1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-08 20:22:42 +01:00

Working on expense category permissions

This commit is contained in:
Hillel Coren 2016-07-07 11:44:15 +03:00
parent e6b60c6f1a
commit 5f8ae65310
10 changed files with 78 additions and 16 deletions

View File

@ -236,7 +236,7 @@ class ExpenseController extends BaseController
'countries' => Cache::get('countries'),
'customLabel1' => Auth::user()->account->custom_vendor_label1,
'customLabel2' => Auth::user()->account->custom_vendor_label2,
'categories' => ExpenseCategory::scope()->orderBy('name')->get(),
'categories' => ExpenseCategory::whereAccountId(Auth::user()->account_id)->orderBy('name')->get(),
];
}

View File

@ -10,7 +10,7 @@ class CreateExpenseCategoryRequest extends ExpenseCategoryRequest
*/
public function authorize()
{
return $this->user()->is_admin;
return $this->user()->can('create', ENTITY_EXPENSE_CATEGORY);
}
/**

View File

@ -9,7 +9,7 @@ class UpdateExpenseCategoryRequest extends ExpenseCategoryRequest
*/
public function authorize()
{
return $this->user()->is_admin;
return $this->user()->can('edit', $this->entity());
}
/**

View File

@ -50,10 +50,9 @@ class EntityModel extends Eloquent
$entity->setRelation('account', $account);
if (method_exists($className, 'trashed')){
$lastEntity = $className::withTrashed()
->scope(false, $entity->account_id);
$lastEntity = $className::whereAccountId($entity->account_id)->withTrashed();
} else {
$lastEntity = $className::scope(false, $entity->account_id);
$lastEntity = $className::whereAccountId($entity->account_id);
}
$lastEntity = $lastEntity->orderBy('public_id', 'DESC')
@ -122,7 +121,7 @@ class EntityModel extends Eloquent
}
if (Auth::check() && ! Auth::user()->hasPermission('view_all')) {
$query->where($this->getEntityType(). 's.user_id', '=', Auth::user()->id);
$query->where(Utils::pluralizeEntityType($this->getEntityType()) . '.user_id', '=', Auth::user()->id);
}
return $query;

View File

@ -15,7 +15,11 @@ class ExpenseCategoryDatatable extends EntityDatatable
'name',
function ($model)
{
return link_to("expense_categories/{$model->public_id}/edit", $model->category ?: '')->toHtml();
if ( ! Auth::user()->can('editByOwner', [ENTITY_EXPENSE_CATEGORY, $model->user_id])) {
return $model->category;
}
return link_to("expense_categories/{$model->public_id}/edit", $model->category)->toHtml();
}
],
];
@ -30,7 +34,7 @@ class ExpenseCategoryDatatable extends EntityDatatable
return URL::to("expense_categories/{$model->public_id}/edit") ;
},
function ($model) {
return Auth::user()->is_admin;
return Auth::user()->can('editByOwner', [ENTITY_EXPENSE_CATEGORY, $model->user_id]);
}
],
];

View File

@ -19,6 +19,7 @@ class ExpenseCategoryRepository extends BaseRepository
->select(
'expense_categories.name as category',
'expense_categories.public_id',
'expense_categories.user_id',
'expense_categories.deleted_at'
);

View File

@ -2,7 +2,6 @@
namespace App\Policies;
use App\Models\User;
use Illuminate\Auth\Access\HandlesAuthorization;

View File

@ -2,4 +2,55 @@
namespace App\Policies;
class ExpenseCategoryPolicy extends EntityPolicy {}
use App\Models\User;
class ExpenseCategoryPolicy extends EntityPolicy
{
/**
* @param User $user
* @return bool
*/
public static function create(User $user) {
return $user->is_admin;
}
/**
* @param User $user
* @param $item
*
* @return bool
*/
public static function edit(User $user, $item) {
return $user->is_admin;
}
/**
* @param User $user
* @param $item
*
* @return bool
*/
public static function view(User $user, $item) {
return true;
}
/**
* @param User $user
* @param $ownerUserId
* @return bool
*/
public static function viewByOwner(User$user, $ownerUserId) {
return true;
}
/**
* @param User $user
* @param $ownerUserId
* @return bool
*/
public static function editByOwner(User $user, $ownerUserId) {
return $user->is_admin;
}
}

View File

@ -132,12 +132,20 @@
</div>
<center class="buttons">
{!! Button::normal(trans('texts.cancel'))->asLinkTo(URL::to('/expenses'))->appendIcon(Icon::create('remove-circle')) !!}
{!! Button::success(trans('texts.save'))->submit()->appendIcon(Icon::create('floppy-disk')) !!}
{!! Button::normal(trans('texts.categories'))->asLinkTo(URL::to('/expense_categories'))->appendIcon(Icon::create('list')) !!}
{!! Button::normal(trans('texts.cancel'))
->asLinkTo(URL::to('/expenses'))
->appendIcon(Icon::create('remove-circle'))
->large() !!}
{!! Button::success(trans('texts.save'))
->appendIcon(Icon::create('floppy-disk'))
->large()
->submit() !!}
@if ($expense)
{!! DropdownButton::normal(trans('texts.more_actions'))
->withContents($actions)
->large()
->dropup() !!}
@endif
</center>

View File

@ -45,7 +45,7 @@
{!! Button::normal(trans('texts.credits'))->asLinkTo(URL::to('/credits'))->appendIcon(Icon::create('list')) !!}
@endif
@if (Auth::user()->hasPermission('create_all'))
@if (Auth::user()->can('create', $entityType))
{!! Button::primary(trans("texts.new_{$entityType}"))->asLinkTo(url(Utils::pluralizeEntityType($entityType) . '/create'))->appendIcon(Icon::create('plus-sign')) !!}
@endif