From d1efd7b8aa07822e0cd0590f31a2e9ffe6781f28 Mon Sep 17 00:00:00 2001 From: Hillel Coren Date: Wed, 14 Feb 2018 18:20:23 +0200 Subject: [PATCH] Check authorized before approving quote --- app/Http/Controllers/ClientPortalController.php | 2 +- app/Http/Controllers/QuoteController.php | 5 +++++ resources/views/invoices/view.blade.php | 2 +- routes/web.php | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/ClientPortalController.php b/app/Http/Controllers/ClientPortalController.php index aa27130315..d8954717aa 100644 --- a/app/Http/Controllers/ClientPortalController.php +++ b/app/Http/Controllers/ClientPortalController.php @@ -227,7 +227,7 @@ class ClientPortalController extends BaseController return $pdfString; } - public function sign($invitationKey) + public function authorizeInvoice($invitationKey) { if (! $invitation = $this->invoiceRepo->findInvoiceByInvitation($invitationKey)) { return RESULT_FAILURE; diff --git a/app/Http/Controllers/QuoteController.php b/app/Http/Controllers/QuoteController.php index 238cad710e..06b363297d 100644 --- a/app/Http/Controllers/QuoteController.php +++ b/app/Http/Controllers/QuoteController.php @@ -148,6 +148,11 @@ class QuoteController extends BaseController { $invitation = Invitation::with('invoice.invoice_items', 'invoice.invitations')->where('invitation_key', '=', $invitationKey)->firstOrFail(); $invoice = $invitation->invoice; + $account = $invoice->account; + + if ($account->requiresAuthorization($invoice) && ! session('authorized:' . $invitation->invitation_key)) { + return redirect()->to('view/' . $invitation->invitation_key); + } if ($invoice->due_date) { $carbonDueDate = \Carbon::parse($invoice->due_date); diff --git a/resources/views/invoices/view.blade.php b/resources/views/invoices/view.blade.php index 4e2cf50dfb..3c8843df41 100644 --- a/resources/views/invoices/view.blade.php +++ b/resources/views/invoices/view.blade.php @@ -324,7 +324,7 @@ var data = false; @endif $.ajax({ - url: "{{ URL::to('sign/' . $invitation->invitation_key) }}", + url: "{{ URL::to('authorize/' . $invitation->invitation_key) }}", type: 'PUT', data: data, success: function(response) { diff --git a/routes/web.php b/routes/web.php index aced6b9f96..e75e2b1243 100644 --- a/routes/web.php +++ b/routes/web.php @@ -19,7 +19,7 @@ Route::group(['middleware' => ['lookup:contact', 'auth:client']], function () { Route::get('proposal/{proposal_invitation_key}/download', 'ClientPortalProposalController@downloadProposal'); Route::get('proposal/{proposal_invitation_key}', 'ClientPortalProposalController@viewProposal'); Route::get('download/{invitation_key}', 'ClientPortalController@download'); - Route::put('sign/{invitation_key}', 'ClientPortalController@sign'); + Route::put('authorize/{invitation_key}', 'ClientPortalController@authorizeInvoice'); Route::get('view', 'HomeController@viewLogo'); Route::get('approve/{invitation_key}', 'QuoteController@approve'); Route::get('payment/{invitation_key}/{gateway_type?}/{source_id?}', 'OnlinePaymentController@showPayment');