More intuitive document permissions

2024-09-20 00:11:35 +02:00 · 2016-03-24 18:33:28 -04:00 · 2016-03-24 18:33:28 -04:00 · b7f0d2a33f
commit b7f0d2a33f
parent 5e62d7d296
3 changed files with 21 additions and 9 deletions
--- a/app/Models/Document.php
+++ b/app/Models/Document.php
@ -2,6 +2,7 @@

 use Illuminate\Support\Facades\Storage;
 use DB;
+use Auth;

 class Document extends EntityModel
 {
@ -221,6 +222,20 @@ class Document extends EntityModel
        
        return $document;
    }
+    
+    public static function canCreate(){
+        return true;
+    }
+    
+    public static function canViewItem($document){
+        if(Auth::user()->hasPermission('view_all'))return true;
+        if($document->expense){
+            if($document->expense->invoice)return $document->expense->invoice->canView();
+            return $document->expense->canView();
+        }
+        if($document->invoice)return $document->invoice->canView();
+        return Auth::user()->id == $item->user_id;
+    }
 }

 Document::deleted(function ($document) {
--- a/app/Ninja/Repositories/ExpenseRepository.php
+++ b/app/Ninja/Repositories/ExpenseRepository.php
@ -185,12 +185,10 @@ class ExpenseRepository extends BaseRepository
        
        foreach ($expense->documents as $document){
            if(!in_array($document->public_id, $document_ids)){
-                // Removed
-                if(!$checkSubPermissions || $document->canEdit()){
+                // Not checking permissions; deleting a document is just editing the invoice
                $document->delete();
            }
        }
-        }
        
        $expense->save();

--- a/app/Ninja/Repositories/InvoiceRepository.php
+++ b/app/Ninja/Repositories/InvoiceRepository.php
@ -442,14 +442,13 @@ class InvoiceRepository extends BaseRepository
        foreach ($invoice->documents as $document){
            if(!in_array($document->public_id, $document_ids)){
                // Removed
-                if(!$checkSubPermissions || $document->canEdit()){
+                // Not checking permissions; deleting a document is just editing the invoice
                if($document->invoice_id == $invoice->id){
                    // Make sure the document isn't on a clone
                    $document->delete();
                }
            }
        }
-        }

        foreach ($data['invoice_items'] as $item) {
            $item = (array) $item;