From f68f79c1e870d59fe7a6d712127cedafb6bbc55b Mon Sep 17 00:00:00 2001 From: David Bomba Date: Sat, 15 Jan 2022 18:04:41 +1100 Subject: [PATCH] Restrict client access only to current company instead of account wide --- app/Http/Middleware/CheckClientExistence.php | 2 +- app/Http/Middleware/SessionDomains.php | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/app/Http/Middleware/CheckClientExistence.php b/app/Http/Middleware/CheckClientExistence.php index f8238db1e6e2..554e74d8e6a1 100644 --- a/app/Http/Middleware/CheckClientExistence.php +++ b/app/Http/Middleware/CheckClientExistence.php @@ -42,7 +42,7 @@ class CheckClientExistence return $query->where('is_deleted', false); }) ->whereHas('company', function ($query){ - return $query->where('account_id', auth('contact')->user()->client->company->account->id); + return $query->where('id', auth('contact')->user()->client->company_id); }) ->get(); diff --git a/app/Http/Middleware/SessionDomains.php b/app/Http/Middleware/SessionDomains.php index 6a0406f42e61..196ebd946120 100644 --- a/app/Http/Middleware/SessionDomains.php +++ b/app/Http/Middleware/SessionDomains.php @@ -14,6 +14,7 @@ namespace App\Http\Middleware; use App\Utils\Ninja; use Closure; use Illuminate\Http\Request; +use Illuminate\Support\Facades\Cookie; class SessionDomains { @@ -29,8 +30,19 @@ class SessionDomains if(Ninja::isSelfHost()) return $next($request); - - config(['session.domain' => '.' . $request->getHost()]); + + $domain_name = $request->getHost(); + + if (strpos($domain_name, 'invoicing.co') !== false) + { + config(['session.domain' => '.invoicing.co']); + } + else{ + + // Cookie::queue(Cookie::forget('ninja_session_client', '/', $request->getHost())); + + config(['session.domain' => '.' . $request->getHost()]); + } return $next($request); }