mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-11-08 20:22:42 +01:00
Working on expense category permissions
This commit is contained in:
Hillel Coren
parent
e6b60c6f1a
commit
5f8ae65310
@ -236,7 +236,7 @@ class ExpenseController extends BaseController
|
|||||||
'countries' => Cache::get('countries'),
|
'countries' => Cache::get('countries'),
|
||||||
'customLabel1' => Auth::user()->account->custom_vendor_label1,
|
'customLabel1' => Auth::user()->account->custom_vendor_label1,
|
||||||
'customLabel2' => Auth::user()->account->custom_vendor_label2,
|
'customLabel2' => Auth::user()->account->custom_vendor_label2,
|
||||||
'categories' => ExpenseCategory::scope()->orderBy('name')->get(),
|
'categories' => ExpenseCategory::whereAccountId(Auth::user()->account_id)->orderBy('name')->get(),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -10,7 +10,7 @@ class CreateExpenseCategoryRequest extends ExpenseCategoryRequest
|
|||||||
*/
|
*/
|
||||||
public function authorize()
|
public function authorize()
|
||||||
{
|
{
|
||||||
return $this->user()->is_admin;
|
return $this->user()->can('create', ENTITY_EXPENSE_CATEGORY);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -9,7 +9,7 @@ class UpdateExpenseCategoryRequest extends ExpenseCategoryRequest
|
|||||||
*/
|
*/
|
||||||
public function authorize()
|
public function authorize()
|
||||||
{
|
{
|
||||||
return $this->user()->is_admin;
|
return $this->user()->can('edit', $this->entity());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -50,10 +50,9 @@ class EntityModel extends Eloquent
|
|||||||
$entity->setRelation('account', $account);
|
$entity->setRelation('account', $account);
|
||||||
|
|
||||||
if (method_exists($className, 'trashed')){
|
if (method_exists($className, 'trashed')){
|
||||||
$lastEntity = $className::withTrashed()
|
$lastEntity = $className::whereAccountId($entity->account_id)->withTrashed();
|
||||||
->scope(false, $entity->account_id);
|
|
||||||
} else {
|
} else {
|
||||||
$lastEntity = $className::scope(false, $entity->account_id);
|
$lastEntity = $className::whereAccountId($entity->account_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
$lastEntity = $lastEntity->orderBy('public_id', 'DESC')
|
$lastEntity = $lastEntity->orderBy('public_id', 'DESC')
|
||||||
@ -122,7 +121,7 @@ class EntityModel extends Eloquent
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (Auth::check() && ! Auth::user()->hasPermission('view_all')) {
|
if (Auth::check() && ! Auth::user()->hasPermission('view_all')) {
|
||||||
$query->where($this->getEntityType(). 's.user_id', '=', Auth::user()->id);
|
$query->where(Utils::pluralizeEntityType($this->getEntityType()) . '.user_id', '=', Auth::user()->id);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $query;
|
return $query;
|
||||||
|
|||||||
@ -15,7 +15,11 @@ class ExpenseCategoryDatatable extends EntityDatatable
|
|||||||
'name',
|
'name',
|
||||||
function ($model)
|
function ($model)
|
||||||
{
|
{
|
||||||
return link_to("expense_categories/{$model->public_id}/edit", $model->category ?: '')->toHtml();
|
if ( ! Auth::user()->can('editByOwner', [ENTITY_EXPENSE_CATEGORY, $model->user_id])) {
|
||||||
|
return $model->category;
|
||||||
|
}
|
||||||
|
|
||||||
|
return link_to("expense_categories/{$model->public_id}/edit", $model->category)->toHtml();
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
];
|
];
|
||||||
@ -30,7 +34,7 @@ class ExpenseCategoryDatatable extends EntityDatatable
|
|||||||
return URL::to("expense_categories/{$model->public_id}/edit") ;
|
return URL::to("expense_categories/{$model->public_id}/edit") ;
|
||||||
},
|
},
|
||||||
function ($model) {
|
function ($model) {
|
||||||
return Auth::user()->is_admin;
|
return Auth::user()->can('editByOwner', [ENTITY_EXPENSE_CATEGORY, $model->user_id]);
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
];
|
];
|
||||||
|
|||||||
@ -19,6 +19,7 @@ class ExpenseCategoryRepository extends BaseRepository
|
|||||||
->select(
