From fec948f1e8d4edbf52ec319c8916a11b157332c6 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Sun, 8 May 2016 21:29:49 +0300
Subject: [PATCH] Fixed searching for non-admins

---
 app/Http/Controllers/AccountController.php   |  3 +--
 app/Http/routes.php                          |  6 +----
 app/Libraries/Utils.php                      |  2 +-
 app/Ninja/Repositories/AccountRepository.php | 28 +++++++++++++-------
 4 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php
index db2a65e6eca1..b3bd13fad409 100644
--- a/app/Http/Controllers/AccountController.php
+++ b/app/Http/Controllers/AccountController.php
@@ -253,8 +253,7 @@ class AccountController extends BaseController
 
     public function getSearchData()
     {
-        $account = Auth::user()->account;
-        $data = $this->accountRepo->getSearchData($account);
+        $data = $this->accountRepo->getSearchData(Auth::user());
 
         return Response::json($data);
     }
diff --git a/app/Http/routes.php b/app/Http/routes.php
index c379becaad3d..22240242064a 100644
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -110,6 +110,7 @@ Route::group(['middleware' => 'auth:user'], function() {
     Route::get('view_archive/{entity_type}/{visible}', 'AccountController@setTrashVisible');
     Route::get('hide_message', 'HomeController@hideMessage');
     Route::get('force_inline_pdf', 'UserController@forcePDFJS');
+    Route::get('account/getSearchData', array('as' => 'getSearchData', 'uses' => 'AccountController@getSearchData'));
     
     Route::get('settings/user_details', 'AccountController@showUserDetails');
     Route::post('settings/user_details', 'AccountController@saveUserDetails');
@@ -220,11 +221,6 @@ Route::group([
     Route::get('settings/{section?}', 'AccountController@showSection');
     Route::post('settings/{section?}', 'AccountController@doSection');
 
-    //Route::get('api/payment_terms', array('as'=>'api.payment_terms', 'uses'=>'PaymentTermController@getDatatable'));
-    //Route::resource('payment_terms', 'PaymentTermController');
-    //Route::post('payment_terms/bulk', 'PaymentTermController@bulk');
-
-    Route::get('account/getSearchData', array('as' => 'getSearchData', 'uses' => 'AccountController@getSearchData'));
     Route::post('user/setTheme', 'UserController@setTheme');
     Route::post('remove_logo', 'AccountController@removeLogo');
     Route::post('account/go_pro', 'AccountController@enableProPlan');
diff --git a/app/Libraries/Utils.php b/app/Libraries/Utils.php
index 4699603d4d4c..c02c719169a4 100644
--- a/app/Libraries/Utils.php
+++ b/app/Libraries/Utils.php
@@ -140,7 +140,7 @@ class Utils
 
     public static function hasAllPermissions($permission)
     {
-        return Auth::check() && Auth::user()->hasPermissions($permission);
+        return Auth::check() && Auth::user()->hasPermission($permission);
     }
 
     public static function isTrial()
diff --git a/app/Ninja/Repositories/AccountRepository.php b/app/Ninja/Repositories/AccountRepository.php
index b57efffdcdb4..38753dde9b9a 100644
--- a/app/Ninja/Repositories/AccountRepository.php
+++ b/app/Ninja/Repositories/AccountRepository.php
@@ -75,17 +75,19 @@ class AccountRepository
         return $account;
     }
 
-    public function getSearchData($account)
+    public function getSearchData($user)
     {
-        $data = $this->getAccountSearchData($account);
+        $data = $this->getAccountSearchData($user);
 
-        $data['navigation'] = $this->getNavigationSearchData();
+        $data['navigation'] = $user->is_admin ? $this->getNavigationSearchData() : [];
 
         return $data;
     }
 
-    private function getAccountSearchData($account)
+    private function getAccountSearchData($user)
     {
+        $account = $user->account;
+        
         $data = [
             'clients' => [],
             'contacts' => [],
@@ -100,11 +102,19 @@ class AccountRepository
         if ($account->custom_client_label2) {
             $data[$account->custom_client_label2] = [];
         }
-
-        $clients = Client::scope()
-                    ->with('contacts', 'invoices')
-                    ->get();
-
+        
+        if ($user->hasPermission('view_all')) {
+            $clients = Client::scope()
+                        ->with('contacts', 'invoices')
+                        ->get();
+        } else {
+            $clients = Client::scope()
+                        ->where('user_id', '=', $user->id)
+                        ->with(['contacts', 'invoices' => function($query) use ($user) {
+                            $query->where('user_id', '=', $user->id);
+                        }])->get();
+        }
+        
         foreach ($clients as $client) {
             if ($client->name) {
                 $data['clients'][] = [