diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index db2a65e6ec..b3bd13fad4 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -253,8 +253,7 @@ class AccountController extends BaseController public function getSearchData() { - $account = Auth::user()->account; - $data = $this->accountRepo->getSearchData($account); + $data = $this->accountRepo->getSearchData(Auth::user()); return Response::json($data); } diff --git a/app/Http/Controllers/TokenController.php b/app/Http/Controllers/TokenController.php index aa5434a269..d5ad3b41b7 100644 --- a/app/Http/Controllers/TokenController.php +++ b/app/Http/Controllers/TokenController.php @@ -32,7 +32,7 @@ class TokenController extends BaseController public function getDatatable() { - return $this->tokenService->getDatatable(Auth::user()->account_id); + return $this->tokenService->getDatatable(Auth::user()->id); } public function edit($publicId) diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php index 8b38c60fe2..b20b19841f 100644 --- a/app/Http/Middleware/ApiCheck.php +++ b/app/Http/Middleware/ApiCheck.php @@ -34,7 +34,8 @@ class ApiCheck { // check for a valid token $token = AccountToken::where('token', '=', Request::header('X-Ninja-Token'))->first(['id', 'user_id']); - if ($token) { + // check if user is archived + if ($token && $token->user) { Auth::loginUsingId($token->user_id); Session::set('token_id', $token->id); } else { diff --git a/app/Http/routes.php b/app/Http/routes.php index 60f04bc617..d3c06ed89b 100644 --- a/app/Http/routes.php +++ b/app/Http/routes.php @@ -110,9 +110,11 @@ Route::group(['middleware' => 'auth:user'], function() { Route::get('view_archive/{entity_type}/{visible}', 'AccountController@setTrashVisible'); Route::get('hide_message', 'HomeController@hideMessage'); Route::get('force_inline_pdf', 'UserController@forcePDFJS'); + Route::get('account/getSearchData', array('as' => 'getSearchData', 'uses' => 'AccountController@getSearchData')); Route::get('settings/user_details', 'AccountController@showUserDetails'); Route::post('settings/user_details', 'AccountController@saveUserDetails'); + Route::post('users/change_password', 'UserController@changePassword'); Route::resource('clients', 'ClientController'); Route::get('api/clients', array('as'=>'api.clients', 'uses'=>'ClientController@getDatatable')); @@ -191,7 +193,6 @@ Route::group([ Route::get('start_trial/{plan}', 'AccountController@startTrial') ->where(['plan'=>'pro']); Route::get('restore_user/{user_id}', 'UserController@restoreUser'); - Route::post('users/change_password', 'UserController@changePassword'); Route::get('/switch_account/{user_id}', 'UserController@switchAccount'); Route::get('/unlink_account/{user_account_id}/{user_id}', 'UserController@unlinkAccount'); Route::get('/manage_companies', 'UserController@manageCompanies'); @@ -220,11 +221,6 @@ Route::group([ Route::get('settings/{section?}', 'AccountController@showSection'); Route::post('settings/{section?}', 'AccountController@doSection'); - //Route::get('api/payment_terms', array('as'=>'api.payment_terms', 'uses'=>'PaymentTermController@getDatatable')); - //Route::resource('payment_terms', 'PaymentTermController'); - //Route::post('payment_terms/bulk', 'PaymentTermController@bulk'); - - Route::get('account/getSearchData', array('as' => 'getSearchData', 'uses' => 'AccountController@getSearchData')); Route::post('user/setTheme', 'UserController@setTheme'); Route::post('remove_logo', 'AccountController@removeLogo'); Route::post('account/go_pro', 'AccountController@enableProPlan'); @@ -744,30 +740,6 @@ if (!defined('CONTACT_EMAIL')) { } } -/* -// Log all SQL queries to laravel.log -if (Utils::isNinjaDev()) { - Event::listen('illuminate.query', function($query, $bindings, $time, $name) { - $data = compact('bindings', 'time', 'name'); - - // Format binding data for sql insertion - foreach ($bindings as $i => $binding) { - if ($binding instanceof \DateTime) { - $bindings[$i] = $binding->format('\'Y-m-d H:i:s\''); - } elseif (is_string($binding)) { - $bindings[$i] = "'$binding'"; - } - } - - // Insert bindings into query - $query = str_replace(array('%', '?'), array('%%', '%s'), $query); - $query = vsprintf($query, $bindings); - - Log::info($query, $data); - }); -} -*/ - /* if (Utils::isNinjaDev()) { diff --git a/app/Libraries/Utils.php b/app/Libraries/Utils.php index 4699603d4d..c02c719169 100644 --- a/app/Libraries/Utils.php +++ b/app/Libraries/Utils.php @@ -140,7 +140,7 @@ class Utils public static function hasAllPermissions($permission) { - return Auth::check() && Auth::user()->hasPermissions($permission); + return Auth::check() && Auth::user()->hasPermission($permission); } public static function isTrial() diff --git a/app/Models/AccountToken.php