From 811bfa0bc6425cb9f73bffc41502467cb45db012 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 25 Aug 2022 07:06:13 +1000 Subject: [PATCH 01/11] Update VERSION.txt --- VERSION.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.txt b/VERSION.txt index 62f9457511f8..24de8a37b784 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -6 \ No newline at end of file +v5.5.16 From 7d0129516842c899b44a753f4a09305018e0fcf2 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 25 Aug 2022 08:00:52 +1000 Subject: [PATCH 02/11] Add new column for invoice_task_project --- app/Models/Company.php | 1 + app/Transformers/CompanyTransformer.php | 1 + ...7_invoice_task_project_companies_table.php | 31 +++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 database/migrations/2022_08_24_215917_invoice_task_project_companies_table.php diff --git a/app/Models/Company.php b/app/Models/Company.php index bf98f6b418ab..b485e14b4024 100644 --- a/app/Models/Company.php +++ b/app/Models/Company.php @@ -120,6 +120,7 @@ class Company extends BaseModel 'inventory_notification_threshold', 'stock_notification', 'enabled_expense_tax_rates', + 'invoice_task_project', ]; protected $hidden = [ diff --git a/app/Transformers/CompanyTransformer.php b/app/Transformers/CompanyTransformer.php index d4870fb56899..81c5ac018edf 100644 --- a/app/Transformers/CompanyTransformer.php +++ b/app/Transformers/CompanyTransformer.php @@ -178,6 +178,7 @@ class CompanyTransformer extends EntityTransformer 'track_inventory' => (bool) $company->track_inventory, 'enable_applying_payments' => (bool) $company->enable_applying_payments, 'enabled_expense_tax_rates' => (int) $company->enabled_expense_tax_rates, + 'invoice_task_project' => (bool) $company->invoice_task_project, ]; } diff --git a/database/migrations/2022_08_24_215917_invoice_task_project_companies_table.php b/database/migrations/2022_08_24_215917_invoice_task_project_companies_table.php new file mode 100644 index 000000000000..1e9e8e1d05a6 --- /dev/null +++ b/database/migrations/2022_08_24_215917_invoice_task_project_companies_table.php @@ -0,0 +1,31 @@ +boolean('invoice_task_project')->default(0); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + // + } +}; From 880f1a620f435eddf91479f08de4c7a033484b71 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 25 Aug 2022 08:10:26 +1000 Subject: [PATCH 03/11] Fixes for project with both project and client id --- app/Http/Requests/Expense/StoreExpenseRequest.php | 2 +- app/Http/Requests/Expense/UpdateExpenseRequest.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Requests/Expense/StoreExpenseRequest.php b/app/Http/Requests/Expense/StoreExpenseRequest.php index b08ee31f5de8..0c964fef9016 100644 --- a/app/Http/Requests/Expense/StoreExpenseRequest.php +++ b/app/Http/Requests/Expense/StoreExpenseRequest.php @@ -69,7 +69,7 @@ class StoreExpenseRequest extends Request /* Ensure the project is related */ if (array_key_exists('project_id', $input) && isset($input['project_id'])) { - $project = Project::withTrashed()->find($input['project_id'])->company()->first(); + $project = Project::withTrashed()->where('id', $input['project_id'])->company()->first(); if($project){ $input['client_id'] = $project->client_id; diff --git a/app/Http/Requests/Expense/UpdateExpenseRequest.php b/app/Http/Requests/Expense/UpdateExpenseRequest.php index aabe07f6593c..26b144731048 100644 --- a/app/Http/Requests/Expense/UpdateExpenseRequest.php +++ b/app/Http/Requests/Expense/UpdateExpenseRequest.php @@ -64,7 +64,7 @@ class UpdateExpenseRequest extends Request /* Ensure the project is related */ if (array_key_exists('project_id', $input) && isset($input['project_id'])) { - $project = Project::withTrashed()->find($input['project_id'])->company()->first(); + $project = Project::withTrashed()->where('id', $input['project_id'])->company()->first(); if($project){ $input['client_id'] = $project->client_id; From 59f9f0702af94de0dc4f8a174a72da4cb183d6e8 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 25 Aug 2022 09:05:57 +1000 Subject: [PATCH 04/11] Wrap client paid to date in transaction --- app/Repositories/PaymentRepository.php | 42 ++++++++++++++++---------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/app/Repositories/PaymentRepository.php b/app/Repositories/PaymentRepository.php index 885df9fba014..dac9921942fe 100644 --- a/app/Repositories/PaymentRepository.php +++ b/app/Repositories/PaymentRepository.php @@ -73,28 +73,38 @@ class PaymentRepository extends BaseRepository { unset($data['exchange_rate']); $is_existing_payment = false; - $client = Client::where('id', $data['client_id'])->withTrashed()->first(); - /*We only update the paid to date ONCE per payment*/ - if (array_key_exists('invoices', $data) && is_array($data['invoices']) && count($data['invoices']) > 0) { - if ($data['amount'] == '') { - $data['amount'] = array_sum(array_column($data['invoices'], 