Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-01 11:24:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Clean up for access permissions

Browse Source
This commit is contained in:
David Bomba 2023-02-15 09:28:23 +11:00
parent 5617e5708c
commit 7787d1f653
7 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Requests/BankTransactionRule/StoreBankTransactionRuleRequest.php
View File

@ -11,9 +11,10 @@
namespace App\Http\Requests\BankTransactionRule; namespace App\Http\Requests\BankTransactionRule;
use App\Models\Account;
use App\Http\Requests\Request; use App\Http\Requests\Request;
use App\Models\BankTransactionRule;
use App\Utils\Traits\MakesHash; use App\Utils\Traits\MakesHash;
use App\Models\BankTransactionRule;
class StoreBankTransactionRuleRequest extends Request class StoreBankTransactionRuleRequest extends Request
{ {
@ -26,7 +27,7 @@ class StoreBankTransactionRuleRequest extends Request
*/ */
public function authorize() : bool public function authorize() : bool
{ {
return auth()->user()->can('create', BankTransactionRule::class); return auth()->user()->can('create', BankTransactionRule::class) && auth()->user()->account->hasFeature(Account::FEATURE_API);;
} }
public function rules() public function rules()

3
app/Http/Requests/Design/StoreDesignRequest.php
View File

@ -11,6 +11,7 @@
namespace App\Http\Requests\Design; namespace App\Http\Requests\Design;
use App\Models\Account;
use App\Http\Requests\Request; use App\Http\Requests\Request;
class StoreDesignRequest extends Request class StoreDesignRequest extends Request
@ -22,7 +23,7 @@ class StoreDesignRequest extends Request
*/ */
public function authorize() : bool public function authorize() : bool
{ {
return auth()->user()->isAdmin(); return auth()->user()->isAdmin() && auth()->user()->account->hasFeature(Account::FEATURE_API);;
} }
public function rules() public function rules()

9
app/Http/Requests/GroupSetting/StoreGroupSettingRequest.php
View File

@ -11,10 +11,11 @@
namespace App\Http\Requests\GroupSetting; namespace App\Http\Requests\GroupSetting;
use App\DataMapper\ClientSettings; use App\Models\Account;
use App\Http\Requests\Request;
use App\Http\ValidationRules\ValidClientGroupSettingsRule;
use App\Models\GroupSetting; use App\Models\GroupSetting;
use App\Http\Requests\Request;
use App\DataMapper\ClientSettings;
use App\Http\ValidationRules\ValidClientGroupSettingsRule;
class StoreGroupSettingRequest extends Request class StoreGroupSettingRequest extends Request
{ {
@ -25,7 +26,7 @@ class StoreGroupSettingRequest extends Request
*/ */
public function authorize() : bool public function authorize() : bool
{ {
return auth()->user()->can('create', GroupSetting::class); return auth()->user()->can('create', GroupSetting::class) && && auth()->user()->account->hasFeature(Account::FEATURE_API);;
} }
public function rules() public function rules()

5
app/Http/Requests/Subscription/StoreSubscriptionRequest.php
View File

@ -11,8 +11,9 @@
namespace App\Http\Requests\Subscription; namespace App\Http\Requests\Subscription;
use App\Http\Requests\Request; use App\Models\Account;
use App\Models\Subscription; use App\Models\Subscription;
use App\Http\Requests\Request;
use Illuminate\Validation\Rule; use Illuminate\Validation\Rule;
class StoreSubscriptionRequest extends Request class StoreSubscriptionRequest extends Request
@ -24,7 +25,7 @@ class StoreSubscriptionRequest extends Request
*/ */
public function authorize() public function authorize()
{ {
return auth()->user()->can('create', Subscription::class); return auth()->user()->can('create', Subscription::class) && auth()->user()->account->hasFeature(Account::FEATURE_API);
} }
/** /**

3
app/Http/Requests/Webhook/StoreWebhookRequest.php
View File

@ -11,6 +11,7 @@
namespace App\Http\Requests\Webhook; namespace App\Http\Requests\Webhook;
use App\Models\Account;
use App\Http\Requests\Request; use App\Http\Requests\Request;
class StoreWebhookRequest extends Request class StoreWebhookRequest extends Request
@ -22,7 +23,7 @@ class StoreWebhookRequest extends Request
*/ */
public function authorize() : bool public function authorize() : bool
{ {
return auth()->user()->isAdmin(); return auth()->user()->isAdmin() && auth()->user()->account->hasFeature(Account::FEATURE_API)
} }
public function rules() public function rules()

1
app/Models/Account.php
View File

@ -110,6 +110,7 @@ class Account extends BaseModel
const FEATURE_USERS = 'users'; // Grandfathered for old Pro users const FEATURE_USERS = 'users'; // Grandfathered for old Pro users
const FEATURE_DOCUMENTS = 'documents'; const FEATURE_DOCUMENTS = 'documents';
const FEATURE_USER_PERMISSIONS = 'permissions'; const FEATURE_USER_PERMISSIONS = 'permissions';
const FEATURE_SUBSCRIPTIONS = 'subscriptions';
const RESULT_FAILURE = 'failure'; const RESULT_FAILURE = 'failure';
const RESULT_SUCCESS = 'success'; const RESULT_SUCCESS = 'success';

1
lang/en/texts.php
View File

@ -4952,6 +4952,7 @@ $LANG = array(
'update_payment' => 'Update Payment', 'update_payment' => 'Update Payment',
'markup' => 'Markup', 'markup' => 'Markup',
'unlock_pro' => 'Unlock Pro', 'unlock_pro' => 'Unlock Pro',
'preferences' => 'Preferences'
); );