Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-07 23:54:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Working on permissions in the API

Browse Source
This commit is contained in:
Hillel Coren 2016-05-02 16:12:37 +03:00
parent 1d6011caad
commit e7f4368cbb
11 changed files with 70 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
app/Http/Controllers/ProductApiController.php
View File

@ -1,34 +1,20 @@
<?php namespace App\Http\Controllers; <?php namespace App\Http\Controllers;
use App\Ninja\Repositories\ProductRepository;
use App\Ninja\Transformers\ProductTransformer;
use Auth;
use Str;
use DB;
use Datatable;
use Utils;
use URL;
use View;
use Input;
use Session;
use Redirect;
use App\Models\Product; use App\Models\Product;
use App\Models\TaxRate; use App\Ninja\Repositories\ProductRepository;
use App\Services\ProductService; use App\Http\Requests\CreateProductRequest;
use App\Http\Requests\UpdateProductRequest;
class ProductApiController extends BaseAPIController class ProductApiController extends BaseAPIController
{ {
protected $productService;
protected $productRepo; protected $productRepo;
protected $entityType = ENTITY_PRODUCT; protected $entityType = ENTITY_PRODUCT;
public function __construct(ProductService $productService, ProductRepository $productRepo) public function __construct(ProductRepository $productRepo)
{ {
parent::__construct(); parent::__construct();
$this->productService = $productService;
$this->productRepo = $productRepo; $this->productRepo = $productRepo;
} }
@ -41,58 +27,28 @@ class ProductApiController extends BaseAPIController
return $this->listResponse($products); return $this->listResponse($products);
} }
public function getDatatable() public function store(CreateProductRequest $request)
{ {
return $this->productService->getDatatable(Auth::user()->account_id); $product = $this->productRepo->save($request->input());
return $this->itemResponse($product);
} }
public function store() public function update(UpdateProductRequest $request, $publicId)
{ {
return $this->save(); if ($request->action) {
} return $this->handleAction($request);
public function update(\Illuminate\Http\Request $request, $publicId)
{
if ($request->action == ACTION_ARCHIVE) {
$product = Product::scope($publicId)->withTrashed()->firstOrFail();
$this->productRepo->archive($product);
$transformer = new ProductTransformer(\Auth::user()->account, Input::get('serializer'));
$data = $this->createItem($product, $transformer, 'products');
return $this->response($data);
} }
else
return $this->save($publicId); $data = $request->input();
$data['public_id'] = $publicId;
$product = $this->productRepo->save($data);
return $this->itemResponse($product);
} }
public function destroy($publicId) public function destroy($publicId)
{ {
//stub //stub
} }
private function save($productPublicId = false)
{
if ($productPublicId) {
$product = Product::scope($productPublicId)->firstOrFail();
} else {
$product = Product::createNew();
}
$product->product_key = trim(Input::get('product_key'));
$product->notes = trim(Input::get('notes'));
$product->cost = trim(Input::get('cost'));
//$product->default_tax_rate_id = Input::get('default_tax_rate_id');
$product->save();
$transformer = new ProductTransformer(\Auth::user()->account, Input::get('serializer'));
$data = $this->createItem($product, $transformer, 'products');
return $this->response($data);
}
} }

44
app/Http/Controllers/TaxRateApiController.php
View File

@ -1,26 +1,20 @@
<?php namespace App\Http\Controllers; <?php namespace App\Http\Controllers;
use App\Services\TaxRateService;
use App\Ninja\Repositories\TaxRateRepository;
use App\Ninja\Transformers\TaxRateTransformer;
use Auth;
use App\Models\TaxRate; use App\Models\TaxRate;
use App\Ninja\Repositories\TaxRateRepository;
use App\Http\Requests\CreateTaxRateRequest; use App\Http\Requests\CreateTaxRateRequest;
use App\Http\Requests\UpdateTaxRateRequest; use App\Http\Requests\UpdateTaxRateRequest;
class TaxRateApiController extends BaseAPIController class TaxRateApiController extends BaseAPIController
{ {
protected $taxRateService;
protected $taxRateRepo; protected $taxRateRepo;
protected $entityType = ENTITY_TAX_RATE; protected $entityType = ENTITY_TAX_RATE;
public function __construct(TaxRateService $taxRateService, TaxRateRepository $taxRateRepo) public function __construct(TaxRateRepository $taxRateRepo)
{ {
parent::__construct(); parent::__construct();
$this->taxRateService = $taxRateService;
$this->taxRateRepo = $taxRateRepo; $this->taxRateRepo = $taxRateRepo;
} }
@ -35,32 +29,26 @@ class TaxRateApiController extends BaseAPIController
public function store(CreateTaxRateRequest $request) public function store(CreateTaxRateRequest $request)
{ {
return $this->save($request); $taxRate = $this->taxRateRepo->save($request->input());
return $this->itemResponse($taxRate);
} }
public function update(UpdateTaxRateRequest $request, $taxRatePublicId) public function update(UpdateTaxRateRequest $request, $publicId)
{ {
$taxRate = TaxRate::scope($taxRatePublicId)->firstOrFail(); if ($request->action) {
return $this->handleAction($request);
if ($request->action == ACTION_ARCHIVE) {
$this->taxRateRepo->archive($taxRate);
$transformer = new TaxRateTransformer(Auth::user()->account, $request->serializer);
$data = $this->createItem($taxRate, $transformer, 'tax_rates');
return $this->response($data);
} else {
return $this->save($request, $taxRate);
} }
$data = $request->input();
$data['public_id'] = $publicId;
$taxRate = $this->taxRateRepo->save($data);
return $this->itemResponse($taxRate);
} }
private function save($request, $taxRate = false) public function destroy($publicId)
{ {
$taxRate = $this->taxRateRepo->save($request->input(), $taxRate); //stub
$transformer = new TaxRateTransformer(\Auth::user()->account, $request->serializer);
$data = $this->createItem($taxRate, $transformer, 'tax_rates');
return $this->response($data);
} }
} }

