Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-24 02:14:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for permissions (#3575)

Browse Source
This commit is contained in:
David Bomba 2020-04-01 23:34:50 +11:00 committed by GitHub
parent eba0c19824
commit ceb82ad275
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Filters/ClientFilters.php
View File

@ -174,6 +174,7 @@ class ClientFilters extends QueryFilters
* limit the user to only the invoices they have created
*/
if (Gate::denies('view-list', Client::class)) {
info("the gate!");
$query->where('clients.user_id', '=', $user->id);
}
@ -189,7 +190,6 @@ class ClientFilters extends QueryFilters
*/
public function entityFilter()
{
//return $this->builder->whereCompanyId(auth()->user()->company()->id);
return $this->builder->company();
}

16
app/Http/Controllers/BaseController.php
View File

@ -131,14 +131,16 @@ class BaseController extends Controller
$query->with($includes);
if (auth()->user()->cannot('view_'.$this->entity_type)) {
if ($this->entity_type == Company::class || $this->entity_type == Design::class) {
//no user keys exist on the company table, so we need to skip
} elseif ($this->entity_type == User::class) {
//$query->where('id', '=', auth()->user()->id); @todo why?
} else {
if (!auth()->user()->hasPermission('view_'.lcfirst(class_basename($this->entity_type)))) {
// if ($this->entity_type == Company::class || $this->entity_type == Design::class) {
// //no user keys exist on the company table, so we need to skip
// } elseif ($this->entity_type == User::class) {
// //$query->where('id', '=', auth()->user()->id); @todo why?
// } else {
$query->where('user_id', '=', auth()->user()->id);
}
// }
}
if (request()->has('updated_at') && request()->input('updated_at') > 0) {

11
app/Models/User.php
View File

@ -286,7 +286,16 @@ class User extends Authenticatable implements MustVerifyEmail
*/
public function hasPermission($permission) : bool
{
return (stripos($this->company_user->permissions, $permission) !== false);
$parts = explode("_", $permission);
$all_permission = '';
if(count($parts) > 1)
$all_permission = $parts[0] . '_all';
return $this->isOwner() ||
$this->isAdmin() ||
(stripos($this->company_user->permissions, $all_permission) !== false) ||
(stripos($this->company_user->permissions, $permission) !== false);
}
public function documents()