diff --git a/VERSION.txt b/VERSION.txt index 55f50216aef4..188886e1989d 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -5.5.16 \ No newline at end of file +5.5.17 \ No newline at end of file diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php index 5f6bd8dfa9ab..a2695f0c6d20 100644 --- a/app/Http/Controllers/BaseController.php +++ b/app/Http/Controllers/BaseController.php @@ -232,7 +232,12 @@ class BaseController extends Controller $query->where('clients.updated_at', '>=', $updated_at)->with('contacts.company', 'gateway_tokens', 'documents'); if (! $user->hasPermission('view_client')) { - $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + // $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + }); + } }, 'company.company_gateways' => function ($query) use ($user) { @@ -246,7 +251,11 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_credit')) { - $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + // $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + }); } }, 'company.designs'=> function ($query) use ($updated_at, $user) { @@ -263,7 +272,11 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_expense')) { - $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + // $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + }); } }, 'company.groups' => function ($query) use ($updated_at, $user) { @@ -276,14 +289,25 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_invoice')) { - $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + // $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + + + $query->whereNested(function($query) use ($user) { + $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + }); + } }, 'company.payments'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('paymentables', 'documents'); if (! $user->hasPermission('view_payment')) { - $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + // $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + }); + } }, 'company.payment_terms'=> function ($query) use ($updated_at, $user) { @@ -297,54 +321,88 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_product')) { - $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + // $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); $query->whereNested(function($query) use ($user) { $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + }); } + }, 'company.projects'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_project')) { - $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + // $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + }); + } }, 'company.purchase_orders'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_purchase_order')) { - $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + // $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + + + $query->whereNested(function($query) use ($user) { + $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + }); + } }, 'company.quotes'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_quote')) { - $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + // $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + + + $query->whereNested(function($query) use ($user) { + $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + }); + } }, 'company.recurring_invoices'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('invitations', 'documents', 'client.gateway_tokens', 'client.group_settings', 'client.company'); if (! $user->hasPermission('view_recurring_invoice')) { - $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + // $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + }); + } }, 'company.recurring_expenses'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_recurring_expense')) { - $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + // $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + }); + } }, 'company.tasks'=> function ($query) use ($updated_at, $user) { $query->where('updated_at', '>=', $updated_at)->with('documents'); if (! $user->hasPermission('view_task')) { - $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + // $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + }); + } }, 'company.tax_rates'=> function ($query) use ($updated_at, $user) { @@ -354,7 +412,12 @@ class BaseController extends Controller $query->where('updated_at', '>=', $updated_at)->with('contacts', 'documents'); if (! $user->hasPermission('view_vendor')) { - $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + // $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + }); + } }, 'company.expense_categories'=> function ($query) use ($updated_at, $user) { @@ -485,7 +548,12 @@ class BaseController extends Controller $query->where('clients.created_at', '>=', $created_at)->with('contacts.company', 'gateway_tokens', 'documents'); if (! $user->hasPermission('view_client')) { - $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + // $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('clients.user_id', $user->id)->orWhere('clients.assigned_user_id', $user->id); + }); + } }, 'company.company_gateways' => function ($query) use ($user) { @@ -499,7 +567,11 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_credit')) { - $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + // $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('credits.user_id', $user->id)->orWhere('credits.assigned_user_id', $user->id); + }); } }, 'company.documents'=> function ($query) use ($created_at, $user) { @@ -509,7 +581,13 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_expense')) { - $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + // $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('expenses.user_id', $user->id)->orWhere('expenses.assigned_user_id', $user->id); + }); + + } }, 'company.groups' => function ($query) use ($created_at, $user) { @@ -519,14 +597,24 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_invoice')) { - $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + // $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('invoices.user_id', $user->id)->orWhere('invoices.assigned_user_id', $user->id); + }); + } }, 'company.payments'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('paymentables', 'documents'); if (! $user->hasPermission('view_payment')) { - $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + // $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('payments.user_id', $user->id)->orWhere('payments.assigned_user_id', $user->id); + }); + } }, 'company.payment_terms'=> function ($query) use ($created_at, $user) { @@ -536,42 +624,67 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_product')) { - $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + // $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + $query->whereNested(function($query) use ($user) { + $query->where('products.user_id', $user->id)->orWhere('products.assigned_user_id', $user->id); + }); } }, 'company.projects'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_project')) { - $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + // $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + $query->whereNested(function($query) use ($user) { + $query->where('projects.user_id', $user->id)->orWhere('projects.assigned_user_id', $user->id); + }); } }, 'company.purchase_orders'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_purchase_order')) { - $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + // $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + $query->whereNested(function($query) use ($user) { + $query->where('purchase_orders.user_id', $user->id)->orWhere('purchase_orders.assigned_user_id', $user->id); + }); + } }, 'company.quotes'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('invitations', 'documents'); if (! $user->hasPermission('view_quote')) { - $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + // $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('quotes.user_id', $user->id)->orWhere('quotes.assigned_user_id', $user->id); + }); + } }, 'company.recurring_invoices'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('invitations', 'documents', 'client.gateway_tokens', 'client.group_settings', 'client.company'); if (! $user->hasPermission('view_recurring_invoice')) { - $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + // $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('recurring_invoices.user_id', $user->id)->orWhere('recurring_invoices.assigned_user_id', $user->id); + }); + } }, 'company.tasks'=> function ($query) use ($created_at, $user) { $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_task')) { - $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); +// $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('tasks.user_id', $user->id)->orWhere('tasks.assigned_user_id', $user->id); + }); + } }, 'company.tax_rates' => function ($query) use ($created_at, $user) { @@ -581,7 +694,12 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('contacts', 'documents'); if (! $user->hasPermission('view_vendor')) { - $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + // $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('vendors.user_id', $user->id)->orWhere('vendors.assigned_user_id', $user->id); + }); + } }, 'company.expense_categories'=> function ($query) use ($created_at, $user) { @@ -615,7 +733,12 @@ class BaseController extends Controller $query->where('created_at', '>=', $created_at)->with('documents'); if (! $user->hasPermission('view_recurring_expense')) { - $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + // $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + + $query->whereNested(function($query) use ($user) { + $query->where('recurring_expenses.user_id', $user->id)->orWhere('recurring_expenses.assigned_user_id', $user->id); + }); + } }, ] diff --git a/config/ninja.php b/config/ninja.php index d0593cbac99b..2bc06c3f7dd5 100644 --- a/config/ninja.php +++ b/config/ninja.php @@ -14,8 +14,8 @@ return [ 'require_https' => env('REQUIRE_HTTPS', true), 'app_url' => rtrim(env('APP_URL', ''), '/'), 'app_domain' => env('APP_DOMAIN', 'invoicing.co'), - 'app_version' => '5.5.16', - 'app_tag' => '5.5.16', + 'app_version' => '5.5.17', + 'app_tag' => '5.5.17', 'minimum_client_version' => '5.0.16', 'terms_version' => '1.0.1', 'api_secret' => env('API_SECRET', ''),