Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-24 02:14:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Clean up for access permissions

Browse Source
This commit is contained in:
David Bomba 2023-02-15 09:28:23 +11:00
parent 5617e5708c
commit 7787d1f653
7 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Requests/BankTransactionRule/StoreBankTransactionRuleRequest.php
View File

@ -11,9 +11,10 @@
namespace App\Http\Requests\BankTransactionRule;
use App\Models\Account;
use App\Http\Requests\Request;
use App\Models\BankTransactionRule;
use App\Utils\Traits\MakesHash;
use App\Models\BankTransactionRule;
class StoreBankTransactionRuleRequest extends Request
{
@ -26,7 +27,7 @@ class StoreBankTransactionRuleRequest extends Request
*/
public function authorize() : bool
{
return auth()->user()->can('create', BankTransactionRule::class);
return auth()->user()->can('create', BankTransactionRule::class) && auth()->user()->account->hasFeature(Account::FEATURE_API);;
}
public function rules()

3
app/Http/Requests/Design/StoreDesignRequest.php
View File

@ -11,6 +11,7 @@
namespace App\Http\Requests\Design;
use App\Models\Account;
use App\Http\Requests\Request;
class StoreDesignRequest extends Request
@ -22,7 +23,7 @@ class StoreDesignRequest extends Request
*/
public function authorize() : bool
{
return auth()->user()->isAdmin();
return auth()->user()->isAdmin() && auth()->user()->account->hasFeature(Account::FEATURE_API);;
}
public function rules()

9
app/Http/Requests/GroupSetting/StoreGroupSettingRequest.php
View File

@ -11,10 +11,11 @@
namespace App\Http\Requests\GroupSetting;
use App\DataMapper\ClientSettings;
use App\Http\Requests\Request;
use App\Http\ValidationRules\ValidClientGroupSettingsRule;
use App\Models\Account;
use App\Models\GroupSetting;
use App\Http\Requests\Request;
use App\DataMapper\ClientSettings;
use App\Http\ValidationRules\ValidClientGroupSettingsRule;
class StoreGroupSettingRequest extends Request
{
@ -25,7 +26,7 @@ class StoreGroupSettingRequest extends Request
*/
public function authorize() : bool
{
return auth()->user()->can('create', GroupSetting::class);
return auth()->user()->can('create', GroupSetting::class) && && auth()->user()->account->hasFeature(Account::FEATURE_API);;
}
public function rules()

5
app/Http/Requests/Subscription/StoreSubscriptionRequest.php
View File

@ -11,8 +11,9 @@
namespace App\Http\Requests\Subscription;
use App\Http\Requests\Request;
use App\Models\Account;
use App\Models\Subscription;
use App\Http\Requests\Request;
use Illuminate\Validation\Rule;
class StoreSubscriptionRequest extends Request
@ -24,7 +25,7 @@ class StoreSubscriptionRequest extends Request
*/
public function authorize()
{
return auth()->user()->can('create', Subscription::class);
return auth()->user()->can('create', Subscription::class) && auth()->user()->account->hasFeature(Account::FEATURE_API);
}
/**

3
app/Http/Requests/Webhook/StoreWebhookRequest.php
View File

@ -11,6 +11,7 @@
namespace App\Http\Requests\Webhook;
use App\Models\Account;
use App\Http\Requests\Request;
class StoreWebhookRequest extends Request
@ -22,7 +23,7 @@ class StoreWebhookRequest extends Request
*/
public function authorize() : bool
{
return auth()->user()->isAdmin();
return auth()->user()->isAdmin() && auth()->user()->account->hasFeature(Account::FEATURE_API)
}
public function rules()

1
app/Models/Account.php
View File

@ -110,6 +110,7 @@ class Account extends BaseModel
const FEATURE_USERS = 'users'; // Grandfathered for old Pro users
const FEATURE_DOCUMENTS = 'documents';
const FEATURE_USER_PERMISSIONS = 'permissions';
const FEATURE_SUBSCRIPTIONS = 'subscriptions';
const RESULT_FAILURE = 'failure';
const RESULT_SUCCESS = 'success';

1
lang/en/texts.php
View File

@ -4952,6 +4952,7 @@ $LANG = array(
'update_payment' => 'Update Payment',
'markup' => 'Markup',
'unlock_pro' => 'Unlock Pro',
'preferences' => 'Preferences'
);