Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-23 20:00:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

More intuitive document permissions

Browse Source
This commit is contained in:
Joshua Dwire 2016-03-24 18:33:28 -04:00
parent 5e62d7d296
commit b7f0d2a33f
3 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Models/Document.php
View File

@ -2,6 +2,7 @@
use Illuminate\Support\Facades\Storage; use Illuminate\Support\Facades\Storage;
use DB; use DB;
use Auth;
class Document extends EntityModel class Document extends EntityModel
{ {
@ -221,6 +222,20 @@ class Document extends EntityModel
return $document; return $document;
} }
public static function canCreate(){
return true;
}
public static function canViewItem($document){
if(Auth::user()->hasPermission('view_all'))return true;
if($document->expense){
if($document->expense->invoice)return $document->expense->invoice->canView();
return $document->expense->canView();
}
if($document->invoice)return $document->invoice->canView();
return Auth::user()->id == $item->user_id;
}
} }
Document::deleted(function ($document) { Document::deleted(function ($document) {

6
app/Ninja/Repositories/ExpenseRepository.php
View File

@ -185,10 +185,8 @@ class ExpenseRepository extends BaseRepository
foreach ($expense->documents as $document){ foreach ($expense->documents as $document){
if(!in_array($document->public_id, $document_ids)){ if(!in_array($document->public_id, $document_ids)){
// Removed // Not checking permissions; deleting a document is just editing the invoice
if(!$checkSubPermissions || $document->canEdit()){ $document->delete();
$document->delete();
}
} }
} }

9
app/Ninja/Repositories/InvoiceRepository.php
View File

@ -442,11 +442,10 @@ class InvoiceRepository extends BaseRepository
foreach ($invoice->documents as $document){ foreach ($invoice->documents as $document){
if(!in_array($document->public_id, $document_ids)){ if(!in_array($document->public_id, $document_ids)){
// Removed // Removed
if(!$checkSubPermissions || $document->canEdit()){ // Not checking permissions; deleting a document is just editing the invoice
if($document->invoice_id == $invoice->id){ if($document->invoice_id == $invoice->id){
// Make sure the document isn't on a clone // Make sure the document isn't on a clone
$document->delete(); $document->delete();
}
} }
} }
} }