b/app/Models/AccountToken.php index dd9a988005..87728b3701 100644 --- a/app/Models/AccountToken.php +++ b/app/Models/AccountToken.php @@ -16,4 +16,9 @@ class AccountToken extends EntityModel { return $this->belongsTo('App\Models\Account'); } + + public function user() + { + return $this->belongsTo('App\Models\User'); + } } diff --git a/app/Ninja/Repositories/AccountRepository.php b/app/Ninja/Repositories/AccountRepository.php index b57efffdcd..38753dde9b 100644 --- a/app/Ninja/Repositories/AccountRepository.php +++ b/app/Ninja/Repositories/AccountRepository.php @@ -75,17 +75,19 @@ class AccountRepository return $account; } - public function getSearchData($account) + public function getSearchData($user) { - $data = $this->getAccountSearchData($account); + $data = $this->getAccountSearchData($user); - $data['navigation'] = $this->getNavigationSearchData(); + $data['navigation'] = $user->is_admin ? $this->getNavigationSearchData() : []; return $data; } - private function getAccountSearchData($account) + private function getAccountSearchData($user) { + $account = $user->account; + $data = [ 'clients' => [], 'contacts' => [], @@ -100,11 +102,19 @@ class AccountRepository if ($account->custom_client_label2) { $data[$account->custom_client_label2] = []; } - - $clients = Client::scope() - ->with('contacts', 'invoices') - ->get(); - + + if ($user->hasPermission('view_all')) { + $clients = Client::scope() + ->with('contacts', 'invoices') + ->get(); + } else { + $clients = Client::scope() + ->where('user_id', '=', $user->id) + ->with(['contacts', 'invoices' => function($query) use ($user) { + $query->where('user_id', '=', $user->id); + }])->get(); + } + foreach ($clients as $client) { if ($client->name) { $data['clients'][] = [ diff --git a/app/Ninja/Repositories/TokenRepository.php b/app/Ninja/Repositories/TokenRepository.php index 5237eb7a03..af0bbb6533 100644 --- a/app/Ninja/Repositories/TokenRepository.php +++ b/app/Ninja/Repositories/TokenRepository.php @@ -13,10 +13,10 @@ class TokenRepository extends BaseRepository return 'App\Models\AccountToken'; } - public function find($accountId) + public function find($userId) { $query = DB::table('account_tokens') - ->where('account_tokens.account_id', '=', $accountId); + ->where('account_tokens.user_id', '=', $userId); if (!Session::get('show_trash:token')) { $query->where('account_tokens.deleted_at', '=', null); diff --git a/app/Services/TokenService.php b/app/Services/TokenService.php index 8b428f0eb1..092f3995d3 100644 --- a/app/Services/TokenService.php +++ b/app/Services/TokenService.php @@ -27,9 +27,9 @@ class TokenService extends BaseService } */ - public function getDatatable($accountId) + public function getDatatable($userId) { - $query = $this->tokenRepo->find($accountId); + $query = $this->tokenRepo->find($userId); return $this->createDatatable(ENTITY_TOKEN, $query, false); } diff --git a/resources/views/accounts/user_management.blade.php b/resources/views/accounts/user_management.blade.php index 9917e06296..5d8f8cf07e 100644 --- a/resources/views/accounts/user_management.blade.php +++ b/resources/views/accounts/user_management.blade.php @@ -8,7 +8,7 @@
{!! Button::primary(trans('texts.add_user'))->asLinkTo(URL::to('/users/create'))->appendIcon(Icon::create('plus-sign')) !!}
- @else + @elseif (Utils::isTrial())
{!! trans('texts.add_users_not_supported') !!}
@endif diff --git a/resources/views/emails/master_user.blade.php b/resources/views/emails/master_user.blade.php index 507b9c2cba..077560d755 100644 --- a/resources/views/emails/master_user.blade.php +++ b/resources/views/emails/master_user.blade.php @@ -9,7 +9,7 @@
@@ -26,9 +26,9 @@ @section('footer')

- facebook - twitter - github + Facebook + Twitter + GitHub

diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index 520900a0ef..94b74664a7 100644 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -11,7 +11,11 @@ )); !!} @if ($user) - {!! Former::populate($user) !!} + {!! Former::populate($user) !!} + {{ Former::populateField('is_admin', intval($user->is_admin)) }} + {{ Former::populateField('permissions[create_all]', intval($user->hasPermission('create'))) }} + {{ Former::populateField('permissions[view_all]', intval($user->hasPermission('view_all'))) }} + {{ Former::populateField('permissions[edit_all]', intval($user->hasPermission('edit_all'))) }} @endif

diff --git a/storage/templates/bold.js b/storage/templates/bold.js index 69e9d55ddf..5b069f9637 100755 --- a/storage/templates/bold.js +++ b/storage/templates/bold.js @@ -114,8 +114,8 @@ "columns": [ { "image": "$accountLogo", - "fit": [120, 80], - "margin": [30, 20, 0, 0] + "fit": [120, 60], + "margin": [30, 16, 0, 0] }, { "stack": "$accountDetails",