'amount')); + \DB::connection(config('database.default'))->transaction(function () use ($data) { + + $client = Client::where('id', $data['client_id'])->withTrashed()->lockForUpdate()->first(); + + /*We only update the paid to date ONCE per payment*/ + if (array_key_exists('invoices', $data) && is_array($data['invoices']) && count($data['invoices']) > 0) { + if ($data['amount'] == '') { + $data['amount'] = array_sum(array_column($data['invoices'], 'amount')); + } + + // $client->service()->updatePaidToDate($data['amount'])->save(); + $client->paid_to_date += $data['amount']; + $client->save(); } - $client->service()->updatePaidToDate($data['amount'])->save(); - } + else{ + //this fixes an edge case with unapplied payments + // $client->service()->updatePaidToDate($data['amount'])->save(); + $client->paid_to_date += $data['amount']; + $client->save(); + } - else{ - //this fixes an edge case with unapplied payments - $client->service()->updatePaidToDate($data['amount'])->save(); - } + if (array_key_exists('credits', $data) && is_array($data['credits']) && count($data['credits']) > 0) { + $_credit_totals = array_sum(array_column($data['credits'], 'amount')); - if (array_key_exists('credits', $data) && is_array($data['credits']) && count($data['credits']) > 0) { - $_credit_totals = array_sum(array_column($data['credits'], 'amount')); + // $client->service()->updatePaidToDate($_credit_totals)->save(); + $client->paid_to_date += $_credit_totals; + $client->save(); + } - $client->service()->updatePaidToDate($_credit_totals)->save(); - - } + }, 1); } From 092416b9e623c674055a5030075ade72aef22729 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 25 Aug 2022 14:02:40 +1000 Subject: [PATCH 05/11] Toggle sms verification based on domain --- app/Jobs/Account/CreateAccount.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/app/Jobs/Account/CreateAccount.php b/app/Jobs/Account/CreateAccount.php index 70fe64a2606f..bef43ff33d91 100644 --- a/app/Jobs/Account/CreateAccount.php +++ b/app/Jobs/Account/CreateAccount.php @@ -85,6 +85,11 @@ class CreateAccount $sp794f3f->hosted_client_count = config('ninja.quotas.free.clients'); $sp794f3f->hosted_company_count = config('ninja.quotas.free.max_companies'); $sp794f3f->account_sms_verified = true; + + if(in_array($this->getDomain($this->request['email']), ['gmail.com', 'hotmail.com', 'outlook.com', 'yahoo.com'])){ + $sp794f3f->account_sms_verified = false; + } + // $sp794f3f->trial_started = now(); // $sp794f3f->trial_plan = 'pro'; } @@ -155,4 +160,19 @@ class CreateAccount return $sp794f3f; } + + private function getDomain($email) + { + if( filter_var( $email, FILTER_VALIDATE_EMAIL ) ) { + // split on @ and return last value of array (the domain) + $domain = explode('@', $email); + + $domain_name = end($domain); + + return $domain_name; + } + + return 'gmail.com'; + } + } From 06da9054c46a451e9e8f325595278399d59b5709 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Thu, 25 Aug 2022 15:01:57 +1000 Subject: [PATCH 06/11] Remove ssl config --- config/database.php | 6 ------ 1 file changed, 6 deletions(-) diff --git a/config/database.php b/config/database.php index 9a5e95716ae4..68d2b6a06926 100644 --- a/config/database.php +++ b/config/database.php @@ -95,12 +95,6 @@ return [ 'strict' => env('DB_STRICT', false), 'engine' => 'InnoDB ROW_FORMAT=DYNAMIC', 'options' => [], - // 'options' => [ - // PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false, - // PDO::MYSQL_ATTR_SSL_KEY => env("DB_CLIENT_KEY", ''), - // PDO::MYSQL_ATTR_SSL_CERT => env("DB_CLIENT_CERT", ''), - // PDO::MYSQL_ATTR_SSL_CA => env("DB_CA_CERT", ''), - // ], ], 'db-ninja-01a' => [ From e31e7f8502c95bc4575fc834bf21eb4ec771feaa Mon Sep 17 00:00:00 2001 From: David Bomba Date: Fri, 26 Aug 2022 15:35:20 +1000 Subject: [PATCH 07/11] Ensure invoice marked as paid --- app/Services/Invoice/ApplyPaymentAmount.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Services/Invoice/ApplyPaymentAmount.php b/app/Services/Invoice/ApplyPaymentAmount.php index 992d38cb52c5..564d84f37b2a 100644 --- a/app/Services/Invoice/ApplyPaymentAmount.php +++ b/app/Services/Invoice/ApplyPaymentAmount.php @@ -42,7 +42,7 @@ class ApplyPaymentAmount extends AbstractService public function run() { if ($this->invoice->status_id == Invoice::STATUS_DRAFT) { - $this->invoice->service()->markSent(); + $this->invoice->service()->markSent()->save(); } /*Don't double pay*/ From 187c5b115bb4dc78f076f9ec71bc23ccc94862be Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sat, 27 Aug 2022 09:26:08 +1000 Subject: [PATCH 08/11] Update purchase order invitations table --- .../ClientPortal/QuoteController.php | 3 +- app/Services/ClientPortal/InstantPayment.php | 3 +- app/Services/Credit/SendEmail.php | 2 +- ...mn_to_purchase_order_invitations_table.php | 32 +++++++++++++++++++ 4 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 database/migrations/2022_08_26_232500_add_email_status_column_to_purchase_order_invitations_table.php diff --git a/app/Http/Controllers/ClientPortal/QuoteController.php b/app/Http/Controllers/ClientPortal/QuoteController.php index ccaa48f98e57..e344a9616321 100644 --- a/app/Http/Controllers/ClientPortal/QuoteController.php +++ b/app/Http/Controllers/ClientPortal/QuoteController.php @@ -181,8 +181,7 @@ class QuoteController extends Controller if ($process) { foreach ($quotes as $quote) { $quote->service()->approve(auth()->user())->save(); - // event(new QuoteWasApproved(auth()->guard('contact')->user(), $quote, $quote->company, Ninja::eventVars())); - + if (request()->has('signature') && ! is_null(request()->signature) && ! empty(request()->signature)) { InjectSignature::dispatch($quote, request()->signature); } diff --git a/app/Services/ClientPortal/InstantPayment.php b/app/Services/ClientPortal/InstantPayment.php index 9d03393b2e59..2df4ea54fbea 100644 --- a/app/Services/ClientPortal/InstantPayment.php +++ b/app/Services/ClientPortal/InstantPayment.php @@ -70,7 +70,8 @@ class InstantPayment $invoices->each(function ($invoice) { $invoice->service() ->markSent() - ->removeUnpaidGatewayFees(); + ->removeUnpaidGatewayFees() + ->save(); }); /* pop non payable invoice from the $payable_invoices array */ diff --git a/app/Services/Credit/SendEmail.php b/app/Services/Credit/SendEmail.php index f7c2d5835745..c7633f2d62b5 100644 --- a/app/Services/Credit/SendEmail.php +++ b/app/Services/Credit/SendEmail.php @@ -49,6 +49,6 @@ class SendEmail } }); - $this->credit->service()->markSent(); + $this->credit->service()->markSent()->save(); } } diff --git a/database/migrations/2022_08_26_232500_add_email_status_column_to_purchase_order_invitations_table.php b/database/migrations/2022_08_26_232500_add_email_status_column_to_purchase_order_invitations_table.php new file mode 100644 index 000000000000..944b55b346f1 --- /dev/null +++ b/database/migrations/2022_08_26_232500_add_email_status_column_to_purchase_order_invitations_table.php @@ -0,0 +1,32 @@ +enum('email_status', ['delivered', 'bounced', 'spam'])->nullable(); + }); + + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + + } +}; From 0e2b945c3b2d7ec2657b258bd57f78f2bd37cbde Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sat, 27 Aug 2022 10:01:53 +1000 Subject: [PATCH 09/11] Update client records when trial activated in Stripe --- .../ClientPortal/NinjaPlanController.php | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/app/Http/Controllers/ClientPortal/NinjaPlanController.php b/app/Http/Controllers/ClientPortal/NinjaPlanController.php index 15e497d62024..b3a7481872d2 100644 --- a/app/Http/Controllers/ClientPortal/NinjaPlanController.php +++ b/app/Http/Controllers/ClientPortal/NinjaPlanController.php @@ -98,6 +98,27 @@ class NinjaPlanController extends Controller $stripe_response = json_decode($request->input('gateway_response')); $customer = $gateway_driver->findOrCreateCustomer(); + //27-08-2022 Ensure customer is updated appropriately + $update_client_object['name'] = $client->present()->name(); + $update_client_object['phone'] = substr($client->present()->phone(), 0, 20); + + $update_client_object['address']['line1'] = $client->address1 ?: ''; + $update_client_object['address']['line2'] = $client->address2 ?: ''; + $update_client_object['address']['city'] = $client->city ?: ''; + $update_client_object['address']['postal_code'] = $client->postal_code ?: ''; + $update_client_object['address']['state'] = $client->state ?: ''; + $update_client_object['address']['country'] = $client->country ? $client->country->iso_3166_2 : ''; + + $update_client_object['shipping']['name'] = $client->present()->name(); + $update_client_object['shipping']['address']['line1'] = $client->shipping_address1 ?: ''; + $update_client_object['shipping']['address']['line2'] = $client->shipping_address2 ?: ''; + $update_client_object['shipping']['address']['city'] = $client->shipping_city ?: ''; + $update_client_object['shipping']['address']['postal_code'] = $client->shipping_postal_code ?: ''; + $update_client_object['shipping']['address']['state'] = $client->shipping_state ?: ''; + $update_client_object['shipping']['address']['country'] = $client->shipping_country ? $client->shipping_country->iso_3166_2 : ''; + + \Stripe\Customer::update($customer->id, $update_client_object, $gateway_driver->stripe_connect_auth); + $gateway_driver->attach($stripe_response->payment_method, $customer); $method = $gateway_driver->getStripePaymentMethod($stripe_response->payment_method); From 9b629c80d95ddf0cdf71061c2a26b1ee2e6a81e8 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sat, 27 Aug 2022 18:49:34 +1000 Subject: [PATCH 10/11] Refactor to nested queries to improve query planner --- app/Http/Controllers/BaseController.