From ebe24c3df1bd480e048feac68a388c6d92115d31 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Tue, 24 Jul 2018 22:30:54 +1000 Subject: [PATCH] Update InvoiceRequest.php --- app/Http/Requests/InvoiceRequest.php | 41 ++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/app/Http/Requests/InvoiceRequest.php b/app/Http/Requests/InvoiceRequest.php index 34365e2be2fe..1dd26440252d 100644 --- a/app/Http/Requests/InvoiceRequest.php +++ b/app/Http/Requests/InvoiceRequest.php @@ -8,6 +8,47 @@ class InvoiceRequest extends EntityRequest { protected $entityType = ENTITY_INVOICE; + /** + * Determine if the user is authorized to make this request. + * + * @return bool + */ + public function authorize() + { + + $invoice = parent::entity(); + + if ($invoice && $invoice->isQuote()) + $standardOrRecurringInvoice = ENTITY_QUOTE; + elseif($invoice && $invoice->is_recurring) + $standardOrRecurringInvoice = ENTITY_RECURRING_INVOICE; + else + $standardOrRecurringInvoice = ENTITY_INVOICE; + + if(request()->is('invoices/create') && !$this->user()->can('create', ENTITY_INVOICE)) + return false; + + if(request()->is('recurring_invoices/create') && !$this->user()->can('create', ENTITY_RECURRING_INVOICE)) + return false; + + if(request()->is('quotes/create') && !$this->user()->can('create', ENTITY_QUOTE)) + return false; + + if(request()->is('invoices/*/edit') && request()->isMethod('put') && !$this->user()->can('edit', $standardOrRecurringInvoice)) + return false; + + if(request()->is('quotes/*/edit') && request()->isMethod('put') && !$this->user()->can('edit', ENTITY_QUOTE)) + return false; + + if(request()->is('invoices/*') && request()->isMethod('get') && !$this->user()->can('view', $standardOrRecurringInvoice)) + return false; + + if(request()->is('quotes/*') && request()->isMethod('get') && !$this->user()->can('view', ENTITY_QUOTE)) + return false; + + return true; + } + public function entity() { $invoice = parent::entity();