From bf85ea60e4de80d12ce32b63335c6bfa6fcc6e67 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Tue, 28 Feb 2023 22:07:58 +1100 Subject: [PATCH] Minor fixes for permissions --- app/Http/Controllers/BankTransactionController.php | 3 +-- .../Requests/BankTransaction/MatchBankTransactionRequest.php | 3 ++- app/Http/Requests/Preview/PreviewInvoiceRequest.php | 2 +- app/Http/Requests/Preview/PreviewPurchaseOrderRequest.php | 2 +- app/Http/Requests/Product/UpdateProductRequest.php | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/BankTransactionController.php b/app/Http/Controllers/BankTransactionController.php index ff223acdf0cf..1240da9eeae9 100644 --- a/app/Http/Controllers/BankTransactionController.php +++ b/app/Http/Controllers/BankTransactionController.php @@ -83,7 +83,7 @@ class BankTransactionController extends BaseController * response="default", * description="Unexpected Error", * @OA\JsonContent(ref="#/components/schemas/Error"), - * ), + * ),zz * ) * @param BankTransactionFilters $filter * @return Response|mixed @@ -531,7 +531,6 @@ class BankTransactionController extends BaseController */ public function match(MatchBankTransactionRequest $request) { - // MatchBankTransactions::dispatch(auth()->user()->company()->id, auth()->user()->company()->db, $request->all()); $bts = (new MatchBankTransactions(auth()->user()->company()->id, auth()->user()->company()->db, $request->all()))->handle(); diff --git a/app/Http/Requests/BankTransaction/MatchBankTransactionRequest.php b/app/Http/Requests/BankTransaction/MatchBankTransactionRequest.php index 12946ad42d9d..1f816b5c555a 100644 --- a/app/Http/Requests/BankTransaction/MatchBankTransactionRequest.php +++ b/app/Http/Requests/BankTransaction/MatchBankTransactionRequest.php @@ -12,6 +12,7 @@ namespace App\Http\Requests\BankTransaction; use App\Http\Requests\Request; +use App\Models\BankTransaction; use App\Models\Expense; use App\Models\Payment; @@ -24,7 +25,7 @@ class MatchBankTransactionRequest extends Request */ public function authorize() : bool { - return auth()->user()->isAdmin(); + return auth()->user()->isAdmin() || auth()->user()->can('create', BankTransaction::class || auth()->user()->hasPermission('edit_bank_transaction')); } public function rules() diff --git a/app/Http/Requests/Preview/PreviewInvoiceRequest.php b/app/Http/Requests/Preview/PreviewInvoiceRequest.php index 75375c620934..ab0586f5a5f8 100644 --- a/app/Http/Requests/Preview/PreviewInvoiceRequest.php +++ b/app/Http/Requests/Preview/PreviewInvoiceRequest.php @@ -31,7 +31,7 @@ class PreviewInvoiceRequest extends Request */ public function authorize() : bool { - return auth()->user()->can('create', Invoice::class) || auth()->user()->can('create', Quote::class) || auth()->user()->can('create', RecurringInvoice::class) || auth()->user()->can('create', Credit::class); + return auth()->user()->hasIntersectPermissionsOrAdmin(['view_invoice', 'view_quote', 'view_recurring_invoice', 'view_credit', 'create_invoice', 'create_quote', 'create_recurring_invoice', 'create_credit','edit_invoice', 'edit_quote', 'edit_recurring_invoice', 'edit_credit']); } public function rules() diff --git a/app/Http/Requests/Preview/PreviewPurchaseOrderRequest.php b/app/Http/Requests/Preview/PreviewPurchaseOrderRequest.php index eae0e42b36b0..6b3ce83cd85e 100644 --- a/app/Http/Requests/Preview/PreviewPurchaseOrderRequest.php +++ b/app/Http/Requests/Preview/PreviewPurchaseOrderRequest.php @@ -28,7 +28,7 @@ class PreviewPurchaseOrderRequest extends Request */ public function authorize() : bool { - return auth()->user()->can('create', PurchaseOrder::class); + return auth()->user()->hasIntersectPermissionsOrAdmin(['create_purchase_order', 'edit_purchase_order', 'view_purchase_order']); } public function rules() diff --git a/app/Http/Requests/Product/UpdateProductRequest.php b/app/Http/Requests/Product/UpdateProductRequest.php index f824cc954ae0..b66dfd00601f 100644 --- a/app/Http/Requests/Product/UpdateProductRequest.php +++ b/app/Http/Requests/Product/UpdateProductRequest.php @@ -26,7 +26,7 @@ class UpdateProductRequest extends Request */ public function authorize() : bool { - return auth()->user()->can('create', Product::class); + return auth()->user()->can('edit', $this->product); } public function rules()