From e7f4368cbb3f8bb85142d346621be5c1b22f877c Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Mon, 2 May 2016 16:12:37 +0300
Subject: [PATCH] Working on permissions in the API

---
 app/Http/Controllers/ProductApiController.php | 78 ++++---------------
 app/Http/Controllers/TaxRateApiController.php | 48 +++++-------
 app/Http/Controllers/UserApiController.php    |  5 --
 app/Http/Controllers/VendorApiController.php  |  4 +-
 app/Http/Requests/CreateTaxRateRequest.php    |  4 +-
 app/Http/Requests/UpdateTaxRateRequest.php    |  4 +-
 app/Http/Requests/UpdateUserRequest.php       |  2 +-
 app/Libraries/Utils.php                       |  2 +-
 app/Models/Product.php                        |  8 ++
 app/Ninja/Repositories/ProductRepository.php  | 18 +++++
 app/Providers/AuthServiceProvider.php         |  2 +
 11 files changed, 70 insertions(+), 105 deletions(-)

diff --git a/app/Http/Controllers/ProductApiController.php b/app/Http/Controllers/ProductApiController.php
index 1d3e4577048c..5bf1b239e4c0 100644
--- a/app/Http/Controllers/ProductApiController.php
+++ b/app/Http/Controllers/ProductApiController.php
@@ -1,34 +1,20 @@
 <?php namespace App\Http\Controllers;
 
-use App\Ninja\Repositories\ProductRepository;
-use App\Ninja\Transformers\ProductTransformer;
-use Auth;
-use Str;
-use DB;
-use Datatable;
-use Utils;
-use URL;
-use View;
-use Input;
-use Session;
-use Redirect;
-
 use App\Models\Product;
-use App\Models\TaxRate;
-use App\Services\ProductService;
+use App\Ninja\Repositories\ProductRepository;
+use App\Http\Requests\CreateProductRequest;
+use App\Http\Requests\UpdateProductRequest;
 
 class ProductApiController extends BaseAPIController
 {
-    protected $productService;
     protected $productRepo;
     
     protected $entityType = ENTITY_PRODUCT;
 
-    public function __construct(ProductService $productService, ProductRepository $productRepo)
+    public function __construct(ProductRepository $productRepo)
     {
         parent::__construct();
 
-        $this->productService = $productService;
         $this->productRepo = $productRepo;
     }
 
@@ -41,58 +27,28 @@ class ProductApiController extends BaseAPIController
         return $this->listResponse($products);
     }
 
-    public function getDatatable()
+    public function store(CreateProductRequest $request)
     {
-        return $this->productService->getDatatable(Auth::user()->account_id);
+        $product = $this->productRepo->save($request->input());
+
+        return $this->itemResponse($product);
     }
 
-    public function store()
+    public function update(UpdateProductRequest $request, $publicId)
     {
-        return $this->save();
-    }
-
-    public function update(\Illuminate\Http\Request $request, $publicId)
-    {
-
-        if ($request->action == ACTION_ARCHIVE) {
-            $product = Product::scope($publicId)->withTrashed()->firstOrFail();
-            $this->productRepo->archive($product);
-
-            $transformer = new ProductTransformer(\Auth::user()->account, Input::get('serializer'));
-            $data = $this->createItem($product, $transformer, 'products');
-
-            return $this->response($data);
+        if ($request->action) {
+            return $this->handleAction($request);
         }
-        else
-            return $this->save($publicId);
+        
+        $data = $request->input();
+        $data['public_id'] = $publicId;
+        $product = $this->productRepo->save($data);
+
+        return $this->itemResponse($product);
     }
 
     public function destroy($publicId)
     {
        //stub
     }
-
-    private function save($productPublicId = false)
-    {
-        if ($productPublicId) {
-            $product = Product::scope($productPublicId)->firstOrFail();
-        } else {
-            $product = Product::createNew();
-        }
-
-        $product->product_key = trim(Input::get('product_key'));
-        $product->notes = trim(Input::get('notes'));
-        $product->cost = trim(Input::get('cost'));
-        //$product->default_tax_rate_id = Input::get('default_tax_rate_id');
-
-        $product->save();
-
-        $transformer = new ProductTransformer(\Auth::user()->account, Input::get('serializer'));
-        $data = $this->createItem($product, $transformer, 'products');
-
-        return $this->response($data);
-
-    }
-
-
 }
diff --git a/app/Http/Controllers/TaxRateApiController.php b/app/Http/Controllers/TaxRateApiController.php
index 1aa5417d9563..1c4e9bf255bc 100644
--- a/app/Http/Controllers/TaxRateApiController.php
+++ b/app/Http/Controllers/TaxRateApiController.php
@@ -1,26 +1,20 @@
 <?php namespace App\Http\Controllers;
 
