Ensure api token has a name using update route

app/Http/Controllers/BaseController.php

@@ -219,6 +219,12 @@ class BaseController extends Controller
         return response()->make($error, $httpErrorCode, $headers);
     }
 
+    /**
+     * Refresh API response with latest cahnges
+     * @param  Builer $query
+     * @property App\Models\User auth()->user() 
+     * @return Builer
+     */
     protected function refreshResponse($query)
     {
         $user = auth()->user();
@@ -443,9 +449,14 @@ class BaseController extends Controller
                 'company.bank_integrations'=> function ($query) use ($updated_at, $user) {
                     $query->whereNotNull('updated_at');
 
-                    if (! $user->isAdmin()) {
+                    if (! $user->hasPermission('view_bank_transaction')) {
                         $query->where('bank_integrations.user_id', $user->id);
                     }
+
+                    if(!$user->isAdmin() && !$user->isOwner() && $user->can('create', BankTransaction::class)) {
+                        $query->exclude(["balance"]);
+                    }
+
                 },
                 'company.bank_transactions'=> function ($query) use ($updated_at, $user) {
                     $query->where('updated_at', '>=', $updated_at);
@@ -538,9 +549,14 @@ class BaseController extends Controller
                 },
                 'company.bank_integrations'=> function ($query) use ($created_at, $user) {
 
-                    if (! $user->isAdmin()) {
+                    if (! $user->hasPermission('view_bank_transaction')) {
                         $query->where('bank_integrations.user_id', $user->id);
                     }
+
+                    if(!$user->isAdmin() && !$user->isOwner() && $user->can('create', BankTransaction::class)) {
+                        $query->exclude(["balance"]);
+                    }
+
                 },
                 'company.bank_transaction_rules'=> function ($query) use ($user) {
 
@@ -789,9 +805,14 @@ class BaseController extends Controller
                 'company.bank_integrations'=> function ($query) use ($created_at, $user) {
                     $query->where('created_at', '>=', $created_at);
 
-                    if (! $user->isAdmin()) {
+                    if (! $user->hasPermission('view_bank_transaction')) {
                         $query->where('bank_integrations.user_id', $user->id);
                     }
+
+                    if(!$user->isAdmin() && !$user->isOwner() && $user->can('create', BankTransaction::class)) {
+                        $query->exclude(["balance"]);
+                    }
+
                 },
                 'company.bank_transactions'=> function ($query) use ($created_at, $user) {
                     $query->where('created_at', '>=', $created_at);
@@ -867,7 +888,10 @@ class BaseController extends Controller
                 $query->where('id', auth()->user()->id);
             }
             elseif(in_array($this->entity_type, [BankTransactionRule::class,CompanyGateway::class, TaxRate::class, BankIntegration::class, Scheduler::class, BankTransaction::class, Webhook::class, ExpenseCategory::class])){ //table without assigned_user_id
-                $query->where('user_id', '=', auth()->user()->id);
+                if($this->entity_type == BankIntegration::class && !auth()->user()->isAdmin() && !auth()->user()->isOwner() && auth()->user()->can('create', BankTransaction::class))
+                    $query->exclude(["balance"]);
+                else
+                    $query->where('user_id', '=', auth()->user()->id);
             }
             elseif(in_array($this->entity_type,[Design::class, GroupSetting::class, PaymentTerm::class])){
                 // nlog($this->entity_type);

app/Http/Requests/Token/UpdateTokenRequest.php

@@ -27,4 +27,12 @@ class UpdateTokenRequest extends Request
     {
         return auth()->user()->isAdmin();
     }
+
+    public function rules()
+    {
+        return [
+            'name' => 'required',
+        ];
+    }
+
 }

app/Models/BankIntegration.php

@@ -12,13 +12,15 @@
 namespace App\Models;
 
 use App\Models\Filterable;
+use App\Models\Traits\Excludable;
 use Illuminate\Database\Eloquent\SoftDeletes;
 
 class BankIntegration extends BaseModel
 {
     use SoftDeletes;
     use Filterable;
-
+    use Excludable;
+    
     protected $fillable = [
         'bank_account_name',
         'provider_name',

app/Models/User.php

@@ -386,18 +386,18 @@ class User extends Authenticatable implements MustVerifyEmail
      * @param  string  $permission '["view_all"]'
      * @return boolean             
      */
-    public function hasExactPermission(string $permission = ''): bool
+    public function hasExactPermission(string $permission = '___'): bool
     {
 
         $parts = explode('_', $permission);
-        $all_permission = '';
+        $all_permission = '__';
 
         if (count($parts) > 1) {
             $all_permission = $parts[0].'_all';
         }
 
-        return  (is_int(stripos($this->token()->cu->permissions, $all_permission))) ||
-                (is_int(stripos($this->token()->cu->permissions, $permission)));
+        return  (stripos($this->token()->cu->permissions, $all_permission) !== false) ||
+                (stripos($this->token()->cu->permissions, $permission) !== false);
 
     }
 

app/Policies/BankTransactionPolicy.php

@@ -26,6 +26,6 @@ class BankTransactionPolicy extends EntityPolicy
      */
     public function create(User $user) : bool
     {
-        return $user->isAdmin() || $user->hasPermission('create_invoice') || $user->hasPermission('create_all');
+        return $user->isAdmin() || $user->hasPermission('create_bank_transaction') || $user->hasPermission('create_all');
     }
 }