mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-06-05 16:34:35 -04:00
Ensure api token has a name using update route
This commit is contained in:
David Bomba
parent
ea64802219
commit
79ec6b2ddc
@ -219,6 +219,12 @@ class BaseController extends Controller
|
|||||||
return response()->make($error, $httpErrorCode, $headers);
|
return response()->make($error, $httpErrorCode, $headers);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Refresh API response with latest cahnges
|
||||||
|
* @param Builer $query
|
||||||
|
* @property App\Models\User auth()->user()
|
||||||
|
* @return Builer
|
||||||
|
*/
|
||||||
protected function refreshResponse($query)
|
protected function refreshResponse($query)
|
||||||
{
|
{
|
||||||
$user = auth()->user();
|
$user = auth()->user();
|
||||||
@ -443,9 +449,14 @@ class BaseController extends Controller
|
|||||||
'company.bank_integrations'=> function ($query) use ($updated_at, $user) {
|
'company.bank_integrations'=> function ($query) use ($updated_at, $user) {
|
||||||
$query->whereNotNull('updated_at');
|
$query->whereNotNull('updated_at');
|
||||||
|
|
||||||
if (! $user->isAdmin()) {
|
if (! $user->hasPermission('view_bank_transaction')) {
|
||||||
$query->where('bank_integrations.user_id', $user->id);
|
$query->where('bank_integrations.user_id', $user->id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!$user->isAdmin() && !$user->isOwner() && $user->can('create', BankTransaction::class)) {
|
||||||
|
$query->exclude(["balance"]);
|
||||||
|
}
|
||||||
|
|
||||||
},
|
},
|
||||||
'company.bank_transactions'=> function ($query) use ($updated_at, $user) {
|
'company.bank_transactions'=> function ($query) use ($updated_at, $user) {
|
||||||
$query->where('updated_at', '>=', $updated_at);
|
$query->where('updated_at', '>=', $updated_at);
|
||||||
@ -538,9 +549,14 @@ class BaseController extends Controller
|
|||||||
},
|
},
|
||||||
'company.bank_integrations'=> function ($query) use ($created_at, $user) {
|
'company.bank_integrations'=> function ($query) use ($created_at, $user) {
|
||||||
|
|
||||||
if (! $user->isAdmin()) {
|
if (! $user->hasPermission('view_bank_transaction')) {
|
||||||
$query->where('bank_integrations.user_id', $user->id);
|
$query->where('bank_integrations.user_id', $user->id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!$user->isAdmin() && !$user->isOwner() && $user->can('create', BankTransaction::class)) {
|
||||||
|
$query->exclude(["balance"]);
|
||||||
|
}
|
||||||
|
|
||||||
},
|
},
|
||||||
'company.bank_transaction_rules'=> function ($query) use ($user) {
|
'company.bank_transaction_rules'=> function ($query) use ($user) {
|
||||||
|
|
||||||
@ -789,9 +805,14 @@ class BaseController extends Controller
|
|||||||
'company.bank_integrations'=> function ($query) use ($created_at, $user) {
|
'company.bank_integrations'=> function ($query) use ($created_at, $user) {
|
||||||
$query->where('created_at', '>=', $created_at);
|
$query->where('created_at', '>=', $created_at);
|
||||||
|
|
||||||
if (! $user->isAdmin()) {
|
if (! $user->hasPermission('view_bank_transaction')) {
|
||||||
$query->where('bank_integrations.user_id', $user->id);
|
$query->where('bank_integrations.user_id', $user->id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!$user->isAdmin() && !$user->isOwner() && $user->can('create', BankTransaction::class)) {
|
||||||
|
$query->exclude(["balance"]);
|
||||||
|
}
|
||||||
|
|
||||||
},
|
},
|
||||||
'company.bank_transactions'=> function ($query) use ($created_at, $user) {
|
'company.bank_transactions'=> function ($query) use ($created_at, $user) {
|
||||||
$query->where('created_at', '>=', $created_at);
|
$query->where('created_at', '>=', $created_at);
|
||||||
@ -867,6 +888,9 @@ class BaseController extends Controller
