Only show user’s own tokens

app/Http/Controllers/TokenController.php

@@ -32,7 +32,7 @@ class TokenController extends BaseController
 
     public function getDatatable()
     {
-        return $this->tokenService->getDatatable(Auth::user()->account_id);
+        return $this->tokenService->getDatatable(Auth::user()->id);
     }
 
     public function edit($publicId)

app/Http/Middleware/ApiCheck.php

@@ -34,7 +34,8 @@ class ApiCheck {
             // check for a valid token
             $token = AccountToken::where('token', '=', Request::header('X-Ninja-Token'))->first(['id', 'user_id']);
 
-            if ($token) {
+            // check if user is archived
+            if ($token && $token->user) {
                 Auth::loginUsingId($token->user_id);
                 Session::set('token_id', $token->id);
             } else {

app/Http/routes.php

@@ -739,30 +739,6 @@ if (!defined('CONTACT_EMAIL')) {
     }
 }
 
-/*
-// Log all SQL queries to laravel.log
-if (Utils::isNinjaDev()) {
-    Event::listen('illuminate.query', function($query, $bindings, $time, $name) {
-        $data = compact('bindings', 'time', 'name');
-
-        // Format binding data for sql insertion
-        foreach ($bindings as $i => $binding) {
-            if ($binding instanceof \DateTime) {
-                $bindings[$i] = $binding->format('\'Y-m-d H:i:s\'');
-            } elseif (is_string($binding)) {
-                $bindings[$i] = "'$binding'";
-            }
-        }
-
-        // Insert bindings into query
-        $query = str_replace(array('%', '?'), array('%%', '%s'), $query);
-        $query = vsprintf($query, $bindings);
-
-        Log::info($query, $data);
-    });
-}
-*/
-
 /*
 if (Utils::isNinjaDev())
 {

app/Models/AccountToken.php

@@ -16,4 +16,9 @@ class AccountToken extends EntityModel
     {
         return $this->belongsTo('App\Models\Account');
     }
+
+    public function user()
+    {
+        return $this->belongsTo('App\Models\User');
+    }
 }

app/Ninja/Repositories/TokenRepository.php

@@ -13,10 +13,10 @@ class TokenRepository extends BaseRepository
         return 'App\Models\AccountToken';
     }
 
-    public function find($accountId)
+    public function find($userId)
     {
         $query = DB::table('account_tokens')
-                  ->where('account_tokens.account_id', '=', $accountId);
+                  ->where('account_tokens.user_id', '=', $userId);
 
         if (!Session::get('show_trash:token')) {
             $query->where('account_tokens.deleted_at', '=', null);

app/Services/TokenService.php

@@ -27,9 +27,9 @@ class TokenService extends BaseService
     }
     */
 
-    public function getDatatable($accountId)
+    public function getDatatable($userId)
     {
-        $query = $this->tokenRepo->find($accountId);
+        $query = $this->tokenRepo->find($userId);
 
         return $this->createDatatable(ENTITY_TOKEN, $query, false);
     }

resources/views/accounts/user_management.blade.php

@@ -8,7 +8,7 @@
         <div class="pull-right">  
             {!! Button::primary(trans('texts.add_user'))->asLinkTo(URL::to('/users/create'))->appendIcon(Icon::create('plus-sign')) !!}
         </div>
-    @else
+    @elseif (Utils::isTrial())
         <div class="alert alert-warning">{!! trans('texts.add_users_not_supported') !!}</div>    
     @endif
 

resources/views/users/edit.blade.php

@@ -11,7 +11,11 @@
   )); !!}
 
   @if ($user)
-    {!! Former::populate($user) !!}    
+    {!! Former::populate($user) !!}
+    {{ Former::populateField('is_admin', intval($user->is_admin)) }}
+    {{ Former::populateField('permissions[create_all]', intval($user->hasPermission('create'))) }}
+    {{ Former::populateField('permissions[view_all]', intval($user->hasPermission('view_all'))) }}
+    {{ Former::populateField('permissions[edit_all]', intval($user->hasPermission('edit_all'))) }}
   @endif
 
 <div class="panel panel-default">