Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-24 02:14:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Restrict client access only to current company instead of account wide

Browse Source
This commit is contained in:
David Bomba 2022-01-15 18:04:41 +11:00
parent f868c6c66d
commit f68f79c1e8
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Middleware/CheckClientExistence.php
View File

@ -42,7 +42,7 @@ class CheckClientExistence
return $query->where('is_deleted', false);
})
->whereHas('company', function ($query){
return $query->where('account_id', auth('contact')->user()->client->company->account->id);
return $query->where('id', auth('contact')->user()->client->company_id);
})
->get();

16
app/Http/Middleware/SessionDomains.php
View File

@ -14,6 +14,7 @@ namespace App\Http\Middleware;
use App\Utils\Ninja;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cookie;
class SessionDomains
{
@ -29,8 +30,19 @@ class SessionDomains
if(Ninja::isSelfHost())
return $next($request);
config(['session.domain' => '.' . $request->getHost()]);
$domain_name = $request->getHost();
if (strpos($domain_name, 'invoicing.co') !== false)
{
config(['session.domain' => '.invoicing.co']);
}
else{
// Cookie::queue(Cookie::forget('ninja_session_client', '/', $request->getHost()));
config(['session.domain' => '.' . $request->getHost()]);
}
return $next($request);
}