invoiceninja/app/Http/Requests/InvoiceRequest.php

<?php

namespace App\Http\Requests;

use App\Models\Invoice;
use App\Libraries\HistoryUtils;

class InvoiceRequest extends EntityRequest
{
    protected $entityType = ENTITY_INVOICE;

    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {

        $invoice = parent::entity();
        $entity  = $invoice ? $invoice->subEntityType() : ENTITY_INVOICE;

        switch($entity)
        {
            case ENTITY_INVOICE:
                $crossCloneEntity = ENTITY_QUOTE;
                break;
            case ENTITY_QUOTE:
                $crossCloneEntity = ENTITY_INVOICE;
                break;
            case ENTITY_RECURRING_INVOICE:
                $crossCloneEntity = ENTITY_RECURRING_QUOTE;
                break;
            case ENTITY_RECURRING_QUOTE:
                $crossCloneEntity = ENTITY_RECURRING_INVOICE;
                break;
        }

        if(request()->is('invoices/create*') && $this->user()->can('createEntity', ENTITY_INVOICE))
            return true;

        if(request()->is('recurring_invoices/create*') && $this->user()->can('createEntity', ENTITY_INVOICE))
            return true;

        if(request()->is('quotes/create*') && $this->user()->can('createEntity', ENTITY_QUOTE))
            return true;

        if(request()->is('recurring_quotes/create*') && $this->user()->can('createEntity', ENTITY_QUOTE))
            return true;

        if($invoice && $invoice->isType(INVOICE_TYPE_STANDARD) && request()->is('*invoices/*/edit') && request()->isMethod('put') && $this->user()->can('edit', $invoice))
            return true;

        if($invoice && $invoice->isType(INVOICE_TYPE_QUOTE) && request()->is('*quotes/*/edit') && request()->isMethod('put') && $this->user()->can('edit', $invoice))
            return true;

        // allow cross clone quote to invoice
        if($invoice && $invoice->isType(INVOICE_TYPE_QUOTE) && request()->is('*invoices/*/clone') && request()->isMethod('get') && $this->user()->can('view', $invoice, $crossCloneEntity))
            return true;

        // allow cross clone invoice to quote
        if($invoice && $invoice->isType(INVOICE_TYPE_STANDARD) && request()->is('*quotes/*/clone') && request()->isMethod('get') && $this->user()->can('view', $invoice, $crossCloneEntity))
            return true;

        if($invoice && $invoice->isType(INVOICE_TYPE_STANDARD) && request()->is('*invoices/*') && request()->isMethod('get') && $this->user()->can('view', $invoice, $entity))
            return true;

        if($invoice && $invoice->isType(INVOICE_TYPE_QUOTE) && request()->is('*quotes/*') && request()->isMethod('get') && $this->user()->can('view', $invoice, $entity))
            return true;

        if ($invoice) {
            HistoryUtils::trackViewed($invoice);
        }

        return false;
    }


    public function entity()
    {
        $invoice = parent::entity();

        // support loading an invoice by its invoice number
        if ($this->invoice_number && ! $invoice) {
            $invoice = Invoice::scope()
                        ->whereInvoiceNumber($this->invoice_number)
                        ->withTrashed()
                        ->first();

            if (! $invoice) {
                abort(404);
            }
        }

        // eager load the invoice items
        if ($invoice && ! $invoice->relationLoaded('invoice_items')) {
            $invoice->load('invoice_items');
        }

        return $invoice;
    }
}
php-cs-fixer cleanup 2017-01-30 21:40:43 +02:00			`<?php`

			`namespace App\Http\Requests;`
Working on form requests 2016-05-01 22:30:39 +03:00
Added support for searching by invoice number in the API 2016-06-06 19:04:24 +03:00			`use App\Models\Invoice;`
Fix for sidebar history 2018-07-27 16:14:45 +03:00			`use App\Libraries\HistoryUtils;`
Added support for searching by invoice number in the API 2016-06-06 19:04:24 +03:00
php-cs-fixer clean up 2017-01-30 18:05:31 +02:00			`class InvoiceRequest extends EntityRequest`
			`{`
Working on form requests 2016-05-01 22:30:39 +03:00			`protected $entityType = ENTITY_INVOICE;`

Rebase Dev 2019-01-30 22:00:26 +11:00			`/**`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00			`* Determine if the user is authorized to make this request.`
			`*`
			`* @return bool`
			`*/`
			`public function authorize()`
			`{`

Rebase Dev 2019-01-30 22:00:26 +11:00			`$invoice = parent::entity();`
			`$entity = $invoice ? $invoice->subEntityType() : ENTITY_INVOICE;`

			`switch($entity)`
			`{`
			`case ENTITY_INVOICE:`
			`$crossCloneEntity = ENTITY_QUOTE;`
			`break;`
			`case ENTITY_QUOTE:`
			`$crossCloneEntity = ENTITY_INVOICE;`
			`break;`
			`case ENTITY_RECURRING_INVOICE:`
			`$crossCloneEntity = ENTITY_RECURRING_QUOTE;`
			`break;`
			`case ENTITY_RECURRING_QUOTE:`
			`$crossCloneEntity = ENTITY_RECURRING_INVOICE;`
			`break;`
			`}`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00
Rebase Dev 2019-01-30 22:00:26 +11:00			`if(request()->is('invoices/create*') && $this->user()->can('createEntity', ENTITY_INVOICE))`
Permission fixes. (#2407) * Patch for permissions * fixes for production * fix for doc uploads 2018-10-05 00:19:01 +10:00			`return true;`

