mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-07-09 03:14:30 -04:00
Removed checkSubPermissions flag
This commit is contained in:
Hillel Coren
parent
ee4591c3c6
commit
ce2392563d
@ -158,7 +158,7 @@ class ExpenseController extends BaseController
|
||||
|
||||
$this->authorizeUpdate($data);
|
||||
|
||||
$expense = $this->expenseService->save($data, true);
|
||||
$expense = $this->expenseService->save($data);
|
||||
|
||||
Session::flash('message', trans('texts.updated_expense'));
|
||||
|
||||
|
||||
@ -405,7 +405,7 @@ class InvoiceController extends BaseController
|
||||
$action = Input::get('action');
|
||||
$entityType = Input::get('entityType');
|
||||
|
||||
$invoice = $this->invoiceService->save($data, true);
|
||||
$invoice = $this->invoiceService->save($data);
|
||||
$entityType = $invoice->getEntityType();
|
||||
$message = trans("texts.created_{$entityType}");
|
||||
|
||||
@ -444,7 +444,7 @@ class InvoiceController extends BaseController
|
||||
$action = Input::get('action');
|
||||
$entityType = Input::get('entityType');
|
||||
|
||||
$invoice = $this->invoiceService->save($data, true);
|
||||
$invoice = $this->invoiceService->save($data);
|
||||
$entityType = $invoice->getEntityType();
|
||||
$message = trans("texts.updated_{$entityType}");
|
||||
Session::flash('message', $message);
|
||||
|
||||
@ -122,7 +122,7 @@ class ExpenseRepository extends BaseRepository
|
||||
return $query;
|
||||
}
|
||||
|
||||
public function save($input, $checkSubPermissions=false)
|
||||
public function save($input)
|
||||
{
|
||||
$publicId = isset($input['public_id']) ? $input['public_id'] : false;
|
||||
|
||||
@ -160,7 +160,7 @@ class ExpenseRepository extends BaseRepository
|
||||
$document_ids = !empty($input['document_ids'])?array_map('intval', $input['document_ids']):array();;
|
||||
foreach ($document_ids as $document_id){
|
||||
$document = Document::scope($document_id)->first();
|
||||
if($document && !$checkSubPermissions || Auth::user()->can('edit', $document)){
|
||||
if($document && Auth::user()->can('edit', $document)){
|
||||
$document->invoice_id = null;
|
||||
$document->expense_id = $expense->id;
|
||||
$document->save();
|
||||
|
||||
@ -198,7 +198,7 @@ class InvoiceRepository extends BaseRepository
|
||||
->make();
|
||||
}
|
||||
|
||||
public function save($data, $checkSubPermissions = false)
|
||||
public function save($data)
|
||||
{
|
||||
$account = \Auth::user()->account;
|
||||
$publicId = isset($data['public_id']) ? $data['public_id'] : false;
|
||||
@ -420,7 +420,7 @@ class InvoiceRepository extends BaseRepository
|
||||
$document_ids = !empty($data['document_ids'])?array_map('intval', $data['document_ids']):array();;
|
||||
foreach ($document_ids as $document_id){
|
||||
$document = Document::scope($document_id)->first();
|
||||
if($document && !$checkSubPermissions || Auth::user()->can('edit', $document)){
|
||||
if($document && Auth::user()->can('edit', $document)){
|
||||
|
||||
if($document->invoice_id && $document->invoice_id != $invoice->id){
|
||||
// From a clone
|
||||
@ -473,7 +473,7 @@ class InvoiceRepository extends BaseRepository
|
||||
$task = false;
|
||||
if (isset($item['task_public_id']) && $item['task_public_id']) {
|
||||
$task = Task::scope($item['task_public_id'])->where('invoice_id', '=', null)->firstOrFail();
|
||||
if(!$checkSubPermissions || Auth::user()->can('edit', $task)){
|
||||
if(Auth::user()->can('edit', $task)){
|
||||
$task->invoice_id = $invoice->id;
|
||||
$task->client_id = $invoice->client_id;
|
||||
$task->save();
|
||||
@ -483,7 +483,7 @@ class InvoiceRepository extends BaseRepository
|
||||