|
|||||||
$query->where('id', auth()->user()->id);
|
$query->where('id', auth()->user()->id);
|
||||||
}
|
}
|
||||||
elseif(in_array($this->entity_type, [BankTransactionRule::class,CompanyGateway::class, TaxRate::class, BankIntegration::class, Scheduler::class, BankTransaction::class, Webhook::class, ExpenseCategory::class])){ //table without assigned_user_id
|
elseif(in_array($this->entity_type, [BankTransactionRule::class,CompanyGateway::class, TaxRate::class, BankIntegration::class, Scheduler::class, BankTransaction::class, Webhook::class, ExpenseCategory::class])){ //table without assigned_user_id
|
||||||
|
if($this->entity_type == BankIntegration::class && !auth()->user()->isAdmin() && !auth()->user()->isOwner() && auth()->user()->can('create', BankTransaction::class))
|
||||||
|
$query->exclude(["balance"]);
|
||||||
|
else
|
||||||
$query->where('user_id', '=', auth()->user()->id);
|
$query->where('user_id', '=', auth()->user()->id);
|
||||||
}
|
}
|
||||||
elseif(in_array($this->entity_type,[Design::class, GroupSetting::class, PaymentTerm::class])){
|
elseif(in_array($this->entity_type,[Design::class, GroupSetting::class, PaymentTerm::class])){
|
||||||
|
|||||||
@ -27,4 +27,12 @@ class UpdateTokenRequest extends Request
|
|||||||
{
|
{
|
||||||
return auth()->user()->isAdmin();
|
return auth()->user()->isAdmin();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function rules()
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
'name' => 'required',
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -12,12 +12,14 @@
|
|||||||
namespace App\Models;
|
namespace App\Models;
|
||||||
|
|
||||||
use App\Models\Filterable;
|
use App\Models\Filterable;
|
||||||
|
use App\Models\Traits\Excludable;
|
||||||
use Illuminate\Database\Eloquent\SoftDeletes;
|
use Illuminate\Database\Eloquent\SoftDeletes;
|
||||||
|
|
||||||
class BankIntegration extends BaseModel
|
class BankIntegration extends BaseModel
|
||||||
{
|
{
|
||||||
use SoftDeletes;
|
use SoftDeletes;
|
||||||
use Filterable;
|
use Filterable;
|
||||||
|
use Excludable;
|
||||||
|
|
||||||
protected $fillable = [
|
protected $fillable = [
|
||||||
'bank_account_name',
|
'bank_account_name',
|
||||||
|
|||||||
@ -386,18 +386,18 @@ class User extends Authenticatable implements MustVerifyEmail
|
|||||||
* @param string $permission '["view_all"]'
|
* @param string $permission '["view_all"]'
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function hasExactPermission(string $permission = ''): bool
|
public function hasExactPermission(string $permission = '___'): bool
|
||||||
{
|
{
|
||||||
|
|
||||||
$parts = explode('_', $permission);
|
$parts = explode('_', $permission);
|
||||||
$all_permission = '';
|
$all_permission = '__';
|
||||||
|
|
||||||
if (count($parts) > 1) {
|
if (count($parts) > 1) {
|
||||||
$all_permission = $parts[0].'_all';
|
$all_permission = $parts[0].'_all';
|
||||||
}
|
}
|
||||||
|
|
||||||
return (is_int(stripos($this->token()->cu->permissions, $all_permission))) ||
|
return (stripos($this->token()->cu->permissions, $all_permission) !== false) ||
|
||||||
(is_int(stripos($this->token()->cu->permissions, $permission)));
|
(stripos($this->token()->cu->permissions, $permission) !== false);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -26,6 +26,6 @@ class BankTransactionPolicy extends EntityPolicy
|
|||||||
*/
|
*/
|
||||||
public function create(User $user) : bool
|
public function create(User $user) : bool
|
||||||
{
|
{
|
||||||
return $user->isAdmin() || $user->hasPermission('create_invoice') || $user->hasPermission('create_all');
|
return $user->isAdmin() || $user->hasPermission('create_bank_transaction') || $user->hasPermission('create_all');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user