|
->select(
|
||||||
'expense_categories.name as category',
|
'expense_categories.name as category',
|
||||||
'expense_categories.public_id',
|
'expense_categories.public_id',
|
||||||
|
'expense_categories.user_id',
|
||||||
'expense_categories.deleted_at'
|
'expense_categories.deleted_at'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|||||||
@ -2,7 +2,6 @@
|
|||||||
|
|
||||||
namespace App\Policies;
|
namespace App\Policies;
|
||||||
|
|
||||||
|
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
use Illuminate\Auth\Access\HandlesAuthorization;
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
||||||
|
|
||||||
|
|||||||
@ -2,4 +2,55 @@
|
|||||||
|
|
||||||
namespace App\Policies;
|
namespace App\Policies;
|
||||||
|
|
||||||
class ExpenseCategoryPolicy extends EntityPolicy {}
|
use App\Models\User;
|
||||||
|
|
||||||
|
class ExpenseCategoryPolicy extends EntityPolicy
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param User $user
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function create(User $user) {
|
||||||
|
return $user->is_admin;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param User $user
|
||||||
|
* @param $item
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function edit(User $user, $item) {
|
||||||
|
return $user->is_admin;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param User $user
|
||||||
|
* @param $item
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function view(User $user, $item) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param User $user
|
||||||
|
* @param $ownerUserId
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function viewByOwner(User$user, $ownerUserId) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param User $user
|
||||||
|
* @param $ownerUserId
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function editByOwner(User $user, $ownerUserId) {
|
||||||
|
return $user->is_admin;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|||||||
@ -132,12 +132,20 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<center class="buttons">
|
<center class="buttons">
|
||||||
{!! Button::normal(trans('texts.cancel'))->asLinkTo(URL::to('/expenses'))->appendIcon(Icon::create('remove-circle')) !!}
|
{!! Button::normal(trans('texts.cancel'))
|
||||||
{!! Button::success(trans('texts.save'))->submit()->appendIcon(Icon::create('floppy-disk')) !!}
|
->asLinkTo(URL::to('/expenses'))
|
||||||
{!! Button::normal(trans('texts.categories'))->asLinkTo(URL::to('/expense_categories'))->appendIcon(Icon::create('list')) !!}
|
->appendIcon(Icon::create('remove-circle'))
|
||||||
|
->large() !!}
|
||||||
|
|
||||||
|
{!! Button::success(trans('texts.save'))
|
||||||
|
->appendIcon(Icon::create('floppy-disk'))
|
||||||
|
->large()
|
||||||
|
->submit() !!}
|
||||||
|
|
||||||
@if ($expense)
|
@if ($expense)
|
||||||
{!! DropdownButton::normal(trans('texts.more_actions'))
|
{!! DropdownButton::normal(trans('texts.more_actions'))
|
||||||
->withContents($actions)
|
->withContents($actions)
|
||||||
|
->large()
|
||||||
->dropup() !!}
|
->dropup() !!}
|
||||||
@endif
|
@endif
|
||||||
</center>
|
</center>
|
||||||
|
|||||||
@ -45,7 +45,7 @@
|
|||||||
{!! Button::normal(trans('texts.credits'))->asLinkTo(URL::to('/credits'))->appendIcon(Icon::create('list')) !!}
|
{!! Button::normal(trans('texts.credits'))->asLinkTo(URL::to('/credits'))->appendIcon(Icon::create('list')) !!}
|
||||||
@endif
|
@endif
|
||||||
|
|
||||||
@if (Auth::user()->hasPermission('create_all'))
|
@if (Auth::user()->can('create', $entityType))
|
||||||
{!! Button::primary(trans("texts.new_{$entityType}"))->asLinkTo(url(Utils::pluralizeEntityType($entityType) . '/create'))->appendIcon(Icon::create('plus-sign')) !!}
|
{!! Button::primary(trans("texts.new_{$entityType}"))->asLinkTo(url(Utils::pluralizeEntityType($entityType) . '/create'))->appendIcon(Icon::create('plus-sign')) !!}
|
||||||
@endif
|
@endif
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user