mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-11-08 20:22:42 +01:00
Ensure api token has a name using update route
This commit is contained in:
parent
ea64802219
commit
79ec6b2ddc
@ -219,6 +219,12 @@ class BaseController extends Controller
|
||||
return response()->make($error, $httpErrorCode, $headers);
|
||||
}
|
||||
|
||||
/**
|
||||
* Refresh API response with latest cahnges
|
||||
* @param Builer $query
|
||||
* @property App\Models\User auth()->user()
|
||||
* @return Builer
|
||||
*/
|
||||
protected function refreshResponse($query)
|
||||
{
|
||||
$user = auth()->user();
|
||||
@ -443,9 +449,14 @@ class BaseController extends Controller
|
||||
'company.bank_integrations'=> function ($query) use ($updated_at, $user) {
|
||||
$query->whereNotNull('updated_at');
|
||||
|
||||
if (! $user->isAdmin()) {
|
||||
if (! $user->hasPermission('view_bank_transaction')) {
|
||||
$query->where('bank_integrations.user_id', $user->id);
|
||||
}
|
||||
|
||||
if(!$user->isAdmin() && !$user->isOwner() && $user->can('create', BankTransaction::class)) {
|
||||
$query->exclude(["balance"]);
|
||||
}
|
||||
|
||||
},
|
||||
'company.bank_transactions'=> function ($query) use ($updated_at, $user) {
|
||||
$query->where('updated_at', '>=', $updated_at);
|
||||
@ -538,9 +549,14 @@ class BaseController extends Controller
|
||||
},
|
||||
'company.bank_integrations'=> function ($query) use ($created_at, $user) {
|
||||
|
||||
if (! $user->isAdmin()) {
|
||||
if (! $user->hasPermission('view_bank_transaction')) {
|
||||
$query->where('bank_integrations.user_id', $user->id);
|
||||
}
|
||||
|
||||
if(!$user->isAdmin() && !$user->isOwner() && $user->can('create', BankTransaction::class)) {
|
||||
$query->exclude(["balance"]);
|
||||
}
|
||||
|
||||
},
|
||||
'company.bank_transaction_rules'=> function ($query) use ($user) {
|
||||
|
||||
@ -789,9 +805,14 @@ class BaseController extends Controller
|
||||
'company.bank_integrations'=> function ($query) use ($created_at, $user) {
|
||||
$query->where('created_at', '>=', $created_at);
|
||||
|
||||
if (! $user->isAdmin()) {
|
||||
if (! $user->hasPermission('view_bank_transaction')) {
|
||||
$query->where('bank_integrations.user_id', $user->id);
|
||||
}
|
||||
|
||||
if(!$user->isAdmin() && !$user->isOwner() && $user->can('create', BankTransaction::class)) {
|
||||
$query->exclude(["balance"]);
|
||||
}
|
||||
|
||||
},
|
||||
'company.bank_transactions'=> function ($query) use ($created_at, $user) {
|
||||
$query->where('created_at', '>=', $created_at);
|
||||
@ -867,7 +888,10 @@ class BaseController extends Controller
|
||||
$query->where('id', auth()->user()->id);
|
||||
}
|
||||
elseif(in_array($this->entity_type, [BankTransactionRule::class,CompanyGateway::class, TaxRate::class, BankIntegration::class, Scheduler::class, BankTransaction::class, Webhook::class, ExpenseCategory::class])){ //table without assigned_user_id
|
||||
$query->where('user_id', '=', auth()->user()->id);
|
||||
if($this->entity_type == BankIntegration::class && !auth()->user()->isAdmin() && !auth()->user()->isOwner() && auth()->user()->can('create', BankTransaction::class))
|
||||
$query->exclude(["balance"]);
|
||||
else
|
||||
$query->where('user_id', '=', auth()->user()->id);
|
||||
}
|
||||
elseif(in_array($this->entity_type,[Design::class, GroupSetting::class, PaymentTerm::class])){
|
||||
// nlog($this->entity_type);
|
||||
|
@ -27,4 +27,12 @@ class UpdateTokenRequest extends Request
|
||||
{
|
||||
return auth()->user()->isAdmin();
|
||||
}
|
||||
|
||||
public function rules()
|
||||
{
|
||||
return [
|
||||
'name' => 'required',
|
||||
];
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -12,13 +12,15 @@
|
||||
namespace App\Models;
|
||||
|
||||
use App\Models\Filterable;
|
||||
use App\Models\Traits\Excludable;
|
||||
use Illuminate\Database\Eloquent\SoftDeletes;
|
||||
|
||||
class BankIntegration extends BaseModel
|
||||
{
|
||||
use SoftDeletes;
|
||||
use Filterable;
|
||||
|
||||
use Excludable;
|
||||
|
||||
protected $fillable = [
|
||||
'bank_account_name',
|
||||
'provider_name',
|
||||
|
@ -386,18 +386,18 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||
* @param string $permission '["view_all"]'
|
||||
* @return boolean
|
||||
*/
|
||||
public function hasExactPermission(string $permission = ''): bool
|
||||
public function hasExactPermission(string $permission = '___'): bool
|
||||
{
|
||||
|
||||
$parts = explode('_', $permission);
|
||||
$all_permission = '';
|
||||
$all_permission = '__';
|
||||
|
||||
if (count($parts) > 1) {
|
||||
$all_permission = $parts[0].'_all';
|
||||
}
|
||||
|
||||
return (is_int(stripos($this->token()->cu->permissions, $all_permission))) ||
|
||||
(is_int(stripos($this->token()->cu->permissions, $permission)));
|
||||
return (stripos($this->token()->cu->permissions, $all_permission) !== false) ||
|
||||
(stripos($this->token()->cu->permissions, $permission) !== false);
|
||||
|
||||
}
|
||||
|
||||
|
@ -26,6 +26,6 @@ class BankTransactionPolicy extends EntityPolicy
|
||||
*/
|
||||
public function create(User $user) : bool
|
||||
{
|
||||
return $user->isAdmin() || $user->hasPermission('create_invoice') || $user->hasPermission('create_all');
|
||||
return $user->isAdmin() || $user->hasPermission('create_bank_transaction') || $user->hasPermission('create_all');
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user