-use App\Services\TaxRateService;
-use App\Ninja\Repositories\TaxRateRepository;
-use App\Ninja\Transformers\TaxRateTransformer;
-use Auth;
 use App\Models\TaxRate;
-
+use App\Ninja\Repositories\TaxRateRepository;
 use App\Http\Requests\CreateTaxRateRequest;
 use App\Http\Requests\UpdateTaxRateRequest;
 
 class TaxRateApiController extends BaseAPIController
 {
-    protected $taxRateService;
     protected $taxRateRepo;
-
+    
     protected $entityType = ENTITY_TAX_RATE;
 
-    public function __construct(TaxRateService $taxRateService, TaxRateRepository $taxRateRepo)
+    public function __construct(TaxRateRepository $taxRateRepo)
     {
         parent::__construct();
 
-        $this->taxRateService = $taxRateService;
         $this->taxRateRepo = $taxRateRepo;
     }
 
@@ -29,38 +23,32 @@ class TaxRateApiController extends BaseAPIController
         $taxRates = TaxRate::scope()
                         ->withTrashed()
                         ->orderBy('created_at', 'desc');
-        
+
         return $this->listResponse($taxRates);
     }
 
     public function store(CreateTaxRateRequest $request)
     {
-        return $this->save($request);
+        $taxRate = $this->taxRateRepo->save($request->input());
+
+        return $this->itemResponse($taxRate);
     }
 
-    public function update(UpdateTaxRateRequest $request, $taxRatePublicId)
+    public function update(UpdateTaxRateRequest $request, $publicId)
     {
-        $taxRate = TaxRate::scope($taxRatePublicId)->firstOrFail();
-
-        if ($request->action == ACTION_ARCHIVE) {
-            $this->taxRateRepo->archive($taxRate);
-
-            $transformer = new TaxRateTransformer(Auth::user()->account, $request->serializer);
-            $data = $this->createItem($taxRate, $transformer, 'tax_rates');
-
-            return $this->response($data);
-        } else {
-            return $this->save($request, $taxRate);
+        if ($request->action) {
+            return $this->handleAction($request);
         }
+        
+        $data = $request->input();
+        $data['public_id'] = $publicId;
+        $taxRate = $this->taxRateRepo->save($data);
+
+        return $this->itemResponse($taxRate);
     }
 
-    private function save($request, $taxRate = false)
+    public function destroy($publicId)
     {
-        $taxRate = $this->taxRateRepo->save($request->input(), $taxRate);
-
-        $transformer = new TaxRateTransformer(\Auth::user()->account, $request->serializer);
-        $data = $this->createItem($taxRate, $transformer, 'tax_rates');
-
-        return $this->response($data);
+       //stub
     }
 }
diff --git a/app/Http/Controllers/UserApiController.php b/app/Http/Controllers/UserApiController.php
index 6786e4046544..2869c3512f5a 100644
--- a/app/Http/Controllers/UserApiController.php
+++ b/app/Http/Controllers/UserApiController.php
@@ -42,11 +42,6 @@ class UserApiController extends BaseAPIController
 
     public function update(UpdateUserRequest $request, $userPublicId)
     {
-        /*
-        // temporary fix for ids starting at 0
-        $userPublicId -= 1;
-        $user = User::scope($userPublicId)->firstOrFail();
-        */
         $user = Auth::user();
 
         if ($request->action == ACTION_ARCHIVE) {
diff --git a/app/Http/Controllers/VendorApiController.php b/app/Http/Controllers/VendorApiController.php
index 1dea751e790d..d3cc27094760 100644
--- a/app/Http/Controllers/VendorApiController.php
+++ b/app/Http/Controllers/VendorApiController.php
@@ -85,8 +85,6 @@ class VendorApiController extends BaseAPIController
                     ->with('country', 'vendorcontacts', 'industry', 'size', 'currency')
                     ->first();
 
-        $transformer = new VendorTransformer(Auth::user()->account, Input::get('serializer'));
-        $data = $this->createItem($vendor, $transformer, ENTITY_VENDOR);
-        return $this->response($data);
+        return $this->itemResponse($vendor);
     }
 }
diff --git a/app/Http/Requests/CreateTaxRateRequest.php b/app/Http/Requests/CreateTaxRateRequest.php
index 1596c814f127..d8fef50093b7 100644
--- a/app/Http/Requests/CreateTaxRateRequest.php
+++ b/app/Http/Requests/CreateTaxRateRequest.php
@@ -3,7 +3,7 @@
 use App\Http\Requests\Request;
 use Illuminate\Validation\Factory;
 
