From 85a8edaab19b7f1210503b8ea02fba1f75d9d5ac Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 14 Nov 2022 08:09:08 +1100
Subject: [PATCH 1/5] Change logo

---
 app/Models/Presenters/CompanyPresenter.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/Models/Presenters/CompanyPresenter.php b/app/Models/Presenters/CompanyPresenter.php
index 212e6614d5..e3f53509fa 100644
--- a/app/Models/Presenters/CompanyPresenter.php
+++ b/app/Models/Presenters/CompanyPresenter.php
@@ -88,8 +88,10 @@ class CompanyPresenter extends EntityPresenter
             return "data:image/png;base64, ". base64_encode(@file_get_contents($settings->company_logo, false, stream_context_create($context_options)));
         else if(strlen($settings->company_logo) >= 1)
             return "data:image/png;base64, ". base64_encode(@file_get_contents(url('') . $settings->company_logo, false, stream_context_create($context_options)));
-        else
-            return "data:image/png;base64, ". base64_encode(@file_get_contents(asset('images/new_logo.png'), false, stream_context_create($context_options)));
+        else{
+            return "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=";
+            //return "data:image/png;base64, ". base64_encode(@file_get_contents(asset('images/new_logo.png'), false, stream_context_create($context_options)));
+        }
 
     }
 

From 1050b76fcec675dc66f576ca32988b99e7dbf975 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 14 Nov 2022 08:10:22 +1100
Subject: [PATCH 2/5] Change logo

---
 app/Models/Presenters/CompanyPresenter.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/Models/Presenters/CompanyPresenter.php b/app/Models/Presenters/CompanyPresenter.php
index e3f53509fa..57408a7885 100644
--- a/app/Models/Presenters/CompanyPresenter.php
+++ b/app/Models/Presenters/CompanyPresenter.php
@@ -42,8 +42,10 @@ class CompanyPresenter extends EntityPresenter
             return $settings->company_logo;
         else if(strlen($settings->company_logo) >= 1)
             return url('') . $settings->company_logo;
-        else
-            return asset('images/new_logo.png');
+        else{
+            return "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=";
+            //return asset('images/new_logo.png');
+        }
 
     }
 

From 59afb55963ce630af95913cb00c671961e7af7df Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 14 Nov 2022 09:33:04 +1100
Subject: [PATCH 3/5] ensure bank integration id is always present

---
 .../Requests/BankTransaction/StoreBankTransactionRequest.php   | 3 +++
 .../Requests/BankTransaction/UpdateBankTransactionRequest.php  | 3 +++
 app/Repositories/BankTransactionRepository.php                 | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php b/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php
index b292453df8..65f4665fef 100644
--- a/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php
+++ b/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php
@@ -34,6 +34,9 @@ class StoreBankTransactionRequest extends Request
         
         $rules = [];
 
+        if(isset($this->bank_integration_id))
+            $rules['bank_integration_id'] = 'bail|required|exists:bank_integrations,id,company_id,'.auth()->user()->company()->id.',is_deleted,0';
+
         return $rules;
     }
 
diff --git a/app/Http/Requests/BankTransaction/UpdateBankTransactionRequest.php b/app/Http/Requests/BankTransaction/UpdateBankTransactionRequest.php
index 9fa3f7ccb2..4f251c9167 100644
--- a/app/Http/Requests/BankTransaction/UpdateBankTransactionRequest.php
+++ b/app/Http/Requests/BankTransaction/UpdateBankTransactionRequest.php
@@ -45,6 +45,9 @@ class UpdateBankTransactionRequest extends Request
         if(isset($this->expense_id))
             $rules['expense_id'] = 'bail|required|exists:expenses,id,company_id,'.auth()->user()->company()->id.',is_deleted,0';
 
