Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-30 23:54:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Restrict client access only to current company instead of account wide

Browse Source
This commit is contained in:
David Bomba 2022-01-15 18:04:41 +11:00
parent f868c6c66d
commit f68f79c1e8
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Middleware/CheckClientExistence.php
View File

@ -42,7 +42,7 @@ class CheckClientExistence
return $query->where('is_deleted', false); return $query->where('is_deleted', false);
}) })
->whereHas('company', function ($query){ ->whereHas('company', function ($query){
return $query->where('account_id', auth('contact')->user()->client->company->account->id); return $query->where('id', auth('contact')->user()->client->company_id);
}) })
->get(); ->get();

16
app/Http/Middleware/SessionDomains.php
View File

@ -14,6 +14,7 @@ namespace App\Http\Middleware;
use App\Utils\Ninja; use App\Utils\Ninja;
use Closure; use Closure;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cookie;
class SessionDomains class SessionDomains
{ {
@ -29,8 +30,19 @@ class SessionDomains
if(Ninja::isSelfHost()) if(Ninja::isSelfHost())
return $next($request); return $next($request);
config(['session.domain' => '.' . $request->getHost()]); $domain_name = $request->getHost();
if (strpos($domain_name, 'invoicing.co') !== false)
{
config(['session.domain' => '.invoicing.co']);
}
else{
// Cookie::queue(Cookie::forget('ninja_session_client', '/', $request->getHost()));
config(['session.domain' => '.' . $request->getHost()]);
}
return $next($request); return $next($request);
} }