-class CreateTaxRateRequest extends Request
+class CreateTaxRateRequest extends TaxRateRequest
 {
     // Expenses 
     /**
@@ -13,7 +13,7 @@ class CreateTaxRateRequest extends Request
      */
     public function authorize()
     {
-        return true;
+        return $this->user()->can('create', ENTITY_TAX_RATE);
     }
 
     /**
diff --git a/app/Http/Requests/UpdateTaxRateRequest.php b/app/Http/Requests/UpdateTaxRateRequest.php
index bcfa298e06c5..a4bdc6301ca2 100644
--- a/app/Http/Requests/UpdateTaxRateRequest.php
+++ b/app/Http/Requests/UpdateTaxRateRequest.php
@@ -3,7 +3,7 @@
 use App\Http\Requests\Request;
 use Illuminate\Validation\Factory;
 
-class UpdateTaxRateRequest extends Request
+class UpdateTaxRateRequest extends TaxRateRequest
 {
     // Expenses 
     /**
@@ -13,7 +13,7 @@ class UpdateTaxRateRequest extends Request
      */
     public function authorize()
     {
-        return true;
+        return $this->user()->can('edit', $this->entity());
     }
 
     /**
diff --git a/app/Http/Requests/UpdateUserRequest.php b/app/Http/Requests/UpdateUserRequest.php
index 91d7a73bc568..b3149d2b61ff 100644
--- a/app/Http/Requests/UpdateUserRequest.php
+++ b/app/Http/Requests/UpdateUserRequest.php
@@ -14,7 +14,7 @@ class UpdateUserRequest extends Request
      */
     public function authorize()
     {
-        return true;
+        return $this->user()->can('edit', $this->entity());
     }
 
     /**
diff --git a/app/Libraries/Utils.php b/app/Libraries/Utils.php
index 86107acfcd59..141eacfc3058 100644
--- a/app/Libraries/Utils.php
+++ b/app/Libraries/Utils.php
@@ -676,7 +676,7 @@ class Utils
 
     public static function getEntityName($entityType)
     {
-        return ucwords(str_replace('_', ' ', $entityType));
+        return ucwords(Utils::toCamelCase($entityType));
     }
 
     public static function getClientDisplayName($model)
diff --git a/app/Models/Product.php b/app/Models/Product.php
index 8de7c7ac5b2c..0d3221f2a1ea 100644
--- a/app/Models/Product.php
+++ b/app/Models/Product.php
@@ -8,6 +8,14 @@ class Product extends EntityModel
     use SoftDeletes;
     protected $dates = ['deleted_at'];
 
+    protected $fillable = [
+        'product_key',
+        'notes',
+        'cost',
+        'qty',
+        'default_tax_rate_id',
+    ];
+
     public function getEntityType()
     {
         return ENTITY_PRODUCT;
diff --git a/app/Ninja/Repositories/ProductRepository.php b/app/Ninja/Repositories/ProductRepository.php
index 417b49f23640..7100b083a553 100644
--- a/app/Ninja/Repositories/ProductRepository.php
+++ b/app/Ninja/Repositories/ProductRepository.php
@@ -1,6 +1,7 @@
 <?php namespace App\Ninja\Repositories;
 
 use DB;
+use App\Models\Product;
 use App\Ninja\Repositories\BaseRepository;
 
 class ProductRepository extends BaseRepository
@@ -29,4 +30,21 @@ class ProductRepository extends BaseRepository
                     'products.deleted_at'
                 );
     }
+    
+    public function save($data)
+    {
+        $publicId = isset($data['public_id']) ? $data['public_id'] : false;
+        
+        if ($publicId) {
+            $product = Product::scope($publicId)->firstOrFail();
+        } else {
+            $product = Product::createNew();
+        }
+
+        $product->fill($data);
+        $product->save();
+
+        return $product;
+    }
+
 }
\ No newline at end of file
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 884c2587503d..02aba3e1d6d3 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -21,6 +21,8 @@ class AuthServiceProvider extends ServiceProvider
         \App\Models\Payment::class => \App\Policies\PaymentPolicy::class,
         \App\Models\Task::class => \App\Policies\TaskPolicy::class,
         \App\Models\Vendor::class => \App\Policies\VendorPolicy::class,
+        \App\Models\Product::class => \App\Policies\ProductPolicy::class,
+        \App\Models\TaxRate::class => \App\Policies\TaxRatePolicy::class,
     ];
     
     /**