1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-09 20:52:56 +01:00

Only show user’s own tokens

This commit is contained in:
Hillel Coren 2016-05-08 21:50:35 +03:00
parent 06437327fc
commit 9b0f086cbd
8 changed files with 18 additions and 32 deletions

View File

@ -32,7 +32,7 @@ class TokenController extends BaseController
public function getDatatable()
{
return $this->tokenService->getDatatable(Auth::user()->account_id);
return $this->tokenService->getDatatable(Auth::user()->id);
}
public function edit($publicId)

View File

@ -34,7 +34,8 @@ class ApiCheck {
// check for a valid token
$token = AccountToken::where('token', '=', Request::header('X-Ninja-Token'))->first(['id', 'user_id']);
if ($token) {
// check if user is archived
if ($token && $token->user) {
Auth::loginUsingId($token->user_id);
Session::set('token_id', $token->id);
} else {

View File

@ -739,30 +739,6 @@ if (!defined('CONTACT_EMAIL')) {
}
}
/*
// Log all SQL queries to laravel.log
if (Utils::isNinjaDev()) {
Event::listen('illuminate.query', function($query, $bindings, $time, $name) {
$data = compact('bindings', 'time', 'name');
// Format binding data for sql insertion
foreach ($bindings as $i => $binding) {
if ($binding instanceof \DateTime) {
$bindings[$i] = $binding->format('\'Y-m-d H:i:s\'');
} elseif (is_string($binding)) {
$bindings[$i] = "'$binding'";
}
}
// Insert bindings into query
$query = str_replace(array('%', '?'), array('%%', '%s'), $query);
$query = vsprintf($query, $bindings);
Log::info($query, $data);
});
}
*/
/*
if (Utils::isNinjaDev())
{

View File

@ -16,4 +16,9 @@ class AccountToken extends EntityModel
{
return $this->belongsTo('App\Models\Account');
}
public function user()
{
return $this->belongsTo('App\Models\User');
}
}

View File

@ -13,10 +13,10 @@ class TokenRepository extends BaseRepository
return 'App\Models\AccountToken';
}
public function find($accountId)
public function find($userId)
{
$query = DB::table('account_tokens')
->where('account_tokens.account_id', '=', $accountId);
->where('account_tokens.user_id', '=', $userId);
if (!Session::get('show_trash:token')) {
$query->where('account_tokens.deleted_at', '=', null);

View File

@ -27,9 +27,9 @@ class TokenService extends BaseService
}
*/
public function getDatatable($accountId)
public function getDatatable($userId)
{
$query = $this->tokenRepo->find($accountId);
$query = $this->tokenRepo->find($userId);
return $this->createDatatable(ENTITY_TOKEN, $query, false);
}

View File

@ -8,7 +8,7 @@
<div class="pull-right">
{!! Button::primary(trans('texts.add_user'))->asLinkTo(URL::to('/users/create'))->appendIcon(Icon::create('plus-sign')) !!}
</div>
@else
@elseif (Utils::isTrial())
<div class="alert alert-warning">{!! trans('texts.add_users_not_supported') !!}</div>
@endif

View File

@ -12,6 +12,10 @@
@if ($user)
{!! Former::populate($user) !!}
{{ Former::populateField('is_admin', intval($user->is_admin)) }}
{{ Former::populateField('permissions[create_all]', intval($user->hasPermission('create'))) }}
{{ Former::populateField('permissions[view_all]', intval($user->hasPermission('view_all'))) }}
{{ Former::populateField('permissions[edit_all]', intval($user->hasPermission('edit_all'))) }}
@endif
<div class="panel panel-default">