From 88dfa3601b43be12ced317a52848bc421df5e646 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Sat, 6 Nov 2021 10:28:48 +1100
Subject: [PATCH] Fixes for adding and restoring users

---
 app/Http/Controllers/UserController.php       |  3 +-
 app/Http/Requests/User/BulkUserRequest.php    | 48 ++++++++++++++++
 .../ValidationRules/Ninja/CanAddUserRule.php  | 13 +++--
 .../Ninja/CanRestoreUserRule.php              | 56 +++++++++++++++++++
 4 files changed, 114 insertions(+), 6 deletions(-)
 create mode 100644 app/Http/Requests/User/BulkUserRequest.php
 create mode 100644 app/Http/ValidationRules/Ninja/CanRestoreUserRule.php

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index a43eab22f60a..697dd36283ce 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -19,6 +19,7 @@ use App\Factory\UserFactory;
 use App\Filters\UserFilters;
 use App\Http\Controllers\Traits\VerifiesUserEmail;
 use App\Http\Requests\User\AttachCompanyUserRequest;
+use App\Http\Requests\User\BulkUserRequest;
 use App\Http\Requests\User\CreateUserRequest;
 use App\Http\Requests\User\DestroyUserRequest;
 use App\Http\Requests\User\DetachCompanyUserRequest;
@@ -534,7 +535,7 @@ class UserController extends BaseController
      *       ),
      *     )
      */
-    public function bulk()
+    public function bulk(BulkUserRequest $request)
     {
         /* Validate restore() here and check if restoring the user will exceed their user quote (hosted only)*/
         $action = request()->input('action');
diff --git a/app/Http/Requests/User/BulkUserRequest.php b/app/Http/Requests/User/BulkUserRequest.php
new file mode 100644
index 000000000000..3e87d64668db
--- /dev/null
+++ b/app/Http/Requests/User/BulkUserRequest.php
@@ -0,0 +1,48 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://www.elastic.co/licensing/elastic-license
+ */
+
+namespace App\Http\Requests\User;
+
+use App\Http\Requests\Request;
+use App\Http\ValidationRules\Ninja\CanRestoreUserRule;
+use App\Http\ValidationRules\UniqueUserRule;
+use App\Utils\Ninja;
+
+class BulkUserRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize() : bool
+    {
+        return auth()->user()->isAdmin();
+    }
+
+    public function rules()
+    {
+
+        $rules = [];
+
+        if(Ninja::isHosted() && $this->action && $this->action == 'restore')
+            $rules['ids'] = new CanRestoreUserRule();
+
+        return $rules;
+    }
+
+    protected function prepareForValidation()
+    {
+        $input = $this->all();
+
+        $this->replace($input);
+    }
+}
diff --git a/app/Http/ValidationRules/Ninja/CanAddUserRule.php b/app/Http/ValidationRules/Ninja/CanAddUserRule.php
index 11b159fb6c6b..98ae76016d76 100644
--- a/app/Http/ValidationRules/Ninja/CanAddUserRule.php
+++ b/app/Http/ValidationRules/Ninja/CanAddUserRule.php
@@ -31,12 +31,15 @@ class CanAddUserRule implements Rule
      */
     public function passes($attribute, $value)
     {
-        // $count = CompanyUser::query()
-        //     ->where('account_id', auth()->user()->account_id)
-        //     ->distinct('user_id')
-        //     ->count();
 
-        // return $count < auth()->user()->company()->account->num_users;
+        $count = CompanyUser::query()
+            ->with('user')
+            ->where('account_id', auth()->user()->account_id)
+            ->distinct()
+            ->select('user_id')
+            ->count(); 
+
+        return $count < auth()->user()->company()->account->num_users;
         //return auth()->user()->company()->account->users->count() < auth()->user()->company()->account->num_users;
     }
 
diff --git a/app/Http/ValidationRules/Ninja/CanRestoreUserRule.php b/app/Http/ValidationRules/Ninja/CanRestoreUserRule.php
new file mode 100644
index 000000000000..45bf5ec7f351
--- /dev/null
+++ b/app/Http/ValidationRules/Ninja/CanRestoreUserRule.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2021. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://www.elastic.co/licensing/elastic-license
+ */
+
+namespace App\Http\ValidationRules\Ninja;
+
+use App\Models\CompanyUser;
+use App\Models\User;
+use Illuminate\Contracts\Validation\Rule;
+
+/**
+ * Class CanAddUserRule.
+ */
+class CanRestoreUserRule implements Rule
+{
+
+    public function __construct()
+    {
+    }
+
+    /**
+     * @param string $attribute
+     * @param mixed $value
+     * @return bool
+     */
+    public function passes($attribute, $value)
+    {
+
+        $count = User::query()
+            ->with(['company_user' => function ($query){
+              return $query->whereNull('company_user.deleted_at');
+            }])
+            ->where('account_id', 1)
+            ->distinct()
+            ->select('users.id')
+            ->count();
+
+        return $count < auth()->user()->company()->account->num_users;
+        //return auth()->user()->company()->account->users->count() < auth()->user()->company()->account->num_users;
+    }
+
+    /**
+     * @return string
+     */
+    public function message()
+    {
+        return ctrans('texts.limit_users', ['limit' => auth()->user()->company()->account->num_users]);
+    }
+}