mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-09-18 23:42:25 +02:00
Check authorized before approving quote
This commit is contained in:
parent
62c4275660
commit
d1efd7b8aa
@ -227,7 +227,7 @@ class ClientPortalController extends BaseController
|
||||
return $pdfString;
|
||||
}
|
||||
|
||||
public function sign($invitationKey)
|
||||
public function authorizeInvoice($invitationKey)
|
||||
{
|
||||
if (! $invitation = $this->invoiceRepo->findInvoiceByInvitation($invitationKey)) {
|
||||
return RESULT_FAILURE;
|
||||
|
@ -148,6 +148,11 @@ class QuoteController extends BaseController
|
||||
{
|
||||
$invitation = Invitation::with('invoice.invoice_items', 'invoice.invitations')->where('invitation_key', '=', $invitationKey)->firstOrFail();
|
||||
$invoice = $invitation->invoice;
|
||||
$account = $invoice->account;
|
||||
|
||||
if ($account->requiresAuthorization($invoice) && ! session('authorized:' . $invitation->invitation_key)) {
|
||||
return redirect()->to('view/' . $invitation->invitation_key);
|
||||
}
|
||||
|
||||
if ($invoice->due_date) {
|
||||
$carbonDueDate = \Carbon::parse($invoice->due_date);
|
||||
|
@ -324,7 +324,7 @@
|
||||
var data = false;
|
||||
@endif
|
||||
$.ajax({
|
||||
url: "{{ URL::to('sign/' . $invitation->invitation_key) }}",
|
||||
url: "{{ URL::to('authorize/' . $invitation->invitation_key) }}",
|
||||
type: 'PUT',
|
||||
data: data,
|
||||
success: function(response) {
|
||||
|
@ -19,7 +19,7 @@ Route::group(['middleware' => ['lookup:contact', 'auth:client']], function () {
|
||||
Route::get('proposal/{proposal_invitation_key}/download', 'ClientPortalProposalController@downloadProposal');
|
||||
Route::get('proposal/{proposal_invitation_key}', 'ClientPortalProposalController@viewProposal');
|
||||
Route::get('download/{invitation_key}', 'ClientPortalController@download');
|
||||
Route::put('sign/{invitation_key}', 'ClientPortalController@sign');
|
||||
Route::put('authorize/{invitation_key}', 'ClientPortalController@authorizeInvoice');
|
||||
Route::get('view', 'HomeController@viewLogo');
|
||||
Route::get('approve/{invitation_key}', 'QuoteController@approve');
|
||||
Route::get('payment/{invitation_key}/{gateway_type?}/{source_id?}', 'OnlinePaymentController@showPayment');
|
||||
|
Loading…
Reference in New Issue
Block a user