Enable non-admin users with view all permissions to use the reports

2017-02-07 17:23:55 +02:00 · 2017-02-07 17:23:55 +02:00 · 412d935e79
commit 412d935e79
parent 314b5f8a57
3 changed files with 12 additions and 3 deletions
--- a/app/Http/Controllers/ReportController.php
+++ b/app/Http/Controllers/ReportController.php
@ -48,6 +48,10 @@ class ReportController extends BaseController
     */
    public function showReports()
    {
+        if (! Auth::user()->hasPermission('view_all')) {
+            return redirect('/');
+        }
+
        $action = Input::get('action');

        if (Input::get('report_type')) {
@ -118,6 +122,10 @@ class ReportController extends BaseController
     */
    private function export($reportType, $data, $columns, $totals)
    {
+        if (! Auth::user()->hasPermission('view_all')) {
+            exit;
+        }
+
        $output = fopen('php://output', 'w') or Utils::fatalError();
        $reportType = trans("texts.{$reportType}s");
        $date = date('Y-m-d');
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@ -216,6 +216,9 @@ Route::group(['middleware' => 'auth:user'], function () {
    Route::get('bluevine/hide_message', 'BlueVineController@hideMessage');
    Route::get('bluevine/completed', 'BlueVineController@handleCompleted');
    Route::get('white_label/hide_message', 'NinjaController@hideWhiteLabelMessage');
+
+    Route::get('reports', 'ReportController@showReports');
+    Route::post('reports', 'ReportController@showReports');
 });

 Route::group([
@ -244,8 +247,6 @@ Route::group([
    Route::post('settings/email_settings', 'AccountController@saveEmailSettings');
    Route::get('company/{section}/{subSection?}', 'AccountController@redirectLegacy');
    Route::get('settings/data_visualizations', 'ReportController@d3');
-    Route::get('reports', 'ReportController@showReports');
-    Route::post('reports', 'ReportController@showReports');

    Route::post('settings/change_plan', 'AccountController@changePlan');
    Route::post('settings/cancel_account', 'AccountController@cancelAccount');
--- a/resources/views/header.blade.php
+++ b/resources/views/header.blade.php
@ -521,7 +521,7 @@
                    ])
                @endforeach
            @endif
-            @if (Auth::user()->is_admin)
+            @if (Auth::user()->hasPermission('view_all'))
                @include('partials.navigation_option', ['option' => 'reports'])
            @endif
            @include('partials.navigation_option', ['option' => 'settings'])