mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-09-20 08:21:34 +02:00
Fixes for permissions
This commit is contained in:
parent
27b79aa551
commit
a992c40c13
@ -1 +1 @@
|
|||||||
5.5.61
|
5.5.62
|
@ -358,7 +358,7 @@ class User extends Authenticatable implements MustVerifyEmail
|
|||||||
public function hasPermission($permission) : bool
|
public function hasPermission($permission) : bool
|
||||||
{
|
{
|
||||||
$parts = explode('_', $permission);
|
$parts = explode('_', $permission);
|
||||||
$all_permission = false;
|
$all_permission = '____';
|
||||||
|
|
||||||
if (count($parts) > 1) {
|
if (count($parts) > 1) {
|
||||||
$all_permission = $parts[0].'_all';
|
$all_permission = $parts[0].'_all';
|
||||||
@ -366,8 +366,8 @@ class User extends Authenticatable implements MustVerifyEmail
|
|||||||
|
|
||||||
return $this->isOwner() ||
|
return $this->isOwner() ||
|
||||||
$this->isAdmin() ||
|
$this->isAdmin() ||
|
||||||
(stripos($all_permission, $this->token()->cu->permissions) !== false) ||
|
(stripos($this->token()->cu->permissions, $all_permission) !== false) ||
|
||||||
(stripos($permission, $this->token()->cu->permissions) !== false);
|
(stripos($this->token()->cu->permissions, $permission) !== false);
|
||||||
|
|
||||||
// return $this->isOwner() ||
|
// return $this->isOwner() ||
|
||||||
// $this->isAdmin() ||
|
// $this->isAdmin() ||
|
||||||
|
@ -14,8 +14,8 @@ return [
|
|||||||
'require_https' => env('REQUIRE_HTTPS', true),
|
'require_https' => env('REQUIRE_HTTPS', true),
|
||||||
'app_url' => rtrim(env('APP_URL', ''), '/'),
|
'app_url' => rtrim(env('APP_URL', ''), '/'),
|
||||||
'app_domain' => env('APP_DOMAIN', 'invoicing.co'),
|
'app_domain' => env('APP_DOMAIN', 'invoicing.co'),
|
||||||
'app_version' => '5.5.61',
|
'app_version' => '5.5.62',
|
||||||
'app_tag' => '5.5.61',
|
'app_tag' => '5.5.62',
|
||||||
'minimum_client_version' => '5.0.16',
|
'minimum_client_version' => '5.0.16',
|
||||||
'terms_version' => '1.0.1',
|
'terms_version' => '1.0.1',
|
||||||
'api_secret' => env('API_SECRET', ''),
|
'api_secret' => env('API_SECRET', ''),
|
||||||
|
@ -79,6 +79,20 @@ class PermissionsTest extends TestCase
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testViewClientPermission()
|
||||||
|
{
|
||||||
|
|
||||||
|
$low_cu = CompanyUser::where(['company_id' => $this->company->id, 'user_id' => $this->user->id])->first();
|
||||||
|
$low_cu->permissions = '["view_client"]';
|
||||||
|
$low_cu->save();
|
||||||
|
|
||||||
|
$this->assertFalse($this->user->hasPermission("viewclient"));
|
||||||
|
|
||||||
|
// this is aberrant
|
||||||
|
$this->assertFalse($this->user->hasPermission("view____client"));
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
public function testPermissionResolution()
|
public function testPermissionResolution()
|
||||||
{
|
{
|
||||||
$class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(Invoice::class)));
|
$class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(Invoice::class)));
|
||||||
@ -162,7 +176,6 @@ class PermissionsTest extends TestCase
|
|||||||
public function testReturnTypesOfStripos()
|
public function testReturnTypesOfStripos()
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
||||||
$this->assertEquals(0, stripos("view_client", ''));
|
$this->assertEquals(0, stripos("view_client", ''));
|
||||||
|
|
||||||
$all_permission = '[]';
|
$all_permission = '[]';
|
||||||
@ -193,17 +206,7 @@ class PermissionsTest extends TestCase
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testViewClientPermission()
|
|
||||||
{
|
|
||||||
|
|
||||||
$low_cu = CompanyUser::where(['company_id' => $this->company->id, 'user_id' => $this->user->id])->first();
|
|
||||||
$low_cu->permissions = '["view_client"]';
|
|
||||||
$low_cu->save();
|
|
||||||
|
|
||||||
// this is aberrant
|
|
||||||
$this->assertFalse($this->user->hasPermission("view____client"));
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user