5
app/Http/Controllers/UserApiController.php
View File

@ -42,11 +42,6 @@ class UserApiController extends BaseAPIController
public function update(UpdateUserRequest $request, $userPublicId) public function update(UpdateUserRequest $request, $userPublicId)
{ {
/*
// temporary fix for ids starting at 0
$userPublicId -= 1;
$user = User::scope($userPublicId)->firstOrFail();
*/
$user = Auth::user(); $user = Auth::user();
if ($request->action == ACTION_ARCHIVE) { if ($request->action == ACTION_ARCHIVE) {

4
app/Http/Controllers/VendorApiController.php
View File

@ -85,8 +85,6 @@ class VendorApiController extends BaseAPIController
->with('country', 'vendorcontacts', 'industry', 'size', 'currency') ->with('country', 'vendorcontacts', 'industry', 'size', 'currency')
->first(); ->first();
$transformer = new VendorTransformer(Auth::user()->account, Input::get('serializer')); return $this->itemResponse($vendor);
$data = $this->createItem($vendor, $transformer, ENTITY_VENDOR);
return $this->response($data);
} }
} }

4
app/Http/Requests/CreateTaxRateRequest.php
View File

@ -3,7 +3,7 @@
use App\Http\Requests\Request; use App\Http\Requests\Request;
use Illuminate\Validation\Factory; use Illuminate\Validation\Factory;
class CreateTaxRateRequest extends Request class CreateTaxRateRequest extends TaxRateRequest
{ {
// Expenses // Expenses
/** /**
@ -13,7 +13,7 @@ class CreateTaxRateRequest extends Request
*/ */
public function authorize() public function authorize()
{ {
return true; return $this->user()->can('create', ENTITY_TAX_RATE);
} }
/** /**

4
app/Http/Requests/UpdateTaxRateRequest.php
View File

@ -3,7 +3,7 @@
use App\Http\Requests\Request; use App\Http\Requests\Request;
use Illuminate\Validation\Factory; use Illuminate\Validation\Factory;
class UpdateTaxRateRequest extends Request class UpdateTaxRateRequest extends TaxRateRequest
{ {
// Expenses // Expenses
/** /**
@ -13,7 +13,7 @@ class UpdateTaxRateRequest extends Request
*/ */
public function authorize() public function authorize()
{ {
return true; return $this->user()->can('edit', $this->entity());
} }
/** /**

2
app/Http/Requests/UpdateUserRequest.php
View File

@ -14,7 +14,7 @@ class UpdateUserRequest extends Request
*/ */
public function authorize() public function authorize()
{ {
return true; return $this->user()->can('edit', $this->entity());
} }
/** /**

2
app/Libraries/Utils.php
View File

@ -676,7 +676,7 @@ class Utils
public static function getEntityName($entityType) public static function getEntityName($entityType)
{ {
return ucwords(str_replace('_', ' ', $entityType)); return ucwords(Utils::toCamelCase($entityType));
} }
public static function getClientDisplayName($model) public static function getClientDisplayName($model)

8
app/Models/Product.php
View File

@ -8,6 +8,14 @@ class Product extends EntityModel
use SoftDeletes; use SoftDeletes;
protected $dates = ['deleted_at']; protected $dates = ['deleted_at'];
protected $fillable = [
'product_key',
'notes',
'cost',
'qty',
'default_tax_rate_id',
];
public function getEntityType() public function getEntityType()
{ {
return ENTITY_PRODUCT; return ENTITY_PRODUCT;

18
app/Ninja/Repositories/ProductRepository.php
View File

@ -1,6 +1,7 @@
<?php namespace App\Ninja\Repositories; <?php namespace App\Ninja\Repositories;
use DB; use DB;
use App\Models\Product;
use App\Ninja\Repositories\BaseRepository; use App\Ninja\Repositories\BaseRepository;
class ProductRepository extends BaseRepository class ProductRepository extends BaseRepository
@ -29,4 +30,21 @@ class ProductRepository extends BaseRepository
'products.deleted_at' 'products.deleted_at'
); );
} }
public function save($data)
{
$publicId = isset($data['public_id']) ? $data['public_id'] : false;
if ($publicId) {
$product = Product::scope($publicId)->firstOrFail();
} else {
$product = Product::createNew();
}
$product->fill($data);
$product->save();
return $product;
}
} }

2
app/Providers/AuthServiceProvider.php
View File

@ -21,6 +21,8 @@ class AuthServiceProvider extends ServiceProvider
\App\Models\Payment::class => \App\Policies\PaymentPolicy::class, \App\Models\Payment::class => \App\Policies\PaymentPolicy::class,
\App\Models\Task::class => \App\Policies\TaskPolicy::class, \App\Models\Task::class => \App\Policies\TaskPolicy::class,
\App\Models\Vendor::class => \App\Policies\VendorPolicy::class, \App\Models\Vendor::class => \App\Policies\VendorPolicy::class,
\App\Models\Product::class => \App\Policies\ProductPolicy::class,
\App\Models\TaxRate::class => \App\Policies\TaxRatePolicy::class,
]; ];
/** /**