Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-09 20:52:56 +01:00
Code Issues Releases Activity

Use new ACL for refunds

Browse Source
This commit is contained in:
Joshua Dwire 2016-05-06 14:19:58 -04:00
parent 9ed44bdfe4
commit 7469ea998c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Services/PaymentService.php
View File

@ -723,7 +723,7 @@ class PaymentService extends BaseService
return "javascript:showRefundModal({$model->public_id}, '{$max_refund}', '{$formatted}', '{$symbol}')";
},
function ($model) {
return Payment::canEditItem($model) && $model->payment_status_id != PAYMENT_STATUS_FAILED &&
return Auth::user()->can('editByOwner', [ENTITY_PAYMENT, $model->user_id]) && $model->payment_status_id != PAYMENT_STATUS_FAILED &&
$model->refunded < $model->amount &&
(
($model->transaction_reference && in_array($model->gateway_id , static::$refundableGateways))
@ -744,7 +744,7 @@ class PaymentService extends BaseService
$payments = $this->getRepo()->findByPublicIdsWithTrashed($ids);
foreach ($payments as $payment) {
if($payment->canEdit()){
if(Auth::user()->can('edit', $payment)){
if(!empty($params['amount'])) {
$this->refund($payment, floatval($params['amount']));
} else {