Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-09-20 08:21:34 +02:00
Code Issues Releases Activity

Fixes for permissions on list response

Browse Source
This commit is contained in:
David Bomba 2022-01-10 19:48:18 +11:00
parent 239b180a21
commit 3e3b4e40e5
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Filters/RecurringExpenseFilters.php
View File

@ -58,7 +58,7 @@ class RecurringExpenseFilters extends QueryFilters
return $this->builder;
}
$table = 'expenses';
$table = 'recurring_expenses';
$filters = explode(',', $filter);
return $this->builder->where(function ($query) use ($filters, $table) {

2
app/Filters/RecurringInvoiceFilters.php
View File

@ -53,7 +53,7 @@ class RecurringInvoiceFilters extends QueryFilters
return $this->builder;
}
$table = 'recurring_';
$table = 'recurring_invoices';
$filters = explode(',', $filter);
return $this->builder->where(function ($query) use ($filters, $table) {

5
app/Http/Controllers/BaseController.php
View File

@ -22,6 +22,7 @@ use App\Utils\Traits\AppSetup;
use Illuminate\Contracts\Container\BindingResolutionException;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Http\Request;
use Illuminate\Support\Str;
use League\Fractal\Manager;
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
use League\Fractal\Resource\Collection;
@ -619,7 +620,9 @@ class BaseController extends Controller
$query->with($includes);
if (auth()->user() && ! auth()->user()->hasPermission('view_'.lcfirst(class_basename($this->entity_type)))) {
// 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected
// if (auth()->user() && ! auth()->user()->hasPermission('view_'.lcfirst(class_basename($this->entity_type)))) {
if (auth()->user() && ! auth()->user()->hasPermission('view'.lcfirst(class_basename(Str::snake($this->entity_type))))) {
$query->where('user_id', '=', auth()->user()->id);
}