+        if(isset($this->bank_integration_id))
+            $rules['bank_integration_id'] = 'bail|required|exists:bank_integrations,id,company_id,'.auth()->user()->company()->id.',is_deleted,0';
+
 
         return $rules;
     }
diff --git a/app/Repositories/BankTransactionRepository.php b/app/Repositories/BankTransactionRepository.php
index 186f8c67ea..390b8f56ff 100644
--- a/app/Repositories/BankTransactionRepository.php
+++ b/app/Repositories/BankTransactionRepository.php
@@ -24,7 +24,7 @@ class BankTransactionRepository extends BaseRepository
     public function save($data, BankTransaction $bank_transaction)
     {
 
-        if(!isset($bank_transaction->bank_integration_id) && array_key_exists('bank_integration_id', $data))
+        if(array_key_exists('bank_integration_id', $data))
             $bank_transaction->bank_integration_id = $data['bank_integration_id'];
 
         $bank_transaction->fill($data);

From 27936bfb7dc8c666915512de6736d1b11479183a Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 14 Nov 2022 10:02:01 +1100
Subject: [PATCH 4/5] fixes for leaking bank transactions

---
 app/Http/Controllers/BaseController.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php
index eda1ef6af9..d62d14c190 100644
--- a/app/Http/Controllers/BaseController.php
+++ b/app/Http/Controllers/BaseController.php
@@ -12,6 +12,7 @@
 namespace App\Http\Controllers;
 
 use App\Models\Account;
+use App\Models\BankTransaction;
 use App\Models\Company;
 use App\Models\User;
 use App\Transformers\ArraySerializer;
@@ -819,12 +820,15 @@ class BaseController extends Controller
         // 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected
         // 28-03-2022 this is definitely correct here, do not append _ to the view, it resolved correctly when snake cased
         if (auth()->user() && ! auth()->user()->hasPermission('view'.lcfirst(class_basename(Str::snake($this->entity_type))))) {
-
             //06-10-2022 - some entities do not have assigned_user_id - this becomes an issue when we have a large company and low permission users
             if(lcfirst(class_basename(Str::snake($this->entity_type))) == 'user')
                 $query->where('id', auth()->user()->id);
-            elseif(in_array(lcfirst(class_basename(Str::snake($this->entity_type))),['design','group_setting','payment_term','bank_transaction'])){
-                //need to pass these back regardless
+            elseif($this->entity_type == BankTransaction::class){ //table without assigned_user_id
+                $query->where('user_id', '=', auth()->user()->id);
+            }
+            elseif(in_array(lcfirst(class_basename(Str::snake($this->entity_type))),['design','group_setting','payment_term'])){
+                //need to pass these back regardless 
+                nlog($this->entity_type);
             }
             else
                 $query->where('user_id', '=', auth()->user()->id)->orWhere('assigned_user_id', auth()->user()->id);

From 5813383dd4becfc79fdfdbf941d675282be7483e Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Mon, 14 Nov 2022 10:08:10 +1100
Subject: [PATCH 5/5] v5.5.39

---
 VERSION.txt      | 2 +-
 config/ninja.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/VERSION.txt b/VERSION.txt
index e4bd2904e2..398c2027c4 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-5.5.38
\ No newline at end of file
+5.5.39
\ No newline at end of file
diff --git a/config/ninja.php b/config/ninja.php
index cada9a6f8c..e837c80912 100644
--- a/config/ninja.php
+++ b/config/ninja.php
@@ -14,8 +14,8 @@ return [
     'require_https' => env('REQUIRE_HTTPS', true),
     'app_url' => rtrim(env('APP_URL', ''), '/'),
     'app_domain' => env('APP_DOMAIN', 'invoicing.co'),
-    'app_version' => '5.5.38',
-    'app_tag' => '5.5.38',
+    'app_version' => '5.5.39',
+    'app_tag' => '5.5.39',
     'minimum_client_version' => '5.0.16',
     'terms_version' => '1.0.1',
     'api_secret' => env('API_SECRET', ''),