($model->gateway_id , static::$refundableGateways)) ($model->transaction_reference && in_array($model->gateway_id , static::$refundableGateways))
@ -744,7 +744,7 @@ class PaymentService extends BaseService
$payments = $this->getRepo()->findByPublicIdsWithTrashed($ids); $payments = $this->getRepo()->findByPublicIdsWithTrashed($ids);
foreach ($payments as $payment) { foreach ($payments as $payment) {
if($payment->canEdit()){ if(Auth::user()->can('edit', $payment)){
if(!empty($params['amount'])) { if(!empty($params['amount'])) {
$this->refund($payment, floatval($params['amount'])); $this->refund($payment, floatval($params['amount']));
} else { } else {