mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-09-20 00:11:35 +02:00
More intuitive document permissions
This commit is contained in:
parent
5e62d7d296
commit
b7f0d2a33f
@ -2,6 +2,7 @@
|
||||
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use DB;
|
||||
use Auth;
|
||||
|
||||
class Document extends EntityModel
|
||||
{
|
||||
@ -221,6 +222,20 @@ class Document extends EntityModel
|
||||
|
||||
return $document;
|
||||
}
|
||||
|
||||
public static function canCreate(){
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function canViewItem($document){
|
||||
if(Auth::user()->hasPermission('view_all'))return true;
|
||||
if($document->expense){
|
||||
if($document->expense->invoice)return $document->expense->invoice->canView();
|
||||
return $document->expense->canView();
|
||||
}
|
||||
if($document->invoice)return $document->invoice->canView();
|
||||
return Auth::user()->id == $item->user_id;
|
||||
}
|
||||
}
|
||||
|
||||
Document::deleted(function ($document) {
|
||||
|
@ -185,12 +185,10 @@ class ExpenseRepository extends BaseRepository
|
||||
|
||||
foreach ($expense->documents as $document){
|
||||
if(!in_array($document->public_id, $document_ids)){
|
||||
// Removed
|
||||
if(!$checkSubPermissions || $document->canEdit()){
|
||||
// Not checking permissions; deleting a document is just editing the invoice
|
||||
$document->delete();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$expense->save();
|
||||
|
||||
|
@ -442,14 +442,13 @@ class InvoiceRepository extends BaseRepository
|
||||
foreach ($invoice->documents as $document){
|
||||
if(!in_array($document->public_id, $document_ids)){
|
||||
// Removed
|
||||
if(!$checkSubPermissions || $document->canEdit()){
|
||||
// Not checking permissions; deleting a document is just editing the invoice
|
||||
if($document->invoice_id == $invoice->id){
|
||||
// Make sure the document isn't on a clone
|
||||
$document->delete();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($data['invoice_items'] as $item) {
|
||||
$item = (array) $item;
|
||||
|
Loading…
Reference in New Issue
Block a user