From 85a8edaab19b7f1210503b8ea02fba1f75d9d5ac Mon Sep 17 00:00:00 2001 From: David Bomba Date: Mon, 14 Nov 2022 08:09:08 +1100 Subject: [PATCH 1/5] Change logo --- app/Models/Presenters/CompanyPresenter.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/Models/Presenters/CompanyPresenter.php b/app/Models/Presenters/CompanyPresenter.php index 212e6614d5..e3f53509fa 100644 --- a/app/Models/Presenters/CompanyPresenter.php +++ b/app/Models/Presenters/CompanyPresenter.php @@ -88,8 +88,10 @@ class CompanyPresenter extends EntityPresenter return "data:image/png;base64, ". base64_encode(@file_get_contents($settings->company_logo, false, stream_context_create($context_options))); else if(strlen($settings->company_logo) >= 1) return "data:image/png;base64, ". base64_encode(@file_get_contents(url('') . $settings->company_logo, false, stream_context_create($context_options))); - else - return "data:image/png;base64, ". base64_encode(@file_get_contents(asset('images/new_logo.png'), false, stream_context_create($context_options))); + else{ + return "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII="; + //return "data:image/png;base64, ". base64_encode(@file_get_contents(asset('images/new_logo.png'), false, stream_context_create($context_options))); + } } From 1050b76fcec675dc66f576ca32988b99e7dbf975 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Mon, 14 Nov 2022 08:10:22 +1100 Subject: [PATCH 2/5] Change logo --- app/Models/Presenters/CompanyPresenter.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/Models/Presenters/CompanyPresenter.php b/app/Models/Presenters/CompanyPresenter.php index e3f53509fa..57408a7885 100644 --- a/app/Models/Presenters/CompanyPresenter.php +++ b/app/Models/Presenters/CompanyPresenter.php @@ -42,8 +42,10 @@ class CompanyPresenter extends EntityPresenter return $settings->company_logo; else if(strlen($settings->company_logo) >= 1) return url('') . $settings->company_logo; - else - return asset('images/new_logo.png'); + else{ + return "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII="; + //return asset('images/new_logo.png'); + } } From 59afb55963ce630af95913cb00c671961e7af7df Mon Sep 17 00:00:00 2001 From: David Bomba Date: Mon, 14 Nov 2022 09:33:04 +1100 Subject: [PATCH 3/5] ensure bank integration id is always present --- .../Requests/BankTransaction/StoreBankTransactionRequest.php | 3 +++ .../Requests/BankTransaction/UpdateBankTransactionRequest.php | 3 +++ app/Repositories/BankTransactionRepository.php | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php b/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php index b292453df8..65f4665fef 100644 --- a/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php +++ b/app/Http/Requests/BankTransaction/StoreBankTransactionRequest.php @@ -34,6 +34,9 @@ class StoreBankTransactionRequest extends Request $rules = []; + if(isset($this->bank_integration_id)) + $rules['bank_integration_id'] = 'bail|required|exists:bank_integrations,id,company_id,'.auth()->user()->company()->id.',is_deleted,0'; + return $rules; } diff --git a/app/Http/Requests/BankTransaction/UpdateBankTransactionRequest.php b/app/Http/Requests/BankTransaction/UpdateBankTransactionRequest.php index 9fa3f7ccb2..4f251c9167 100644 --- a/app/Http/Requests/BankTransaction/UpdateBankTransactionRequest.php +++ b/app/Http/Requests/BankTransaction/UpdateBankTransactionRequest.php @@ -45,6 +45,9 @@ class UpdateBankTransactionRequest extends Request if(isset($this->expense_id)) $rules['expense_id'] = 'bail|required|exists:expenses,id,company_id,'.auth()->user()->company()->id.',is_deleted,0'; + if(isset($this->bank_integration_id)) + $rules['bank_integration_id'] = 'bail|required|exists:bank_integrations,id,company_id,'.auth()->user()->company()->id.',is_deleted,0'; + return $rules; } diff --git a/app/Repositories/BankTransactionRepository.php b/app/Repositories/BankTransactionRepository.php index 186f8c67ea..390b8f56ff 100644 --- a/app/Repositories/BankTransactionRepository.php +++ b/app/Repositories/BankTransactionRepository.php @@ -24,7 +24,7 @@ class BankTransactionRepository extends BaseRepository public function save($data, BankTransaction $bank_transaction) { - if(!isset($bank_transaction->bank_integration_id) && array_key_exists('bank_integration_id', $data)) + if(array_key_exists('bank_integration_id', $data)) $bank_transaction->bank_integration_id = $data['bank_integration_id']; $bank_transaction->fill($data); From 27936bfb7dc8c666915512de6736d1b11479183a Mon Sep 17 00:00:00 2001 From: David Bomba Date: Mon, 14 Nov 2022 10:02:01 +1100 Subject: [PATCH 4/5] fixes for leaking bank transactions --- app/Http/Controllers/BaseController.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/BaseController.php b/app/Http/Controllers/BaseController.php index eda1ef6af9..d62d14c190 100644 --- a/app/Http/Controllers/BaseController.php +++ b/app/Http/Controllers/BaseController.php @@ -12,6 +12,7 @@ namespace App\Http\Controllers; use App\Models\Account; +use App\Models\BankTransaction; use App\Models\Company; use App\Models\User; use App\Transformers\ArraySerializer; @@ -819,12 +820,15 @@ class BaseController extends Controller // 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected // 28-03-2022 this is definitely correct here, do not append _ to the view, it resolved correctly when snake cased if (auth()->user() && ! auth()->user()->hasPermission('view'.lcfirst(class_basename(Str::snake($this->entity_type))))) { - //06-10-2022 - some entities do not have assigned_user_id - this becomes an issue when we have a large company and low permission users if(lcfirst(class_basename(Str::snake($this->entity_type))) == 'user') $query->where('id', auth()->user()->id); - elseif(in_array(lcfirst(class_basename(Str::snake($this->entity_type))),['design','group_setting','payment_term','bank_transaction'])){ - //need to pass these back regardless + elseif($this->entity_type == BankTransaction::class){ //table without assigned_user_id + $query->where('user_id', '=', auth()->user()->id); + } + elseif(in_array(lcfirst(class_basename(Str::snake($this->entity_type))),['design','group_setting','payment_term'])){ + //need to pass these back regardless + nlog($this->entity_type); } else $query->where('user_id', '=', auth()->user()->id)->orWhere('assigned_user_id', auth()->user()->id); From 5813383dd4becfc79fdfdbf941d675282be7483e Mon Sep 17 00:00:00 2001 From: David Bomba Date: Mon, 14 Nov 2022 10:08:10 +1100 Subject: [PATCH 5/5] v5.5.39 --- VERSION.txt | 2 +- config/ninja.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/VERSION.txt b/VERSION.txt index e4bd2904e2..398c2027c4 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -5.5.38 \ No newline at end of file +5.5.39 \ No newline at end of file diff --git a/config/ninja.php b/config/ninja.php index cada9a6f8c..e837c80912 100644 --- a/config/ninja.php +++ b/config/ninja.php @@ -14,8 +14,8 @@ return [ 'require_https' => env('REQUIRE_HTTPS', true), 'app_url' => rtrim(env('APP_URL', ''), '/'), 'app_domain' => env('APP_DOMAIN', 'invoicing.co'), - 'app_version' => '5.5.38', - 'app_tag' => '5.5.38', + 'app_version' => '5.5.39', + 'app_tag' => '5.5.39', 'minimum_client_version' => '5.0.16', 'terms_version' => '1.0.1', 'api_secret' => env('API_SECRET', ''),