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php index b142609f9986..5f6bd8dfa9ab 100644 --- a/app/Http/Controllers/BaseController.php +++ b/app/Http/Controllers/BaseController.php @@ -298,6 +298,11 @@ class BaseController extends Controller if (! $user->hasPermission('view_product')) { $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + }); + } }, 'company.projects'=> function ($query) use ($updated_at, $user) { From b7c8e197e9ccb3f118024372f886ccd9771ca63f Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sat, 27 Aug 2022 19:43:01 +1000 Subject: [PATCH 11/11] Improve query efficiency --- VERSION.txt | 2 +- app/Http/Controllers/BaseController.php | 175 ++++++++++++++++++++---- config/ninja.php | 4 +- 3 files changed, 152 insertions(+), 29 deletions(-) diff --git a/VERSION.txt b/VERSION.txt index 55f50216aef4..188886e1989d 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -5.5.16 \ No newline at end of file +5.5.17 \ No newline at end of file diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php index 5f6bd8dfa9ab..a2695f0c6d20 100644 --- a/app/Http/Controllers/BaseController.php +++ b/app/Http/Controllers/BaseController.php @@ -232,7 +232,12 @@ class BaseController extends Controller $query->where('clients.updated_at', '>=', $updated_at)->with('contacts.company', 'gateway_tokens', 'documents'); if (! $user->hasPermission('view_client')) { - $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + // $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + }); + } }, 'company.company_gateways' => function ($query) use ($user) { @@ -246,7 +251,11 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_credit')) { - $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + // $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + }); } }, 'company.designs'=> function ($query) use ($updated_at, $user) { @@ -263,7 +272,11 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_expense')) { - $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + // $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + }); } }, 'company.groups' => function ($query) use ($updated_at, $user) { @@ -276,14 +289,25 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_invoice')) { - $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + // $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + + + $query->whereNested(function($query) use ($user) { + $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + }); + } }, 'company.payments'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('paymentables', 'documents'); if (! $user->hasPermission('view_payment')) { - $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + // $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + }); + } }, 'company.payment_terms'=> function ($query) use ($updated_at, $user) { @@ -297,54 +321,88 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_product')) { - $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + // $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); $query->whereNested(function($query) use ($user) { $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + }); } + }, 'company.projects'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_project')) { - $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + // $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + }); + } }, 'company.purchase_orders'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_purchase_order')) { - $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + // $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + + + $query->whereNested(function($query) use ($user) { + $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + }); + } }, 'company.quotes'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_quote')) { - $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + // $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + + + $query->whereNested(function($query) use ($user) { + $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + }); + } }, 'company.recurring_invoices'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('invitations', 'documents', 'client.gateway_tokens', 'client.group_settings', 'client.company'); if (! $user->hasPermission('view_recurring_invoice')) { - $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + // $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + }); + } }, 'company.recurring_expenses'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_recurring_expense')) { - $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + // $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + }); + } }, 'company.tasks'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_task')) { - $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + // $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + }); + } }, 