mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2025-07-09 03:14:30 -04:00
Update InvoiceRequest.php
This commit is contained in:
parent
741e90462a
commit
ebe24c3df1
@ -8,6 +8,47 @@ class InvoiceRequest extends EntityRequest
|
||||
{
|
||||
protected $entityType = ENTITY_INVOICE;
|
||||
|
||||
/**
|
||||
* Determine if the user is authorized to make this request.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function authorize()
|
||||
{
|
||||
|
||||
$invoice = parent::entity();
|
||||
|
||||
if ($invoice && $invoice->isQuote())
|
||||
$standardOrRecurringInvoice = ENTITY_QUOTE;
|
||||
elseif($invoice && $invoice->is_recurring)
|
||||
$standardOrRecurringInvoice = ENTITY_RECURRING_INVOICE;
|
||||
else
|
||||
$standardOrRecurringInvoice = ENTITY_INVOICE;
|
||||
|
||||
if(request()->is('invoices/create') && !$this->user()->can('create', ENTITY_INVOICE))
|
||||
return false;
|
||||
|
||||
if(request()->is('recurring_invoices/create') && !$this->user()->can('create', ENTITY_RECURRING_INVOICE))
|
||||
return false;
|
||||
|
||||
if(request()->is('quotes/create') && !$this->user()->can('create', ENTITY_QUOTE))
|
||||
return false;
|
||||
|
||||
if(request()->is('invoices/*/edit') && request()->isMethod('put') && !$this->user()->can('edit', $standardOrRecurringInvoice))
|
||||
return false;
|
||||
|
||||
if(request()->is('quotes/*/edit') && request()->isMethod('put') && !$this->user()->can('edit', ENTITY_QUOTE))
|
||||
return false;
|
||||
|
||||
if(request()->is('invoices/*') && request()->isMethod('get') && !$this->user()->can('view', $standardOrRecurringInvoice))
|
||||
return false;
|
||||
|
||||
if(request()->is('quotes/*') && request()->isMethod('get') && !$this->user()->can('view', ENTITY_QUOTE))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function entity()
|
||||
{
|
||||
$invoice = parent::entity();
|
||||
|
Loading…
x
Reference in New Issue
Block a user