From 9f6fdb74c4b80311700393c9eef456b3037f0574 Mon Sep 17 00:00:00 2001
From: = <turbo124@gmail.com>
Date: Mon, 30 Aug 2021 22:04:51 +1000
Subject: [PATCH] Fixes for Payment URL

---
 .../ClientPortal/InvitationController.php     | 17 ++++++++++++++++
 app/Models/Payment.php                        | 20 +++++++++++++++++--
 routes/client.php                             |  3 +++
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/ClientPortal/InvitationController.php b/app/Http/Controllers/ClientPortal/InvitationController.php
index b47ba96461..797af5a09e 100644
--- a/app/Http/Controllers/ClientPortal/InvitationController.php
+++ b/app/Http/Controllers/ClientPortal/InvitationController.php
@@ -16,6 +16,9 @@ use App\Events\Invoice\InvoiceWasViewed;
 use App\Events\Misc\InvitationWasViewed;
 use App\Events\Quote\QuoteWasViewed;
 use App\Http\Controllers\Controller;
+use App\Models\Client;
+use App\Models\ClientContact;
+use App\Models\Payment;
 use App\Utils\Ninja;
 use App\Utils\Traits\MakesDates;
 use App\Utils\Traits\MakesHash;
@@ -113,4 +116,18 @@ class InvitationController extends Controller
     public function routerForIframe(string $entity, string $client_hash, string $invitation_key)
     {
     }
+
+    public function paymentRouter(string $contact_key, string $payment_id)
+    {
+        $contact = ClientContact::where('contact_key', $contact_key)->firstOrFail();
+        $payment = Payment::find($this->decodePrimaryKey($payment_id));
+
+        if($payment->client_id != $contact->client_id)
+            abort(403, 'You are not authorized to view this resource');
+
+        auth()->guard('contact')->login($contact, true);
+
+        return redirect()->route('client.payments.show', $payment->hashed_id);
+
+    }
 }
diff --git a/app/Models/Payment.php b/app/Models/Payment.php
index 8416c35e43..0043a284cb 100644
--- a/app/Models/Payment.php
+++ b/app/Models/Payment.php
@@ -287,8 +287,24 @@ class Payment extends BaseModel
         event(new PaymentWasVoided($this, $this->company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
     }
 
-    public function getLink()
+    // public function getLink()
+    // {
+    //     return route('client.payments.show', $this->hashed_id);
+    // }
+
+    public function getLink() :string
     {
-        return route('client.payments.show', $this->hashed_id);
+
+        if(Ninja::isHosted()){
+            $domain = isset($this->company->portal_domain) ? $this->company->portal_domain : $this->company->domain();
+        }
+        else
+            $domain = config('ninja.app_url');
+
+        return $domain.'/client/payment/'. $this->client->contacts()->first()->contact_key .'/' .$this->hashed_id;
+
+        
+
     }
+
 }
diff --git a/routes/client.php b/routes/client.php
index b95d5a95de..dc103e11fc 100644
--- a/routes/client.php
+++ b/routes/client.php
@@ -25,6 +25,8 @@ Route::get('client/key_login/{contact_key}', 'ClientPortal\ContactHashLoginContr
 Route::get('client/magic_link/{magic_link}', 'ClientPortal\ContactHashLoginController@magicLink')->name('client.contact_magic_link')->middleware(['domain_db','contact_key_login']);
 Route::get('documents/{document_hash}', 'ClientPortal\DocumentController@publicDownload')->name('documents.public_download')->middleware(['document_db']);
 Route::get('error', 'ClientPortal\ContactHashLoginController@errorPage')->name('client.error');
+Route::get('client/payment/{contact_key}/{payment_id}', 'ClientPortal\InvitationController@paymentRouter')->middleware(['domain_db','contact_key_login']);
+
 
 Route::group(['middleware' => ['auth:contact', 'locale', 'check_client_existence','domain_db'], 'prefix' => 'client', 'as' => 'client.'], function () {
     Route::get('dashboard', 'ClientPortal\DashboardController@index')->name('dashboard'); // name = (dashboard. index / create / show / update / destroy / edit
@@ -95,6 +97,7 @@ Route::group(['middleware' => ['invite_db'], 'prefix' => 'client', 'as' => 'clie
     Route::get('credit/{invitation_key}/download_pdf', 'CreditController@downloadPdf')->name('credit.download_invitation_key');
     Route::get('{entity}/{invitation_key}/download', 'ClientPortal\InvitationController@routerForDownload');
     Route::get('{entity}/{client_hash}/{invitation_key}', 'ClientPortal\InvitationController@routerForIframe')->name('invoice.client_hash_and_invitation_key'); //should never need this
+
 });
 
 Route::get('phantom/{entity}/{invitation_key}', '\App\Utils\PhantomJS\Phantom@displayInvitation')->middleware(['invite_db', 'phantom_secret'])->name('phantom_view');