'company.tax_rates'=> function ($query) use ($updated_at, $user) { @@ -354,7 +412,12 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('contacts', 'documents'); if (! $user->hasPermission('view_vendor')) { - $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + // $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + }); + } }, 'company.expense_categories'=> function ($query) use ($updated_at, $user) { @@ -485,7 +548,12 @@ class BaseController extends Controller $query->where('clients.created_at', '>=', $created_at)->with('contacts.company', 'gateway_tokens', 'documents'); if (! $user->hasPermission('view_client')) { - $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + // $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + }); + } }, 'company.company_gateways' => function ($query) use ($user) { @@ -499,7 +567,11 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_credit')) { - $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + // $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + }); } }, 'company.documents'=> function ($query) use ($created_at, $user) { @@ -509,7 +581,13 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_expense')) { - $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + // $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + }); + + } }, 'company.groups' => function ($query) use ($created_at, $user) { @@ -519,14 +597,24 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_invoice')) { - $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + // $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + }); + } }, 'company.payments'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('paymentables', 'documents'); if (! $user->hasPermission('view_payment')) { - $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + // $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + }); + } }, 'company.payment_terms'=> function ($query) use ($created_at, $user) { @@ -536,42 +624,67 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_product')) { - $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + // $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + $query->whereNested(function($query) use ($user) { + $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + }); } }, 'company.projects'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_project')) { - $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + // $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + $query->whereNested(function($query) use ($user) { + $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + }); } }, 'company.purchase_orders'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_purchase_order')) { - $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + // $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + $query->whereNested(function($query) use ($user) { + $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + }); + } }, 'company.quotes'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_quote')) { - $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + // $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + }); + } }, 'company.recurring_invoices'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('invitations', 'documents', 'client.gateway_tokens', 'client.group_settings', 'client.company'); if (! $user->hasPermission('view_recurring_invoice')) { - $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + // $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + }); + } }, 'company.tasks'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_task')) { - $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); +// $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + }); + } }, 'company.tax_rates' => function ($query) use ($created_at, $user) { @@ -581,7 +694,12 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('contacts', 'documents'); if (! $user->hasPermission('view_vendor')) { - $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + // $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + }); + } }, 'company.expense_categories'=> function ($query) use ($created_at, $user) { @@ -615,7 +733,12 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_recurring_expense')) { - $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + // $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + }); + } }, ] diff --git a/config/ninja.php b/config/ninja.php index d0593cbac99b..2bc06c3f7dd5 100644 --- a/config/ninja.php +++ b/config/ninja.php @@ -14,8 +14,8 @@ return [ 'require_https' => env('REQUIRE_HTTPS', true), 'app_url' => rtrim(env('APP_URL', ''), '/'), 'app_domain' => env('APP_DOMAIN', 'invoicing.co'), - 'app_version' => '5.5.16', - 'app_tag' => '5.5.16', + 'app_version' => '5.5.17', + 'app_tag' => '5.5.17', 'minimum_client_version' => '5.0.16', 'terms_version' => '1.0.1', 'api_secret' => env('API_SECRET', ''),