$expense = false;
|
||||
if (isset($item['expense_public_id']) && $item['expense_public_id']) {
|
||||
$expense = Expense::scope($item['expense_public_id'])->where('invoice_id', '=', null)->firstOrFail();
|
||||
if(!$checkSubPermissions || Auth::user()->can('edit', $expense)){
|
||||
if(Auth::user()->can('edit', $expense)){
|
||||
$expense->invoice_id = $invoice->id;
|
||||
$expense->client_id = $invoice->client_id;
|
||||
$expense->save();
|
||||
@ -494,7 +494,7 @@ class InvoiceRepository extends BaseRepository
|
||||
if (\Auth::user()->account->update_products && ! strtotime($productKey)) {
|
||||
$product = Product::findProductByKey($productKey);
|
||||
if (!$product) {
|
||||
if(!$checkSubPermissions || Auth::user()->can('create', ENTITY_PRODUCT)){
|
||||
if (Auth::user()->can('create', ENTITY_PRODUCT)) {
|
||||
$product = Product::createNew();
|
||||
$product->product_key = trim($item['product_key']);
|
||||
}
|
||||
@ -502,7 +502,7 @@ class InvoiceRepository extends BaseRepository
|
||||
$product = null;
|
||||
}
|
||||
}
|
||||
if($product && (!$checkSubPermissions || Auth::user()->can('edit', $product))){
|
||||
if ($product && (Auth::user()->can('edit', $product))) {
|
||||
$product->notes = ($task || $expense) ? '' : $item['notes'];
|
||||
$product->cost = $expense ? 0 : $item['cost'];
|
||||
$product->save();
|
||||
@ -516,7 +516,6 @@ class InvoiceRepository extends BaseRepository
|
||||
$invoiceItem->notes = trim($invoice->is_recurring ? $item['notes'] : Utils::processVariables($item['notes']));
|
||||
$invoiceItem->cost = Utils::parseFloat($item['cost']);
|
||||
$invoiceItem->qty = Utils::parseFloat($item['qty']);
|
||||
//$invoiceItem->tax_rate = 0;
|
||||
|
||||
if (isset($item['custom_value1'])) {
|
||||
$invoiceItem->custom_value1 = $item['custom_value1'];
|
||||
|
||||
@ -28,7 +28,7 @@ class ExpenseService extends BaseService
|
||||
return $this->expenseRepo;
|
||||
}
|
||||
|
||||
public function save($data, $checkSubPermissions=false)
|
||||
public function save($data)
|
||||
{
|
||||
if (isset($data['client_id']) && $data['client_id']) {
|
||||
$data['client_id'] = Client::getPrivateId($data['client_id']);
|
||||
@ -38,7 +38,7 @@ class ExpenseService extends BaseService
|
||||
$data['vendor_id'] = Vendor::getPrivateId($data['vendor_id']);
|
||||
}
|
||||
|
||||
return $this->expenseRepo->save($data, $checkSubPermissions);
|
||||
return $this->expenseRepo->save($data);
|
||||
}
|
||||
|
||||
public function getDatatable($search)
|
||||
|
||||
@ -30,26 +30,23 @@ class InvoiceService extends BaseService
|
||||
return $this->invoiceRepo;
|
||||
}
|
||||
|
||||
public function save($data, $checkSubPermissions = false)
|
||||
public function save($data)
|
||||
{
|
||||
if (isset($data['client'])) {
|
||||
$canSaveClient = !$checkSubPermissions;
|
||||
if( ! $canSaveClient){
|
||||
$canSaveClient = false;
|
||||
$clientPublicId = array_get($data, 'client.public_id') ?: array_get($data, 'client.id');
|
||||
if (empty($clientPublicId) || $clientPublicId == '-1') {
|
||||
$canSaveClient = Auth::user()->can('create', ENTITY_CLIENT);
|
||||
} else {
|
||||
$canSaveClient = Auth::user()->can('edit', Client::scope($clientPublicId)->first());
|
||||
}
|
||||
}
|
||||
|
||||
if ($canSaveClient) {
|
||||
$client = $this->clientRepo->save($data['client']);
|
||||
$data['client_id'] = $client->id;
|
||||
}
|
||||
}
|
||||
|
||||
$invoice = $this->invoiceRepo->save($data, $checkSubPermissions);
|
||||
$invoice = $this->invoiceRepo->save($data);
|
||||
|
||||
$client = $invoice->client;
|
||||
$client->load('contacts');
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user