Rebase Dev 2019-01-30 22:00:26 +11:00			`if(request()->is('recurring_invoices/create*') && $this->user()->can('createEntity', ENTITY_INVOICE))`
Permission fixes. (#2407) * Patch for permissions * fixes for production * fix for doc uploads 2018-10-05 00:19:01 +10:00			`return true;`

Rebase Dev 2019-01-30 22:00:26 +11:00			`if(request()->is('quotes/create*') && $this->user()->can('createEntity', ENTITY_QUOTE))`
Permission fixes. (#2407) * Patch for permissions * fixes for production * fix for doc uploads 2018-10-05 00:19:01 +10:00			`return true;`

Rebase Dev 2019-01-30 22:00:26 +11:00			`if(request()->is('recurring_quotes/create*') && $this->user()->can('createEntity', ENTITY_QUOTE))`
			`return true;`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00
Fixed invoice authorizations Signed-off-by: Kristián Feldsam <feldsam@gmail.com> 2019-04-30 12:53:13 +02:00			`if($invoice && $invoice->isType(INVOICE_TYPE_STANDARD) && request()->is('invoices//edit') && request()->isMethod('put') && $this->user()->can('edit', $invoice))`
Rebase Dev 2019-01-30 22:00:26 +11:00			`return true;`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00
Fixed invoice authorizations Signed-off-by: Kristián Feldsam <feldsam@gmail.com> 2019-04-30 12:53:13 +02:00			`if($invoice && $invoice->isType(INVOICE_TYPE_QUOTE) && request()->is('quotes//edit') && request()->isMethod('put') && $this->user()->can('edit', $invoice))`
Rebase Dev 2019-01-30 22:00:26 +11:00			`return true;`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00
Rebase Dev 2019-01-30 22:00:26 +11:00			`// allow cross clone quote to invoice`
Fixed invoice authorizations Signed-off-by: Kristián Feldsam <feldsam@gmail.com> 2019-04-30 12:53:13 +02:00			`if($invoice && $invoice->isType(INVOICE_TYPE_QUOTE) && request()->is('invoices//clone') && request()->isMethod('get') && $this->user()->can('view', $invoice, $crossCloneEntity))`
Rebase Dev 2019-01-30 22:00:26 +11:00			`return true;`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00
Rebase Dev 2019-01-30 22:00:26 +11:00			`// allow cross clone invoice to quote`
Fixed invoice authorizations Signed-off-by: Kristián Feldsam <feldsam@gmail.com> 2019-04-30 12:53:13 +02:00			`if($invoice && $invoice->isType(INVOICE_TYPE_STANDARD) && request()->is('quotes//clone') && request()->isMethod('get') && $this->user()->can('view', $invoice, $crossCloneEntity))`
Rebase Dev 2019-01-30 22:00:26 +11:00			`return true;`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00
Fixed invoice authorizations Signed-off-by: Kristián Feldsam <feldsam@gmail.com> 2019-04-30 12:53:13 +02:00			`if($invoice && $invoice->isType(INVOICE_TYPE_STANDARD) && request()->is('invoices/') && request()->isMethod('get') && $this->user()->can('view', $invoice, $entity))`
Rebase Dev 2019-01-30 22:00:26 +11:00			`return true;`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00
Fixed invoice authorizations Signed-off-by: Kristián Feldsam <feldsam@gmail.com> 2019-04-30 12:53:13 +02:00			`if($invoice && $invoice->isType(INVOICE_TYPE_QUOTE) && request()->is('quotes/') && request()->isMethod('get') && $this->user()->can('view', $invoice, $entity))`
Rebase Dev 2019-01-30 22:00:26 +11:00			`return true;`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00
Fix for tests 2018-07-27 16:58:32 +03:00			`if ($invoice) {`
			`HistoryUtils::trackViewed($invoice);`
			`}`
Fix for sidebar history 2018-07-27 16:14:45 +03:00
Rebase Dev 2019-01-30 22:00:26 +11:00			`return false;`
Update InvoiceRequest.php 2018-07-24 22:30:54 +10:00			`}`
Fix for sidebar history 2018-07-27 16:14:45 +03:00
Rebase Dev 2019-01-30 22:00:26 +11:00
Working on form requests 2016-05-01 22:30:39 +03:00			`public function entity()`
			`{`
Refactored API index methods 2016-05-01 23:55:13 +03:00			`$invoice = parent::entity();`
Added support for searching by invoice number in the API 2016-06-06 19:04:24 +03:00
			`// support loading an invoice by its invoice number`
			`if ($this->invoice_number && ! $invoice) {`
			`$invoice = Invoice::scope()`
			`->whereInvoiceNumber($this->invoice_number)`
			`->withTrashed()`
Merge Zapier and trans_choice fixes 2017-03-20 13:55:38 +02:00			`->first();`

			`if (! $invoice) {`
			`abort(404);`
			`}`
Added support for searching by invoice number in the API 2016-06-06 19:04:24 +03:00			`}`

Added relationLoaded checks to optimize queries 2016-05-05 10:15:51 +03:00			`// eager load the invoice items`
			`if ($invoice && ! $invoice->relationLoaded('invoice_items')) {`
Refactored API index methods 2016-05-01 23:55:13 +03:00			`$invoice->load('invoice_items');`
Working on form requests 2016-05-01 22:30:39 +03:00			`}`
Added support for searching by invoice number in the API 2016-06-06 19:04:24 +03:00
Refactored API index methods 2016-05-01 23:55:13 +03:00			`return $invoice;`
Working on form requests 2016-05-01 22:30:39 +03:00			`}`
Added support for searching by invoice number in the API 2016-06-06 19:04:24 +03:00			`}`