Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-09-21 00:41:34 +02:00
Code Issues Releases Activity

Ensure companies have the correct size when there are heterogeneous user permissions

Browse Source
This commit is contained in:
David Bomba 2023-01-30 19:50:27 +11:00
parent ea1f2945b2
commit 2f9fcbd42e
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
app/Repositories/UserRepository.php
View File

@ -93,6 +93,7 @@ class UserRepository extends BaseRepository
$user->companies()->attach($company->id, $data['company_user']);
} else {
if (auth()->user()->isAdmin()) {
$cu->fill($data['company_user']);
$cu->restore();
$cu->tokens()->restore();
@ -117,6 +118,8 @@ class UserRepository extends BaseRepository
}
$user->restore();
$this->verifyCorrectCompanySizeForPermissions($user);
return $user->fresh();
}
@ -211,4 +214,35 @@ class UserRepository extends BaseRepository
event(new UserWasRestored($user, auth()->user(), auth()->user()->company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
}
/**
* If we have multiple users in the system,
* and there are some that are not admins,
* we force all companies to large to ensure
* the queries are appropriate for all users
*
* @param User $user
* @return void
*/
private function verifyCorrectCompanySizeForPermissions(User $user): void
{
if(Ninja::isSelfHost() || (Ninja::isHosted() && $user->account->isEnterpriseClient()))
{
$user->account()
->whereHas('companies', function ($query){
$query->where('is_large',0);
})
->whereHas('company_users', function ($query){
$query->where('is_admin', 0);
})
->cursor()->each(function ($account){
$account->companies()->update(['is_large' => true]);
});
}
}
}