Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-09-20 08:21:34 +02:00
Code Issues Releases Activity

Fixes for permissions

Browse Source
This commit is contained in:
David Bomba 2023-01-25 09:31:57 +11:00
parent 27b79aa551
commit a992c40c13
4 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION.txt
View File

@ -1 +1 @@
5.5.61 5.5.62

6
app/Models/User.php
View File

@ -358,7 +358,7 @@ class User extends Authenticatable implements MustVerifyEmail
public function hasPermission($permission) : bool public function hasPermission($permission) : bool
{ {
$parts = explode('_', $permission); $parts = explode('_', $permission);
$all_permission = false; $all_permission = '____';
if (count($parts) > 1) { if (count($parts) > 1) {
$all_permission = $parts[0].'_all'; $all_permission = $parts[0].'_all';
@ -366,8 +366,8 @@ class User extends Authenticatable implements MustVerifyEmail
return $this->isOwner() || return $this->isOwner() ||
$this->isAdmin() || $this->isAdmin() ||
(stripos($all_permission, $this->token()->cu->permissions) !== false) || (stripos($this->token()->cu->permissions, $all_permission) !== false) ||
(stripos($permission, $this->token()->cu->permissions) !== false); (stripos($this->token()->cu->permissions, $permission) !== false);
// return $this->isOwner() || // return $this->isOwner() ||
// $this->isAdmin() || // $this->isAdmin() ||

4
config/ninja.php
View File

@ -14,8 +14,8 @@ return [
'require_https' => env('REQUIRE_HTTPS', true), 'require_https' => env('REQUIRE_HTTPS', true),
'app_url' => rtrim(env('APP_URL', ''), '/'), 'app_url' => rtrim(env('APP_URL', ''), '/'),
'app_domain' => env('APP_DOMAIN', 'invoicing.co'), 'app_domain' => env('APP_DOMAIN', 'invoicing.co'),
'app_version' => '5.5.61', 'app_version' => '5.5.62',
'app_tag' => '5.5.61', 'app_tag' => '5.5.62',
'minimum_client_version' => '5.0.16', 'minimum_client_version' => '5.0.16',
'terms_version' => '1.0.1', 'terms_version' => '1.0.1',
'api_secret' => env('API_SECRET', ''), 'api_secret' => env('API_SECRET', ''),

25
tests/Unit/PermissionsTest.php
View File

@ -79,6 +79,20 @@ class PermissionsTest extends TestCase
} }
public function testViewClientPermission()
{
$low_cu = CompanyUser::where(['company_id' => $this->company->id, 'user_id' => $this->user->id])->first();
$low_cu->permissions = '["view_client"]';
$low_cu->save();
$this->assertFalse($this->user->hasPermission("viewclient"));
// this is aberrant
$this->assertFalse($this->user->hasPermission("view____client"));
}
public function testPermissionResolution() public function testPermissionResolution()
{ {
$class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(Invoice::class))); $class = 'view'.lcfirst(class_basename(\Illuminate\Support\Str::snake(Invoice::class)));
@ -162,7 +176,6 @@ class PermissionsTest extends TestCase
public function testReturnTypesOfStripos() public function testReturnTypesOfStripos()
{ {
$this->assertEquals(0, stripos("view_client", '')); $this->assertEquals(0, stripos("view_client", ''));
$all_permission = '[]'; $all_permission = '[]';
@ -193,17 +206,7 @@ class PermissionsTest extends TestCase
} }
public function testViewClientPermission()
{
$low_cu = CompanyUser::where(['company_id' => $this->company->id, 'user_id' => $this->user->id])->first();
$low_cu->permissions = '["view_client"]';
$low_cu->save();
// this is aberrant
$this->assertFalse($this->user->hasPermission("view____client"));
}
} }