Fixed searching for non-admins

2025-07-09 03:14:30 -04:00 · 2016-05-08 21:29:49 +03:00 · 2016-05-08 21:29:49 +03:00 · fec948f1e8
commit fec948f1e8
parent 4712780ff6
4 changed files with 22 additions and 17 deletions
--- a/app/Http/Controllers/AccountController.php
+++ b/app/Http/Controllers/AccountController.php
@ -253,8 +253,7 @@ class AccountController extends BaseController

    public function getSearchData()
    {
-        $account = Auth::user()->account;
-        $data = $this->accountRepo->getSearchData($account);
+        $data = $this->accountRepo->getSearchData(Auth::user());

        return Response::json($data);
    }
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@ -110,6 +110,7 @@ Route::group(['middleware' => 'auth:user'], function() {
    Route::get('view_archive/{entity_type}/{visible}', 'AccountController@setTrashVisible');
    Route::get('hide_message', 'HomeController@hideMessage');
    Route::get('force_inline_pdf', 'UserController@forcePDFJS');
+    Route::get('account/getSearchData', array('as' => 'getSearchData', 'uses' => 'AccountController@getSearchData'));
    
    Route::get('settings/user_details', 'AccountController@showUserDetails');
    Route::post('settings/user_details', 'AccountController@saveUserDetails');
@ -220,11 +221,6 @@ Route::group([
    Route::get('settings/{section?}', 'AccountController@showSection');
    Route::post('settings/{section?}', 'AccountController@doSection');

-    //Route::get('api/payment_terms', array('as'=>'api.payment_terms', 'uses'=>'PaymentTermController@getDatatable'));
-    //Route::resource('payment_terms', 'PaymentTermController');
-    //Route::post('payment_terms/bulk', 'PaymentTermController@bulk');
-
-    Route::get('account/getSearchData', array('as' => 'getSearchData', 'uses' => 'AccountController@getSearchData'));
    Route::post('user/setTheme', 'UserController@setTheme');
    Route::post('remove_logo', 'AccountController@removeLogo');
    Route::post('account/go_pro', 'AccountController@enableProPlan');
--- a/app/Libraries/Utils.php
+++ b/app/Libraries/Utils.php
@ -140,7 +140,7 @@ class Utils

    public static function hasAllPermissions($permission)
    {
-        return Auth::check() && Auth::user()->hasPermissions($permission);
+        return Auth::check() && Auth::user()->hasPermission($permission);
    }

    public static function isTrial()
--- a/app/Ninja/Repositories/AccountRepository.php
+++ b/app/Ninja/Repositories/AccountRepository.php
@ -75,17 +75,19 @@ class AccountRepository
        return $account;
    }

-    public function getSearchData($account)
+    public function getSearchData($user)
    {
-        $data = $this->getAccountSearchData($account);
+        $data = $this->getAccountSearchData($user);

-        $data['navigation'] = $this->getNavigationSearchData();
+        $data['navigation'] = $user->is_admin ? $this->getNavigationSearchData() : [];

        return $data;
    }

-    private function getAccountSearchData($account)
+    private function getAccountSearchData($user)
    {
+        $account = $user->account;
+        
        $data = [
            'clients' => [],
            'contacts' => [],
@ -101,9 +103,17 @@ class AccountRepository
            $data[$account->custom_client_label2] = [];
        }
        
-        $clients = Client::scope()
-                    ->with('contacts', 'invoices')
-                    ->get();
+        if ($user->hasPermission('view_all')) {
+            $clients = Client::scope()
+                        ->with('contacts', 'invoices')
+                        ->get();
+        } else {
+            $clients = Client::scope()
+                        ->where('user_id', '=', $user->id)
+                        ->with(['contacts', 'invoices' => function($query) use ($user) {
+                            $query->where('user_id', '=', $user->id);
+                        }])->get();
+        }
        
        foreach ($clients as $client) {
            if ($client->name) {