From 9b0f086cbd2df4e8e188a0b88fc696d406d62983 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Sun, 8 May 2016 21:50:35 +0300
Subject: [PATCH] =?UTF-8?q?Only=20show=20user=E2=80=99s=20own=20tokens?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/TokenController.php      |  2 +-
 app/Http/Middleware/ApiCheck.php              |  3 ++-
 app/Http/routes.php                           | 24 -------------------
 app/Models/AccountToken.php                   |  5 ++++
 app/Ninja/Repositories/TokenRepository.php    |  4 ++--
 app/Services/TokenService.php                 |  4 ++--
 .../views/accounts/user_management.blade.php  |  2 +-
 resources/views/users/edit.blade.php          |  6 ++++-
 8 files changed, 18 insertions(+), 32 deletions(-)

diff --git a/app/Http/Controllers/TokenController.php b/app/Http/Controllers/TokenController.php
index aa5434a269..d5ad3b41b7 100644
--- a/app/Http/Controllers/TokenController.php
+++ b/app/Http/Controllers/TokenController.php
@@ -32,7 +32,7 @@ class TokenController extends BaseController
 
     public function getDatatable()
     {
-        return $this->tokenService->getDatatable(Auth::user()->account_id);
+        return $this->tokenService->getDatatable(Auth::user()->id);
     }
 
     public function edit($publicId)
diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php
index 8b38c60fe2..b20b19841f 100644
--- a/app/Http/Middleware/ApiCheck.php
+++ b/app/Http/Middleware/ApiCheck.php
@@ -34,7 +34,8 @@ class ApiCheck {
             // check for a valid token
             $token = AccountToken::where('token', '=', Request::header('X-Ninja-Token'))->first(['id', 'user_id']);
 
-            if ($token) {
+            // check if user is archived
+            if ($token && $token->user) {
                 Auth::loginUsingId($token->user_id);
                 Session::set('token_id', $token->id);
             } else {
diff --git a/app/Http/routes.php b/app/Http/routes.php
index fbb93d6fbd..3e63864564 100644
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -739,30 +739,6 @@ if (!defined('CONTACT_EMAIL')) {
     }
 }
 
-/*
-// Log all SQL queries to laravel.log
-if (Utils::isNinjaDev()) {
-    Event::listen('illuminate.query', function($query, $bindings, $time, $name) {
-        $data = compact('bindings', 'time', 'name');
-
-        // Format binding data for sql insertion
-        foreach ($bindings as $i => $binding) {
-            if ($binding instanceof \DateTime) {
-                $bindings[$i] = $binding->format('\'Y-m-d H:i:s\'');
-            } elseif (is_string($binding)) {
-                $bindings[$i] = "'$binding'";
-            }
-        }
-
-        // Insert bindings into query
-        $query = str_replace(array('%', '?'), array('%%', '%s'), $query);
-        $query = vsprintf($query, $bindings);
-
-        Log::info($query, $data);
-    });
-}
-*/
-
 /*
 if (Utils::isNinjaDev())
 {
diff --git a/app/Models/AccountToken.php b/app/Models/AccountToken.php
index dd9a988005..87728b3701 100644
--- a/app/Models/AccountToken.php
+++ b/app/Models/AccountToken.php
@@ -16,4 +16,9 @@ class AccountToken extends EntityModel
     {
         return $this->belongsTo('App\Models\Account');
     }
+
+    public function user()
+    {
+        return $this->belongsTo('App\Models\User');
+    }
 }
diff --git a/app/Ninja/Repositories/TokenRepository.php b/app/Ninja/Repositories/TokenRepository.php
index 5237eb7a03..af0bbb6533 100644
--- a/app/Ninja/Repositories/TokenRepository.php
+++ b/app/Ninja/Repositories/TokenRepository.php
@@ -13,10 +13,10 @@ class TokenRepository extends BaseRepository
         return 'App\Models\AccountToken';
     }
 
-    public function find($accountId)
+    public function find($userId)
     {
         $query = DB::table('account_tokens')
-                  ->where('account_tokens.account_id', '=', $accountId);
+                  ->where('account_tokens.user_id', '=', $userId);
 
         if (!Session::get('show_trash:token')) {
             $query->where('account_tokens.deleted_at', '=', null);
diff --git a/app/Services/TokenService.php b/app/Services/TokenService.php
index 8b428f0eb1..092f3995d3 100644
--- a/app/Services/TokenService.php
+++ b/app/Services/TokenService.php
@@ -27,9 +27,9 @@ class TokenService extends BaseService
     }
     */
 
-    public function getDatatable($accountId)
+    public function getDatatable($userId)
     {
-        $query = $this->tokenRepo->find($accountId);
+        $query = $this->tokenRepo->find($userId);
 
         return $this->createDatatable(ENTITY_TOKEN, $query, false);
     }
diff --git a/resources/views/accounts/user_management.blade.php b/resources/views/accounts/user_management.blade.php
index 9917e06296..5d8f8cf07e 100644
--- a/resources/views/accounts/user_management.blade.php
+++ b/resources/views/accounts/user_management.blade.php
@@ -8,7 +8,7 @@
         <div class="pull-right">  
             {!! Button::primary(trans('texts.add_user'))->asLinkTo(URL::to('/users/create'))->appendIcon(Icon::create('plus-sign')) !!}
         </div>
-    @else
+    @elseif (Utils::isTrial())
         <div class="alert alert-warning">{!! trans('texts.add_users_not_supported') !!}</div>    
     @endif
 
diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php
index 520900a0ef..94b74664a7 100644
--- a/resources/views/users/edit.blade.php
+++ b/resources/views/users/edit.blade.php
@@ -11,7 +11,11 @@
   )); !!}
 
   @if ($user)
-    {!! Former::populate($user) !!}    
+    {!! Former::populate($user) !!}
+    {{ Former::populateField('is_admin', intval($user->is_admin)) }}
+    {{ Former::populateField('permissions[create_all]', intval($user->hasPermission('create'))) }}
+    {{ Former::populateField('permissions[view_all]', intval($user->hasPermission('view_all'))) }}
+    {{ Former::populateField('permissions[edit_all]', intval($user->hasPermission('edit_all'))) }}
   @endif
 
 <div class="panel panel-default">